@@ -11,40 +11,24 @@ def __init__(self):
1111 # entropy = 'abe2869f-9b47-4cd9-a358-c22904dba7f7\0' # FOR CRED_TYPE_GENERIC
1212 # entropy = '82BD0E67-9FEA-4748-8672-D5EFE5B779B0\0' # FOR CRED_TYPE_DOMAIN_VISIBLE_PASSWORD
1313
14- def run(self, software_name = None):
14+ def run(self, software_name = None):
1515 pwdFound = []
1616 creds = POINTER(PCREDENTIAL)()
1717 count = c_ulong()
18- print_debug('DEBUG', 'Run Credential manager function')
1918 if CredEnumerate(None, 0, byref(count), byref(creds)) == 1:
20- print_debug('DEBUG', 'CredEnumerate executed successfully')
21- print_debug('DEBUG', 'cound variable: %s' % str(count))
22- print_debug('DEBUG', 'Number of value: %s' % str(count.value))
2319 for i in range(count.value):
24- print_debug('DEBUG', 'cred[i] variable: %s' % str(creds[i]))
2520 c = creds[i].contents
26- print_debug('DEBUG', 'c variable: %s' % str(c))
2721 if c.Type == CRED_TYPE_GENERIC or c.Type == CRED_TYPE_DOMAIN_VISIBLE_PASSWORD:
28- print_debug('DEBUG', 'value to decrypt found')
2922 # For XP:
3023 # - password are encrypted with specific salt depending on its Type
3124 # - call CryptUnprotectData(byref(blobIn), None, byref(blobEntropy), None, None, CRYPTPROTECT_UI_FORBIDDEN, byref(blobOut))
3225
33- print_debug('DEBUG', 'target: %s' % str(c.TargetName))
34- print_debug('DEBUG', 'username: %s' % str(c.UserName))
35- print_debug('DEBUG', 'password: %s' % str(c.CredentialBlob))
36- print_debug('DEBUG', 'size of the password: %s' % str(c.CredentialBlobSize.real))
37- print_debug('DEBUG', 'everything ok')
3826 pwdFound.append(
3927 {
4028 'URL' : c.TargetName,
4129 'Login' : c.UserName,
4230 'Password' : c.CredentialBlob[:c.CredentialBlobSize.real].replace('\x00', '')
4331 }
4432 )
45- print_debug('DEBUG', 'trying to free the handle')
4633 CredFree(creds)
4734 return pwdFound
48-
49-
50-
0 commit comments