Looks like it does not work with newer versions (>= 20.6)

[mandelcode]

Crashes or output wrong password. Same results with ShowMobaXterm.py and MobaXtermCipher.py

> python MobaXtermCipher.py dec -sysh DESKTOP-***** -sysu Mandel -h ******************* -u root MPTSF/UebiNHyJQb
¼�

> python ShowMobaXterm.py
-------------------Passwords--------------------
[*] Name:     mobauser@mobaserver
[*] Password: ÿx�

[*] Name:     ssh22:root@**************
[*] Password: ¼�

[*] Name:     ssh22:root@***************
[*] Password: ÿ;

Traceback (most recent call last):
  File "C:\Tools\ShowMobaXterm.py", line 229, in <module>
    ConnPassword = cipher.DecryptPassword(
  File "C:\Tools\ShowMobaXterm.py", line 120, in DecryptPassword
    raise ValueError('Invalid ciphertext.')
ValueError: Invalid ciphertext.

[spynccat]

same with ver. 20.3

[chernots]

same with ver 21.5

[garedrag]

same with ver 22.0

[shivahr]

Following worked for me for MobaXterm v21.0 (free edition): https://github.com/XMCyber/XMCredentialsDecryptor

I ran it on my Windows client (where MobaXterm is being used) and it automatically fetched entries from registry and decrypted them successfully.

Out of the box, the following line in tools\mobaxterm.py (@ line number 131) gave error (I guess due to change in my computer name) and I replaced "os.getlogin() + '@' + platform.node()" with value seen in Registry (Computer\HKEY_CURRENT_USER\Software\Mobatek\MobaXterm\M) and it worked successfully after that.

-                Value, ValueType = winreg.QueryValueEx(Key, os.getlogin() + '@' + platform.node())
+                Value, ValueType = winreg.QueryValueEx(Key, 'ShivaKumarHR@SHIVAHR-INSPIRO')

Reference:
https://www.xmcyber.com/blog/extracting-encrypted-credentials-from-common-tools-2/