def calculate(self): addr_space = utils.load_as(self._config) if not self._config.sys_offset or not self._config.sec_offset: debug.error("Both SYSTEM and SECURITY offsets must be provided") secrets = lsasecrets.get_memory_secrets(addr_space, self._config, self._config.sys_offset, self._config.sec_offset) if not secrets: debug.error("Unable to read LSA secrets from registry") return secrets
def calculate(self): addr_space = utils.load_as(self._config) # In general it's not recommended to update the global types on the fly, # but I'm special and I know what I'm doing ;) # types.update(regtypes) if not self._config.sys_offset or not self._config.sec_offset: debug.error("Both SYSTEM and SECURITY offsets must be provided") secrets = lsasecrets.get_memory_secrets(addr_space, self._config, self._config.sys_offset, self._config.sec_offset) if not secrets: debug.error("Unable to read LSA secrets from registry") return secrets
def calculate(self): addr_space = utils.load_as(self._config) if not self._config.sys_offset or not self._config.sec_offset: regapi = registryapi.RegistryApi(self._config) for offset in regapi.all_offsets: name = regapi.all_offsets[offset].lower().split("\\")[-1] if "system" == name: self._config.update("SYS_OFFSET", offset) elif "security" == name: self._config.update("SEC_OFFSET", offset) secrets = lsasecrets.get_memory_secrets(addr_space, self._config, self._config.sys_offset, self._config.sec_offset) if not secrets: debug.error("Unable to read LSA secrets from registry") return secrets