VMware Cloud Community
AmoghMaheshvip
Enthusiast
Enthusiast
‎12-11-2017 03:54 AM
Jump to solution

Decryption of password in powerCLI

I am trying to decrypt the password which I have got from Invoke-RestMethod

"  $Server_details = Invoke-RestMethod -Uri http://192.168.**.**/abc/src/ajax/getEsxiServerDetails.php -Body operation=getserverdetails -Method POST "

for Linux PowerCLI, we can easily decrypt the password using ' openssl enc -aes-256-cbc -a -d -salt -pass '

and for windows powerCLI I am asked not to install openssl...

I want to know, if there is any alternative to openssl which can decrypt the password..

Thank You

1 Solution

Accepted Solutions
jasnyder
Hot Shot
Hot Shot
‎12-12-2017 04:16 PM
Jump to solution

OK, I redid this assuming there is a salt and IV, according to the Stack Overflow solution.  I verified it works to decrypt text encrypted using the following openssl command:

openssl enc -aes-256-cbc -salt -a -in infile -out outfile

I encrypted a message and copied the contents to the script below and stored the passphrase I used to encrypt it in the $passphrase variable.  The code properly decrypts the message.

Here is the new code:

$cipherText = "U2FsdGVkX18KZ0Qafnk3s/kFCojcTgKdP3VPiz57tPGfphHaj9OY61ggsdiS5RgsM/dwjB2njBNGYuJCuFOE28/M/Hjej2xX/TRVms/1h1M=" #<--- placeholder for real text

$passphrase = "P@ssword1" #<--- placeholder for real passphrase

$encoding = New-Object -TypeName System.Text.UTF8Encoding

$passwordBytes = $encoding.GetBytes($passphrase);

#if($key.Length -lt 32) {

#    $paddedkey = New-Object byte[] 32

# [System.Buffer]::BlockCopy($key, 0, $paddedkey, 0, $key.Length)

#    $key = $paddedkey

#}

$iv = New-Object byte[] 16

$salt = New-Object byte[] 8

$key = New-Object byte[] 32

   

$encryptedBytesWithSalt = [System.Convert]::FromBase64String($cipherText);

$encryptedBytes = New-Object byte[] ($encryptedBytesWithSalt.Length - $salt.Length - 8)

[System.Buffer]::BlockCopy($encryptedBytesWithSalt, 8, $salt, 0, $salt.Length)

[System.Buffer]::BlockCopy($encryptedBytesWithSalt, $salt.Length + 8, $encryptedBytes, 0, $encryptedBytes.Length)

#####################

# Derive Key and IV

#####################

$concatenatedHashes = [System.Collections.Generic.List[byte]]::new(48)

$currentHash = New-Object byte[] 0

$md5 = [System.Security.Cryptography.MD5]::Create()

$enoughBytesForKey = $false

while ($enoughBytesForKey -ne $true) {

    $preHashLength = $currentHash.Length + $passwordBytes.Length + $salt.Length

    $preHash = New-Object byte[] $preHashLength

    [System.Buffer]::BlockCopy($currentHash, 0, $preHash, 0, $currentHash.Length)

    [System.Buffer]::BlockCopy($passwordBytes, 0, $preHash, $currentHash.Length, $passwordBytes.Length)

    [System.Buffer]::BlockCopy($salt, 0, $preHash, $currentHash.Length + $passwordBytes.Length, $salt.Length)

    $currentHash = $md5.ComputeHash($preHash)

    $concatenatedHashes.AddRange($currentHash)

    if($concatenatedHashes.Count -ge 48) {

        $enoughBytesForKey = $true

    }

}

$concatenatedHashes.CopyTo(0, $key, 0, 32)

$concatenatedHashes.CopyTo(32, $iv, 0, 16)

$md5.Clear()

#####################

# Decrypt ciphertext

#####################

$aes = New-Object -TypeName System.Security.Cryptography.AesManaged

$aes.Mode = [System.Security.Cryptography.CipherMode]::CBC

$aes.Padding = [System.Security.Cryptography.PaddingMode]::None

$aes.KeySize = 256

$aes.BlockSize = 128

$aes.Key = $key

$aes.IV =  $iv

$decryptor = $aes.CreateDecryptor($aes.Key, $aes.IV)

$memStream = [System.IO.MemoryStream]::new($encryptedBytes)

$readMode = [System.Security.Cryptography.CryptoStreamMode]::Read

$cryptoStream = New-Object -TypeName System.Security.Cryptography.CryptoStream $memStream,$decryptor,$readMode

                   

$streamReader = New-Object System.IO.StreamReader -ArgumentList $cryptoStream

$plaintext = $streamReader.ReadToEnd();

               

Write-Output $plaintext

$streamReader.Dispose()

$cryptoStream.Dispose()

$memStream.Dispose()

$decryptor.Dispose()

$aes.Dispose()

A sample run of this produces:

this is a test message.  hello from a test message!

View solution in original post

0 Kudos
5 Replies
jasnyder
Hot Shot
Hot Shot
‎12-11-2017 06:34 PM
Jump to solution

So I've worked out a little bit of an answer to this, not using anything specific to PowerCLI or even Powershell for that matter.  Basically it's using the .NET crypto libraries' managed AES implementation.

The problem I've run into is that it's hard to know exactly how to write a script to decrypt this for you without know how it was encrypted.  I see that you mention a PHP URI in your Invoke-RestMethod call, so I'm wondering if the file is getting encrypted using the PHP openssl library.  It woud be necessary to know if the file or contents thereof have been encrypted using a salt and what the initialization vector is.  I found a reference to someone doing something similar to this wherein they picked apart the PHP openssl source to figure out that there was no salt, the key was simply the passphrase padded with zeroes, and the IV was an empty 16 byte array.  See here - Decrypt string in C# that was encrypted with PHP openssl_encrypt - Stack Overflow

Here is the equivalent of that Stack Overflow solution in PowerShell:

$cipherText = "MzVWX4tH4yZWc/w75zUagUMEsP34ywSYISsIIS9fj0W3Q/lR0hBrHmdvMOt106PlKhN/1zXFBPbyKmI6nWC5BN54GuGFSjkxfuansJkfoi0=" #<--- placeholder for real text

$passphrase = "Ty63rs4aVqcnh2vUqRJTbNT26caRZJ" #<--- placeholder for real passphrase

$encoding = New-Object -TypeName System.Text.UTF8Encoding

$key = $encoding.GetBytes($passphrase);

if($key.Length -lt 32) {

    $paddedkey = New-Object byte[] 32

    [System.Buffer]::BlockCopy($key, 0, $paddedkey, 0, $key.Length)

    $key = $paddedkey

}

$iv = New-Object byte[] 16

  

$encryptedBytes = [System.Convert]::FromBase64String($cipherText);

$aes = New-Object -TypeName System.Security.Cryptography.AesManaged

$aes.Mode = [System.Security.Cryptography.CipherMode]::CBC

$aes.Padding = [System.Security.Cryptography.PaddingMode]::None

$aes.KeySize = 256

$aes.BlockSize = 128

$aes.Key = $key

$aes.IV =  $iv

$decryptor = $aes.CreateDecryptor($aes.Key, $aes.IV)

$memStream = [System.IO.MemoryStream]::new($encryptedBytes)

$readMode = [System.Security.Cryptography.CryptoStreamMode]::Read

$cryptoStream = New-Object -TypeName System.Security.Cryptography.CryptoStream $memStream,$decryptor,$readMode                  

$streamReader = New-Object System.IO.StreamReader -ArgumentList $cryptoStream

$plaintext = $streamReader.ReadToEnd();

              

Write-Output $plaintext

$streamReader.Dispose()

$cryptoStream.Dispose()

$memStream.Dispose()

$decryptor.Dispose()

$aes.Dispose()

The output from this is (spoiler alert):

Whether you think you can, or you think you can't--you're right. - Henry Ford  

Since that's not just a jumbled mess of characters, I'd say it properly decrypted the input cipher with the given passphrase.

So, if your problem falls within the realm of what was outlined in that post, then the above PowerShell script may work for you.

If not, maybe it gives an idea of what needs to be done.

AmoghMaheshvip
Enthusiast
Enthusiast
‎12-12-2017 03:09 AM
Jump to solution

I don't why..

But it did not decrypt the string... the ciphertext and passphrase were correct.. coz that worked in openssl...

it gave output something like this " LR K *n| uC J% . ^F k 1 "

0 Kudos
jasnyder
Hot Shot
Hot Shot
‎12-12-2017 04:16 PM
Jump to solution

OK, I redid this assuming there is a salt and IV, according to the Stack Overflow solution.  I verified it works to decrypt text encrypted using the following openssl command:

openssl enc -aes-256-cbc -salt -a -in infile -out outfile

I encrypted a message and copied the contents to the script below and stored the passphrase I used to encrypt it in the $passphrase variable.  The code properly decrypts the message.

Here is the new code:

$cipherText = "U2FsdGVkX18KZ0Qafnk3s/kFCojcTgKdP3VPiz57tPGfphHaj9OY61ggsdiS5RgsM/dwjB2njBNGYuJCuFOE28/M/Hjej2xX/TRVms/1h1M=" #<--- placeholder for real text

$passphrase = "P@ssword1" #<--- placeholder for real passphrase

$encoding = New-Object -TypeName System.Text.UTF8Encoding

$passwordBytes = $encoding.GetBytes($passphrase);

#if($key.Length -lt 32) {

#    $paddedkey = New-Object byte[] 32

# [System.Buffer]::BlockCopy($key, 0, $paddedkey, 0, $key.Length)

#    $key = $paddedkey

#}

$iv = New-Object byte[] 16

$salt = New-Object byte[] 8

$key = New-Object byte[] 32

   

$encryptedBytesWithSalt = [System.Convert]::FromBase64String($cipherText);

$encryptedBytes = New-Object byte[] ($encryptedBytesWithSalt.Length - $salt.Length - 8)

[System.Buffer]::BlockCopy($encryptedBytesWithSalt, 8, $salt, 0, $salt.Length)

[System.Buffer]::BlockCopy($encryptedBytesWithSalt, $salt.Length + 8, $encryptedBytes, 0, $encryptedBytes.Length)

#####################

# Derive Key and IV

#####################

$concatenatedHashes = [System.Collections.Generic.List[byte]]::new(48)

$currentHash = New-Object byte[] 0

$md5 = [System.Security.Cryptography.MD5]::Create()

$enoughBytesForKey = $false

while ($enoughBytesForKey -ne $true) {

    $preHashLength = $currentHash.Length + $passwordBytes.Length + $salt.Length

    $preHash = New-Object byte[] $preHashLength

    [System.Buffer]::BlockCopy($currentHash, 0, $preHash, 0, $currentHash.Length)

    [System.Buffer]::BlockCopy($passwordBytes, 0, $preHash, $currentHash.Length, $passwordBytes.Length)

    [System.Buffer]::BlockCopy($salt, 0, $preHash, $currentHash.Length + $passwordBytes.Length, $salt.Length)

    $currentHash = $md5.ComputeHash($preHash)

    $concatenatedHashes.AddRange($currentHash)

    if($concatenatedHashes.Count -ge 48) {

        $enoughBytesForKey = $true

    }

}

$concatenatedHashes.CopyTo(0, $key, 0, 32)

$concatenatedHashes.CopyTo(32, $iv, 0, 16)

$md5.Clear()

#####################

# Decrypt ciphertext

#####################

$aes = New-Object -TypeName System.Security.Cryptography.AesManaged

$aes.Mode = [System.Security.Cryptography.CipherMode]::CBC

$aes.Padding = [System.Security.Cryptography.PaddingMode]::None

$aes.KeySize = 256

$aes.BlockSize = 128

$aes.Key = $key

$aes.IV =  $iv

$decryptor = $aes.CreateDecryptor($aes.Key, $aes.IV)

$memStream = [System.IO.MemoryStream]::new($encryptedBytes)

$readMode = [System.Security.Cryptography.CryptoStreamMode]::Read

$cryptoStream = New-Object -TypeName System.Security.Cryptography.CryptoStream $memStream,$decryptor,$readMode

                   

$streamReader = New-Object System.IO.StreamReader -ArgumentList $cryptoStream

$plaintext = $streamReader.ReadToEnd();

               

Write-Output $plaintext

$streamReader.Dispose()

$cryptoStream.Dispose()

$memStream.Dispose()

$decryptor.Dispose()

$aes.Dispose()

A sample run of this produces:

this is a test message.  hello from a test message!

0 Kudos
AmoghMaheshvip
Enthusiast
Enthusiast
‎12-12-2017 08:58 PM
Jump to solution

Thanks you very much...

It worked...

0 Kudos
AmoghMaheshvip
Enthusiast
Enthusiast
‎12-12-2017 09:23 PM
Jump to solution

but.. at the end of the password.. few unwanted characters are added... we have to trim those...

0 Kudos