(self)
| 92 | sys.exit(1) |
| 93 | |
| 94 | def run(self): |
| 95 | if self.options.action.upper() == 'MASTERKEY': |
| 96 | fp = open(options.file, 'rb') |
| 97 | data = fp.read() |
| 98 | mkf= MasterKeyFile(data) |
| 99 | mkf.dump() |
| 100 | data = data[len(mkf):] |
| 101 | |
| 102 | if mkf['MasterKeyLen'] > 0: |
| 103 | mk = MasterKey(data[:mkf['MasterKeyLen']]) |
| 104 | data = data[len(mk):] |
| 105 | |
| 106 | if mkf['BackupKeyLen'] > 0: |
| 107 | bkmk = MasterKey(data[:mkf['BackupKeyLen']]) |
| 108 | data = data[len(bkmk):] |
| 109 | |
| 110 | if mkf['CredHistLen'] > 0: |
| 111 | ch = CredHist(data[:mkf['CredHistLen']]) |
| 112 | data = data[len(ch):] |
| 113 | |
| 114 | if mkf['DomainKeyLen'] > 0: |
| 115 | dk = DomainKey(data[:mkf['DomainKeyLen']]) |
| 116 | data = data[len(dk):] |
| 117 | |
| 118 | if self.options.system and self.options.security and self.options.sid is None: |
| 119 | # We have hives, let's try to decrypt with them |
| 120 | self.getLSA() |
| 121 | decryptedKey = mk.decrypt(self.dpapiSystem['UserKey']) |
| 122 | if decryptedKey: |
| 123 | print('Decrypted key with UserKey') |
| 124 | print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1')) |
| 125 | return |
| 126 | decryptedKey = mk.decrypt(self.dpapiSystem['MachineKey']) |
| 127 | if decryptedKey: |
| 128 | print('Decrypted key with MachineKey') |
| 129 | print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1')) |
| 130 | return |
| 131 | decryptedKey = bkmk.decrypt(self.dpapiSystem['UserKey']) |
| 132 | if decryptedKey: |
| 133 | print('Decrypted Backup key with UserKey') |
| 134 | print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1')) |
| 135 | return |
| 136 | decryptedKey = bkmk.decrypt(self.dpapiSystem['MachineKey']) |
| 137 | if decryptedKey: |
| 138 | print('Decrypted Backup key with MachineKey') |
| 139 | print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1')) |
| 140 | return |
| 141 | elif self.options.system and self.options.security: |
| 142 | # Use SID + hash |
| 143 | # We have hives, let's try to decrypt with them |
| 144 | self.getLSA() |
| 145 | key1, key2 = deriveKeysFromUserkey(self.options.sid, self.dpapiSystem['UserKey']) |
| 146 | decryptedKey = mk.decrypt(key1) |
| 147 | if decryptedKey: |
| 148 | print('Decrypted key with UserKey + SID') |
| 149 | print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1')) |
| 150 | return |
| 151 | decryptedKey = bkmk.decrypt(key1) |
no test coverage detected