FileZilla Forums

Please post a complete usage example.

For example:
Clear password: H0la
Salt (generated from Filezilla interface): Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h
Then, Clear_password+Salt=H0laUn&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h
So that, Get-StringHash "H0laUn&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h" "SHA512" = CAB727569E135D55C4B9A752AE0B5CF48A517E9FCFD86916B5DFF1889E7EE44C3032C9CE553E3ABCF41A37D24B23404714C3B48EDA146346CC927E3763203CAB

However, the encrypted password generated from Filezilla interface is: 297FB53F79165D3EE8AE0E5F5FBCE0A4667CC29BD86A684DA5356F30F508F69FAF5B5B6276BD23870688801C0192392371B3B3DECC02EF6694EFD10CD2288842

Also, not all printable ASCII characters are allowed for salt: " < > are not allowed.
If you select one of these characters, then Filezilla Interface will not show the users.

What's?

It's very easy. What is the string to compute by the sha512 algorithm? Clear password more Salt doesn't work, so that the string has to be different.

Salt (generated from Filezilla interface): Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m+M*($M<5YFPl}SlFvNGR0h

No, that is not a salt generated by FileZilla Server.

Ok. I think what you tell me, but

From the FileZilla configuration file:
<Option Name="Salt">Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m$CUpnx+M*($`M<5YFPl}SlFvNGR0h</Option>

Then, from XML syntax,
Un&apos;!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1&apos;m$CUpnx+M*($`M<5YFPl}SlFvNGR0h => Un'!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1'm$CUpnx+M*($`M<5YFPl}SlFvNGR0h

So that, my clear password + salt = H0laUn'!/oMP@"EoNLH:uhYYGtrwMMp3J=1?1'm$CUpnx+M*($`M<5YFPl}SlFvNGR0h

Then,

Get-StringHash "H0laUn'!/oMP@`"EoNLH:uhYYGtrwMMp3J=1?1'm$CUpnx+M*($`M<5YFPl}SlFvNGR0h" "SHA512"
7C282B3B7FC84298E074E5225C2D682D7307E797473A33D151D9D1B8BA05905BA6C6BE5B5C5109756FDED3EB6474E9326A91D6A1735A01630407A6A19FD7D85D

botg wrote:

Generated salt - Ot0(]eaRu"L,IUDL({aiEzRFX8]e^lN>l{.&apos;(J.9Ha`g4&d3u^WKN05hYJpWB>lN

That's not a generated salt. FileZilla Server generates salts that are exactly 64 characters long.

I'm using version 0.9.95, and the salt is more than 64 characters, and when I use SHA512(password+salt).hexdegist() I cannot generate the same Pass as FileZilla Server would do. Is the code FileZilla generate Pass changed for version 0.9.95?

This is so funny.

Hint: The salt generated by FileZilla Server is always the same length. Ever single time, without exception.

botg wrote: This is so funny.

Hint: The salt generated by FileZilla Server is always the same length. Ever single time, without exception.

While this is true, when a salt gets stored in the XML file, thanks to the conversion of some of the special characters to their character entity, salts may appear as anything greater/equal to 64 characters.
For example: a Quotation Mark is converted to "

So:

This 64 Character Salt
"9vC[("-<%',td5w91TPK&/zucP\Q%-;;!#[r{{L]DBV]-S-KSPb"gur.HhDK^Nu

Becomes 91 characters when stored in the Server's XML Config
"9vC[("-<%&apos;,td5w91TPK&/zucP\Q%-;;!#[r{{L]DBV]-S-KSPb"gur.HhDK^Nu

Apologies for the revival but I think this is worth sharing.

I have tried all the examples above and have NOT been unable to add a user myself through any script.
However after I add a user through the GUI I am able to reverse decode the salt and password and get the correct SHA512HASH value.
Just retracing my steps.
salt value some random set of letters and numbers (64 length) "somelongstring6172617261somelongstring6172617261somelongstring61"
Add password to the front of that "test123" + "somelongstring6172617261somelongstring6172617261somelongstring61"
Used this website to generate the SHA512 hash https://passwordsgenerator.net/sha512-hash-generator/
Yielded me "2B247AE1EB6C6F481826ED4CA8B433E862B9F33DCB8A75C4BF3ECEB3852A38FDAFACC24A592362BAD3D87BBB37DF69C540C819008DE860B5CCA9CFA2ACAA4C40"
The yielded value becomes the xml tag Option Name.
The salt value becomes the xml tag Option Salt.
However when I login using the correct username and password it connects to the server and then asks for my password again.
FileZilla does not allow me to log in using these creditionals.
Please any help in this matter would be greatly appreciated.

Did you tell the service to reload the configuration?

Yes I issued the command
"C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe" /reload-config
I have tried various different versions of the command and still no luck.
I should also provide you with the machine is a windows 2012 r2.
If I close the FileZilla Server and stop the service then restart YES it works.
But I can't get it reload from a command prompt or a powershell?
Thanks for your quick response.

Does the account you ran the command under have permissions to control services?