大概是这么一回事,我打算换个可以SSH连接到我服务器的软件,从 FinalShell 到 Tabby (非常推荐),不幸的是有一个服务器的密码忘了,也懒得重置密码,就百度了一下,问题就解决了,顺便水一篇保姆级教学文章

目标文件

C:\Users\你的用户名\AppData\Local\finalshell\conn

打开此文件夹

如果你有多个连接就会长成这个样子

finalshell-1

想要定位要破解密码的连接很简单,仅需要在 FinalShell 中编辑连接的名称,然后在在此目录下观察修改日期即可定位到目标文件

获得被加密的密码

打开目标文件

如果你使用 VSC 打开它,你会发现依托挤在一起,我建议你使用 Shift+Alt+F 格式化文档,保护一下眼睛

finalshell-2

找到 password 这一项,复制类似于 ZhArRz4sJ34QzFZkcDQ7S5GG32tl5xmf 这位,这位就是已加密的密码

解密

然后把下面代码中的 ZhArRz4sJ34QzFZkcDQ7S5GG32tl5xmf 需要换成你的 password 的值

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Random;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;

public class FinalShellDecodePass {
public static void main(String[] args)throws Exception {
System.out.println(decodePass("ZhArRz4sJ34QzFZkcDQ7S5GG32tl5xmf"));
}
public static byte[] desDecode(byte[] data, byte[] head) throws Exception {
SecureRandom sr = new SecureRandom();
DESKeySpec dks = new DESKeySpec(head);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey securekey = keyFactory.generateSecret(dks);
Cipher cipher = Cipher.getInstance("DES");
cipher.init(2, securekey, sr);
return cipher.doFinal(data);
}
public static String decodePass(String data) throws Exception {
if (data == null) {
return null;
} else {
String rs = "";
byte[] buf = Base64.getDecoder().decode(data);
byte[] head = new byte[8];
System.arraycopy(buf, 0, head, 0, head.length);
byte[] d = new byte[buf.length - head.length];
System.arraycopy(buf, head.length, d, 0, d.length);
byte[] bt = desDecode(d, ranDomKey(head));
rs = new String(bt);

return rs;
}
}
static byte[] ranDomKey(byte[] head) {
long ks = 3680984568597093857L / (long)(new Random((long)head[5])).nextInt(127);
Random random = new Random(ks);
int t = head[0];

for(int i = 0; i < t; ++i) {
random.nextLong();
}

long n = random.nextLong();
Random r2 = new Random(n);
long[] ld = new long[]{(long)head[4], r2.nextLong(), (long)head[7], (long)head[3], r2.nextLong(), (long)head[1], random.nextLong(), (long)head[2]};
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
long[] var15 = ld;
int var14 = ld.length;

for(int var13 = 0; var13 < var14; ++var13) {
long l = var15[var13];

try {
dos.writeLong(l);
} catch (IOException var18) {
var18.printStackTrace();
}
}

try {
dos.close();
} catch (IOException var17) {
var17.printStackTrace();
}

byte[] keyData = bos.toByteArray();
keyData = md5(keyData);
return keyData;
}
public static byte[] md5(byte[] data) {
String ret = null;
byte[] res=null;

try {
MessageDigest m;
m = MessageDigest.getInstance("MD5");
m.update(data, 0, data.length);
res=m.digest();
ret = new BigInteger(1, res).toString(16);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return res;
}
}

然后 Java 运行一下,什么?不知道咋运行,对哦,这是保姆式教程,那就把修改好的代码复制到这里(点我),看到这个网页的点击运行按钮了吗,点它,你的密码就会出现在屏幕右侧了