def main(self, regkeys, places, mkp, sid, h): values = {} urls = self.formatUrls(places) i = 0 b = IE7.IE7Autocomplete() if b.try_decrypt_with_hash(h, mkp, sid, values=regkeys, urls=urls): for k in b.entries.keys(): if b.entries[k].entropy is None: continue e = b.entries[k] u = e.entropy.decode('UTF-16LE')[:-1] i += 1 key = 'password%d' % i values[key] = { 'login': e.login, 'password': e.password, 'origin': u, 'domain': format(u) } for j in range(len(e.other)): values[key]["secret%d" % j] = e.other[j] return {self.__class__.__name__: values}
def main(self, indexes): placeValues = {} formValues = {} binary = '%s/msiecftools/msiecfexport' % MSIECF_DIR if not os.path.isfile(binary): print >> sys.stderr, "Binary %s not found" % binary return { self.__class__.__name__: { 'places': placeValues, 'forms': formValues } } i = 0 for index in indexes: temp = tempfile.NamedTemporaryFile() subp.call([binary, index], universal_newlines=True, stdout=temp) temp.seek(0) url = "" date = "" for line in temp: if len(line) != 0 and line[-1] == '\n': line = line[:-1] if line == "": if url != "" and date != "": i += 1 placeValues['place%d' % i] = { 'url': url, 'date': date, 'domain': format(url) } url = "" date = "" continue #FIXME: other "Location" that the "Visited" one but the other means less sense # Should be intereting to see if it's not forms or cookies related match = re.match(r'^Location[^:]*: Visited:[^@]*@(.*)$', line) if match != None: url = match.group(1) match = re.match(r'^Primary filetime[^:]*: (.*)$', line) if match != None: date = match.group(1) temp.close() return { self.__class__.__name__: { 'places': placeValues, 'forms': formValues } }
def main(self, history): placeValues = {} formValues = {} places = cfp.CFPropertyList(history) places.load() places = cfp.native_types(places.value) i = 0 for place in places.get('WebHistoryDates', []): i += 1 placeValues['place%d' % i] = {'url':place[''], 'title':place['title'], 'count':place['visitCount'], 'date':place['lastVisitedDate'], 'domain':format(place[''])} return {self.__class__.__name__:{'places':placeValues, 'forms':formValues}}
def main(self, indexes): placeValues = {} formValues = {} binary = '%s/msiecftools/msiecfexport' % MSIECF_DIR if not os.path.isfile(binary): print >>sys.stderr, "Binary %s not found" % binary return {self.__class__.__name__:{'places':placeValues, 'forms':formValues}} i = 0 for index in indexes: temp = tempfile.NamedTemporaryFile() subp.call([binary, index], universal_newlines=True, stdout=temp) temp.seek(0) url = "" date = "" for line in temp: if len(line) != 0 and line[-1] == '\n': line = line[:-1] if line == "": if url != "" and date != "": i += 1 placeValues['place%d' % i] = {'url':url, 'date':date, 'domain':format(url)} url = "" date = "" continue #FIXME: other "Location" that the "Visited" one but the other means less sense # Should be intereting to see if it's not forms or cookies related match = re.match(r'^Location[^:]*: Visited:[^@]*@(.*)$', line) if match != None: url = match.group(1) match = re.match(r'^Primary filetime[^:]*: (.*)$', line) if match != None: date = match.group(1) temp.close() return {self.__class__.__name__:{'places':placeValues, 'forms':formValues}}
def main(self, history): placeValues = {} formValues = {} places = cfp.CFPropertyList(history) places.load() places = cfp.native_types(places.value) i = 0 for place in places.get('WebHistoryDates', []): i += 1 placeValues['place%d' % i] = { 'url': place[''], 'title': place['title'], 'count': place['visitCount'], 'date': place['lastVisitedDate'], 'domain': format(place['']) } return { self.__class__.__name__: { 'places': placeValues, 'forms': formValues } }
def main(self, regkeys, places, mkp, sid, h): values = {} urls = self.formatUrls(places) i = 0 b = IE7.IE7Autocomplete() if b.try_decrypt_with_hash(h, mkp, sid, values=regkeys, urls=urls): for k in b.entries.keys(): if b.entries[k].entropy is None: continue e = b.entries[k] u = e.entropy.decode("UTF-16LE")[:-1] i += 1 key = "password%d" % i values[key] = {"login": e.login, "password": e.password, "origin": u, "domain": format(u)} for j in range(len(e.other)): values[key]["secret%d" % j] = e.other[j] return {self.__class__.__name__: values}