Exemplo n.º 1
0
def dump_hashes():
    bootkey = get_bootkey()
    if not bootkey:
        return []

    lsakey = get_lsa_key(bootkey)
#    import binascii
#    print "lsakey : %s"%(binascii.hexlify(lsakey))
    if not lsakey:
        return []

    nlkm = get_nlkm(lsakey)
#    print "nlkm : %s"%(binascii.hexlify(nlkm))
    if not nlkm:
        return []

    r = regkey("HKEY_LOCAL_MACHINE\\SECURITY\\Cache")
    if not r.is_present():
        return []

    hashes = []
    for v in r.get_values():
        if v == "NL$Control": continue
        
        data = r.get_value(v)

        (uname_len, domain_len, domain_name_len, 
            enc_data, ch) = parse_cache_entry(data)
#        print "cache entry encodeddata: %s"%(binascii.hexlify(enc_data))
        # Skip if nothing in this cache entry
        if uname_len == 0:
            continue
        global xp
        xp = isXp()
        if xp:
            dec_data = decrypt_hash(enc_data, nlkm, ch)
        else:
            dec_data = decrypt_hash_vista(enc_data, nlkm, ch)

        (username, domain, domain_name,
            hash) = parse_decrypted_cache(dec_data, uname_len,
                    domain_len, domain_name_len)

        hashes.append((username, domain, domain_name, hash))

    return hashes 
Exemplo n.º 2
0
def dump_hashes():
    bootkey = get_bootkey()
    if not bootkey:
        return []

    lsakey = get_lsa_key(bootkey)
    if not lsakey:
        return []

    nlkm = get_nlkm(lsakey)
    if not nlkm:
        return []

    r = regkey("HKEY_LOCAL_MACHINE\\SECURITY\\Cache")
    if not r.is_present():
        return []

    hashes = []
    for v in r.get_values():
        if v == "NL$Control": continue

        data = r.get_value(v)

        (uname_len, domain_len, domain_name_len, enc_data,
         ch) = parse_cache_entry(data)

        # Skip if nothing in this cache entry
        if uname_len == 0:
            continue

        dec_data = decrypt_hash(enc_data, nlkm, ch)

        (username, domain, domain_name,
         hash) = parse_decrypted_cache(dec_data, uname_len, domain_len,
                                       domain_name_len)

        hashes.append((username, domain, domain_name, hash))

    return hashes
Exemplo n.º 3
0
def dump_hashes():
    bootkey = get_bootkey()
    if not bootkey:
        return []

    lsakey = get_lsa_key(bootkey)
    if not lsakey:
        return []

    nlkm = get_nlkm(lsakey)
    if not nlkm:
        return []

    r = regkey("HKEY_LOCAL_MACHINE\\SECURITY\\Cache")
    if not r.is_present():
        return []

    hashes = []
    for v in r.get_values():
        if v == "NL$Control": continue
        
        data = r.get_value(v)

        (uname_len, domain_len, domain_name_len, 
            enc_data, ch) = parse_cache_entry(data)
        
        # Skip if nothing in this cache entry
        if uname_len == 0:
            continue

        dec_data = decrypt_hash(enc_data, nlkm, ch)

        (username, domain, domain_name,
            hash) = parse_decrypted_cache(dec_data, uname_len,
                    domain_len, domain_name_len)

        hashes.append((username, domain, domain_name, hash))

    return hashes