Light

t0thkr1s / gpp-decrypt Goto Github PK

View Code? Open in Web Editor NEW

63.0 2.0 10.0 24 KB

Tool to parse the Group Policy Preferences XML file which extracts the username and decrypts the cpassword attribute.

Home Page: https://medium.com/infosec-adventures

License: GNU General Public License v3.0

Python 96.02% Dockerfile 3.98%

cpassword python3 active-directory decryption gpp-decrypt group-policy cpassword-attribute parse decrypts extracts

gpp-decrypt's Introduction

gpp-decrypt

Note: The idea is heavily based on this project: https://github.com/BustedSec/gpp-decrypt

This tool is written in Python 3 to parse the Group Policy Preferences XML file which extracts the username and decrypts the cpassword attribute.

Download

git clone https://github.com/t0thkr1s/gpp-decrypt

Install

The script has only 2 dependencies:

You can install these by typing:

python3 setup.py install

Run

python3 gpp-decrypt.py -f [groups.xml]

or

python3 gpp-decrypt.py -c [cpassword]

Screenshot

Disclaimer

This tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this tool and software.

License

This project is licensed under the GPLv3 License - see the LICENSE file for details

gpp-decrypt's People

Contributors

Stargazers

Watchers

Forkers

3453-315h maxime-turcotte mohinparamasivam offsecop oxdbxkxo jir777 yellephen nicholas-long marcostolosa

gpp-decrypt's Issues

Please don't clear the screen

Would be better if you didn't clear the console when you launch your tool. Often have a lot of history that I refer back to in my console.

PyCrypto/Python3.10 breaking change leads to error

[~/Documents/ctf/htb/active]$ gpp-decrypt -f Groups.xml

                               __                                __ 
  ___ _   ___    ___  ____ ___/ / ___  ____  ____  __ __   ___  / /_
 / _ `/  / _ \  / _ \/___// _  / / -_)/ __/ / __/ / // /  / _ \/ __/
 \_, /  / .__/ / .__/     \_,_/  \__/ \__/ /_/    \_, /  / .__/\__/ 
/___/  /_/    /_/                                /___/  /_/         

[ * ] Username: active.htb\SVC_TGS
Traceback (most recent call last):
  File "/usr/local/bin/gpp-decrypt", line 69, in <module>
    main()
  File "/usr/local/bin/gpp-decrypt", line 60, in main
    print(success + 'Password: ' + decrypt(cpass))
  File "/usr/local/bin/gpp-decrypt", line 29, in decrypt
    aes = AES.new(key, AES.MODE_CBC, iv)
  File "/home/lau/.local/lib/python3.10/site-packages/Crypto/Cipher/AES.py", line 95, in new
    return AESCipher(key, *args, **kwargs)
  File "/home/lau/.local/lib/python3.10/site-packages/Crypto/Cipher/AES.py", line 59, in __init__
    blockalgo.BlockAlgo.__init__(self, _AES, key, *args, **kwargs)
  File "/home/lau/.local/lib/python3.10/site-packages/Crypto/Cipher/blockalgo.py", line 141, in __init__
    self._cipher = factory.new(key, *args, **kwargs)
SystemError: PY_SSIZE_T_CLEAN macro must be defined for '#' formats

Versions:

Python 3.10.4
pycrypto 2.6.1
gpp-decrypt most recent

IV interpreted as str

Hi !

First of all, I wanted to thank you for the tool.

My problem

When using it, the code didn't work and I didn't understand why. I had this error:

TypeError: Object type <class 'str'> cannot be passed to C code

After some testing on my side of the code, I discover the line: aes = AES.new(key, AES.MODE_CBC, iv) was the problem.
Indeed, the notation: iv = '\x00' * 16 can be confusing for python and was interpreted as string. (I am using Python 3.10.5)

The new code would be iv = b'\x00' * 16 and it solves the problem.

Regards

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.