def testGetBootKey(self):
"""Tests the _GetBootKey function."""
registry = self._CreateTestRegistry()
collector_object = cached_credentials.CachedCredentialsKeyCollector()
boot_key = collector_object._GetBootKey(registry)
self.assertEqual(boot_key, b'\xc0j\xbe2\xa4\xd0*Q\x1aX\xe3\x90?T,\x9c')
def testGetLSAKey(self):
"""Tests the _GetLSAKey function."""
registry = self._CreateTestRegistry()
collector_object = cached_credentials.CachedCredentialsKeyCollector()
lsa_key = collector_object._GetLSAKey(
registry, b'\xc0j\xbe2\xa4\xd0*Q\x1aX\xe3\x90?T,\x9c')
self.assertEqual(lsa_key, b'\x01\xd6]\xf4C\xaa\n\x86\xd9B\xd1\x174\xcef|')
def testCollectEmpty(self):
"""Tests the Collect function on an empty Registry."""
registry = dfwinreg_registry.WinRegistry()
test_output_writer = TestOutputWriter()
collector_object = cached_credentials.CachedCredentialsKeyCollector(
output_writer=test_output_writer)
result = collector_object.Collect(registry)
self.assertFalse(result)
test_output_writer.Close()
def testCollect(self):
"""Tests the Collect function."""
registry = self._CreateTestRegistry()
test_output_writer = TestOutputWriter()
collector_object = cached_credentials.CachedCredentialsKeyCollector(
output_writer=test_output_writer)
result = collector_object.Collect(registry)
self.assertTrue(result)
test_output_writer.Close()
def testGetNLKey(self):
"""Tests the _GetNLKey function."""
registry = self._CreateTestRegistry()
collector_object = cached_credentials.CachedCredentialsKeyCollector()
expected_nl_key = (
b'\t\xfeDH\x1b5s\xb7;\x1d\xfc\xf7H\x9f\xc9`;`}\xcfb5P\xfd\xb5\xd8\x8f!u'
b'\xec\x01\xe9\x85%\x96lhR\xc90\xfb\x1d\xb6\x9d\xcd\x8c\x14\x90\x91\xde'
b'\xf1\xdd]\xd7d*\xce@\x97Z\xf1Yq ')
nl_key = collector_object._GetNLKey(
registry, b'\x01\xd6]\xf4C\xaa\n\x86\xd9B\xd1\x174\xcef|')
self.assertEqual(nl_key, expected_nl_key)
def Main():
"""The main program function.
Returns:
bool: True if successful or False if not.
"""
argument_parser = argparse.ArgumentParser(description=(
'Extracts the cached credentials from a SECURITY Registry file.'))
argument_parser.add_argument(
'-d', '--debug', dest='debug', action='store_true', default=False, help=(
'enable debug output.'))
argument_parser.add_argument(
'source', nargs='?', action='store', metavar='PATH', default=None, help=(
'path of the volume containing C:\\Windows, the filename of '
'a storage media image containing the C:\\Windows directory, '
'or the path of a SECURITY and SYSTEM Registry file.'))
options = argument_parser.parse_args()
if not options.source:
print('Source value is missing.')
print('')
argument_parser.print_help()
print('')
return False
logging.basicConfig(
level=logging.INFO, format='[%(levelname)s] %(message)s')
output_writer = output_writers.StdoutOutputWriter()
if not output_writer.Open():
print('Unable to open output writer.')
print('')
return False
volume_scanner_mediator = dfvfs_command_line.CLIVolumeScannerMediator()
registry_collector = collector.WindowsRegistryCollector(
mediator=volume_scanner_mediator)
if not registry_collector.ScanForWindowsVolume(options.source):
print('Unable to retrieve the Windows Registry from: {0:s}.'.format(
options.source))
print('')
return False
if registry_collector.IsSingleFileRegistry():
print('Both SECURITY and SYSYEM Registry files are required.')
print('')
return False
# TODO: map collector to available Registry keys.
collector_object = cached_credentials.CachedCredentialsKeyCollector(
debug=options.debug, output_writer=output_writer)
result = collector_object.Collect(registry_collector.registry)
if not result:
print('No Cache key found.')
else:
output_writer.WriteText('\n')
output_writer.Close()
return True