Skip to content

Instantly share code, notes, and snippets.

@edeca
Created November 7, 2018 15:09
Show Gist options
  • Save edeca/ba2404850c748f48f6511e63f8958fef to your computer and use it in GitHub Desktop.
Save edeca/ba2404850c748f48f6511e63f8958fef to your computer and use it in GitHub Desktop.
import argparse
from base64 import b64decode
from binascii import unhexlify
from Crypto.Cipher import AES
########
# Author: David Cannings
# Date: 7th November 2018
#
# Quick and dirty cpassword decryption tool, ported to Python from the
# Ruby version in this blogpost: https://pentestlab.blog/tag/cpassword/
#
# See also: https://blogs.technet.microsoft.com/ash/2014/11/10/dont-set-or-save-passwords-using-group-policy-preferences/
########
def main():
parser = argparse.ArgumentParser(description='Decrypt Active Directory cpassword data')
parser.add_argument('data', type=str, help='cpassword base64 data')
args = parser.parse_args()
key = "4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b"
key = unhexlify(key)
cipher = AES.new(key, AES.MODE_CBC, "\x00" * 16)
data = args.data
data += '=' * (-len(data) % 4)
data = b64decode(data)
plaintext = cipher.decrypt(data)
print("Password is: {}".format(plaintext))
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment