From 2cd1af01d2a3b3d24643531eb4501a81d8ab7ac6 Mon Sep 17 00:00:00 2001 From: Andrew Selivanov Date: Wed, 28 Nov 2018 02:46:07 +0300 Subject: [PATCH] OpenVPN support --- README.md | 2 +- Windows/lazagne/config/manage_modules.py | 2 + Windows/lazagne/softwares/sysadmin/openvpn.py | 55 +++++++++++++++++++ 3 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 Windows/lazagne/softwares/sysadmin/openvpn.py diff --git a/README.md b/README.md index ae43bee5..bde6c10c 100755 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ Supported software | Mails | Outlook, Thunderbird | Clawsmail, Thunderbird | | | Dumps from memory | Keepass, Wdigest (mimikatz method) | system password | | | SVN | Tortoise | | | -| Sysadmin | Apache Directory studio, CoreFTP, CyberDuck, fileZilla, FTPNavigator, OpenSSH, PuttyCMRDPManager, WinSCP, Windows Subsystem for Linux | AWS, Docker, Environnement variable, FileZilla, History files, SSH private keys | | +| Sysadmin | Apache Directory studio, CoreFTP, CyberDuck, fileZilla, FTPNavigator, OpenSSH, OpenVPN, PuttyCMRDPManager, WinSCP, Windows Subsystem for Linux | AWS, Docker, Environnement variable, FileZilla, History files, SSH private keys | | | Wifi | Wireless Network | Network Manager | * CF Keychains | | Internal mechanism passwords storage | .NET Passport, Generic Network Hashdump (LM/NT), LSA secret | GNOME Keyring, Kwallet,hashdump | Keychains, hashdump | diff --git a/Windows/lazagne/config/manage_modules.py b/Windows/lazagne/config/manage_modules.py index 3efb3389..829b97df 100755 --- a/Windows/lazagne/config/manage_modules.py +++ b/Windows/lazagne/config/manage_modules.py @@ -41,6 +41,7 @@ from lazagne.softwares.sysadmin.filezilla import Filezilla from lazagne.softwares.sysadmin.ftpnavigator import FtpNavigator from lazagne.softwares.sysadmin.opensshforwindows import OpenSSHForWindows +from lazagne.softwares.sysadmin.openvpn import OpenVPN from lazagne.softwares.sysadmin.puttycm import Puttycm from lazagne.softwares.sysadmin.rdpmanager import RDPManager from lazagne.softwares.sysadmin.unattended import Unattended @@ -138,6 +139,7 @@ def get_modules(): FtpNavigator(), Puttycm(), OpenSSHForWindows(), + OpenVPN(), RDPManager(), Unattended(), WinSCP(), diff --git a/Windows/lazagne/softwares/sysadmin/openvpn.py b/Windows/lazagne/softwares/sysadmin/openvpn.py new file mode 100644 index 00000000..b7582073 --- /dev/null +++ b/Windows/lazagne/softwares/sysadmin/openvpn.py @@ -0,0 +1,55 @@ +try: + import _winreg as winreg +except ImportError: + import winreg + +from lazagne.config.winstructure import * +from lazagne.config.module_info import ModuleInfo +from lazagne.config.winstructure import Win32CryptUnprotectData +from lazagne.config.constant import constant + + +class OpenVPN(ModuleInfo): + def __init__(self): + ModuleInfo.__init__(self, name='openvpn', category='sysadmin', registry_used=True, winapi_used=True) + + def check_openvpn_installed(self): + try: + key = OpenKey(HKEY_CURRENT_USER, 'Software\\OpenVPN-GUI\\Configs') + return key + except Exception as e: + self.debug(str(e)) + return False + + def decrypt_password(self, encrypted_password, entropy): + return Win32CryptUnprotectData(encrypted_password, + entropy=entropy, + is_current_user=constant.is_current_user, + user_dpapi=constant.user_dpapi) + + def get_credentials(self, key): + pwd_found = [] + num_profiles = winreg.QueryInfoKey(key)[0] + for n in range(num_profiles): + name_skey = winreg.EnumKey(key, n) + skey = OpenKey(key, name_skey) + values = {'Profile': name_skey} + try: + encrypted_password = winreg.QueryValueEx(skey, "auth-data")[0] + entropy = winreg.QueryValueEx(skey, "entropy")[0][:-1] + password = self.decrypt_password(encrypted_password, entropy) + values['Password'] = password.decode('utf16') + except Exception as e: + self.debug(str(e)) + pwd_found.append(values) + winreg.CloseKey(skey) + winreg.CloseKey(key) + + return pwd_found + + def run(self): + openvpn_key = self.check_openvpn_installed() + if openvpn_key: + results = self.get_credentials(openvpn_key) + if results: + return results