forked from nettitude/PoshC2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcookie_decrypter.py
52 lines (38 loc) · 1.52 KB
/
cookie_decrypter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python3
import re
import sys
from poshc2 import Colours
from poshc2.server.Core import decrypt
from poshc2.server.database.Helpers import select_first
from poshc2.server.database.Model import C2Server
def decrypt_and_print(key, encrypted):
try:
decrypted = decrypt(key, encrypted)
print(f"{Colours.GREEN}[+] Success with key {key}\n\t{decrypted}")
sys.exit(0)
except Exception:
print(f"{Colours.RED}[-] Failed decrypt with key: {key}{Colours.END}")
def main():
if len(sys.argv) != 2:
print("Usage: From pipenv shell in PoshC2 directory -> python3 cookie-decrypter.py <path/to/sec.log>")
print("Usage: From pipenv shell in PoshC2 directory -> python3 cookie-decrypter.py <cookie value>")
sys.exit(0)
key = select_first(C2Server.encryption_key)
if not key:
print(f"{Colours.RED}[-] Could not get key from database{Colours.END}")
sys.exit(1)
arg = sys.argv[1]
try:
log_file = open(arg, "r")
print(f"[*] Checking file {arg}")
for line in log_file:
if re.search("SessionID", line):
encrypted = line.split("SessionID=")[1]
decrypt_and_print(key, encrypted)
print(f"{Colours.RED}[-] Failed to find and decrypt cookie{Colours.END}")
except Exception:
print(f"[*] Decrypting cookie value {arg}")
decrypt_and_print(key, arg)
print(f"{Colours.RED}[-] Failed to decrypt cookie value{Colours.END}")
if __name__ == "__main__":
main()