| skipped 38 lines |
39 | 39 | | f"[{self.options.target_ip}] exception in do_crypt") |
40 | 40 | | self.logging.debug(ex) |
41 | 41 | | |
42 | | - | def unhex(self, s): |
43 | | - | try: |
44 | | - | s = codecs.decode(s, 'hex') |
45 | | - | except TypeError as e: |
46 | | - | if e.message == 'Odd-length string': |
47 | | - | self.logging.debug('%s . Chopping last char off... "%s"' % (e.message, s[:-1])) |
48 | | - | s = codecs.decode(s[:-1], 'hex') |
49 | | - | else: |
50 | | - | return False |
51 | | - | return s |
52 | | - | |
53 | 42 | | def reverse_vncpassword(self, hash): |
54 | 43 | | try: |
55 | | - | encpasswd = self.unhex(hash) |
| 44 | + | encpasswd = hash.hex() |
56 | 45 | | pwd = None |
57 | 46 | | if encpasswd: |
58 | 47 | | # If the hex encoded passwd length is longer than 16 hex chars and divisible |
59 | 48 | | # by 16, then we chop the passwd into blocks of 64 bits (16 hex chars) |
60 | 49 | | # (1 hex char = 4 binary bits = 1 nibble) |
61 | | - | hexpasswd = codecs.encode(encpasswd, 'hex') |
| 50 | + | hexpasswd = bytes.fromhex(encpasswd) |
62 | 51 | | if len(hexpasswd) > 16 and (len(hexpasswd) % 16) == 0: |
63 | 52 | | splitstr = self.split_len(codecs.encode(hash, 'hex'), 16) |
64 | 53 | | cryptedblocks = [] |
| skipped 1 lines |
66 | 55 | | cryptedblocks.append(self.do_crypt(codecs.decode(sblock, 'hex'), True)) |
67 | 56 | | pwd = b''.join(cryptedblocks) |
68 | 57 | | elif len(hexpasswd) <= 16: |
69 | | - | pwd = self.do_crypt(encpasswd, True) |
| 58 | + | pwd = self.do_crypt(hash, True) |
70 | 59 | | else: |
71 | | - | pwd = self.do_crypt(encpasswd, True) |
| 60 | + | pwd = self.do_crypt(hash, True) |
72 | 61 | | except Exception as ex: |
73 | 62 | | self.logging.debug(f"Exception reverse_vncpassword {hash} ") |
74 | 63 | | self.logging.debug(ex) |
| skipped 29 lines |
104 | 93 | | continue |
105 | 94 | | |
106 | 95 | | try: |
107 | | - | enc_pwd = myvalue.rstrip('\x00') |
| 96 | + | enc_pwd = myvalue.rstrip(b'\x00') |
108 | 97 | | self.logging.debug(f"[{self.options.target_ip}] Found VNC {vnc[0]} encoded password in reg {enc_pwd}") |
109 | 98 | | # enc_pwd=myvalue |
110 | 99 | | except Exception as ex: |
| skipped 109 lines |