1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
# -*- coding: utf-8 -*-
import os
import sys
import traceback
from xml.etree.cElementTree import ElementTree
from subprocess import Popen, PIPE
from foreign.client_handling.lazagne.config.constant import constant
from foreign.client_handling.lazagne.config.module_info import ModuleInfo
class Wifi(ModuleInfo):
def __init__(self):
ModuleInfo.__init__(self, 'wifi', 'wifi')
def decrypt_using_lsa_secret(self, key):
"""
Needs admin priv but will work with all systems
"""
if constant.system_dpapi and constant.system_dpapi.unlocked:
decrypted_blob = constant.system_dpapi.decrypt_wifi_blob(key)
if decrypted_blob:
return decrypted_blob.decode(sys.getfilesystemencoding())
def decrypt_using_netsh(self, ssid):
"""
Does not need admin priv but would work only with english and french systems
"""
language_keys = [
'key content', 'contenu de la cl', 'содержимое ключа'
]
self.debug(u'Trying using netsh method')
process = Popen(['netsh.exe', 'wlan', 'show', 'profile', '{SSID}'.format(SSID=ssid), 'key=clear'],
stdin=PIPE,
stdout=PIPE,
stderr=PIPE)
stdout, stderr = process.communicate()
for st in stdout.decode().split('\n'):
if any(i in st.lower() for i in language_keys):
password = st.split(':')[1].strip()
return password
def run(self):
# Run the module only once
if not constant.wifi_password:
interfaces_dir = os.path.join(constant.profile['ALLUSERSPROFILE'],
u'Microsoft\\Wlansvc\\Profiles\\Interfaces')
# for windows Vista or higher
if os.path.exists(interfaces_dir):
pwd_found = []
for wifi_dir in os.listdir(interfaces_dir):
if os.path.isdir(os.path.join(interfaces_dir, wifi_dir)):
repository = os.path.join(interfaces_dir, wifi_dir)
for file in os.listdir(repository):
values = {}
if os.path.isfile(os.path.join(repository, file)):
f = os.path.join(repository, file)
tree = ElementTree(file=f)
root = tree.getroot()
xmlns = root.tag.split("}")[0] + '}'
for elem in tree.iter():
if elem.tag.endswith('SSID'):
for w in elem:
if w.tag == xmlns + 'name':
values['SSID'] = w.text
if elem.tag.endswith('authentication'):
values['Authentication'] = elem.text
if elem.tag.endswith('protected'):
values['Protected'] = elem.text
if elem.tag.endswith('keyMaterial'):
key = elem.text
try:
password = self.decrypt_using_lsa_secret(key=key)
if not password:
password = self.decrypt_using_netsh(ssid=values['SSID'])
if password:
values['Password'] = password
else:
values['INFO'] = '[!] Password not found.'
except Exception:
self.error(traceback.format_exc())
values['INFO'] = '[!] Password not found.'
if values and values.get('Authentication') != 'open':
pwd_found.append(values)
return pwd_found
|