-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathnsccookiedecrypt.py
122 lines (103 loc) · 4.31 KB
/
nsccookiedecrypt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/usr/bin/python
# -*- coding: utf-8 -*-
"""
Netscaler Cookie Decryptor - decrypts Netscaler load balancer persistence cookies
Copyright (C) 2012 Adam Maxwell - [email protected]
Nick: @catalyst256
Blog: itgeekchronicles.co.uk
Thanks to:
Alejandro Nolla Blanco - [email protected] - @z0mbiehunt3r - for the inspiration to write this and for adding the error correction.
Daniel Grootveld - [email protected] - @shDaniell - for helping with the XOR method of decryption, adding the service port decryption and for making my regex more robust.
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
@author: Adam Maxwell
@license: GPL v2
@date: 23-01-2012
@version: 0.3.1
"""
import sys
import re
import string
from string import maketrans, ascii_letters
def parseCookie(cookie):
"""Parse Citrix NetScaler cookie
@param cookie: Citrix NetScaler cookie
@return: Returns ServiceName, ServerIP and ServerPort
"""
s = re.search('NSC_([a-zA-Z0-9\-\_\.]*)=[0-9a-f]{8}([0-9a-f]{8}).*([0-9a-f]{4})$',cookie)
if s is not None:
servicename = s.group(1) # first group is name ([a-z\-]*)
serverip = int(s.group(2), 16)
serverport = int(s.group(3), 16)
else:
raise Exception('Could not parse cookie')
return servicename, serverip, serverport
def decryptServiceName(servicename):
"""Decrypts the Caesar Subsitution Cipher Encryption used on the Netscaler Cookie Name
@param cookie Citrix NetScaler cookie
@type cookie: String
@return: service name
"""
#This decrypts the Caesar Subsitution Cipher Encryption used on the Netscaler Cookie Name
trans = maketrans('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ','zabcdefghijklmnopqrstuvwxyZABCDEFGHIJKLMNOPQRSTUVWXY')
realname = servicename.translate(trans)
return realname
def decryptServerIP(serverip):
"""Decrypts the XOR encryption used for the Netscaler Server IP
@param cookie Citrix NetScaler cookie
@type cookie: String
@return: XORed server IP based on ipkey
"""
ipkey = 0x03081e11
print("server ip: " + str(serverip))
decodedip = hex (serverip ^ ipkey)
print("decoded ip: " + str(decodedip))
t = decodedip[2:10].zfill(8)
print("t: " + str(t))
realip = '.'.join(str(int(i, 16)) for i in([t[i:i+2] for i in range(0, len(t), 2)]))
print("real ip: " + str(realip))
return realip
def decryptServerPort(serverport):
"""Decrypts the XOR encryption used on the Netscaler Server Port
@param cookie Citrix NetScaler cookie
@type cookie: String
@return: XORed server port
"""
portkey = 0x3630
print("server port: " + str(serverport))
decodedport = serverport ^ portkey #no need to convert to hex since an integer will do for port
print("decoded port: " + str(decodedport))
realport = str(decodedport)
print("real port: " + realport)
return realport
def decryptCookie(cookie):
"""Make entire decryption of Citrix NetScaler cookie
@param cookie: Citrix NetScaler cookie
@return: Returns RealName, RealIP and RealPort
"""
servicename, serverip, serverport = parseCookie(cookie)
print("server name: " + str(servicename))
print("server ip: " + str(serverip))
print("server port: " + str(serverport))
realname = decryptServiceName(servicename)
realip = decryptServerIP(serverip)
realport = decryptServerPort(serverport)
return realname,realip,realport
if __name__ == '__main__':
if len(sys.argv) != 2:
print "USAGE: %s NetScalerCookie" % sys.argv[0]
sys.exit(1)
cookie = sys.argv[1]
realname,realip,realport = decryptCookie(cookie)
print 'vServer Name=%s' %realname
print 'vServer IP=%s' %realip
print 'vServer Port=%s' %realport