--------------------------------------------------------------------------------------------------------------------------------- | Sophos Enterprise Console username/password deobfuscator 03/12/18 | | | | Author: Joshua Coleman | | Usage: ruby sophos_deobfuscate.rb | | | | ObfuscationUtil.exe is a tool provided by Sophos to obfuscate administrator account credentials: | | ObfuscationUtil.exe --obfuscate -w | | ObfuscationUtil.exe --obfuscate -w | | | | "Where and are the username and password that are needed to obfuscate. | | These credentials should have administrator privileges to access the files in the CID." | | - https://community.sophos.com/kb/en-us/13094 | | | | Sidenote: The -w flag is optional and outputs the obfuscated data as a wstring. | | Each character is of type wchar_t - it's size is compiler-dependent. | | 8, 16, or 32 bits - signed or unsigned. | | | | This tool is able to deobfuscate obfuscated strings (standard or wide) generated by SEC's ObfuscationUtil.exe. | | | | Usage example: | | -------------------------------------------------------------------------------------------------------------------- | | | [josh@poseidon]> awk 'NF > 1 {print $4}' obfuscated_password.txt | | | | Bwg09ImSa/lhAgB3NzKRnrBY1aU5eQFHQTursgQOjutmYw== | | | | | | | | [josh@poseidon]> ruby sophos_deobfuscate.rb 'Bwg09ImSa/lhAgB3NzKRnrBY1aU5eQFHQTursgQOjutmYw==' | | | | Data: 00773732919eb058d5a539790147413babb2040e8eeb6663 | | | | Password (KDF): 5644b2629112c5facfd15923e8f097493b73455eae613454485bc61f785f0008b340fc34e05ad98b71aed70dab3e97c9 | | | | Salt: 34f489926bf96102 | | | | Key: 2d56cd87125373fab364c2df196cf29a05e4c8f1a1c99ada | | | | IV: 3e4f6d9aa6069a61 | | | | | | | | Deobfuscated: ReallyGoodPassword | | | -------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------
jjc224/Sophos-Deobfuscator
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
About
Sophos Enterprise Console username/password (ObfuscationUtil.exe) deobfuscator
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published