Risposte:
In SecureCRT Versione 7.2, i ini
file di sessione sono memorizzati qui:
%APPDATA%\VanDyke\Config\Sessions
Il default.ini
file inizia come segue:
S:"Username"=mysteryna
S:"Password"=
S:"Login Script V2"=
D:"Session Password Saved"=00000000
S:"Monitor Username"=
S:"Monitor Password"=
D:"Is Session"=00000001
S:"Protocol Name"=SSH2
D:"Request pty"=00000001
S:"Shell Command"=
D:"Use Shell Command"=00000000
D:"Force Close On Exit"=00000000
D:"Forward X11"=00000000
S:"XAuthority File"=
S:"XServer Host"=127.0.0.1
D:"XServer Port"=00001770
D:"XServer Screen Number"=00000000
D:"Enforce X11 Authentication"=00000001
D:"Request Shell"=00000001
D:"Max Packet Size"=00001000
D:"Pad Password Packets"=00000001
S:"Sftp Tab Local Directory"=C:\Users\{yourname}\Documents
S:"Sftp Tab Remote Directory"=
S:"Hostname"=
S:"Firewall Name"=None
D:"Allow Connection Sharing"=00000000
D:"Disable SFTP Extended Commands"=00000000
D:"[SSH2] Port"=00000016
S:"Key Exchange Algorithms"=gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
S:"Cipher List"=aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,twofish-cbc,blowfish-cbc,3des-cbc,arcfour
S:"MAC List"=hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64@openssh.com
S:"SSH2 Authentications V2"=password,publickey,keyboard-interactive,gssapi
S:"Compatibility Mode V2"=Auto Detect
[snip]
Bene, può variare tra le versioni, ma quello che conosco (v. 6.5.1) memorizza il nome utente e la password all'interno del file .ini per ogni sessione salvata nella directory \Program Files\SecureCRT\config\Sessions
.
S:"Username"=john
S:"Password"=uec99b0a4283ff19e5...
Ma memorizza la password codificata.
Ecco come recuperare le password salvate, che è fondamentalmente ciò che l'autore stava cercando:
1. Install "Roboform"
2. Edit the connection of the lost password, and change the username (copy and paste first if you don't want to damage the original connection)
3. Connect to host - this will fail because the username doesn't match password
4. The SecureCRT prompt show up with the password pre-filled
5. Click the Roboform "SAVE" button, connect again, and Roboform creates a new passcard for you with the password in plain text.
6. Click the "Edit" in roboform to see the password