Added limited vault support support for Windows 7

[MyLoginOnGitHub]

For Windows 7 collects logins only from Vault, not passwords. Behaviour for later versions of windows has not been changed (logins and passwords successfully collected).
Password's collecting for Win 7 fails for some reason on function VaultGetItem (https://github.com/MyLoginOnGitHub/LaZagne/blob/7727bc3bab2d228e5257804088f7f56202d2828d/Windows/lazagne/softwares/windows/vault.py#L48) with status code 87 (ERROR_INVALID_PARAMETER, https://docs.microsoft.com/en-us/windows/win32/debug/system-error-codes--0-499-).

I've done as in following, but it fails.
https://github.com/EmpireProject/Empire/blob/master/data/module_source/credentials/Get-VaultCredential.ps1
https://github.com/byt3bl33d3r/SILENTTRINITY/blob/master/silenttrinity/core/teamserver/modules/boo/src/dumpVaultCredentials.boo
https://github.com/danieljoos/winvault/blob/master/syscall.go

I hope later someone could fix this problem. I suggest now to collects only logins for Windows 7 and create issue to fix this later.

[byehack]

are u sure now is working for decrypting vaults?
it is my big problem and i send these issues:
#438 #439
but i didn't get answer!

i also send this PR #441 it works for some just for GENERIC_PASSWORDs not DOMAIN_PASSWORDs!

[byehack]

are you AlessandroZ ??

[MyLoginOnGitHub]

No, I'm not AlessandroZ... Why should I be him? :)

I've try to run LaZagne for vault again and it works for me. BUT it found only passwords for internet (which was saved by IE). I have no any domain on my computer, so I could not to assert anything about domain passwords.
Unfortunately, am not familiar with Windows Vault technology. As I understand, this technology is not documented by Microsoft (or even by someone). Please, give me a link to docs if I wrong...
I didn't ever try to run LaZagne with password specified. So, I did not decrypt anything, I just used vault API.

[AlessandroZ]

Thanks for the PR !

Just to clarify, GENERIC_PASSWORDs could be retrieved from Vault using the Windows API, so no need the user windows password to do it.
However, DOMAIN_PASSWORDs cannot be retrieved using this API. It could be done decrypting the vault file stored on the system. This is what I do here: https://github.com/AlessandroZ/LaZagne/blob/master/Windows/lazagne/softwares/windows/vaultfiles.py#L15

But to do it, the user windows password is needed. So either you have to pass it from command line or if your windows password is equal to another one already found (from firefox or other tool).

I need time to rebuild some VMs to check all problems and to work on python3 (but keeping a compatibility with python2 is mandatory for me) but right now, I don't have time.

Have a nice day.

[MyLoginOnGitHub]

Thanks! Is there any links to documentation of Vault API??

[byehack]

I have no any domain on my computer, so I could not to assert anything about domain passwords.

please please add some domain passwords then check. it is not work and is a big problem.

Unfortunately, am not familiar with Windows Vault technology. As I understand, this technology is not documented by Microsoft (or even by someone). Please, give me a link to docs if I wrong...

did you see my issues and PR ? #438 , #439 , #441

[byehack]

But to do it, the user windows password is needed. So either you have to pass it from command line or if your windows password is equal to another one already found (from firefox or other tool).

see: lazagne_output.txt