Skip to content

Commit

Permalink
Added fixes from suggestions
Browse files Browse the repository at this point in the history
  • Loading branch information
Your Name committed Sep 17, 2023
1 parent ba435bd commit 549c70e
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 24 deletions.
32 changes: 18 additions & 14 deletions examples/dpapi.py
Original file line number Diff line number Diff line change
Expand Up @@ -476,30 +476,30 @@ def run(self):
blob.dump()

elif self.options.action.upper() == 'CREDHIST':
fp = open(options.file, 'rb')
fp = open(self.options.file, 'rb')
data = fp.read()
chf = CREDHIST_FILE(data)

keys = []
if len(chf.credhist_entries_list) == 0:
print('The CREDHIST file is empty')
return

# Handle key options
if self.options.key and self.options.sid:
if self.options.key:
key = unhexlify(self.options.key[2:])
keys = deriveKeysFromUserkey(self.options.sid, key)
keys = deriveKeysFromUserkey(chf.credhist_entries_list[0].sid, key)

elif self.options.sid and self.options.key is None:
# Only other option is using a password
else:
# Do we have a password?
if self.options.password is None:
# Nope let's ask it
from getpass import getpass
password = getpass("Password:")
else:
password = options.password
keys = deriveKeysFromUser(self.options.sid, password)

else:
chf.dump()
return
keys = deriveKeysFromUser(chf.credhist_entries_list[0].sid, password)

if self.options.entry is None:
# First find the correct key to the 1st entry
Expand All @@ -513,6 +513,9 @@ def run(self):
# Wrong key
if real_key is None:
chf.dump()
print()
print('Cannot decrypt (wrong key or password)')
return

else:
chf.decrypt(real_key)
Expand All @@ -523,14 +526,16 @@ def run(self):
return

else:
real_key = None
for k in keys:
chf.decrypt_entry_by_index(self.options.entry, k)
if chf.credhist_entries_list[self.options.entry].pwdhash is not None:
chf.dump()
chf.credhist_entries_list[self.options.entry].dump()
return

chf.dump()
chf.credhist_entries_list[self.options.entry].dump()
print()
print('Cannot decrypt (wrong key or password)')
return

print('Cannot decrypt (specify -key or -sid whenever applicable) ')

Expand Down Expand Up @@ -600,9 +605,8 @@ def run(self):
# A CREDHIST command
credhist = subparsers.add_parser('credhist', help='CREDHIST related functions')
credhist.add_argument('-file', action='store', required=True, help='CREDHIST file')
credhist.add_argument('-sid', action='store', help='SID of the user')
credhist.add_argument('-key', action='store', help='Specific key to use for decryption')
credhist.add_argument('-password', action='store', help='User\'s password. If you specified the SID and not the password it will be prompted')
credhist.add_argument('-password', action='store', help='User\'s password')
credhist.add_argument('-entry', action='store', type=int, help='Entry index in CREDHIST')

options = parser.parse_args()
Expand Down
20 changes: 10 additions & 10 deletions impacket/dpapi.py
Original file line number Diff line number Diff line change
Expand Up @@ -1204,19 +1204,19 @@ def deriveKeysFromUser(sid, password):
tmpKey2 = pbkdf2_hmac('sha256', tmpKey, sid.encode('utf-16le'), 1)[:16]
key3 = HMAC.new(tmpKey2, (sid + '\0').encode('utf-16le'), SHA1).digest()[:20]

return key1, key2, key3
return [key1, key2, key3]

def deriveKeysFromUserkey(sid, pwdhash):
if len(pwdhash) == 20:
# SHA1
key1 = HMAC.new(pwdhash, (sid + '\0').encode('utf-16le'), SHA1).digest()
key2 = None
else:
# Assume MD4
key1 = HMAC.new(pwdhash, (sid + '\0').encode('utf-16le'), SHA1).digest()
# For Protected users
tmpKey = pbkdf2_hmac('sha256', pwdhash, sid.encode('utf-16le'), 10000)
tmpKey2 = pbkdf2_hmac('sha256', tmpKey, sid.encode('utf-16le'), 1)[:16]
key2 = HMAC.new(tmpKey2, (sid + '\0').encode('utf-16le'), SHA1).digest()[:20]
return [key1]

# Assume MD4
key1 = HMAC.new(pwdhash, (sid + '\0').encode('utf-16le'), SHA1).digest()
# For Protected users
tmpKey = pbkdf2_hmac('sha256', pwdhash, sid.encode('utf-16le'), 10000)
tmpKey2 = pbkdf2_hmac('sha256', tmpKey, sid.encode('utf-16le'), 1)[:16]
key2 = HMAC.new(tmpKey2, (sid + '\0').encode('utf-16le'), SHA1).digest()[:20]

return key1, key2
return [key1, key2]

0 comments on commit 549c70e

Please sign in to comment.