1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
# -*- coding: utf-8 -*-
from foreign.client_handling.lazagne.config.module_info import ModuleInfo
from foreign.client_handling.lazagne.config.constant import *
import os
from xml.etree.ElementTree import parse
class KeePassConfig(ModuleInfo):
def __init__(self):
ModuleInfo.__init__(self, 'keepassconfig', 'sysadmin')
self.attr_to_extract = ["Keyfile", "Database", "Type"]
def run(self):
"""
Main function
"""
pwd_found = []
#Keepass1
connection_file_directory = os.path.join(constant.profile['APPDATA'], u'KeePass')
if os.path.exists(connection_file_directory):
connection_file_location = os.path.join(connection_file_directory, u'KeePass.ini')
if os.path.isfile(connection_file_location):
file_content = open(connection_file_location, 'r').read()
#KeeKeySourceID
if len(file_content.split("KeeKeySourceID")) > 1:
KeeKeySource_number = len(file_content.split("KeeKeySourceID")) - 1
for i in range(0, KeeKeySource_number ):
database = file_content.partition("KeeKeySourceID" + str(i) + "=" )[2].partition('\n')[0]
database = database.replace('..\\..\\', 'C:\\')
keyfile = file_content.partition("KeeKeySourceValue" + str(i) + "=" )[2].partition('\n')[0]
pwd_found.append({
'Keyfile': keyfile,
'Database': database
})
#KeeLastDb
if file_content.partition("KeeLastDb=")[1] == "KeeLastDb=":
database = file_content.partition("KeeLastDb=")[2].partition('\n')[0]
database = database.replace('..\\..\\', 'C:\\')
already_in_pwd_found = 0
for elmt in pwd_found:
if database == elmt['Database']:
already_in_pwd_found = 1
if already_in_pwd_found == 0:
pwd_found.append({
'Keyfile': "No keyfile found",
'Database': database
})
#Keepass2
connection_file_directory = os.path.join(constant.profile['APPDATA'], u'KeePass')
if os.path.exists(connection_file_directory):
connection_file_location = os.path.join(connection_file_directory, u'KeePass.config.xml')
if os.path.isfile(connection_file_location):
try:
connections = parse(connection_file_location).getroot()
connection_nodes = connections.findall(".//Association")
for connection_node in connection_nodes:
database = connection_node.find('DatabasePath').text.replace('..\\..\\', 'C:\\')
type = ""
if connection_node.find('Password') is not None:
type += "Password - "
if connection_node.find('UserAccount') is not None:
type += "NTLM - "
try:
keyfile = connection_node.find('KeyFilePath').text.replace('..\\..\\', 'C:\\')
type += "Keyfile - "
except:
keyfile = "No keyfile found"
pwd_found.append({
'Keyfile': keyfile,
'Database': database,
'Type': type[:-3]
})
except:
pass
try:
connections = parse(connection_file_location).getroot()
connection_nodes = connections.findall(".//LastUsedFile")
for connection_node in connection_nodes:
database = connection_node.find('Path').text.replace('..\\..\\', 'C:\\')
already_in_pwd_found = 0
for elmt in pwd_found:
if database == elmt['Database']:
already_in_pwd_found = 1
if already_in_pwd_found == 0:
pwd_found.append({
'Keyfile': "No keyfile found",
'Database': database
})
except:
pass
try:
connections = parse(connection_file_location).getroot()
connection_nodes = connections.findall(".//ConnectionInfo")
for connection_node in connection_nodes:
database = connection_node.find('Path').text.replace('..\\..\\', 'C:\\')
already_in_pwd_found = 0
for elmt in pwd_found:
if database == elmt['Database']:
already_in_pwd_found = 1
if already_in_pwd_found == 0:
pwd_found.append({
'Keyfile': "No keyfile found",
'Database': database
})
except:
pass
return pwd_found
|