1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
# -*- coding: utf-8 -*-
try:
import _winreg as winreg
except ImportError:
import winreg
from foreign.client_handling.lazagne.config.module_info import ModuleInfo
from foreign.client_handling.lazagne.config.winstructure import OpenKey, HKEY_CURRENT_USER
class WinSCP(ModuleInfo):
def __init__(self):
ModuleInfo.__init__(self, 'winscp', 'sysadmin', registry_used=True)
self.hash = ''
# ------------------------------ Getters and Setters ------------------------------
def decrypt_char(self):
hex_flag = 0xA3
charset = '0123456789ABCDEF'
if len(self.hash) > 0:
unpack1 = charset.find(self.hash[0])
unpack1 = unpack1 << 4
unpack2 = charset.find(self.hash[1])
result = ~((unpack1 + unpack2) ^ hex_flag) & 0xff
# store the new hash
self.hash = self.hash[2:]
return result
def check_winscp_installed(self):
try:
key = OpenKey(HKEY_CURRENT_USER, 'Software\\Martin Prikryl\\WinSCP 2\\Configuration\\Security')
return key
except Exception as e:
self.debug(str(e))
return False
def check_masterPassword(self, key):
is_master_pwd_used = winreg.QueryValueEx(key, 'UseMasterPassword')[0]
winreg.CloseKey(key)
if str(is_master_pwd_used) == '0':
return False
else:
return True
def get_credentials(self):
try:
key = OpenKey(HKEY_CURRENT_USER, 'Software\\Martin Prikryl\\WinSCP 2\\Sessions')
except Exception as e:
self.debug(str(e))
return False
pwd_found = []
num_profiles = winreg.QueryInfoKey(key)[0]
for n in range(num_profiles):
name_skey = winreg.EnumKey(key, n)
skey = OpenKey(key, name_skey)
num = winreg.QueryInfoKey(skey)[1]
values = {}
elements = {'HostName': 'URL', 'UserName': 'Login', 'PortNumber': 'Port', 'Password': 'Password'}
for nn in range(num):
k = winreg.EnumValue(skey, nn)
for e in elements:
if k[0] == e:
if e == 'Password':
try:
values['Password'] = self.decrypt_password(
username=values.get('Login', ''),
hostname=values.get('URL', ''),
_hash=k[1]
)
except Exception as e:
self.debug(str(e))
else:
values[elements[k[0]]] = str(k[1])
if num != 0:
if 'Port' not in values:
values['Port'] = '22'
pwd_found.append(values)
winreg.CloseKey(skey)
winreg.CloseKey(key)
return pwd_found
def decrypt_password(self, username, hostname, _hash):
self.hash = _hash
hex_flag = 0xFF
flag = self.decrypt_char()
if flag == hex_flag:
self.decrypt_char()
length = self.decrypt_char()
else:
length = flag
ldel = (self.decrypt_char()) * 2
self.hash = self.hash[ldel: len(self.hash)]
result = ''
for ss in range(length):
try:
result += chr(int(self.decrypt_char()))
except Exception as e:
self.debug(str(e))
if flag == hex_flag:
key = username + hostname
result = result[len(key): len(result)]
return result
def run(self):
winscp_key = self.check_winscp_installed()
if winscp_key:
if not self.check_masterPassword(winscp_key):
results = self.get_credentials()
if results:
return results
else:
self.warning(u'A master password is used. Passwords cannot been retrieved')
|