本文最后更新于:2022年3月16日 早上
前提
zip解压,得到三个文件
解压密码:cf15e15d7054da59fb20e99d943294a7
vmx修复
将Encryption.bin02文件用winhex打开,在可见字符后的十六进制0D0A处(offset=1250)的后面截断,将截断数据保存到新文件中命名为mem_secret.vmdk后面要用到(右键-编辑-复制所有-至新文件,命名为mem_secret.vmdk),复制完了之后,如果原文件里面还有刚才复制的内容,就需要移除刚才复制的原文件里面的内容。
将Encryption.bin02用Notepad打开,记得自动换行。 然后修复缺失的vmx文件,可以直接替换了。
1
2
3
4
| .encoding = "GBK"
displayName = "vm"
encryption.keySafe = "vmware:key/list/(pair/(phrase/Dg7Se8rqkNI%3d/pass2key%3dPBKDF2%2dHMAC%2dSHA%2d1%3acipher%3dAES%2d256%3arounds%3d10000%3asalt%3d%2b21PdYUqEQd1wdT2AoPEQw%253d%253d,HMAC%2dSHA%2d1,CgKwC5U7lfLjpVohwbpxufC11yU4a0%2byrP08oY0KDDcP1NL%2fRiLojwTz2JnYqm7baAhtgENYUeFUHXwODjSClaJ%2bSRBhKw6UwET6p3AYK8vs4T0cBrvTjYSrs0baLgG7dozcvL5JxA%2fKYJvriz4Mf%2bMmVvE%3d))"
encryption.data ="UnIYbS+nasPwdnhtrcPfHLk0VOViI4i1XuasjZgIpp8FsUyeCo6vQ7589Q0ImqTeo8eOV0mJmlrfCKwJeIhE8M4P2vEOmtNvpvCcog+wO7xEg2+YFRdZVz6GDZ7EOl06ZDa1SM+Nt4oKRApQYcOmil0vw9jGJvFT2YYZrInue9luErlFKVCRPSOniNYebiwyEtNOr6Cg2BMYJtxVjJQNoixY8OjEr7Z+Hj/oI7GjYQAuNgh1+FnPf0hxiBT2BVGhyyRzHIl03HXjFQXVHlZE26fsj3Kbjn8m1Eduvw00v1c8Dt1JIp7qFY0lZ9UIMDEdtbVMW/haR84gQ6L9nLdI3JhpCmoF0icdN4pji9XwpmoHqJ5GecpWgdD3mqvuJd9zJSIP8mCCTI9+fpe7pcf8lTpQfppLv1PoLkIZbm91Hkq3sYusrxmuUKX5lIRwHrCpVTquibxDqyoEHjApWg5wvE3y17jOf9xbaMb/5LkYrC9Ql4HwVDzHQ7NyP8xqJXGhcHCRS2PjipxVEJ3fhY2+hxT5cEbvUCp/Yn/YQWXacuwFiMClFY5HN5Yba46lM9/6zWFVDwnHvq2y2URXTCRb/7sd2JhrTe3lvyArErqJZZNw431e7poTBCsGmZipIv6Vbchco/NW2V8JMzFvPfar4YS1oeZsfPrrANBBw3izMPfkwVgOFmk2ZXz8r0YD5Px4a3hxfXzjLD7CJByVxUVfKTPTtiv6es70K5qJ0S8C4aCKQYENR+FL8m4u2w/PC6VjCC3VX2QZzIE5oOgTTA8kCdQ6ONCCyuOJ02Pa8TqrfkGD5gSkdB9t7Xj0IlmBKHLbOYhvimGQrVJuNePzgUH4siz+YfJFRUsFDR6+EWzUCRuJpiMz5VMH3wVWQnWh7OQ4Mvs5UgkLzxaegmOV0HORfJfzsgP2f/IvVKWvInE7VKoRu1JUc20h9Jp8LYVSUTiFKc+guXvia/lqvpgPIxYW9/A3IswiolTWcbfCWEZiMDPCEDLWWFaLfRIuclxeMUDJItK7c/fkud2DpyVOs4APdA2mXiSVmTrY39s48/s/mBT4ytVcyHxD+GD+QLpR4Fqw2Lb/yWhlBCTfjcV80jiOOYR+Wh55raVJ2BN9fAMjK3woTF0L1lPecIjY6xp78eu765vpRoAG/BASFHFf283GrupDL1KAypKcIlRY2+iKRFuX3OvOjgS9aQ/JSP5he2OqnyD3qQsMEjdkMaKEU/oP5x/jNw6JDFbnsxOf4wg7Z+ggozXsWNQmeICe03RFx0CLOuWXxJYQ/hqPCcjMr2uWYJEPZe9TlRgYJYbjRFfG1/owbFO1Kpv81mTpboA3m7qo0/wzs4fUV/ikqU+5DCKXedwMJCXo46/6q2lb6i/V3e9qaIM7AOJ/XSePqb0RMFj6VypBtrnHcIfMuDFMFx+l8zs4tu4jqJyqETLggeglk+DEzoyToLVeQ+YRZu/AGr0Wk0d3+R4zSMR2RAz8mmOJrmw7yJKogHoPzZxaFkx5yRw21d5yPZH4JRabvZu8fQyuNkdk9tiJ5nREHqy8EzuAPP47Gt/NU7MDZh+BEjYs1o7fwjgwD+kpyfLrnktEVhpX3eJXmOiLAuAzRtirqzXzw7HN872iEChnimEnWhOUOwyAYTuSog9BVliezZVvzG2+3EScZ+wlWWICzQSxxURXaMRaQgtNy4dPAHl2gL+ZkQ3bTcrEBZ6PaIj0biq/+LVaYlb82Z1VquKXVtyyF+jiEU3mIpYAIPULWT80f2Sm8RKmnIqmNmJaDqKgQfyBwAUdX6XpzH0yND4SK+7lnwX8nkGy26e7v9mWGDBdY+vOe/AK/jn/gq1HN8EZutt5FpsOtzJT8wnmUTQut3YWNPEdxPNTTzikbaDyJSP4sKcqiEZW/LOLXsf2vEIY+U1OjW6Xo5EKK8BSr7Vj10CugbiBSISLgP4kTQ/KoaJ9RR9raFIH9G0P5nhKsBiQssV5B9bTfBAayzdGHQLMNsEJksr7Nxxsb+2BV+JBoRmkGcIYjaNA+tXRky0PavYf5LcYY88THy045LRJvOX7QJlxAl99pdeZBT+0IOZJpQIeDwSIxuVSw1g7CUuJ/bVdfvTWmtQ2Tvu8cKsdOcNad8zYs92PdnQGS/22CaxLOjkghB8zu8a4KzGrLqkdSabSWedvOUK7bx5cUPJMKpInbBKKsmSCh89JcVJkglKxI9R4nx8p3UW2GRXLb6Ioce7dq3Zh9Cw8g7VyjSzK4MSw7803Pecez8CjXQ0371kmijZnCB942TjSKz3Vg/wwDufrrTDbgQfqruoDFKWR+2H3k9y2dzMHSIOnUZNkgfDXUetEqRfauwXNHANJGBKpfiNeJGhlmb4H7tGUmo6f5uOqiuS1CHZKx3unNngaziwAs8NztDYHISn0h7eP5VGiTOP+RLY002Ob/OMBWKUTDUQy3rcLaMDUQy7ZlEmj6ObcYctQnnTKShfGEfnA0UnzV39v/cTd3KhgOSgvUFfbnbSngTdF0QoX16OnlvVbLgKdZPamI7Lty/6KOLn/U/+Iv3ziZsJo/FTnYYewnBgLZmBnhugbJpVMSUNRumcsesNveM0Zr+XNZ6ceT2DY6F6xWY1/04jYXPc6T0+sDHxQEO2d+1VVyMKP5BRqlbUyVaVj2RAIYmAsTXqGhMvxMJRN8z/z7nhVVmxHvE+/hz8QOnDpNLpkcQRlcR41yc8j3C2loqvITzEqdp9n/c3pr756uaPq6Xfqbf3Ly30Zb9kSoFZfZH+8ZCRpJdzkCt5G3MjTv/L3SkqzDbjOddxmuQLCXyx3bhdvYEfmWXrUMe+bR7qPi48FOhwm40lP6m6/iFAuGxipWtKq10qHvkC8DoPoNZpYPPvNHTINDU+7U2xZ86Qg1nv5addAOaEk40FpMWrpvF10IXl5G7vsMw9NuNE6C6xWeplUUCs6bXxFZM0PSBW0WSKGBE/YUOZQdqVYJq5r9KbiUvtTb7ZyaTy3uM014xTR8DrZDsll6CDaD+fYGj9IH5ViHJ0fqqSPT9GMPV2TnYhpQrysyGMtHDUuAcDkGS9LYk9YGQnRCBTU93sbHoge7yJBVEUzPwc5gPTfZeZUhPEVB6iMPI1I3zbW1Qckvmwbof4D6l0J1YAtUCCSdWqtWjfvIbXGdwJ4NPQpsPbNTeyoSrisWVRMOul+A/pSm8oh1hlWKdHjmaZEYa6o3y04ahSXPfdMvfU5Fon4YKdtrIPCjmRWe0bo5f9gtm8xTUfVV+8MpDfEo6Gyhef0Bywtg6zNBd8F+W8E1NO/5gN+UaJbIxtPRJ5UDwBl2J6d4ET3GU/fbkd+2KLUxkEoZsQOHNnu3R0QHA4ig6ZjYzVzhEkjcMH7Z+N7PP691/Y3BPBd2decJhIeniMyuFd7X8ElPzccpgdwbQXpmB9zxa8TUZSj6v/CNp/HTEjIOu7ibWK43iRZ68RH0OmBGgZ/tdSPCoNj5oySivoohXjXlFM9siBmsqtqTIWIcFDXx9K8OAD8zjfbLtDRQQadO8SKzvmO6d/Fqq4WtrXewkB6T/VZrsS5gudA6G9c45qed/4OXChKtIa6bLmwkmEz0ChsMnHK3xPxAxtBTcNEw/ztDFf2GhI27EN3F7SsfU7EKqCS4DvJGnTbiK8YpxDkcTPlEZ4TC5jeaU1YcM8Jsk7vFvScQkie/dy5wjIBqUEe8V877dek/c2H7aXHrOdfd6VE+5ZQ2ypUnCHX+JTpwkbjMT9xliMnZZ/po5jPZP4NTbJq13EJDzkfSxasmJOMmleDFotme4dux8UC6zm/sL+uc2aAY3xiEF+TJkQHsdx2igiXuXIdbD0WGhlwcrtrodJUjGILeLMHu1U8ZZYWbKsel4PyaBOXiZiLAksYOyXSuryNmCm9lkkfWsXO/bRhqvOp/tPb5nAZpbrm/wPROmQEUajfhXBEvwa8cl4X6wOI783/CxrqleHacyhLJb3lABwcR6XjQlNVuOoOWYVmxyVQWfcQxhh8cg0jdMy6q43N4O2b1dbbDTHpoKMdKCqM1Lefj2me77gdSijuR63y4bH4Zwd6Hqsq8WfDcJFGrBmNnIuwppni2MjB0yiQ5iBZOFjiSp6dFIk8j8oNc9t9xI54VZoCnNeTdDbgAXf6s9rfDCxXq50wxsz5T7CjbckqXNZCdG2HNUnTTfevFTw3rOfCBupEbTl7227rVHhdeqyge36YXj647NQbd8ZcKck7/7VBsCIQ3FP2/ZMz8baCBJm8GwSOk+fPdKcgF4xYTmt4tifShFEFNY8cbzldNkdfgmiFSqXw87MGFO94YaWyNDuoHrbz4Wc9ZZST5h+wdSkIv+uMi/p2j0YufoCkyMS12Jnvbd8xIqExdtm4DAUbSTk="
|
重命名Encryption.bin02为mem_secret.vmx
重命名Encryption.bin01为mem_secret-963a4663.vmss
双击vmx打开,提示需要密码
python3环境下使用pyvmx-cracker暴力破解密码
python3 pyvmx-cracker.py -v mem_secret.vmx -d wordlist. txt
得到密码为1q2w3e4r
vmdk修复
新建一个win10虚拟机,全部默认,但是不要添加镜像,并且将虚拟磁盘存储为单个文件。
其次在虚拟机-设置-选项-访问控制 中添加密码1q2w3e4r
使用winhex将两个vmdx同时打开
将mem_secret.vmdx第一行的18开始复制,复制到完
之后在新建的虚拟机vmdk文件中,在18那里(offset=200) 右键-编辑-剪切板数据-写入-确定
然后在offset=220那一行,把所有的00换成76 6D 77 61 72 65
修改前:
修改后:
然后Ctrl+S保存
最后把新建的这个虚拟机vmdk文件名修改为mem_secret.vmdk,然后覆盖到题目的虚拟机文件中
选择替换,之后打开虚拟机界面,切记不要打开vm虚拟机,在编辑页面中,输入密码,移除加密
成功移除加密
