使用python解密工具来解密SecureCRT会话中保存的登录密码
环境为windows7,SecureCRT7,Python 3.8.8
操作步骤如下:
1.安装python
从下载python3.8.8,下载时查看该版本是否支持你的操作系统下载软件包后直接双击安装包进行安装,安装时可以选择自动配置环境变量。安装完成后查看python版本。
C:\Users\Administrator>python –version
Python 3.8.8
2.从github下下载how-does-SecureCRT-encrypt-password工具(https://github.com/HyperSine/how-does-SecureCRT-encrypt-password)一个名为SecureCRTCipher.py的python文件,使用方法如下:
F:\how-does-SecureCRT-encrypt-password-master\python3>python SecureCRTCipher.py
Usage:
SecureCRTCipher.py [-v2] [-p ConfigPassphrase]
“enc” for encryption, “dec” for decryption.
This parameter must be specified. –(加密|解密)必选项
[-v2] Encrypt/Decrypt with “Password V2″ algorithm.
This parameter is optional.–(如果加密使用的是Password V2算法则加上这个参数)可选项
[-p ConfigPassphrase] The config passphrase that SecureCRT uses.
This parameter is optional.–(如果你的SecureCRT打开时要密码,则要加上这个参数,并在后面加上你使用的密码)可选项
Plaintext string or ciphertext string.
NOTICE: Ciphertext string must be a hex string.
This parameter must be specified.–(明文或密文,密文必须是16进制的字符串)必选项
3.安装pycryptodome模块
C:\Users\Administrator>pip3 install pycryptodome
Collecting pycryptodome
Downloading pycryptodome-3.14.1-cp35-abi3-win_amd64.whl (1.8 MB)
|████████████████████████████████| 1.8 MB 30 kB/s
Installing collected packages: pycryptodome
Successfully installed pycryptodome-3.14.1
WARNING: You are using pip version 20.2.3; however, version 22.0.4 is available.
You should consider upgrading via the ‘c:\program files\python38\python.exe -m pip install –upgrade pip’ command.
上面提示我升级一下pip3的版本
C:\Users\Administrator>python -m pip install –upgrade pip
Collecting pip
Downloading pip-22.0.4-py3-none-any.whl (2.1 MB)
|████████████████████████████████| 2.1 MB 142 kB/s
Installing collected packages: pip
Attempting uninstall: pip
Found existing installation: pip 20.2.3
Uninstalling pip-20.2.3:
Successfully uninstalled pip-20.2.3
Successfully installed pip-22.0.4
4.找到SecureCRT会话配置文件
Options->Global Options->Category->Configuration Paths->Configuration folder文件夹下的对应的会话配置文件xxx.ini,并将其打开例如:
D:”Is Session”=00000001
S:”Protocol Name”=SSH2
D:”Request pty”=00000001
S:”Shell Command”=
D:”Use Shell Command”=00000000
D:”Force Close On Exit”=00000000
D:”Forward X11″=00000000
S:”XAuthority File”=
S:”XServer Host”=127.0.0.1
D:”XServer Port”=00001770
D:”XServer Screen Number”=00000000
D:”Enforce X11 Authentication”=00000001
D:”Request Shell”=00000001
S:”Port Forward Filter”=allow,127.0.0.0/255.0.0.0,0 deny,0.0.0.0/0.0.0.0,0
S:”Reverse Forward Filter”=allow,127.0.0.1,0 deny,0.0.0.0/0.0.0.0,0
D:”Max Packet Size”=00001000
D:”Pad Password Packets”=00000001
S:”Sftp Tab Local Directory”=C:\Users\Administrator\Documents
S:”Sftp Tab Remote Directory”=
S:”Hostname”=12.18.1.23
S:”Firewall Name”=None
S:”Username”=root
D:”[SSH2] Port”=00000016
S:”Password”=uc71bd1c86f3b804e42432f53247c50d9287f410c7e59166969acab69daa6eaadbe15c0c54c0e076e945a6d82f9e13df2
5.在SecureCRTCipher.py文件目录下cmd命令行窗口中执行命令即可查看明文(命令行中字符串比Password中的字符串少个u):
F:\how-does-SecureCRT-encrypt-password-master\python3>python SecureCRTCipher.py dec c71bd1c86f3b804e42432f53247c50d9287f410c7e59166969acab69daa6eaadbe15c0c54c0e076e945a6d82f9e13df2
DoubleLabyrinth
6.解密脚本文件SecureCRTCipher.py的内容如下:
#!/usr/bin/env python3
import os
from Crypto.Hash import SHA256
from Crypto.Cipher import AES, Blowfish
class SecureCRTCrypto:
def __init__(self):
”’
Initialize SecureCRTCrypto object.
”’
self.IV = b’\x00′ * Blowfish.block_size
self.Key1 = b’\x24\xA6\x3D\xDE\x5B\xD3\xB3\x82\x9C\x7E\x06\xF4\x08\x16\xAA\x07′
self.Key2 = b’\x5F\xB0\x45\xA2\x94\x17\xD9\x16\xC6\xC6\xA2\xFF\x06\x41\x82\xB7′
def Encrypt(self, Plaintext : str):
”’
Encrypt plaintext and return corresponding ciphertext.
Args:
Plaintext: A string that will be encrypted.
Returns:
Hexlified ciphertext string.
”’
plain_bytes = Plaintext.encode(‘utf-16-le’)
plain_bytes += b’\x00\x00′
padded_plain_bytes = plain_bytes + os.urandom(Blowfish.block_size – len(plain_bytes) % Blowfish.block_size)
cipher1 = Blowfish.new(self.Key1, Blowfish.MODE_CBC, iv = self.IV)
cipher2 = Blowfish.new(self.Key2, Blowfish.MODE_CBC, iv = self.IV)
return cipher1.encrypt(os.urandom(4) + cipher2.encrypt(padded_plain_bytes) + os.urandom(4)).hex()
def Decrypt(self, Ciphertext : str):
”’
Decrypt ciphertext and return corresponding plaintext.
Args:
Ciphertext: A hex string that will be decrypted.
Returns:
Plaintext string.
”’
cipher1 = Blowfish.new(self.Key1, Blowfish.MODE_CBC, iv = self.IV)
cipher2 = Blowfish.new(self.Key2, Blowfish.MODE_CBC, iv = self.IV)
ciphered_bytes = bytes.fromhex(Ciphertext)
if len(ciphered_bytes) < = 8: raise ValueError('Invalid Ciphertext.') padded_plain_bytes = cipher2.decrypt(cipher1.decrypt(ciphered_bytes)[4:-4]) i = 0 for i in range(0, len(padded_plain_bytes), 2): if padded_plain_bytes[i] == 0 and padded_plain_bytes[i + 1] == 0: break plain_bytes = padded_plain_bytes[0:i] try: return plain_bytes.decode('utf-16-le') except UnicodeDecodeError: raise(ValueError('Invalid Ciphertext.')) class SecureCRTCryptoV2: def __init__(self, ConfigPassphrase : str = ''): ''' Initialize SecureCRTCryptoV2 object. Args: ConfigPassphrase: The config passphrase that SecureCRT uses. Leave it empty if config passphrase is not set. ''' self.IV = b'\x00' * AES.block_size self.Key = SHA256.new(ConfigPassphrase.encode('utf-8')).digest() def Encrypt(self, Plaintext : str): ''' Encrypt plaintext and return corresponding ciphertext. Args: Plaintext: A string that will be encrypted. Returns: Hexlified ciphertext string. ''' plain_bytes = Plaintext.encode('utf-8') if len(plain_bytes) > 0xffffffff:
raise OverflowError(‘Plaintext is too long.’)
plain_bytes = \
len(plain_bytes).to_bytes(4, ‘little’) + \
plain_bytes + \
SHA256.new(plain_bytes).digest()
padded_plain_bytes = \
plain_bytes + \
os.urandom(AES.block_size – len(plain_bytes) % AES.block_size)
cipher = AES.new(self.Key, AES.MODE_CBC, iv = self.IV)
return cipher.encrypt(padded_plain_bytes).hex()
def Decrypt(self, Ciphertext : str):
”’
Decrypt ciphertext and return corresponding plaintext.
Args:
Ciphertext: A hex string that will be decrypted.
Returns:
Plaintext string.
”’
cipher = AES.new(self.Key, AES.MODE_CBC, iv = self.IV)
padded_plain_bytes = cipher.decrypt(bytes.fromhex(Ciphertext))
plain_bytes_length = int.from_bytes(padded_plain_bytes[0:4], ‘little’)
plain_bytes = padded_plain_bytes[4:4 + plain_bytes_length]
if len(plain_bytes) != plain_bytes_length:
raise ValueError(‘Invalid Ciphertext.’)
plain_bytes_digest = padded_plain_bytes[4 + plain_bytes_length:4 + plain_bytes_length + SHA256.digest_size]
if len(plain_bytes_digest) != SHA256.digest_size:
raise ValueError(‘Invalid Ciphertext.’)
if SHA256.new(plain_bytes).digest() != plain_bytes_digest:
raise ValueError(‘Invalid Ciphertext.’)
return plain_bytes.decode(‘utf-8’)
if __name__ == ‘__main__’:
import sys
def Help():
print(‘Usage:’)
print(‘ SecureCRTCipher.py [-v2] [-p ConfigPassphrase] ‘)
print(”)
print(‘ “enc” for encryption, “dec” for decryption.’)
print(‘ This parameter must be specified.’)
print(”)
print(‘ [-v2] Encrypt/Decrypt with “Password V2″ algorithm.’)
print(‘ This parameter is optional.’)
print(”)
print(‘ [-p ConfigPassphrase] The config passphrase that SecureCRT uses.’)
print(‘ This parameter is optional.’)
print(”)
print(‘ Plaintext string or ciphertext string.’)
print(‘ NOTICE: Ciphertext string must be a hex string.’)
print(‘ This parameter must be specified.’)
print(”)
def EncryptionRoutine(UseV2 : bool, ConfigPassphrase : str, Plaintext : str):
try:
if UseV2:
print(SecureCRTCryptoV2(ConfigPassphrase).Encrypt(Plaintext))
else:
print(SecureCRTCrypto().Encrypt(Plaintext))
return True
except:
print(‘Error: Failed to encrypt.’)
return False
def DecryptionRoutine(UseV2 : bool, ConfigPassphrase : str, Ciphertext : str):
try:
if UseV2:
print(SecureCRTCryptoV2(ConfigPassphrase).Decrypt(Ciphertext))
else:
print(SecureCRTCrypto().Decrypt(Ciphertext))
return True
except:
print(‘Error: Failed to decrypt.’)
return False
def Main(argc : int, argv : list):
if 3 < = argc and argc <= 6:
bUseV2 = False
ConfigPassphrase = ''
if argv[1].lower() == 'enc':
bEncrypt = True
elif argv[1].lower() == 'dec':
bEncrypt = False
else:
Help()
return -1
i = 2
while i < argc - 1:
if argv[i].lower() == '-v2':
bUseV2 = True
i += 1
elif argv[i].lower() == '-p' and i + 1 < argc - 1:
ConfigPassphrase = argv[i + 1]
i += 2
else:
Help()
return -1
if bUseV2 == False and len(ConfigPassphrase) != 0:
print('Error: ConfigPassphrase is not supported if "-v2" is not specified')
return -1
if bEncrypt:
return 0 if EncryptionRoutine(bUseV2, ConfigPassphrase, argv[-1]) else -1
else:
return 0 if DecryptionRoutine(bUseV2, ConfigPassphrase, argv[-1]) else -1
else:
Help()
exit(Main(len(sys.argv), sys.argv))