Skip to content

Latest commit

 

History

History
105 lines (78 loc) · 2.87 KB

README.md

File metadata and controls

105 lines (78 loc) · 2.87 KB

Reveal password encrypted by SecureCRT

1. How does it work?

how does SecureCRT encrypt password

NOTE: Wait to be updated for SecureCRT 9.4+

2. How to use?

Please make sure you have installed python3 and the module pycryptodome.

You can install the module by

$ pip3 install pycryptodome

Usage:

$ ./securecrt_cipher.py -h
usage: securecrt_cipher.py [-h] {enc,dec} ...

positional arguments:
  {enc,dec}
    enc       perform encrypt operation
    dec       perform decrypt operation

options:
  -h, --help  show this help message and exit
$ ./securecrt_cipher.py enc -h
usage: securecrt_cipher.py enc [-h] [-2] [--prefix {02,03}] [-p PASSPHRASE]
                               PASSWORD

positional arguments:
  PASSWORD              the plain password to encrypt

options:
  -h, --help            show this help message and exit
  -2, --v2              encrypt/decrypt with "Password V2" algorithm
  --prefix {02,03}      the prefix of encrypted passwords generated with
                        "Password V2" algorithm
  -p PASSPHRASE, --passphrase PASSPHRASE
                        the config passphrase that SecureCRT uses
$ ./securecrt_cipher.py dec -h
usage: securecrt_cipher.py dec [-h] [-2] [--prefix {02,03}] [-p PASSPHRASE]
                               PASSWORD

positional arguments:
  PASSWORD              the encrypted password to reveal

options:
  -h, --help            show this help message and exit
  -2, --v2              encrypt/decrypt with "Password V2" algorithm
  --prefix {02,03}      the prefix of encrypted passwords generated with
                        "Password V2" algorithm
  -p PASSPHRASE, --passphrase PASSPHRASE
                        the config passphrase that SecureCRT uses

3. Example

If you have SecureCRT session file example.com.ini looking like

S:"Username"=root
S:"Password"=
S:"Password V2"=03:7f59810d05b03f8e49b96e091dad49cb474c2e8435a5dbe53fc5d1e7aa228a8df8938cb01a7dd0c72cc361595ef5c2b675d8b2a64663776b95b065fec9b0fc36f168ffe3ae6fdedc3e1897389609536f
S:"Login Script V2"=
...

You can reveal password by

$ ./securecrt_cipher.py dec -2 --prefix 03 7f59810d05b03f8e49b96e091dad49cb474c2e8435a5dbe53fc5d1e7aa228a8df8938cb01a7dd0c72cc361595ef5c2b675d8b2a64663776b95b065fec9b0fc36f168ffe3ae6fdedc3e1897389609536f
Hypersine

If the session file is generated by SecureCRT whose version is prior to 7.3.3, the sensitive data should be

...
S:"Username"=root
D:"[SSH2] Port"=00000016
S:"Password"=uc71bd1c86f3b804e42432f53247c50d9287f410c7e59166969acab69daa6eaadbe15c0c54c0e076e945a6d82f9e13df2
D:"Session Password Saved"=00000001
...

You can reveal password by

$ ./securecrt_cipher.py dec c71bd1c86f3b804e42432f53247c50d9287f410c7e59166969acab69daa6eaadbe15c0c54c0e076e945a6d82f9e13df2
DoubleLabyrinth