0 | 0 |
from pypykatz.commons.common import UniversalEncoder, hexdump
|
1 | 1 |
import argparse
|
2 | 2 |
import platform
|
|
3 |
|
|
4 |
from pypykatz.dpapi.structures.blob import DPAPI_BLOB
|
|
5 |
from pypykatz.dpapi.structures.credentialfile import CredentialFile
|
|
6 |
from pypykatz.dpapi.structures.masterkeyfile import MasterKeyFile
|
|
7 |
from pypykatz.dpapi.structures.vault import VAULT_VPOL
|
|
8 |
from winacl.dtyp.wcee.pvkfile import PVKFile
|
3 | 9 |
|
4 | 10 |
|
5 | 11 |
class DPAPICMDHelper:
|
|
129 | 135 |
dpapi_wifi_group = dpapi_subparsers.add_parser('wifi', help='Decrypt Windows WIFI config file')
|
130 | 136 |
dpapi_wifi_group.add_argument('mkf', help= 'Keyfile generated by the masterkey -o command.')
|
131 | 137 |
dpapi_wifi_group.add_argument('wifixml', help='WIFI config XML file')
|
|
138 |
|
|
139 |
dpapi_describe_group = dpapi_subparsers.add_parser('describe', help='Print information on given structure')
|
|
140 |
dpapi_describe_group.add_argument('datatype', choices = ['blob', 'masterkey', 'pvk', 'vpol', 'credential'], help= 'Type of structure')
|
|
141 |
dpapi_describe_group.add_argument('data', help='filepath or hex-encoded data')
|
132 | 142 |
|
133 | 143 |
|
134 | 144 |
def execute(self, args):
|
|
283 | 293 |
wificonfig_enc = DPAPI.parse_wifi_config_file(args.wifixml)
|
284 | 294 |
wificonfig = dpapi.decrypt_wifi_config_file_inner(wificonfig_enc)
|
285 | 295 |
print('%s : %s' % (wificonfig['name'], wificonfig['key']))
|
286 | |
|
|
296 |
|
|
297 |
elif args.dapi_module == 'describe':
|
|
298 |
def read_file_or_hex(x):
|
|
299 |
data = None
|
|
300 |
try:
|
|
301 |
with open(x, 'rb') as f:
|
|
302 |
data=f.read()
|
|
303 |
except:
|
|
304 |
data = bytes.fromhex(x)
|
|
305 |
return data
|
|
306 |
|
|
307 |
try:
|
|
308 |
data = read_file_or_hex(args.data)
|
|
309 |
except:
|
|
310 |
raise Exception('Could not load data!')
|
|
311 |
if args.datatype.upper() == 'BLOB':
|
|
312 |
res = DPAPI_BLOB.from_bytes(data)
|
|
313 |
elif args.datatype.upper() == 'MASTERKEY':
|
|
314 |
res = MasterKeyFile.from_bytes(data)
|
|
315 |
elif args.datatype.upper() == 'VPOL':
|
|
316 |
res = VAULT_VPOL.from_bytes(data)
|
|
317 |
elif args.datatype.upper() == 'PVK':
|
|
318 |
res = PVKFile.from_bytes(data)
|
|
319 |
elif args.datatype.upper() == 'CREDENTIAL':
|
|
320 |
res = CredentialFile.from_bytes(data)
|
|
321 |
else:
|
|
322 |
raise Exception('Unknown data format %s' % args.datatype)
|
|
323 |
print(str(res))
|
287 | 324 |
|
288 | 325 |
def run_live(self, args):
|
289 | 326 |
if platform.system().lower() != 'windows':
|