01-15-2025, 01:37 AM
Hi everyone,
Well, it seems like I had to start getting to know this world a bit for my own mistake of forgetting a password for installing a digital certificate.
I went through a hell of paperwork to get to the final step of being able to install the digital certificate of our non profit but I need to introduce a password I had to set up at the beginning of the process and I can't remember it.
The password needs to be introduced in a downloaded program and going through the program files, I got the following information:
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to be accessible
# only by the owner.
# o The jmxremote.passwords file will be re-written by the server
# to replace all plain text passwords with hashed passwords when
# the file is read by the server.
#
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring. This
# file defines the different roles and their passwords. The access
# control file (jmxremote.access by default) defines the allowed
# access for each role. To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
# File format of the jmxremote.password file
##############################################################
#
# The file contains multiple lines where each line is blank,
# a comment (like this one), or a password entry.
#
# password entry follows the below syntax
# role_name W [clearPassword|hashedPassword]
#
# role_name is any string that does not itself contain spaces or tabs.
# W = spaces or tabs
#
# Passwords can be specified via clear text or via a hash. Clear text password
# is any string that does not contain spaces or tabs. Hashed passwords must
# follow the below format.
# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
# where,
# base64_encoded_64_byte_salt = 64 byte random salt
# base64_encoded_hash = Hash_algorithm(password + salt)
# W = spaces or tabs
# hash_algorithm = Algorithm string specified using the format below
# https://docs.oracle.com/javase/9/docs/sp...algorithms
# This is an optional field. If not specified, SHA3-512 will be assumed.
#
# If passwords are in clear, they will be overwritten by their hash if all of
# the below criteria are met.
# * com.sun.management.jmxremote.password.toHashes property is set to true in
# management.properties file
# * the password file is writable
# * the system security policy allows writing into the password file, if a
# security manager is configured
#
# In order to change the password for a role, replace the hashed password entry
# with a new clear text password or a new hashed password. If the new password
# is in clear, it will be replaced with its hash when a new login attempt is made.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# A user generated hashed password file can also be used instead of clear-text
# password file. If generated by the user, hashed passwords must follow the
# format specified above.
#
# Caution: It is recommended not to edit the password file while the
# agent is running, as edits could be lost if a client connection triggers the
# hashing of the password file at the same time that the file is externally modified.
# The integrity of the file is guaranteed, but any external edits made to the
# file during the short period between the time that the agent reads the file
# and the time that it writes it back might get lost
##############################################################
# File permissions of the jmxremote.password file
##############################################################
# This file must be made accessible by ONLY the owner,
# otherwise the program will exit with an error.
#
# In a typical installation, this file can be accessed by anybody on the
# local machine, and possibly by people on other machines.
# For security, you should either restrict the access to this file except for owner,
# or specify another, less accessible file in the management config file
# as described above.
#
# In order to prevent inadverent edits to the password file in the
# production environment, it is recommended to deploy a read-only
# hashed password file. The hashed entries for clear passwords can be generated
# in advance by running the JMX agent.
#
##############################################################
# Sample of the jmxremote.password file
##############################################################
# Following are two commented-out entries. The "monitorRole" role has
# password "QED". The "controlRole" role has password "R&D". This is an example
# of specifying passwords in the clear
#
# monitorRole QED
# controlRole R&D
#
# Once a login attempt is made, passwords will be hashed and the file will have
# below entries with clear passwords overwritten by their respective
# SHA3-512 hash
after which two lines of hashse are given after a monitorRole and controlRole being titled
I installed hashcat (I use linux) and try to make it work but I got the "No hash-mode matches the structure of the input hash." error message so I thought maybe I am using the wrong input number 17600 for Sha3-512 and went to https://crackstation.net/ to check the hash and it says "Unrecognized hash format".
So I am now totally lost with all my efforts.
I really need the digital certificate and I have no idea how to retrieve that password.
Thank you for your help
Well, it seems like I had to start getting to know this world a bit for my own mistake of forgetting a password for installing a digital certificate.
I went through a hell of paperwork to get to the final step of being able to install the digital certificate of our non profit but I need to introduce a password I had to set up at the beginning of the process and I can't remember it.
The password needs to be introduced in a downloaded program and going through the program files, I got the following information:
# ----------------------------------------------------------------------
# Template for jmxremote.password
#
# o Copy this template to jmxremote.password
# o Set the user/password entries in jmxremote.password
# o Change the permission of jmxremote.password to be accessible
# only by the owner.
# o The jmxremote.passwords file will be re-written by the server
# to replace all plain text passwords with hashed passwords when
# the file is read by the server.
#
##############################################################
# Password File for Remote JMX Monitoring
##############################################################
#
# Password file for Remote JMX API access to monitoring. This
# file defines the different roles and their passwords. The access
# control file (jmxremote.access by default) defines the allowed
# access for each role. To be functional, a role must have an entry
# in both the password and the access files.
#
# Default location of this file is $JRE/conf/management/jmxremote.password
# You can specify an alternate location by specifying a property in
# the management config file $JRE/conf/management/management.properties
# or by specifying a system property (See that file for details).
##############################################################
# File format of the jmxremote.password file
##############################################################
#
# The file contains multiple lines where each line is blank,
# a comment (like this one), or a password entry.
#
# password entry follows the below syntax
# role_name W [clearPassword|hashedPassword]
#
# role_name is any string that does not itself contain spaces or tabs.
# W = spaces or tabs
#
# Passwords can be specified via clear text or via a hash. Clear text password
# is any string that does not contain spaces or tabs. Hashed passwords must
# follow the below format.
# hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
# where,
# base64_encoded_64_byte_salt = 64 byte random salt
# base64_encoded_hash = Hash_algorithm(password + salt)
# W = spaces or tabs
# hash_algorithm = Algorithm string specified using the format below
# https://docs.oracle.com/javase/9/docs/sp...algorithms
# This is an optional field. If not specified, SHA3-512 will be assumed.
#
# If passwords are in clear, they will be overwritten by their hash if all of
# the below criteria are met.
# * com.sun.management.jmxremote.password.toHashes property is set to true in
# management.properties file
# * the password file is writable
# * the system security policy allows writing into the password file, if a
# security manager is configured
#
# In order to change the password for a role, replace the hashed password entry
# with a new clear text password or a new hashed password. If the new password
# is in clear, it will be replaced with its hash when a new login attempt is made.
#
# A given role should have at most one entry in this file. If a role
# has no entry, it has no access.
# If multiple entries are found for the same role name, then the last one
# is used.
#
# A user generated hashed password file can also be used instead of clear-text
# password file. If generated by the user, hashed passwords must follow the
# format specified above.
#
# Caution: It is recommended not to edit the password file while the
# agent is running, as edits could be lost if a client connection triggers the
# hashing of the password file at the same time that the file is externally modified.
# The integrity of the file is guaranteed, but any external edits made to the
# file during the short period between the time that the agent reads the file
# and the time that it writes it back might get lost
##############################################################
# File permissions of the jmxremote.password file
##############################################################
# This file must be made accessible by ONLY the owner,
# otherwise the program will exit with an error.
#
# In a typical installation, this file can be accessed by anybody on the
# local machine, and possibly by people on other machines.
# For security, you should either restrict the access to this file except for owner,
# or specify another, less accessible file in the management config file
# as described above.
#
# In order to prevent inadverent edits to the password file in the
# production environment, it is recommended to deploy a read-only
# hashed password file. The hashed entries for clear passwords can be generated
# in advance by running the JMX agent.
#
##############################################################
# Sample of the jmxremote.password file
##############################################################
# Following are two commented-out entries. The "monitorRole" role has
# password "QED". The "controlRole" role has password "R&D". This is an example
# of specifying passwords in the clear
#
# monitorRole QED
# controlRole R&D
#
# Once a login attempt is made, passwords will be hashed and the file will have
# below entries with clear passwords overwritten by their respective
# SHA3-512 hash
after which two lines of hashse are given after a monitorRole and controlRole being titled
I installed hashcat (I use linux) and try to make it work but I got the "No hash-mode matches the structure of the input hash." error message so I thought maybe I am using the wrong input number 17600 for Sha3-512 and went to https://crackstation.net/ to check the hash and it says "Unrecognized hash format".
So I am now totally lost with all my efforts.
I really need the digital certificate and I have no idea how to retrieve that password.
Thank you for your help