Jenkins derypt

2/1/2016 - 3:29 PM

#!/usr/bin/env python3
# 
# original: https://raw.githubusercontent.com/tweksteen/jenkins-decrypt/master/decrypt.py
# requires: pycrypto ( apt-get install python3-crypto )


import re
import sys
import base64

from hashlib import sha256
from binascii import hexlify, unhexlify, Error as BAError

from Crypto.Cipher import AES

MAGIC = b'::::MAGIC::::'


def usage():
    print(sys.argv[0], "<master.key> <hudson.util.Secret> <hash>")
    sys.exit(0)


def get_key():
    master_key = open(sys.argv[1], 'r').read().encode('utf-8')
    hudson_secret_key = open(sys.argv[2], 'rb').read()

    hashed_master_key = sha256(master_key).digest()[:16]
    o = AES.new(hashed_master_key, AES.MODE_ECB)
    x = o.decrypt(hudson_secret_key)
    assert MAGIC in x

    k = x[:-16]
    return k[:16]


def decrypt(password_hash, key):
    p = base64.decodestring(password_hash.encode('utf-8'))
    o = AES.new(key, AES.MODE_ECB)
    x = o.decrypt(p)
    assert MAGIC in x

    return re.split(MAGIC.decode('utf-8'), x.decode('utf-8'), 1)[0]


def main():
    if len(sys.argv) != 4:
        usage()

    key = get_key()
    password = sys.argv[3]
    print('Password:', decrypt(password, key))


if __name__ == '__main__':
    main()

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Jenkins derypt