From 1ba90750c033848943e7ba266c637f20b91390d8 Mon Sep 17 00:00:00 2001
From: Scott Sutherland <nullbind@users.noreply.github.com>
Date: Sun, 6 Oct 2024 21:04:16 -0500
Subject: [PATCH] Create parser-dbvisxml.ps1

---
 Scripts/ConfigParsers/parser-dbvisxml.ps1 | 148 ++++++++++++++++++++++
 1 file changed, 148 insertions(+)
 create mode 100644 Scripts/ConfigParsers/parser-dbvisxml.ps1

diff --git a/Scripts/ConfigParsers/parser-dbvisxml.ps1 b/Scripts/ConfigParsers/parser-dbvisxml.ps1
new file mode 100644
index 0000000..66c5dfe
--- /dev/null
+++ b/Scripts/ConfigParsers/parser-dbvisxml.ps1
@@ -0,0 +1,148 @@
+
+# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind)
+# Intended input: dbvis.xml files
+
+function Get-PwDbvisxml{
+    param (
+        [string]$ComputerName = $null,   # Optional
+        [string]$ShareName    = $null,   # Optional
+        [string]$UncFilePath  = $null,   # Optional
+        [string]$FileName     = $null,   # Optional
+        [string]$FilePath                # Required
+    )
+
+    # Parameters for password decryption
+    $password = "qinda"  # hard-coded key
+    $iterations = 10
+    $salt = [byte[]]@(142, 18, 57, 156, 7, 114, 111, 90)
+
+    # Create the key and cipher for PBEWithMD5AndDES
+    $spec = New-Object System.Security.Cryptography.Rfc2898DeriveBytes($password, $salt, $iterations)
+    $key = $spec.GetBytes(8) # DES key size is 8 bytes
+    $des = New-Object System.Security.Cryptography.DESCryptoServiceProvider
+    $des.Key = $key
+    $des.IV = $salt[0..7]
+    $des.Padding = 'PKCS7'
+
+    # Decrypt Function
+    function Decrypt-Pw ($encryptedText) {
+        $encryptedBytes = [Convert]::FromBase64String($encryptedText)
+        $decryptor = $des.CreateDecryptor()
+        $decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length)
+        return [System.Text.Encoding]::UTF8.GetString($decryptedBytes)
+    }
+
+    # Load and parse dbvis.xml
+    [xml]$xml = Get-Content -Path $FilePath
+
+    # Extract connection details
+    $connectionNode = $xml.dbvis.connections.connection
+
+    # Extract required fields
+    $targetServer = $connectionNode.url -replace 'jdbc:mysql://([^:/]+).*','$1'
+    $targetPort = $connectionNode.url -replace '.*:(\d+)/.*','$1'
+    $username = $connectionNode.user
+    $passwordEnc = $connectionNode.password
+    $decryptedPassword = Decrypt-Pw -encryptedText $passwordEnc
+
+    # Return result object
+    return [PSCustomObject]@{
+        ComputerName = $ComputerName
+        ShareName    = $ShareName
+        UncFilePath  = $UncFilePath
+        FileName     = $FileName
+        Section      = "remmina_pref"
+        ObjectName   = "Remmina Configuration"
+        TargetURL    = "NA"
+        TargetServer = $targetServer
+        TargetPort   = $targetPort
+        Database     = "NA"
+        Domain       = "NA"
+        Username     = $username
+        Password     = $decryptedPassword
+        PasswordEnc  = $passwordEnc
+        KeyFilePath  = "NA"
+    }
+}
+
+# Example command
+# Get-PwDbvisxml -ComputerName "MyComputer" -ShareName "MyShare" -UncFilePath "\\MyComputer\MyShare\dbvis.xml" -FileName "dbvis.xml" -FilePath "C:\temp\dbvis.xml"
+
+<# Sample dbvis.xml
+
+<dbvis>
+    <connections>
+        <connection>
+            <name>MyDatabaseConnection</name>
+            <url>jdbc:mysql://localhost:3306/mydatabase</url>
+            <user>db_user</user>
+            <password>+mQwYxIFaEjZ/MWJDkm1SCWhHw7xPXWd</password> <!-- Encrypted using DES with default key or a master password -->
+            <driver>com.mysql.jdbc.Driver</driver>
+        </connection>
+    </connections>
+</dbvis>
+
+#>
+
+<# Bonus encryption and decryption functions
+
+# Parameters
+$password = "qinda"
+$iterations = 10
+$salt = [byte[]]@(142, 18, 57, 156, 7, 114, 111, 90)
+
+# Create the key and cipher for PBEWithMD5AndDES
+$keyBytes = [System.Text.Encoding]::UTF8.GetBytes($password)
+$spec = New-Object System.Security.Cryptography.Rfc2898DeriveBytes($password, $salt, $iterations)
+$key = $spec.GetBytes(8) # DES key size is 8 bytes
+
+# Initialize DES encryption with PKCS7 padding
+$des = New-Object System.Security.Cryptography.DESCryptoServiceProvider
+$des.Key = $key
+$des.IV = $salt[0..7] # DES requires an 8-byte IV, derived from salt
+$des.Padding = 'PKCS7' # Set padding mode to PKCS7
+
+# Encrypt Function
+function Encrypt-Pw ($plainText) {
+    $plainBytes = [System.Text.Encoding]::UTF8.GetBytes($plainText)
+    $encryptor = $des.CreateEncryptor()
+    $encryptedBytes = $encryptor.TransformFinalBlock($plainBytes, 0, $plainBytes.Length)
+    return [Convert]::ToBase64String($encryptedBytes)
+}
+that 
+# Example usage
+$plaintextPassword = "mydbvispasswordinclr"
+$encryptedPassword = Encrypt-Pw -plainText $plaintextPassword
+Write-Output "Encrypted Password: $encryptedPassword"
+
+# -----------
+
+# Parameters
+$password = "qinda"
+$iterations = 10
+$salt = [byte[]]@(142, 18, 57, 156, 7, 114, 111, 90)
+
+# Create the key and cipher for PBEWithMD5AndDES
+$keyBytes = [System.Text.Encoding]::UTF8.GetBytes($password)
+$spec = New-Object System.Security.Cryptography.Rfc2898DeriveBytes($password, $salt, $iterations)
+$key = $spec.GetBytes(8) # DES key size is 8 bytes
+
+# Initialize DES encryption with PKCS7 padding
+$des = New-Object System.Security.Cryptography.DESCryptoServiceProvider
+$des.Key = $key
+$des.IV = $salt[0..7] # DES requires an 8-byte IV, derived from salt
+$des.Padding = 'PKCS7' # Set padding mode to PKCS7
+
+# Decrypt Function
+function Decrypt-Pw ($encryptedText) {
+    $encryptedBytes = [Convert]::FromBase64String($encryptedText)
+    $decryptor = $des.CreateDecryptor()
+    $decryptedBytes = $decryptor.TransformFinalBlock($encryptedBytes, 0, $encryptedBytes.Length)
+    return [System.Text.Encoding]::UTF8.GetString($decryptedBytes)
+}
+
+# Example usage
+$decryptedPassword = Decrypt-Pw -encryptedText $encryptedPassword
+Write-Output "Decrypted Password: $decryptedPassword"
+
+#>