def test_get_lsa_secrets(self): r = registry.Regedit() secrets = r.get_lsa_secrets(W7_SECURITY_HIVE, W7_SYSTEM_HIVE) self.assertTrue("DPAPI_SYSTEM" in secrets) self.assertEquals(secrets["DPAPI_SYSTEM"]["CurrVal"], self.expected)
def getwifipassword(self, systemhive, securityhive, masterkeydir, profiledirectory): """ getwifipassword returns all wifi passwords located at X:/ProgramData/Microsoft/Wlansvc """ reg = registry.Regedit() secrets = reg.get_lsa_secrets(securityhive, systemhive) dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal'] mkp = masterkey.MasterKeyPool() mkp.loadDirectory(masterkeydir) mkp.addSystemCredential(dpapi_system) mkp.try_credential_hash(None, None) finalpass = dict() for root, _, files in os.walk(profiledirectory): for file in files: filepath = os.path.join(root, file) with open(filepath, 'r') as f: file_data = f.read().replace('\x0a', '').replace('\x0d', '') wifi_name = re.search('<name>([^<]+)</name>', file_data) wifi_name = wifi_name.group(1) key_material_re = re.search( '<keyMaterial>([0-9A-F]+)</keyMaterial>', file_data) if not key_material_re: continue key_material = key_material_re.group(1) wblob = blob.DPAPIBlob(key_material.decode('hex')) wifi_pwd = '<not decrypted>' mks = mkp.getMasterKeys(wblob.mkguid) for mk in mks: if mk.decrypted: wblob.decrypt(mk.get_key()) if wblob.decrypted: wifi_pwd = wblob.cleartext break print 'Wifi:{} Password:{}'.format(wifi_name, wifi_pwd) finalpass[wifi_name] = wifi_pwd print finalpass return finalpass
def test_get_lsa_key(self): r = registry.Regedit() self.assertRaises(ValueError, r.get_lsa_key, W7_SECURITY_HIVE) r.get_syskey(W7_SYSTEM_HIVE) self.assertEquals(r.get_lsa_key(W7_SECURITY_HIVE), self.lsakey)
def test_get_syskey(self): r = registry.Regedit() self.assertEquals(r.get_syskey(W7_SYSTEM_HIVE), self.syskey)
umkp = None if options.masterkeydir: umkp = masterkey.MasterKeyPool() umkp.loadDirectory(options.masterkeydir) if options.credhist: umkp.addCredhistFile(options.sid, options.credhist) if options.password: umkp.try_credential(options.sid, options.password) elif options.pwdhash: umkp.try_credential_hash( options.sid, options.pwdhash.decode('hex')) smkp = None if options.sysmkdir and options.system and options.security: reg = registry.Regedit() secrets = reg.get_lsa_secrets(options.security, options.system) dpapi_system = secrets.get('DPAPI_SYSTEM')['CurrVal'] smkp = masterkey.MasterKeyPool() smkp.loadDirectory(options.sysmkdir) smkp.addSystemCredential(dpapi_system) smkp.try_credential_hash(None, None) can_decrypt_sys_blob = True for cred_file in args: with open(cred_file, 'rb') as fin: print '-'*79 enc_cred = vaultstruct.CREDENTIAL_FILE.parse(fin.read()) print enc_cred