def add_entry(self, wdigest_entry): """ Changed the wdigest parsing, the struct only contains the pointers in the linked list, the actual data is read by adding an offset to the current entry's position """ wc = WdigestCredential() wc.luid = wdigest_entry.luid #input(wdigest_entry.this_entry.value) self.reader.move(wdigest_entry.this_entry.value + self.decryptor_template.primary_offset) UserName = LSA_UNICODE_STRING(self.reader) DomainName = LSA_UNICODE_STRING(self.reader) Password = LSA_UNICODE_STRING(self.reader) wc.username = UserName.read_string(self.reader) wc.domainname = DomainName.read_string(self.reader) wc.encrypted_password = Password.read_maxdata(self.reader) if wc.username.endswith('$') is True: wc.password, wc.password_raw = self.decrypt_password(wc.encrypted_password, bytes_expected=True) if wc.password is not None: wc.password = wc.password.hex() else: wc.password, wc.password_raw = self.decrypt_password(wc.encrypted_password) if wc.username == '' and wc.domainname == '' and wc.password is None: return self.credentials.append(wc)
def add_entry(self, wdigest_entry): """ Changed the wdigest parsing, the struct only contains the pointers in the linked list, the actual data is read by adding an offset to the current entry's position """ wc = WdigestCredential() wc.luid = wdigest_entry.luid #input(wdigest_entry.this_entry.value) self.reader.move(wdigest_entry.this_entry.value + self.decryptor_template.primary_offset) UserName = LSA_UNICODE_STRING(self.reader) DomainName = LSA_UNICODE_STRING(self.reader) Password = LSA_UNICODE_STRING(self.reader) wc.username = UserName.read_string(self.reader) wc.domainname = DomainName.read_string(self.reader) wc.encrypted_password = Password.read_maxdata(self.reader) wc.password = self.decrypt_password(wc.encrypted_password) self.credentials.append(wc)