def main(self, regkeys, places, mkp, sid, h):
values = {}
urls = self.formatUrls(places)
i = 0
b = IE7.IE7Autocomplete()
if b.try_decrypt_with_hash(h, mkp, sid, values=regkeys, urls=urls):
for k in b.entries.keys():
if b.entries[k].entropy is None:
continue
e = b.entries[k]
u = e.entropy.decode('UTF-16LE')[:-1]
i += 1
key = 'password%d' % i
values[key] = {
'login': e.login,
'password': e.password,
'origin': u,
'domain': format(u)
}
for j in range(len(e.other)):
values[key]["secret%d" % j] = e.other[j]
return {self.__class__.__name__: values}
def main(self, indexes):
placeValues = {}
formValues = {}
binary = '%s/msiecftools/msiecfexport' % MSIECF_DIR
if not os.path.isfile(binary):
print >> sys.stderr, "Binary %s not found" % binary
return {
self.__class__.__name__: {
'places': placeValues,
'forms': formValues
}
}
i = 0
for index in indexes:
temp = tempfile.NamedTemporaryFile()
subp.call([binary, index], universal_newlines=True, stdout=temp)
temp.seek(0)
url = ""
date = ""
for line in temp:
if len(line) != 0 and line[-1] == '\n':
line = line[:-1]
if line == "":
if url != "" and date != "":
i += 1
placeValues['place%d' % i] = {
'url': url,
'date': date,
'domain': format(url)
}
url = ""
date = ""
continue
#FIXME: other "Location" that the "Visited" one but the other means less sense
# Should be intereting to see if it's not forms or cookies related
match = re.match(r'^Location[^:]*: Visited:[^@]*@(.*)$', line)
if match != None:
url = match.group(1)
match = re.match(r'^Primary filetime[^:]*: (.*)$', line)
if match != None:
date = match.group(1)
temp.close()
return {
self.__class__.__name__: {
'places': placeValues,
'forms': formValues
}
}
def main(self, history):
placeValues = {}
formValues = {}
places = cfp.CFPropertyList(history)
places.load()
places = cfp.native_types(places.value)
i = 0
for place in places.get('WebHistoryDates', []):
i += 1
placeValues['place%d' % i] = {'url':place[''], 'title':place['title'],
'count':place['visitCount'], 'date':place['lastVisitedDate'],
'domain':format(place[''])}
return {self.__class__.__name__:{'places':placeValues, 'forms':formValues}}
def main(self, indexes):
placeValues = {}
formValues = {}
binary = '%s/msiecftools/msiecfexport' % MSIECF_DIR
if not os.path.isfile(binary):
print >>sys.stderr, "Binary %s not found" % binary
return {self.__class__.__name__:{'places':placeValues, 'forms':formValues}}
i = 0
for index in indexes:
temp = tempfile.NamedTemporaryFile()
subp.call([binary, index], universal_newlines=True, stdout=temp)
temp.seek(0)
url = ""
date = ""
for line in temp:
if len(line) != 0 and line[-1] == '\n':
line = line[:-1]
if line == "":
if url != "" and date != "":
i += 1
placeValues['place%d' % i] = {'url':url, 'date':date,
'domain':format(url)}
url = ""
date = ""
continue
#FIXME: other "Location" that the "Visited" one but the other means less sense
# Should be intereting to see if it's not forms or cookies related
match = re.match(r'^Location[^:]*: Visited:[^@]*@(.*)$', line)
if match != None:
url = match.group(1)
match = re.match(r'^Primary filetime[^:]*: (.*)$', line)
if match != None:
date = match.group(1)
temp.close()
return {self.__class__.__name__:{'places':placeValues, 'forms':formValues}}
def main(self, history):
placeValues = {}
formValues = {}
places = cfp.CFPropertyList(history)
places.load()
places = cfp.native_types(places.value)
i = 0
for place in places.get('WebHistoryDates', []):
i += 1
placeValues['place%d' % i] = {
'url': place[''],
'title': place['title'],
'count': place['visitCount'],
'date': place['lastVisitedDate'],
'domain': format(place[''])
}
return {
self.__class__.__name__: {
'places': placeValues,
'forms': formValues
}
}
def main(self, regkeys, places, mkp, sid, h):
values = {}
urls = self.formatUrls(places)
i = 0
b = IE7.IE7Autocomplete()
if b.try_decrypt_with_hash(h, mkp, sid, values=regkeys, urls=urls):
for k in b.entries.keys():
if b.entries[k].entropy is None:
continue
e = b.entries[k]
u = e.entropy.decode("UTF-16LE")[:-1]
i += 1
key = "password%d" % i
values[key] = {"login": e.login, "password": e.password, "origin": u, "domain": format(u)}
for j in range(len(e.other)):
values[key]["secret%d" % j] = e.other[j]
return {self.__class__.__name__: values}
