blob: 4df5b843b5a7108662b4427a36f6291e4e07a275 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# -*- coding: utf-8 -*-
# Thanks to the awesome work done by harmjoy
# For more information http://www.harmj0y.net/blog/redteaming/keethief-a-case-study-in-attacking-keepass-part-2/
# Thanks for the great work of libkeepass (used to decrypt keepass file)
# https://github.com/phpwutz/libkeepass
import traceback
from . import libkeepass
from foreign.client_handling.lazagne.config.constant import constant
from foreign.client_handling.lazagne.config.module_info import ModuleInfo
class Keepass(ModuleInfo):
def __init__(self):
ModuleInfo.__init__(self, 'keepass', 'memory')
def run(self):
# password found on the memory dump class
if constant.keepass:
res = []
for db in constant.keepass:
try:
with libkeepass.open(db.values()[0][u'Database'],
password=db.get(u"KcpPassword", {}).get(u'Password'),
keyfile=db.get(u"KcpKeyFile", {}).get(u'KeyFilePath')) as kdb:
res.extend(kdb.to_dic())
except Exception:
self.debug(traceback.format_exc())
return res
|