Exemple #1
0
def decrypt_blob(mkp, blob):
    """Helper to decrypt blobs."""
    mks = mkp.getMasterKeys(blob.mkguid)
    if mks:
        for mk in mks:
            if mk.decrypted:
                blob.decrypt(mk.get_key())
                if blob.decrypted:
                    break
    else:
        return None, 1

    if blob.decrypted:
        return blob.cleartext, 0
    return None, 2
Exemple #2
0
def decrypt_blob(mkp, blob):
    """Helper to decrypt blobs."""
    mks = mkp.getMasterKeys(blob.mkguid)
    if mks:
        for mk in mks:
            if mk.decrypted:
                blob.decrypt(mk.get_key())
                if blob.decrypted:
                    break
    else:
        return None, 1

    if blob.decrypted:
        return blob.cleartext, 0
    return None, 2
Exemple #3
0
def decrypt_blob(mkp, blob):
    """Helper to decrypt blobs."""
    mks = mkp.getMasterKeys(blob.mkguid)
    if mks:
        for mk in mks:
            if mk.decrypted:
                blob.decrypt(mk.get_key())
                if blob.decrypted:
                    break
    else:
        print >> sys.stderr, 'MasterKey not found for blob.'

    if blob.decrypted:
        return blob.cleartext
    return None
Exemple #4
0
def decrypt_blob(mkp, blob):
    """Helper to decrypt blobs."""
    mks = mkp.getMasterKeys(blob.mkguid)
    if mks:
        for mk in mks:
            if mk.decrypted:
                blob.decrypt(mk.get_key())
                if blob.decrypted:
                    break
    else:
        print >> sys.stderr, 'MasterKey not found for blob.'

    if blob.decrypted:
        return blob.cleartext
    return None
Exemple #5
0
        dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal']

        mkp.addSystemCredential(dpapi_system)
        mkp.try_credential_hash(None, None)

    blob = blob.DPAPIBlob(open(args[0], 'rb').read())

    mks = mkp.getMasterKeys(blob.mkguid)

    entropy = None
    if options.entropy_hex:
        entropy = options.entropy_hex.decode('hex')

    if len(mks) == 0:
        sys.exit('Unable to find MK for blob %s' % blob.mkguid)

    for mk in mks:
        if mk.decrypted:
            blob.decrypt(mk.get_key(), entropy=entropy)
            if blob.decrypted:
                print 'Blob Decrypted, HEX and TEXT following...'
                print '-' * 79
                print blob.cleartext.encode('hex')
                print '-' * 79
                print blob.cleartext
                print '-' * 79
            else:
                print 'unable to decrypt blob'
        else:
            print 'unable to decrypt master key'
Exemple #6
0
        dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal']

        mkp.addSystemCredential(dpapi_system)
        mkp.try_credential_hash(None, None)

    blob = blob.DPAPIBlob(open(args[0], 'rb').read())

    mks = mkp.getMasterKeys(blob.mkguid)

    entropy = None
    if options.entropy_hex:
        entropy = options.entropy_hex.decode('hex')

    if len(mks) == 0:
        sys.exit('Unable to find MK for blob %s' % blob.mkguid)

    for mk in mks:
        if mk.decrypted:
            blob.decrypt(mk.get_key(), entropy=entropy)
            if blob.decrypted:
                print 'Blob Decrypted, HEX and TEXT following...'
                print '-' * 79
                print blob.cleartext.encode('hex')
                print '-' * 79
                print blob.cleartext
                print '-' * 79
            else:
                print 'unable to decrypt blob'
        else:
            print 'unable to decrypt master key'
Exemple #7
0
    check_parameters(options, args)

    reg = registry.Regedit()
    secrets = reg.get_lsa_secrets(options.security, options.system)
    dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal']

    mkp = masterkey.MasterKeyPool()
    mkp.loadDirectory(options.masterkeydir)
    mkp.addSystemCredential(dpapi_system)
    mkp.try_credential_hash(None, None)

    blob = blob.DPAPIBlob(open(args[0], 'rb').read())

    mks = mkp.getMasterKeys(blob.mkguid)
    for mk in mks:
        if mk.decrypted:
            blob.decrypt(mk.get_key())
            if blob.decrypted:
                if options.hexencode:
                    print 'BLOB CLEARTEXT HEX ENCODED FOLLOWING'
                    print '-' * 79
                    print blob.cleartext.encode('hex')
                    print '-' * 79
                else:
                    print blob.cleartext
            else:
                print 'unable to decrypt blob'
        else:
            print 'unable to decrypt key'