add qiyuesuo plugin

L-codes · Sep 27, 2023 · 52b1f1a · 52b1f1a
1 parent 676ec2e
commit 52b1f1a
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 2 deletions.
diff --git a/lib/crypto.rb b/lib/crypto.rb
@@ -5,6 +5,8 @@
 #
 require 'openssl'
 require_relative 'crypto/d3des'
+require_relative 'crypto/pbe'
+require_relative 'crypto/jasypt'
 
 module Crypto
 

diff --git a/lib/crypto/jasypt.rb b/lib/crypto/jasypt.rb
@@ -0,0 +1,10 @@
+module Crypto
+module Jasypt
+
+  def self.decrypt(str, password)
+    msg = str.unpack1('m0')
+    PBE.decrypt(msg[8..-1], password, msg[0,8], 1000)
+  end
+
+end # PBE end
+end # Crypto end
diff --git a/lib/crypto/pbe.rb b/lib/crypto/pbe.rb
@@ -0,0 +1,12 @@
+module Crypto
+module PBE
+
+  def self.decrypt(str, password, salt, iter=100, algo='DES', digest='MD5')
+    pbe_des = OpenSSL::Cipher.new(algo)
+    pbe_des.decrypt
+    pbe_des.pkcs5_keyivgen password, salt, iter, digest
+    pbe_des.update(str) + ( pbe_des.final rescue '')
+  end
+
+end # PBE end
+end # Crypto end
diff --git a/lib/passwd.rb b/lib/passwd.rb
@@ -13,7 +13,7 @@ module PasswdLib
     xshell securecrt securecrt_v2 dahan_jis uportal2800 navicat11 navicat12
     flashfxp lsrunase qizhi_php seeyon_a8 h3c_imc landray_ekp d3des_vnc
     finereport zfsoft grafana trswcm mobaxterm seeyon_analyze_icloud
-    richmail signer h3c_cvm seeyon_nc finalshell interlib
+    richmail signer h3c_cvm seeyon_nc finalshell interlib qiyuesuo
   }
 
   Passwd = Struct.new(:cipher, :algos) do
@@ -68,7 +68,7 @@ def find_hash_type(passwd)
         cipher = base64_to_hex(cipher)
         algorithms += [
           :gpp, :dongao_rc4, :druid_rsa, :xshell, :xftp, :dahan_jis, :websphere, :qizhi_php, :seeyon_a8, :landray_ekp,
-          :h3c_cvm, :finalshell
+          :h3c_cvm, :finalshell, :qiyuesuo
         ]
         algorithms << :lsrunase if cipher.size <= 1024
         algorithms << :grafana if cipher.size >= 50 or (cipher.start_with?('2a') and cipher.size >= 44)
@@ -182,6 +182,10 @@ def find_hash_type(passwd)
     if cipher.size < 20 and cipher.upcase != cipher and cipher.downcase != cipher
       algorithms += [:zfsoft]
     end
+    if ( m = cipher.match /^QYS@(.*?)$/ )
+      algorithms = [:qiyuesuo]
+      cipher = base64_to_hex(m[1])
+    end
     if cipher =~ /^Encrypted(\w+.{,2})/
       algorithms = [:trswcm]
       cipher = $1.tr('.', '=')

diff --git a/plugins/qiyuesuo.rb b/plugins/qiyuesuo.rb
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# Plugin qiyuesuo
+# Author L
+#
+
+plugin 'qiyuesuo' do 
+  supported_algorithm :qiyuesuo
+
+  crack {
+    ciphertext =  [ passwd.hex2ascii ].pack 'm0'
+    plaintext = Crypto::Jasypt.decrypt(ciphertext, 'qiyuesuo@2019')
+    plaintext if plaintext.printable?
+  }
+end
+