From b0c72ac158bc2dcd9ee67ff5a4f6faa0f12b5621 Mon Sep 17 00:00:00 2001 From: MyLoginOnGitHub Date: Fri, 3 Jan 2020 04:59:50 -0800 Subject: [PATCH] Refactoring. Function Win32CryptUnprotectData returns bytes instead of str. --- Windows/lazagne/config/winstructure.py | 4 ++-- Windows/lazagne/softwares/browsers/chromium_based.py | 5 +++-- Windows/lazagne/softwares/browsers/ie.py | 3 ++- Windows/lazagne/softwares/chats/skype.py | 3 ++- Windows/lazagne/softwares/mails/outlook.py | 4 ++-- Windows/lazagne/softwares/svn/tortoise.py | 4 ++-- Windows/lazagne/softwares/sysadmin/cyberduck.py | 4 ++-- Windows/lazagne/softwares/sysadmin/openvpn.py | 9 +++++---- Windows/lazagne/softwares/sysadmin/rdpmanager.py | 3 ++- 9 files changed, 22 insertions(+), 17 deletions(-) diff --git a/Windows/lazagne/config/winstructure.py b/Windows/lazagne/config/winstructure.py index d426775c..7f3ad3c1 100755 --- a/Windows/lazagne/config/winstructure.py +++ b/Windows/lazagne/config/winstructure.py @@ -645,11 +645,11 @@ def Win32CryptUnprotectData(cipherText, entropy=False, is_current_user=True, use blobEntropy = DATA_BLOB(len(entropy), bufferEntropy) if CryptUnprotectData(byref(blobIn), None, byref(blobEntropy), None, None, 0, byref(blobOut)): - decrypted = getData(blobOut).decode("utf-8") + decrypted = getData(blobOut) else: if CryptUnprotectData(byref(blobIn), None, None, None, None, 0, byref(blobOut)): - decrypted = getData(blobOut).decode("utf-8") + decrypted = getData(blobOut) if not decrypted: can_decrypt = True diff --git a/Windows/lazagne/softwares/browsers/chromium_based.py b/Windows/lazagne/softwares/browsers/chromium_based.py index 111ac5fb..86ad035f 100755 --- a/Windows/lazagne/softwares/browsers/chromium_based.py +++ b/Windows/lazagne/softwares/browsers/chromium_based.py @@ -112,8 +112,9 @@ def _export_credentials(self, db_path, is_yandex=False): # Failed... else: # Decrypt the Password - password = Win32CryptUnprotectData(password, is_current_user=constant.is_current_user, - user_dpapi=constant.user_dpapi) + password_bytes = Win32CryptUnprotectData(password, is_current_user=constant.is_current_user, + user_dpapi=constant.user_dpapi) + password = password_bytes.decode("utf-8") if not url and not login and not password: continue diff --git a/Windows/lazagne/softwares/browsers/ie.py b/Windows/lazagne/softwares/browsers/ie.py index 0db75bdd..b42f560b 100755 --- a/Windows/lazagne/softwares/browsers/ie.py +++ b/Windows/lazagne/softwares/browsers/ie.py @@ -117,7 +117,8 @@ def history_from_regedit(self): def decipher_password(self, cipher_text, u): pwd_found = [] # deciper the password - pwd = win.Win32CryptUnprotectData(cipher_text, u, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + pwd_bytes = win.Win32CryptUnprotectData(cipher_text, u, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + pwd = pwd_bytes.decode("utf-8") a = '' if pwd: for i in range(len(pwd)): diff --git a/Windows/lazagne/softwares/chats/skype.py b/Windows/lazagne/softwares/chats/skype.py index dd54cb85..f0cda80c 100755 --- a/Windows/lazagne/softwares/chats/skype.py +++ b/Windows/lazagne/softwares/chats/skype.py @@ -40,7 +40,8 @@ def get_regkey(self): # num = winreg.QueryInfoKey(hkey)[1] k = winreg.EnumValue(hkey, 0)[1] - return win.Win32CryptUnprotectData(k, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + result_bytes = win.Win32CryptUnprotectData(k, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + return result_bytes.decode("utf-8") except Exception as e: self.debug(str(e)) return False diff --git a/Windows/lazagne/softwares/mails/outlook.py b/Windows/lazagne/softwares/mails/outlook.py index a9e50d80..45f94a5e 100755 --- a/Windows/lazagne/softwares/mails/outlook.py +++ b/Windows/lazagne/softwares/mails/outlook.py @@ -52,8 +52,8 @@ def retrieve_info(self, hkey, name_key): k = winreg.EnumValue(hkey, x) if 'password' in k[0].lower(): try: - password = win.Win32CryptUnprotectData(k[1][1:], is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) - values[k[0]] = password + password_bytes = win.Win32CryptUnprotectData(k[1][1:], is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + values[k[0]] = password_bytes.decode("utf-8") except Exception as e: self.debug(str(e)) values[k[0]] = 'N/A' diff --git a/Windows/lazagne/softwares/svn/tortoise.py b/Windows/lazagne/softwares/svn/tortoise.py index 132f5fb7..2113a877 100755 --- a/Windows/lazagne/softwares/svn/tortoise.py +++ b/Windows/lazagne/softwares/svn/tortoise.py @@ -57,11 +57,11 @@ def run(self): # encrypted the password if result: try: - password = Win32CryptUnprotectData(base64.b64decode(result), is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + password_bytes = Win32CryptUnprotectData(base64.b64decode(result), is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) pwd_found.append({ 'URL': url, 'Login': username, - 'Password': str(password) + 'Password': password_bytes.decode("utf-8") }) except Exception: pass diff --git a/Windows/lazagne/softwares/sysadmin/cyberduck.py b/Windows/lazagne/softwares/sysadmin/cyberduck.py index 1779dad0..de8d0ac2 100755 --- a/Windows/lazagne/softwares/sysadmin/cyberduck.py +++ b/Windows/lazagne/softwares/sysadmin/cyberduck.py @@ -37,10 +37,10 @@ def run(self): or elem.attrib['name'].startswith('sftp') or elem.attrib['name'].startswith('http') \ or elem.attrib['name'].startswith('https'): encrypted_password = base64.b64decode(elem.attrib['value']) - password = Win32CryptUnprotectData(encrypted_password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + password_bytes = Win32CryptUnprotectData(encrypted_password, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) pwd_found.append({ 'URL': elem.attrib['name'], - 'Password': password, + 'Password': password_bytes.decode("utf-8"), }) except Exception as e: self.debug(str(e)) diff --git a/Windows/lazagne/softwares/sysadmin/openvpn.py b/Windows/lazagne/softwares/sysadmin/openvpn.py index b7582073..66e4df7f 100644 --- a/Windows/lazagne/softwares/sysadmin/openvpn.py +++ b/Windows/lazagne/softwares/sysadmin/openvpn.py @@ -22,10 +22,11 @@ def check_openvpn_installed(self): return False def decrypt_password(self, encrypted_password, entropy): - return Win32CryptUnprotectData(encrypted_password, - entropy=entropy, - is_current_user=constant.is_current_user, - user_dpapi=constant.user_dpapi) + result_bytes = Win32CryptUnprotectData(encrypted_password, + entropy=entropy, + is_current_user=constant.is_current_user, + user_dpapi=constant.user_dpapi) + return result_bytes.decode("utf-8") def get_credentials(self, key): pwd_found = [] diff --git a/Windows/lazagne/softwares/sysadmin/rdpmanager.py b/Windows/lazagne/softwares/sysadmin/rdpmanager.py index a645f208..0ac69023 100755 --- a/Windows/lazagne/softwares/sysadmin/rdpmanager.py +++ b/Windows/lazagne/softwares/sysadmin/rdpmanager.py @@ -17,7 +17,8 @@ def __init__(self): def decrypt_password(self, encrypted_password): try: decoded = base64.b64decode(encrypted_password) - password_decrypted = Win32CryptUnprotectData(decoded, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + password_decrypted_bytes = Win32CryptUnprotectData(decoded, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi) + password_decrypted = password_decrypted_bytes.decode("utf-8") password_decrypted = password_decrypted.replace('\x00', '') except Exception: password_decrypted = encrypted_password.replace('\x00', '')