def from_buffer(buff): sk = CredentialFile() sk.version = int.from_bytes(buff.read(4), 'little', signed=False) sk.size = int.from_bytes(buff.read(4), 'little', signed=False) sk.unk = int.from_bytes(buff.read(4), 'little', signed=False) sk.data = buff.read(sk.size) sk.blob = DPAPI_BLOB.from_bytes(sk.data) return sk
def from_buffer(buff): sk = CredentialFile() sk.version = struct.unpack('<I', buff.read(4)) sk.size = struct.unpack('<I', buff.read(4)) sk.unk = struct.unpack('<I', buff.read(4)) sk.data = buff.read(sk.size) sk.blob = DPAPI_BLOB.from_bytes(sk.data) return sk
def decrypt_blob_bytes(self, data, key=None): """ Decrypts DPAPI_BLOB bytes. data: DPAPI_BLOB bytes returns: bytes of the cleartext data """ blob = DPAPI_BLOB.from_bytes(data) return self.decrypt_blob(blob, key=key)
def decrypt_blob_bytes(self, data, key=None): """ Decrypts DPAPI_BLOB bytes. data: DPAPI_BLOB bytes returns: bytes of the cleartext data """ if self.use_winapi is True: from pypykatz.dpapi.functiondefs.dpapi import CryptUnprotectData return CryptUnprotectData(data) blob = DPAPI_BLOB.from_bytes(data) logger.debug(str(blob)) return self.decrypt_blob(blob, key=key)
def from_buffer(buff): sk = VAULT_VPOL() sk.version = struct.unpack('<I', buff.read(4)) sk.guid = GUID(buff).value sk.description_length = struct.unpack('<I', buff.read(4)) sk.description = buff.read(sk.description_length) sk.unk0 = buff.read(12) sk.size = struct.unpack('<I', buff.read(4)) sk.guid2 = GUID(buff).value sk.guid3 = GUID(buff).value sk.key_size = struct.unpack('<I', buff.read(4)) sk.blob = DPAPI_BLOB.from_bytes(buff.read(sk.key_size)) return sk
def from_buffer(buff): sk = VAULT_VPOL() sk.version = int.from_bytes(buff.read(4), 'little', signed=False) sk.guid = GUID(buff).value sk.description_length = int.from_bytes(buff.read(4), 'little', signed=False) sk.description = buff.read(sk.description_length) sk.unk0 = buff.read(12) sk.size = int.from_bytes(buff.read(4), 'little', signed=False) sk.guid2 = GUID(buff).value sk.guid3 = GUID(buff).value sk.key_size = int.from_bytes(buff.read(4), 'little', signed=False) sk.blobdata = buff.read(sk.key_size) sk.blob = DPAPI_BLOB.from_bytes(sk.blobdata) return sk