def __init__(self):
self.appid = 'Get KDE keyring'
self.bus_info = [
('org.kde.kwalletd', '/modules/kwalletd'),
('org.kde.kwalletd5', '/modules/kwalletd5')
]
ModuleInfo.__init__(self, 'kwallet', 'wallet')
def __init__(self):
ModuleInfo.__init__(self, 'hashdump', 'system')
self.username = None
self.iterations = None
self.salt_hex = None
self.entropy_hex = None
def __init__(self, safe_storage_key=None):
ModuleInfo.__init__(self, 'chrome', 'browsers')
login_data_path = '/Users/*/Library/Application Support/Google/Chrome/*/Login Data'
cc_data_path = '/Users/*/Library/Application Support/Google/Chrome/*/Web Data'
self.chrome_data = glob.glob(login_data_path) + glob.glob(cc_data_path)
self.safe_storage_key = safe_storage_key
def __init__(self):
ModuleInfo.__init__(self, 'robomongo', 'databases')
self.paths = [
{
'directory': u'.config/robomongo',
'filename': u'robomongo.json',
},
{
'directory': u'.3T/robo-3t/1.1.1',
'filename': u'robo3t.json',
}
]
def __init__(self):
ModuleInfo.__init__(self, 'mimipy', 'memory')
self.shadow_hashes = []
self.rules = [
{
"desc": "[SYSTEM - GNOME]",
"process": r"gnome-keyring-daemon|gdm-password|gdm-session-worker",
"near": r"libgcrypt\.so\..+|libgck\-1\.so\.0|_pammodutil_getpwnam_|gkr_system_authtok",
"func": self.test_shadow,
},
{
"desc": "[SYSTEM - LightDM]", # Ubuntu/xubuntu login screen :) https://doc.ubuntu-fr.org/lightdm
"process": r"lightdm",
"near": r"_pammodutil_getpwnam_|gkr_system_authtok",
"func": self.test_shadow,
},
{
"desc": "[SYSTEM - SSH Server]",
"process": r"/sshd$",
"near": r"sudo.+|_pammodutil_getpwnam_",
"func": self.test_shadow,
},
{
"desc": "[SSH Client]",
"process": r"/ssh$",
"near": r"sudo.+|/tmp/ICE-unix/[0-9]+",
"func": self.test_shadow,
},
{
"desc": "[SYSTEM - VSFTPD]",
"process": r"vsftpd",
"near": r"^::.+\:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$",
"func": self.test_shadow,
},
]
regex_type = type(re.compile("^plop$"))
# precompile regexes to optimize speed
for x in self.rules:
if "near" in x:
if type(x["near"]) != regex_type:
x["near"] = re.compile(x["near"])
if "process" in x:
if type(x["process"]) != regex_type:
x["process"] = re.compile(x["process"])
self.look_after_size = 1000 * 10 ** 3
self.look_before_size = 500 * 10 ** 3
def __init__(self):
ModuleInfo.__init__(self, 'lsa_secrets', 'windows', system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'coreftp', 'sysadmin')
self._secret = "hdfzpysvpzimorhk"
def __init__(self):
ModuleInfo.__init__(self, 'mscache', 'windows', system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'apachedirectorystudio', 'sysadmin')
# Interesting XML attributes in ADS connection configuration
self.attr_to_extract = ["host", "port", "bindPrincipal", "bindPassword", "authMethod"]
def __init__(self):
ModuleInfo.__init__(self, 'keepass', 'memory')
def __init__(self):
ModuleInfo.__init__(self, 'clawsmail', 'mails')
def __init__(self):
ModuleInfo.__init__(self, 'sqldeveloper', 'databases')
self._salt = self.get_salt()
self._passphrase = None
self._iteration = 42
def __init__(self):
ModuleInfo.__init__(self, 'credfiles', 'windows', dpapi_used=True)
def __init__(self):
ModuleInfo.__init__(self, 'gitforwindows', 'git')
def __init__(self, browser_name, paths):
self.paths = paths if isinstance(paths, list) else [paths]
self.database_query = 'SELECT action_url, username_value, password_value FROM logins'
ModuleInfo.__init__(self, browser_name, 'browsers', dpapi_used=True)
def __init__(self, browser_name, path):
self.path = os.path.expanduser(path)
ModuleInfo.__init__(self, browser_name, category='browsers')
def __init__(self):
self.pwd_found = []
ModuleInfo.__init__(self, 'psi-im', 'chats')
def __init__(self):
ModuleInfo.__init__(self, name='postgresql', category='databases')
def __init__(self):
ModuleInfo.__init__(self, name='postgresql', category='databases')
def __init__(self):
ModuleInfo.__init__(self, 'hashdump', 'windows', system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'unattended', 'sysadmin', system_module=True)
def __init__(self): ModuleInfo.__init__(self, 'coreftp', 'sysadmin') self._secret = "hdfzpysvpzimorhk"
def __init__(self):
ModuleInfo.__init__(self, 'mavenrepositories', 'maven')
# Interesting XML nodes in Maven repository configuration
self.nodes_to_extract = ["id", "username", "password", "privateKey", "passphrase"]
self.settings_namespace = "{http://maven.apache.org/SETTINGS/1.0.0}"
def __init__(self):
ModuleInfo.__init__(self, 'pypykatz', 'windows', system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'cli', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'pidgin', 'chats')
def __init__(self):
ModuleInfo.__init__(self, name='squirrel', category='databases')
def __init__(self):
ModuleInfo.__init__(self, 'winscp', 'sysadmin', registry_used=True)
self.hash = ''
def __init__(self):
ModuleInfo.__init__(self, 'pidgin', 'chats')
def __init__(self):
ModuleInfo.__init__(self, 'shadow', 'sysadmin')
def __init__(self, browser_name, path):
self.path = path
ModuleInfo.__init__(self, browser_name, 'browsers')
def __init__(self):
ModuleInfo.__init__(self, name='dbvis', category='databases')
self._salt = self.get_salt()
self._passphrase = 'qinda'
self._iteration = 10
def __init__(self):
ModuleInfo.__init__(self, 'wifi', 'wifi')
def __init__(self):
ModuleInfo.__init__(self,
'autologon',
'windows',
registry_used=True,
system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'filezilla', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'rdpmanager', 'sysadmin', dpapi_used=True)
def __init__(self, browser_name, path):
self.path = path
ModuleInfo.__init__(self, browser_name, 'browsers')
def __init__(self):
ModuleInfo.__init__(self, 'windows', 'windows')
def __init__(self):
ModuleInfo.__init__(self, 'mscache', 'windows', system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'gitforlinux', 'git')
def __init__(self):
ModuleInfo.__init__(self, 'opensshforwindows', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self,
'vault',
'windows',
only_from_current_user=True)
def __init__(self):
ModuleInfo.__init__(self, 'fstab', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'puttycm', 'sysadmin', registry_used=True)
def __init__(self):
ModuleInfo.__init__(self, 'rdpmanager', 'sysadmin', winapi_used=True)
def __init__(self):
ModuleInfo.__init__(self, 'opera', 'browsers')
def __init__(self):
ModuleInfo.__init__(self, 'lsa_secrets', 'windows', system_module=True)
def __init__(self):
ModuleInfo.__init__(self, 'roguestale', 'games')
def __init__(self, browser_name, paths):
self.paths = paths if isinstance(paths, list) else [paths]
self.database_query = 'SELECT action_url, username_value, password_value FROM logins'
ModuleInfo.__init__(self, browser_name, 'browsers', winapi_used=True)
def __init__(self):
ModuleInfo.__init__(self, 'system', 'system')
def __init__(self):
ModuleInfo.__init__(self, 'tortoise', 'svn', winapi_used=True)
def __init__(self):
ModuleInfo.__init__(self, 'opensshforwindows', 'sysadmin')
self.key_files_location = os.path.join(constant.profile["USERPROFILE"], u'.ssh')
def __init__(self):
self.vnckey = [23, 82, 107, 6, 35, 78, 88, 7]
ModuleInfo.__init__(self, name='vnc', category='sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'grub', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'apachedirectorystudio', 'sysadmin')
# Interesting XML attributes in ADS connection configuration
self.attr_to_extract = ["host", "port", "bindPrincipal", "bindPassword", "authMethod"]
def __init__(self):
ModuleInfo.__init__(self, 'filezilla', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'shadow', 'sysadmin')
def __init__(self):
ModuleInfo.__init__(self, 'opera', 'browsers')
def __init__(self):
ModuleInfo.__init__(self, 'kalypsomedia', 'games')
def __init__(self):
ModuleInfo.__init__(self, 'galconfusion', 'games', registry_used=True)
