Home Explore Help
Register Sign In
caner
/
wscp-pwd
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8e48f9b1a0
Branches Tags
wscp-pwd
/
main.go

main.go 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178 
  1. package main
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"log"
    6. 

  6. 	"net/url"
    7. 

  7. 	"os"
    8. 

  8. 	"os/user"
    9. 

  9. 	"runtime"
    10. 

  10. 	"strconv"
    11. 

  11. 	"strings"
    12. 

  12. 

  13. 	"gopkg.in/ini.v1"
    14. 

  14. )
    15. 

  15. 

  16. // WinSCP password encryption/decryption salts.
    17. 

  17. const (
    18. 

  18. 	PasswordMagic = 0xA3
    19. 

  19. 	PasswordFlag  = 0xFF
    20. 

  20. )
    21. 

  21. 

  22. func main() {
    23. 

  23. 	args := os.Args[1:]
    24. 

  24. 	if len(args) != 3 && len(args) != 2 {
    25. 

  25. 		// In case provided arguments doesn't match the
    26. 

  26. 		// application usage, print application usage message.
    27. 

  27. 		PrintHelp()
    28. 

  28. 		return
    29. 

  29. 	}
    30. 

  30. 

  31. 	if args[0] == "ini" {
    32. 

  32. 		// In case 'ini' argument was provided,
    33. 

  33. 		// start the decryption of ini file.
    34. 

  34. 		var iniPath string
    35. 

  35. 		if len(args) == 2 {
    36. 

  36. 			iniPath = args[1]
    37. 

  37. 		} else {
    38. 

  38. 			iniPath = GetDefaultWinSCPIniFilePath()
    39. 

  39. 		}
    40. 

  40. 		DecryptIni(iniPath)
    41. 

  41. 		return
    42. 

  42. 	}
    43. 

  43. 

  44. 	// In case any argument matches a different operation,
    45. 

  45. 	// perform the default decryption operation.
    46. 

  46. 	fmt.Println(Decrypt(args[0], args[1], args[2]))
    47. 

  47. }
    48. 

  48. 

  49. // PrintHelp prints a help message with instructions about the application usage.
    50. 

  50. func PrintHelp() {
    51. 

  51. 	fmt.Println("WinSCP stored password finder")
    52. 

  52. 

  53. 	// WinSCP's password manual decryption mode.
    54. 

  54. 	if runtime.GOOS == "windows" {
    55. 

  55. 		fmt.Println("Registry:")
    56. 

  56. 		fmt.Println("  Open regedit and navigate to [HKEY_CURRENT_USER\\Software\\Martin Prikryl\\WinSCP 2\\Sessions] to get the hostname, username and encrypted password")
    57. 

  57. 		fmt.Println("  Usage winscppasswd.exe <host> <username> <encrypted_password>")
    58. 

  58. 	} else {
    59. 

  59. 		fmt.Println("  Usage ./winscppasswd <host> <username> <encrypted_password>")
    60. 

  60. 	}
    61. 

  61. 

  62. 	// WinSCP's ini file mode.
    63. 

  63. 	fmt.Println("\nWinSCP.ini:")
    64. 

  64. 	if runtime.GOOS == "windows" {
    65. 

  65. 		fmt.Println("  Usage winscppasswd.exe ini [<filepath>]")
    66. 

  66. 		fmt.Printf("  Default value <filepath>: %s\n", GetDefaultWinSCPIniFilePath())
    67. 

  67. 	} else {
    68. 

  68. 		fmt.Println("  Usage ./winscppasswd ini [<filepath>]")
    69. 

  69. 	}
    70. 

  70. }
    71. 

  71. 

  72. // GetDefaultWinSCPIniFilePath obtains default WinSCP configuration file.
    73. 

  73. func GetDefaultWinSCPIniFilePath() string {
    74. 

  74. 	usr, err := user.Current()
    75. 

  75. 	if err != nil {
    76. 

  76. 		log.Fatal(err)
    77. 

  77. 	}
    78. 

  78. 	return usr.HomeDir + "\\AppData\\Roaming\\winSCP.ini"
    79. 

  79. }
    80. 

  80. 

  81. // DecryptIni decrypts all entries from a WinSCP's ini file.
    82. 

  82. func DecryptIni(filepath string) {
    83. 

  83. 	cfg, err := ini.InsensitiveLoad(filepath)
    84. 

  84. 	if err != nil {
    85. 

  85. 		panic(err)
    86. 

  86. 	}
    87. 

  87. 

  88. 	// Print every entry of the configuration that has password field.
    89. 

  89. 	for _, c := range cfg.Sections() {
    90. 

  90. 		if c.HasKey("Password") {
    91. 

  91. 			name, _ := url.PathUnescape(strings.TrimPrefix(c.Name(), "sessions\\"))
    92. 

  92. 			fmt.Printf("%s\n", name)
    93. 

  93. 			fmt.Printf("  Hostname: %s\n", c.Key("HostName").Value())
    94. 

  94. 			fmt.Printf("  Username: %s\n", c.Key("UserName").Value())
    95. 

  95. 			fmt.Printf("  Password: %s\n", Decrypt(c.Key("HostName").Value(), c.Key("UserName").Value(), c.Key("Password").Value()))
    96. 

  96. 			fmt.Println("========================")
    97. 

  97. 		}
    98. 

  98. 	}
    99. 

  99. 

  100. }
    101. 

  101. 

  102. // Decrypt decripts a specific server password.
    103. 

  103. func Decrypt(host, username, password string) string {
    104. 

  104. 	// Build 'encryptedPasswordBytes' variable.
    105. 

  105. 	encryptedPasswordBytes := GetCryptedPasswordBytes(password)
    106. 

  106. 

  107. 	// Extract 'flag' and 'cryptedPasswordlength' variables
    108. 

  108. 	flag, encryptedPasswordBytes := DecryptNextCharacter(encryptedPasswordBytes) // decryptNextCharacter alters the encryptedPasswordBytes variable to remove already parsed characters.
    109. 

  109. 	cryptedPasswordlength, encryptedPasswordBytes := GetCryptedPasswordLength(flag, encryptedPasswordBytes)
    110. 

  110. 

  111. 	// Build 'clearpass' variable
    112. 

  112. 	clearpass := GetPassword(cryptedPasswordlength, encryptedPasswordBytes)
    113. 

  113. 

  114. 	// Apply correction to the 'clearpass' variable.
    115. 

  115. 	if flag == PasswordFlag {
    116. 

  116. 		// The clearpass will contians the username, host and password.
    117. 

  117. 		// Substring username and host from the result password.
    118. 

  118. 		key := username + host
    119. 

  119. 		clearpass = clearpass[len(key):]
    120. 

  120. 	}
    121. 

  121. 	return clearpass
    122. 

  122. }
    123. 

  123. 

  124. // GetCryptedPasswordBytes obtains the crypted password byte array.
    125. 

  125. func GetCryptedPasswordBytes(password string) []byte {
    126. 

  126. 	encryptedPasswordBytes := []byte{}
    127. 

  127. 	for i := 0; i < len(password); i++ {
    128. 

  128. 		val, _ := strconv.ParseInt(string(password[i]), 16, 8)
    129. 

  129. 		encryptedPasswordBytes = append(encryptedPasswordBytes, byte(val))
    130. 

  130. 	}
    131. 

  131. 	return encryptedPasswordBytes
    132. 

  132. }
    133. 

  133. 

  134. // GetCryptedPasswordLength obtains crypted password length from crypted password byte array.
    135. 

  135. func GetCryptedPasswordLength(flag byte, encryptedPasswordBytes []byte) (byte, []byte) {
    136. 

  136. 	var cryptedPasswordlength byte = 0
    137. 

  137. 	if flag == PasswordFlag {
    138. 

  138. 		_, encryptedPasswordBytes = DecryptNextCharacter(encryptedPasswordBytes)                     // Ignore two characters of the encryptedPasswordBytes.
    139. 

  139. 		cryptedPasswordlength, encryptedPasswordBytes = DecryptNextCharacter(encryptedPasswordBytes) // decryptNextCharacter alters the encryptedPasswordBytes variable to remove already parsed characters.
    140. 

  140. 	} else {
    141. 

  141. 		cryptedPasswordlength = flag
    142. 

  142. 	}
    143. 

  143. 	toBeDeleted, encryptedPasswordBytes := DecryptNextCharacter(encryptedPasswordBytes) // decryptNextCharacter alters the encryptedPasswordBytes variable to remove already parsed characters.
    144. 

  144. 	encryptedPasswordBytes = encryptedPasswordBytes[toBeDeleted*2:]
    145. 

  145. 	return cryptedPasswordlength, encryptedPasswordBytes
    146. 

  146. }
    147. 

  147. 

  148. // GetPassword obtains clear password from crypted password byte array
    149. 

  149. func GetPassword(cryptedPasswordlength byte, encryptedPasswordBytes []byte) string {
    150. 

  150. 	var i, character byte
    151. 

  151. 	var decryptedPassword string
    152. 

  152. 

  153. 	for i = 0; i < cryptedPasswordlength; i++ {
    154. 

  154. 		character, encryptedPasswordBytes = DecryptNextCharacter(encryptedPasswordBytes) // decryptNextCharacter alters the encryptedPasswordBytes variable to remove already parsed characters.
    155. 

  155. 		decryptedPassword += string(character)                                           // Add decrypted character to the result variable.
    156. 

  156. 	}
    157. 

  157. 	return decryptedPassword
    158. 

  158. }
    159. 

  159. 

  160. // DecryptNextCharacter decrypts next character from byte array.
    161. 

  161. // Alters the byte array to remove already parsed bytes.
    162. 

  162. func DecryptNextCharacter(encryptedPasswordBytes []byte) (byte, []byte) {
    163. 

  163. 	if len(encryptedPasswordBytes) <= 0 {
    164. 

  164. 		// In case encryptedPasswordBytes param was empty,
    165. 

  165. 		// stop the flow here returning '0'.
    166. 

  166. 		return 0, encryptedPasswordBytes
    167. 

  167. 	}
    168. 

  168. 

  169. 	a := encryptedPasswordBytes[0]                      // Obtain first character to parse.
    170. 

  170. 	b := encryptedPasswordBytes[1]                      // Obtain second character to parse.
    171. 

  171. 	encryptedPasswordBytes = encryptedPasswordBytes[2:] // Remove already parsed characters.
    172. 

  172. 	return DecryptCharacter(a, b), encryptedPasswordBytes
    173. 

  173. }
    174. 

  174. 

  175. // DecryptCharacter decrypts character from two bytes.
    176. 

  176. func DecryptCharacter(a, b byte) byte {
    177. 

  177. 	return ^(((a << 4) + b) ^ PasswordMagic) & PasswordFlag
    178. 

  178. }
    179.