MCPcopy
hub / github.com/fortra/impacket / __printSecret

Method __printSecret

impacket/examples/secretsdump.py:2167–2306  ·  view source on GitHub ↗
(self, name, secretItem)

Source from the content-addressed store, hash-verified

2165 self.__perSecretCallback(LSASecrets.SECRET_TYPE.LSA_HASHED, answer)
2166
2167 def __printSecret(self, name, secretItem):
2168 # Based on [MS-LSAD] section 3.1.1.4
2169
2170 # First off, let's discard NULL secrets.
2171 if len(secretItem) == 0:
2172 LOG.debug('Discarding secret %s, NULL Data' % name)
2173 return
2174
2175 # We might have secrets with zero
2176 if secretItem.startswith(b'\x00\x00'):
2177 LOG.debug('Discarding secret %s, all zeros' % name)
2178 return
2179
2180 upperName = name.upper()
2181
2182 LOG.info('%s ' % name)
2183
2184 secret = ''
2185
2186 if upperName.startswith('_SC_'):
2187 # Service name, a password might be there
2188 # Let's first try to decode the secret
2189 try:
2190 strDecoded = secretItem.decode('utf-16le')
2191 except:
2192 pass
2193 else:
2194 # We have to get the account the service
2195 # runs under
2196 if hasattr(self.__remoteOps, 'getServiceAccount'):
2197 account = self.__remoteOps.getServiceAccount(name[4:])
2198 if account is None:
2199 secret = self.UNKNOWN_USER + ':'
2200 else:
2201 secret = "%s:" % account
2202 else:
2203 # We don't support getting this info for local targets at the moment
2204 secret = self.UNKNOWN_USER + ':'
2205 secret += strDecoded
2206 elif upperName.startswith('DEFAULTPASSWORD'):
2207 # defaults password for winlogon
2208 # Let's first try to decode the secret
2209 try:
2210 strDecoded = secretItem.decode('utf-16le')
2211 except:
2212 pass
2213 else:
2214 # We have to get the account this password is for
2215 if hasattr(self.__remoteOps, 'getDefaultLoginAccount'):
2216 account = self.__remoteOps.getDefaultLoginAccount()
2217 if account is None:
2218 secret = self.UNKNOWN_USER + ':'
2219 else:
2220 secret = "%s:" % account
2221 else:
2222 # We don't support getting this info for local targets at the moment
2223 secret = self.UNKNOWN_USER + ':'
2224 secret += strDecoded

Callers 1

dumpSecretsMethod · 0.95

Calls 13

DPAPI_SYSTEMClass · 0.90
hexdumpFunction · 0.90
formatMethod · 0.80
splitMethod · 0.80
appendMethod · 0.80
matchMethod · 0.80
decodeMethod · 0.45
getServiceAccountMethod · 0.45

Tested by

no test coverage detected