HyperSine/how-does-MobaXterm-encrypt-password HyperSine/how-does-MobaXterm-encrypt-password

  • Stars
    star
    288
  • Rank 143,818 (Top 3 %)
  • Language
    Python
  • Created almost 5 years ago
  • Updated about 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
HyperSine/how-does-MobaXterm-encrypt-password
github

HyperSine

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This repo offers a tool to reveal password encrypted by MobaXterm.

Reveal password encrypted by MobaXterm

1. How does it work?

See here

2. How to use?

  • Make sure you have Python3 and have pycryptodome installed.
Usage:
    MobaXtermCipher.py <enc|dec> [-sysh sys_hostname] [-sysu sys_username]
                                 <-h conn_hostname> <-u conn_username>
                                 <plaintext|ciphertext>

    MobaXtermCipher.py <enc|dec> <-sp SessionP> <plaintext|ciphertext>

    MobaXtermCipher.py <enc|dec> <-p master_password> <plaintext|ciphertext>

        <enc|dec>                "enc" for encryption, "dec" for decryption.
                                 This parameter must be specified.

        [-sysh sys_hostname]     Hostname of system where MobaXterm runs.
                                 This parameter is optional. If not specified, use current system hostname.

        [-sysu sys_username]     Username of system where MobaXterm runs.
                                 This parameter is optional. If not specified, use current system username.

        <-h conn_hostname>       Hostname of MobaXterm connection config.
                                 This parameter must be specified.

        <-u conn_username>       Username of MobaXterm connection config.
                                 This parameter must be specified.

        <-sp SessionP>           The value `SessionP` stored in key HKCU\Software\Mobatek\MobaXterm
                                 This parameter must be specified.

        <-p master_password>     The master password set in MobaXterm.
                                 This parameter must be specified.

        <plaintext|ciphertext>   Plaintext string or ciphertext string.
                                 This parameter must be specified.

Usage:
    ShowMobaXterm.py [master_password]

        [master_password]        The master password set in MobaXterm.
                                 This parameter is optional, 
                                 but must be specified if you set a master password in MobaXterm.

3. Example:

MobaXterm will save passwords and credentials in:

Type Registry Path
Credentials HKEY_CURRENT_USER\Software\Mobatek\MobaXterm\C
Passwords HKEY_CURRENT_USER\Software\Mobatek\MobaXterm\P

If you have NOT set a master password in MobaXterm:

  1. Credentials would look like:

    Name             Type        Data
example.com      REG_SZ      root:bSj4VWbHezNH3tTY9Nil2RzJX57p7/S6KqMw8VsiT/WH+I8p03pqnInAu

    You can reveal credential by:

    $ ./MobaXtermCipher.py dec -sp 165821882556840 bSj4VWbHezNH3tTY9Nil2RzJX57p7/S6KqMw8VsiT/WH+I8p03pqnInAu
HyperSine

    where 165821882556840 is the value SessionP stored in HKCU\Software\Mobatek\MobaXterm. Please modify it based on you environment.

  2. Password would look like:

    Name                         Type        Data
ssh22:[email protected]     REG_SZ      F0+wuBvbe9qPW6ypiOeYHTHhKdShRc/nXaM1Ky1jeTfw46TzQoSesX9buGm0WW36yP4lhH70ZCHZpEo4wLJhIl1

    You can reveal password by:

    $ ./MobaXtermCipher.py dec -sysh ShadowSurface -sysu DoubleSine -h 45.32.110.171 -u root F0+wuBvbe9qPW6ypiOeYHTHhKdShRc/nXaM1Ky1jeTfw46TzQoSesX9buGm0WW36yP4lhH70ZCHZpEo4wLJhIl1
Lw3+cZ2s.w@U@f]U

    where ShadowSurface is my computer hostname and DoubleSine is my computer username.

    If the password is stored on your computer, -sysh and -sysu can be omitted.

    By the way, the example I give is a real SSH connection. But don't be happy too early, I've already delete that server.

  3. All credentials and passwords can be revealed by ShowMobaXterm.py:

    $ ShowMobaXterm.py 12345678
------------------Credentials-------------------
[*] Name:     example.com
[*] Username: root
[*] Password: HyperSine

-------------------Passwords--------------------
[*] Name:     ssh22:[email protected]
[*] Password: Lw3+cZ2s.w@U@f]U

[*] Name:     [email protected]
[*] Password: Lw3+cZ2s.w@U@f]U

If you have set a master password in MobaXterm:

  1. Credentials would look like:

    Name             Type        Data
example.com      REG_SZ      root:0XROpGmLAYVx

    You can reveal credential by:

    $ ./MobaXtermCipher.py dec -p 12345678 0XROpGmLAYVx
HyperSine

    where 12345678 is the master password you set.

  2. Password would look like:

    Name                         Type        Data
ssh22:[email protected]     REG_SZ      1du11XKQBOxud/FWh4ouWA==

    You can reveal password by:

    $ ./MobaXtermCipher.py dec -p 12345678 1du11XKQBOxud/FWh4ouWA==
Lw3+cZ2s.w@U@f]U

    where 12345678 is the master password you set.

  3. All credentials and passwords can be revealed by ShowMobaXterm.py:

    $ ShowMobaXterm.py 12345678
------------------Credentials-------------------
[*] Name:     example.com
[*] Username: root
[*] Password: HyperSine

-------------------Passwords--------------------
[*] Name:     ssh22:[email protected]
[*] Password: Lw3+cZ2s.w@U@f]U

[*] Name:     [email protected]
[*] Password: Lw3+cZ2s.w@U@f]U

    where 12345678 is the master password you set.

More Repositories

1

Windows10-CustomKernelSigners

Load self-signed drivers without TestSigning or disable DSE. Transferred from https://github.com/DoubleLabyrinth/Windows10-CustomKernelSigners
C++
659
star
2

how-does-navicat-encrypt-password

Transferred from https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password
C
589
star
3

forensic-qqtoken

QQๅฎ‰ๅ…จไธญๅฟƒ - ๅŠจๆ€ๅฃไปค็š„็”Ÿๆˆ็ฎ—ๆณ•
Python
333
star
4

how-does-Xmanager-encrypt-password

This is a repo to tell you how Xmanager (XFtp, XShell) encrypt password. Transferred from https://github.com/DoubleLabyrinth/how-does-Xmanager-encrypt-password
Python
273
star
5

how-does-SecureCRT-encrypt-password

Transferred from https://github.com/DoubleLabyrinth/how-does-SecureCRT-encrypt-password
Python
267
star
6

SdoKeyCrypt-sys-local-privilege-elevation

CVE-2019-9729. Transferred from https://github.com/DoubleLabyrinth/SdoKeyCrypt-sys-local-privilege-elevation
C++
83
star
7

siren-hypervisor

C++
36
star
8

WindowsSudo

A linux-like su/sudo on Windows. Transferred from https://github.com/DoubleLabyrinth/WindowsSudo.
C
35
star
9

pwnable.tw

Write-ups about challenges in https://pwnable.tw. Transferred from https://github.com/DoubleLabyrinth/pwnable.tw
Python
24
star
10

mingw-w64-build

Scripts to build MinGW-w64 toolchain.
Shell
16
star
11

ZZMS

Source code for ZZMS. Transferred from https://github.com/DoubleLabyrinth/ZZMS
Java
15
star
12

ida-rpyc

An IDA plugin that allows you call IDA python APIs from remote.
Python
11
star
13

SecurityDescriptorHelper

Transferred from https://github.com/DoubleLabyrinth/SecurityDescriptorHelper
C++
10
star
14

how-does-RoyalTS-encrypt-password

This repo offers a tool to reveal password encrypted by Royal TS.
Python
10
star
15

accel-crypto

My personal cryptography library. Transferred from https://github.com/DoubleLabyrinth/accel-crypto
C++
9
star
16

ida-skin-default-hd

CSS
6
star
17

cmdchallenge.com

Solutions for challenges in https://cmdchallenge.com. Transferred from https://github.com/DoubleLabyrinth/cmdchallenge.com
3
star
18

my-certificate

This repo contains my GPG public key.
3
star
19

github-actions-builds

3
star
20

vmgs-utils

A python package that helps you edit Hyper-V's VMGS file.
C++
2
star
21

vpn-setup

2
star
22

pyllvm

A Python binding for LLVM.
C++
2
star
23

jbigkit-py

A Python binding library to jbigkit.
C++
1
star
24

ollvm-deobfuscate-preview

A preview of aarch64 ollvm deobfuscate. DO NOT START OR FORK THIS REPO!
1
star
25

lift-lockdown

C
1
star
26

scdemu-sys-local-privilege-elevation

Python
1
star