Skip to content

Instantly share code, notes, and snippets.

@takeshixx
Created August 12, 2014 17:55
Show Gist options
  • Save takeshixx/b3a2068bc54e5b56c280 to your computer and use it in GitHub Desktop.
Save takeshixx/b3a2068bc54e5b56c280 to your computer and use it in GitHub Desktop.
VMware vCenter Operations Manager password de/encrypter
#!/usr/bin/env python2
# VMware vCenter Operations Manager password de/encrypter
# author: takeshix@adversec.com
from sys import argv,exit
from base64 import b64encode,b64decode
from Crypto.Cipher import AES
class vCopsCrypt:
# AES128 wrapper class with PKCS5 padding
BLOCK_SIZE = 16
def encrypt(self):
cipher = AES.new(KEY,AES.MODE_CBC,IV)
return cipher.encrypt(self.pkcs5_pad(STRING))
def decrypt(self):
cipher = AES.new(KEY,AES.MODE_CBC,IV)
return self.pkcs5_unpad(cipher.decrypt(STRING))
def pkcs5_pad(self,s):
return s + (self.BLOCK_SIZE - len(s) % self.BLOCK_SIZE) * chr(self.BLOCK_SIZE - len(s) % self.BLOCK_SIZE)
def pkcs5_unpad(self,s):
return s[0:-ord(s[-1])]
if __name__ == "__main__":
if len(argv) is not 4:
print '{} [enc|dec] [key] [plaintext|ciphertext]'.format(argv[0])
print ''
print 'Default location of key: /usr/lib/vmware-vcops/user/conf/key.txt'
exit(1)
MODE = argv[1]
KEY = argv[2]
STRING = argv[3]
# The 16 byte key is used as IV for CBC operations
IV = KEY
# vCops generates 16 bytes keys on first boot
if len(KEY) is not 16:
print 'Invalid key length'
exit(1)
# Remove trailing @ from encrypted passwords
if STRING.endswith('@'):
STRING = STRING[:-1]
c = vCopsCrypt()
if MODE == 'enc':
ciphertext = c.encrypt()
print b64encode(ciphertext)
elif MODE == 'dec':
try:
STRING = b64decode(STRING)
except TypeError:
print 'Not a valid base64 string'
exit(1)
plaintext = c.decrypt()
print plaintext
else:
print 'Invalid mode: {}'.format(MODE)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment