Initial commit

2025-07-27 21:04:50 +03:00
commit 117622257b
5 changed files with 331 additions and 0 deletions
--- a/extract_credentials.py
+++ b/extract_credentials.py
@@ -0,0 +1,60 @@
+import sys
+import xml.etree.ElementTree as ET
+from pathlib import Path
+
+key = 0x26
+
+
+def extract_web_interface_creds(tree: ET) -> str:
+    x_gc_login = tree.find('.//X_GC_LOGIIN')
+    result = []
+    for account in x_gc_login:
+        level = account.find('UserLevel').text
+        username = account.find('Username').text
+        password = account.find('Passwd').text
+        result.append(f'{level}-level account:\nusername: {username}\npassword: {password}')
+    return '\n\n'.join(result)
+
+
+def extract_shell_access_creds(tree: ET) -> str:
+    telnet = tree.find('.//RemoteManagement/TELNET')
+    ssh = tree.find('.//RemoteManagement/SSH')
+    telnet_username = telnet.find('TelnetUserName').text
+    telnet_password = telnet.find('TelnetPassword').text
+    ssh_username = ssh.find('UserName').text
+    ssh_password = ssh.find('Password').text
+    if (telnet_username == ssh_username) and (telnet_password == ssh_password):
+        return f'Shell credentials (Telnet and SSH):\nusername: {ssh_username}\npassword: {ssh_password}'
+    else:
+        return f'''Shell credentials:
+Telnet:
+username: {telnet_username}
+password: {telnet_password}
+
+SSH:
+username: {ssh_username}
+password: {ssh_password}'''
+
+
+try:
+    config_filename = Path(sys.argv[1])
+except IndexError:
+    print(f'Usage: {sys.argv[0]} <path to config file backup>', file=sys.stderr)
+    sys.exit(1)
+
+with open(config_filename, 'rb') as infile:
+    test_chunk = infile.read(7)
+    infile.seek(0)
+    if test_chunk.startswith(b'<?xml'):
+        print(f'It looks like file "{config_filename}" has already been decrypted.')
+        decrypted_contents = infile.read()
+    else:
+        decrypted_contents = ''.join(chr(c ^ key) for c in infile.read()).replace(',', '\n')
+        decrypted_filename = config_filename.resolve().with_suffix('.xml')
+        with open(decrypted_filename, 'wt') as outfile:
+            outfile.write(decrypted_contents)
+        print(f'File decrypted and saved to "{decrypted_filename}"')
+
+config_tree = ET.fromstring(decrypted_contents)
+print(f'\nWeb interface credentials:\n{extract_web_interface_creds(config_tree)}\n\n')
+print(extract_shell_access_creds(config_tree))