How to extract passwords from Mobaxterm Free Version

Question

On Customer site they are using Free version of Mobaxterm and passwords are saved in it. Now they dont remember the password. i want to extract password somehow. Any idea where these passwords are saved

Answer 1

Go to Settings -> Configuration -> General -> MobaXterm passwords management, and there is a radio button for "Choose where to save passwords." The two options are "User registry" and "Configuration file."

If you choose "Configuration file," the passwords will be saved, in some hashed or obscured form, in MyDocuments/MobaXterm/MobaXterm.ini.

This is likely not a safe way to secure your passwords, but it does answer your question. That's where the passwords are stored, anyway. How to extract them to plaintext is another question; I don't know the answer to that.

Answer 2

Once you get to MobaXterm.ini file, how-does-MobaXterm-encrypt-password utility can decrypt passwords/credentails stored in .ini file.

Answer 3

Following worked for me for MobaXterm v21.0 (free edition): https://github.com/XMCyber/XMCredentialsDecryptor

I ran it on my Windows client (where MobaXterm is being used) and it automatically fetched entries from the registry and decrypted them successfully.

Out of the box, the following line in tools\mobaxterm.py (@ line number 131) gave error (I guess due to a change in my computer name) and I replaced os.getlogin() + '@' + platform.node() with value seen in Registry Computer\HKEY_CURRENT_USER\Software\Mobatek\MobaXterm\M and it worked successfully after that.

• Value, ValueType = winreg.QueryValueEx(Key, os.getlogin() + '@' + platform.node())

• Value, ValueType = winreg.QueryValueEx(Key, 'ShivaKumarHR@SHIVAHR-INSPIRO')

Reference:

https://www.xmcyber.com/blog/extracting-encrypted-credentials-from-common-tools-2/