Add files via upload

2025-06-29 06:08:43 +02:00 · 2024-09-23 10:35:53 -05:00
parent 17af4fbf30
commit a17ceeb6aa
31 changed files with 4559 additions and 0 deletions
--- a/Scripts/ConfigParsers/parser-winscp.ini.ps1
+++ b/Scripts/ConfigParsers/parser-winscp.ini.ps1
@ -0,0 +1,101 @@
+# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind)
+
+function Get-WinSCPConfig {
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$FilePath
+    )
+
+    # Check if file exists
+    if (-not (Test-Path $FilePath)) {
+        Write-Error "File not found: $FilePath"
+        return
+    }
+
+    # Read the WinSCP.ini file content
+    $content = Get-Content -Path $FilePath
+
+    # Initialize an empty object for results
+    $result = [PSCustomObject]@{
+        HostName       = $null
+        PortNumber     = $null
+        PrivateKeyFile = $null
+        UserName       = $null
+        Password       = $null
+    }
+
+    # Parse the .ini file for relevant information
+    foreach ($line in $content) {
+        if ($line -match '^HostName=(.*)') {
+            $result.HostName = $matches[1]
+        } elseif ($line -match '^PortNumber=(.*)') {
+            $result.PortNumber = [int]$matches[1]
+        } elseif ($line -match '^PrivateKeyFile=(.*)') {
+            $result.PrivateKeyFile = $matches[1]
+        } elseif ($line -match '^UserName=(.*)') {
+            $result.UserName = $matches[1]
+        } elseif ($line -match '^Password=(.*)') {
+            $result.Password = $matches[1]  # Encrypted password in .ini
+        }
+    }
+
+    # Return the result object
+    return $result
+}
+
+# Example usage
+$winSCPConfig = Get-WinSCPConfig -FilePath "c:\temp\configs\WinSCP.ini"
+$winSCPConfig
+
+<# winscp decryption function that uses dpapi below
+
+function ConvertFrom-DPAPI {
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$EncryptedPassword
+    )
+
+    # Convert the base64 encoded password back to byte array
+    $passwordBytes = [Convert]::FromBase64String($EncryptedPassword)
+
+    # Use the Windows DPAPI to decrypt the password
+    $decryptedBytes = [System.Security.Cryptography.ProtectedData]::Unprotect($passwordBytes, $null, [System.Security.Cryptography.DataProtectionScope]::CurrentUser)
+
+    # Convert the decrypted byte array back to a string (UTF-8 encoded)
+    $decryptedPassword = [System.Text.Encoding]::UTF8.GetString($decryptedBytes)
+
+    return $decryptedPassword
+}
+
+# Example usage with an encrypted password from WinSCP.ini
+$encryptedPassword = "Base64EncryptedPasswordHere"
+$decryptedPassword = ConvertFrom-DPAPI -EncryptedPassword $encryptedPassword
+Write-Output "Decrypted Password: $decryptedPassword"
+
+
+#>
+
+
+<# winscp.ini
+
+
+[Configuration\Interface]
+Random=4074A9829D979781989E96
+
+[Sessions\example]
+HostName=ftp.example.com
+PortNumber=21
+UserName=myuser
+Password=0V5aNH+/kT8=  ; Encrypted password
+LocalDirectory=C:\Users\myuser\Documents
+RemoteDirectory=/public_html
+FSProtocol=0
+PostLoginCommands=
+PrivateKeyFile=
+
+[Configuration\Interface\Commander]
+LastLocalDirectory=C:\Users\myuser\Documents
+LastRemoteDirectory=/public_html
+
+
+#>