A personal collection of scripts for decrypting various things (mainly from proprietary software).
Useful during penetration testing/red team operations for obtaining credentials for lateral movement.
Decryptor for encrypted passwords with suffx 2, such as H323 Password2 or LDAP Auth Password2.
wget https://raw.githubusercontent.com/ghettorce/decryptocollection/main/trueconf/tcs_decrypt_pass.pyusage: tcs_decrypt_pass.py [-h] [--raw] -u USERNAME cipher_text
TrueConf Server password decryptor
positional arguments:
cipher_text Encrypted value in the format "v2*timestamp*base64"
optional arguments:
-h, --help show this help message and exit
--raw Do not decode decrypted text
-u USERNAME, --username USERNAME
Salt value (user name)
> tcs_decrypt_pass.py -u user1 "v2*1673949834*F9QuNbkd3pxE+F5WQUyywQ=="
Qwerty!1Decryptor for encrypted strings such as windowsloginpassword from the PRTG Configuration.dat file.
C:\ProgramData\Paessler\PRTG Network Monitor\ (default)
wget https://raw.githubusercontent.com/ghettorce/decryptocollection/main/prtg/prtg_string_decryptor.pyusage: prtg_string_decryptor.py [-h] [--raw] {bf1,bf2,aes} ... cipher_text
PRTG string decryptor.
positional arguments:
{bf1,bf2,aes}
bf1 LockBox 2 Blowfish with Base64 encoding.
bf2 LockBox 3 Blowfish with custom Base64 alphabet.
aes OpenSSL AES256 with Base32 encoding.
cipher_text Encoded cipher text (Base32 / Base64).
optional arguments:
-h, --help show this help message and exit
--raw Do not decode decrypted text.
Cipher bf1 - found in 9.* and earlier:
> prtg_string_decryptor.py bf1 'a4wqOlR4V9Yf6VlOJBkkpQ=='
testpassCipher bf2 - found in 13.*, 15.*:
> prtg_string_decryptor.py bf2 '/P5N0Gm32nmpimNshgxE9tpuBVeBYG7P'
testpassCipher aes - found in 22.* and earlier (latest algo):
> prtg_string_decryptor.py aes --guid '{94B4CDA1-5BFC-48C9-992C-8EFB0965CACF}' '5VKX3XJFPSQWPS3NJDJHFUV5PQN54TIURCGP5UI='
testpassThe guid value is stored in the attribute of root node in PRTG Configuration.dat file.