Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import re
- import sys
- import base64
- import xml.etree.ElementTree as ET
- from hashlib import sha256
- from binascii import hexlify, unhexlify
- from Crypto.Cipher import AES
- MAGIC = "::::MAGIC::::"
- def usage():
- print "./decrypt.py <master.key> <hudson.util.Secret> <credentials.xml>"
- print " master.key can be found in $JENKINS_HOME/secrets"
- print " hudson.util.Secret can be found in $JENKINS_HOME/secrets"
- print " credentials.xml can be found in $JENKINS_HOME"
- sys.exit(0)
- def decrypt(password, k):
- p = base64.decodestring(password)
- o = AES.new(k, AES.MODE_ECB)
- x = o.decrypt(p)
- assert MAGIC in x
- return re.findall('(.*)' + MAGIC, x)[0]
- def parse_creds(creds_file):
- tree = ET.parse(creds_file)
- root = tree.getroot()
- credentials = []
- for cred in root.findall(".//com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl"):
- credentials.append((cred.find(".username").text, cred.find(".description").text, cred.find(".password").text))
- for cred in root.findall(".//org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl"):
- credentials.append((None, cred.find(".description").text, cred.find(".secret").text))
- return credentials
- def main():
- if len(sys.argv) != 4:
- usage()
- master_key = open(sys.argv[1]).read()
- hudson_secret_key = open(sys.argv[2], 'rb').read()
- hashed_master_key = sha256(master_key).digest()[:16]
- o = AES.new(hashed_master_key, AES.MODE_ECB)
- x = o.decrypt(hudson_secret_key)
- assert MAGIC in x
- k = x[:-16]
- k = k[:16]
- credentials = parse_creds(sys.argv[3])
- for (username, description, enc_password) in credentials:
- password = decrypt(enc_password, k)
- if username is None:
- print "%s:\n\t%s" % (description, password)
- else:
- print "%s:\n\tusername: %s\n\tpassword: %s" % (description, username, password)
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement