找回SecureCRT密码

2022-10-16 14:09:54

前言

因为S公司历史原因,几百台服务器的密码保存SecureCRT上,但是这个软件实在太难用了,所以提取其中的原始账号密码,转移到Xshell上

密码保存位置

Windows 在 “用户名\AppData\Roaming\VanDyke\Config\Sessions\”中,每个机器名对应一个ini文件
Tested with version 7.2.6 (build 606) for Windows,其他版本未加测试
(位置可能会有修改)

使用

先看后面的安装,Python脚本保存为SecureCRTDecrypt.py
用法
python SecureCRTDecrypt.py [filename...]
例子

[@bx_5_219 /tmp]# python SecureCRTDecrypt.py 10.10.123.123.ini10.10.123.123.ini
ssh root@10.10.70.30# I'mpassword

依赖包

安装解密依赖包pycrypto
下载

https://pypi.python.org/pypi/pycrypto
wget https://pypi.python.org/packages/source/p/pycrypto/pycrypto-2.6.1.tar.gz

解压安装

tar -zxvf pycrypto-2.6.1.tar.gz
cd pycrtyto-2.6.1
python setup.py build
python setup.py install

密文解密程序

保存为SecureCRTDecrypt.py

from Crypto.Cipherimport Blowfishimport argparseimport redefdecrypt(password) :
    c1 = Blowfish.new('5F B0 45 A2 94 17 D9 16 C6 C6 A2 FF 06 41 82 B7'.replace(' ','').decode('hex'), Blowfish.MODE_CBC,'\x00'*8)
    c2 = Blowfish.new('24 A6 3D DE 5B D3 B3 82 9C 7E 06 F4 08 16 AA 07'.replace(' ','').decode('hex'), Blowfish.MODE_CBC,'\x00'*8)
    padded = c1.decrypt(c2.decrypt(password.decode('hex'))[4:-4])
    p =''while padded[:2] !='\x00\x00' :
        p += padded[:2]
        padded = padded[2:]return p.decode('UTF-16')

REGEX_HOSTNAME = re.compile(ur'S:"Hostname"=([^\r\n]*)')
REGEX_PASWORD = re.compile(ur'S:"Password"=u([0-9a-f]+)')
REGEX_PORT = re.compile(ur'D:"\[SSH2\] Port"=([0-9a-f]{8})')
REGEX_USERNAME = re.compile(ur'S:"Username"=([^\r\n]*)')defhostname(x) :
    m = REGEX_HOSTNAME.search(x)if m :return m.group(1)return'???'defpassword(x) :
    m = REGEX_PASWORD.search(x)if m :return decrypt(m.group(1))return'???'defport(x) :
    m = REGEX_PORT.search(x)if m :return'-p %d '%(int(m.group(1),16))return''defusername(x) :
    m = REGEX_USERNAME.search(x)if m :return m.group(1) +'@'return''

parser = argparse.ArgumentParser(description='Tool to decrypt SSHv2 passwords in VanDyke Secure CRT session files')
parser.add_argument('files', type=argparse.FileType('r'), nargs='+',
    help='session file(s)')

args = parser.parse_args()for fin args.files :
    c = f.read().replace('\x00','')print f.nameprint"ssh %s%s%s # %s"%(port(c), username(c), hostname(c), password(c))

参考

[1]如何找回SecureCRT密码
[2]GitHub上gitPoc32的项目

  • 作者:nickwong_
  • 原文链接:https://blog.csdn.net/nickwong_/article/details/52373279
    更新时间:2022-10-16 14:09:54