Merge pull request #11 from Th3l5D/main

fix VNC gathering and decrypt
login-securite · Oct 14, 2021 · fd12ca2 · fd12ca2
2 parents da983b1 + d750665
commit fd12ca2
Showing 1 changed file with 5 additions and 16 deletions.
diff --git a/software/sysadmin/vnc.py b/software/sysadmin/vnc.py
@@ -39,36 +39,25 @@ def do_crypt(self, password, decrypt):
                 f"[{self.options.target_ip}] exception in do_crypt")
             self.logging.debug(ex)
 
-    def unhex(self, s):
-        try:
-            s = codecs.decode(s, 'hex')
-        except TypeError as e:
-            if e.message == 'Odd-length string':
-                self.logging.debug('%s . Chopping last char off... "%s"' % (e.message, s[:-1]))
-                s = codecs.decode(s[:-1], 'hex')
-            else:
-                return False
-        return s
-
     def reverse_vncpassword(self, hash):
         try:
-            encpasswd = self.unhex(hash)
+            encpasswd = hash.hex()
             pwd = None
             if encpasswd:
                 # If the hex encoded passwd length is longer than 16 hex chars and divisible
                 # by 16, then we chop the passwd into blocks of 64 bits (16 hex chars)
                 # (1 hex char = 4 binary bits = 1 nibble)
-                hexpasswd = codecs.encode(encpasswd, 'hex')
+                hexpasswd = bytes.fromhex(encpasswd)
                 if len(hexpasswd) > 16 and (len(hexpasswd) % 16) == 0:
                     splitstr = self.split_len(codecs.encode(hash, 'hex'), 16)
                     cryptedblocks = []
                     for sblock in splitstr:
                         cryptedblocks.append(self.do_crypt(codecs.decode(sblock, 'hex'), True))
                         pwd = b''.join(cryptedblocks)
                 elif len(hexpasswd) <= 16:
-                    pwd = self.do_crypt(encpasswd, True)
+                    pwd = self.do_crypt(hash, True)
                 else:
-                    pwd = self.do_crypt(encpasswd, True)
+                    pwd = self.do_crypt(hash, True)
         except Exception as ex:
             self.logging.debug(f"Exception reverse_vncpassword {hash} ")
             self.logging.debug(ex)
@@ -104,7 +93,7 @@ def vnc_from_registry(self):
                 continue
 
             try:
-                enc_pwd = myvalue.rstrip('\x00')
+                enc_pwd = myvalue.rstrip(b'\x00')
                 self.logging.debug(f"[{self.options.target_ip}] Found VNC {vnc[0]} encoded password in reg {enc_pwd}")
                 # enc_pwd=myvalue
             except Exception as ex: