All Apps and Add-ons

Splunk DB Connect: How can I recover MSSQL encrypted database passwords?

ozirus
Path Finder

Hi,

I forgot my MSSQL encrypted db passwords that's written in Splunk DB Connect database.conf file and can't reset from MSSQL db since a lot of other business critical apps depends on it.

Since it's encrypted in database.conf of Splunk DB Connect, I can't get it in cleartext. Is there any method to decrypt it? (using splunk.secret and Python console etc.)

I'm using latest version of Splunk.

Regards,

Regards,

1 Solution

datasearchninja
Communicator

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

View solution in original post

datasearchninja
Communicator

Given you mention database.conf, this likely refers to Splunk DB Connect v1, for these use:

$ splunk cmd python $SPLUNK_HOME/etc/apps/dbx/bin/jbridge_client.py com.splunk.config.crypt.Crypt decrypt <password>

For dbx v2 and v3 use this to retrieve from the password in identities.conf:

$ echo 'password' | base64 --decode | openssl aes-256-cbc -d -pass file:$SPLUNK_HOME/etc/apps/splunk_app_db_connect/certs/identity.dat

adidibra
Engager

I am trying the suggested command to retrieve passwords located in identities.conf  but I do not get any output in the console. My DB Connect version is 3.7.0.

Any suggestion, highly appreciated.

0 Karma

jawaharas
Motivator

@datasearchninja Thanks a lot. It works.

0 Karma

lguinn2
Legend

I don't think so. Generally, password encryption is one-way only, and I believe that is true for Splunk passwords as well.

0 Karma

thambisetty
SplunkTrust
SplunkTrust

what you are assuming is correct for hashing not for encyrpting and decrypting.

————————————
If this helps, give a like below.
0 Karma

ozirus
Path Finder

I don't think it's one-way that's like in hashing since it's encryption and its said that splunk.secret is being used for decrypting

0 Karma
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...