MCPcopy
hub / github.com/fortra/impacket / run

Method run

examples/dpapi.py:94–542  ·  view source on GitHub ↗
(self)

Source from the content-addressed store, hash-verified

92 sys.exit(1)
93
94 def run(self):
95 if self.options.action.upper() == 'MASTERKEY':
96 fp = open(options.file, 'rb')
97 data = fp.read()
98 mkf= MasterKeyFile(data)
99 mkf.dump()
100 data = data[len(mkf):]
101
102 if mkf['MasterKeyLen'] > 0:
103 mk = MasterKey(data[:mkf['MasterKeyLen']])
104 data = data[len(mk):]
105
106 if mkf['BackupKeyLen'] > 0:
107 bkmk = MasterKey(data[:mkf['BackupKeyLen']])
108 data = data[len(bkmk):]
109
110 if mkf['CredHistLen'] > 0:
111 ch = CredHist(data[:mkf['CredHistLen']])
112 data = data[len(ch):]
113
114 if mkf['DomainKeyLen'] > 0:
115 dk = DomainKey(data[:mkf['DomainKeyLen']])
116 data = data[len(dk):]
117
118 if self.options.system and self.options.security and self.options.sid is None:
119 # We have hives, let's try to decrypt with them
120 self.getLSA()
121 decryptedKey = mk.decrypt(self.dpapiSystem['UserKey'])
122 if decryptedKey:
123 print('Decrypted key with UserKey')
124 print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1'))
125 return
126 decryptedKey = mk.decrypt(self.dpapiSystem['MachineKey'])
127 if decryptedKey:
128 print('Decrypted key with MachineKey')
129 print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1'))
130 return
131 decryptedKey = bkmk.decrypt(self.dpapiSystem['UserKey'])
132 if decryptedKey:
133 print('Decrypted Backup key with UserKey')
134 print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1'))
135 return
136 decryptedKey = bkmk.decrypt(self.dpapiSystem['MachineKey'])
137 if decryptedKey:
138 print('Decrypted Backup key with MachineKey')
139 print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1'))
140 return
141 elif self.options.system and self.options.security:
142 # Use SID + hash
143 # We have hives, let's try to decrypt with them
144 self.getLSA()
145 key1, key2 = deriveKeysFromUserkey(self.options.sid, self.dpapiSystem['UserKey'])
146 decryptedKey = mk.decrypt(key1)
147 if decryptedKey:
148 print('Decrypted key with UserKey + SID')
149 print('Decrypted key: 0x%s' % hexlify(decryptedKey).decode('latin-1'))
150 return
151 decryptedKey = bkmk.decrypt(key1)

Callers 1

dpapi.pyFile · 0.45

Calls 15

dumpMethod · 0.95
getLSAMethod · 0.95
decryptMethod · 0.95
dumpMethod · 0.95
dumpMethod · 0.95
dumpMethod · 0.95
kerberosLoginMethod · 0.95
loginMethod · 0.95
getSessionKeyMethod · 0.95
decryptMethod · 0.95
dumpMethod · 0.95
dumpMethod · 0.95

Tested by

no test coverage detected