Created
August 12, 2014 17:55
-
-
Save takeshixx/b3a2068bc54e5b56c280 to your computer and use it in GitHub Desktop.
VMware vCenter Operations Manager password de/encrypter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python2 | |
# VMware vCenter Operations Manager password de/encrypter | |
# author: takeshix@adversec.com | |
from sys import argv,exit | |
from base64 import b64encode,b64decode | |
from Crypto.Cipher import AES | |
class vCopsCrypt: | |
# AES128 wrapper class with PKCS5 padding | |
BLOCK_SIZE = 16 | |
def encrypt(self): | |
cipher = AES.new(KEY,AES.MODE_CBC,IV) | |
return cipher.encrypt(self.pkcs5_pad(STRING)) | |
def decrypt(self): | |
cipher = AES.new(KEY,AES.MODE_CBC,IV) | |
return self.pkcs5_unpad(cipher.decrypt(STRING)) | |
def pkcs5_pad(self,s): | |
return s + (self.BLOCK_SIZE - len(s) % self.BLOCK_SIZE) * chr(self.BLOCK_SIZE - len(s) % self.BLOCK_SIZE) | |
def pkcs5_unpad(self,s): | |
return s[0:-ord(s[-1])] | |
if __name__ == "__main__": | |
if len(argv) is not 4: | |
print '{} [enc|dec] [key] [plaintext|ciphertext]'.format(argv[0]) | |
print '' | |
print 'Default location of key: /usr/lib/vmware-vcops/user/conf/key.txt' | |
exit(1) | |
MODE = argv[1] | |
KEY = argv[2] | |
STRING = argv[3] | |
# The 16 byte key is used as IV for CBC operations | |
IV = KEY | |
# vCops generates 16 bytes keys on first boot | |
if len(KEY) is not 16: | |
print 'Invalid key length' | |
exit(1) | |
# Remove trailing @ from encrypted passwords | |
if STRING.endswith('@'): | |
STRING = STRING[:-1] | |
c = vCopsCrypt() | |
if MODE == 'enc': | |
ciphertext = c.encrypt() | |
print b64encode(ciphertext) | |
elif MODE == 'dec': | |
try: | |
STRING = b64decode(STRING) | |
except TypeError: | |
print 'Not a valid base64 string' | |
exit(1) | |
plaintext = c.decrypt() | |
print plaintext | |
else: | |
print 'Invalid mode: {}'.format(MODE) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment