Permalink
Browse files

Make Pyflakes happy

  • Loading branch information...
1 parent c634275 commit 2bf02813049ccda5a07b761a3b7b59e3f9210425 @kholia kholia committed Sep 9, 2012
Showing with 69 additions and 67 deletions.
  1. +1 −0 run/agilekc2john.py
  2. +2 −3 run/cracf2john.py
  3. +2 −1 run/kdcdump2john.py
  4. +62 −60 run/oldoffice2john.py
  5. +2 −3 run/sipdump2john.py
View
@@ -42,6 +42,7 @@
try:
import json
+ assert json
except ImportError:
import simplejson as json
View
@@ -5,10 +5,11 @@
import sys
+
def process_file(filename):
with open(filename, "r") as f:
for line in f.readlines():
- data = line.split();
+ data = line.split()
print "%s:$racf$*%s*%s*%s" % (data[0], data[0], data[-1], data[-2])
if __name__ == "__main__":
@@ -18,5 +19,3 @@ def process_file(filename):
for i in range(1, len(sys.argv)):
process_file(sys.argv[i])
-
-
View
@@ -10,6 +10,7 @@
import sys
+
def usage():
print """
Usage :
@@ -23,7 +24,7 @@ def usage():
dump_f = open(sys.argv[1], "r")
name = "unknown"
for l in dump_f.readlines():
- i = l.split(",");
+ i = l.split(",")
if (len(i) == 1):
if (l.strip()):
name = l.strip()
View
@@ -1441,7 +1441,7 @@ def getproperties(self, filename):
count = i32(s, offset+4)
value = s[offset+8:offset+8+count]
else:
- value = None # everything else yields "None"
+ value = None # everything else yields "None"
# FIXME: add support for VT_VECTOR
@@ -1459,22 +1459,22 @@ def getproperties(self, filename):
# http://msdn.microsoft.com/en-us/library/dd920360%28v=office.12%29
from struct import unpack
-import hashlib
import binascii
import StringIO
+
def find_rc4_passinfo_xls(filename, stream):
while True:
pos = stream.tell()
if pos >= stream.size:
- break # eof
+ break # eof
type = unpack("<h", stream.read(2))[0]
#print binascii.hexlify(type), "11"
length = unpack("<h", stream.read(2))[0]
data = stream.read(length)
- if type == 0x2f: # FILEPASS
+ if type == 0x2f: # FILEPASS
if data[0:2] == "\x00\x00": # XOR obfuscation
print >> sys.stderr, "%s : XOR obfuscation detected, key : %s, hash : %s " % (filename, binascii.hexlify(data[2:4]),
binascii.hexlify(data[4:6]))
@@ -1485,34 +1485,34 @@ def find_rc4_passinfo_xls(filename, stream):
verifier = data[16:32]
verifierHash = data[32:48]
return (salt, verifier, verifierHash)
- elif data[0:4] == '\x01\x00\x02\x00' or data[0:4] =='\x01\x00\x03\x00':
+ elif data[0:4] == '\x01\x00\x02\x00' or data[0:4] == '\x01\x00\x03\x00':
# If RC4 CryptoAPI encryption is used, certain storages and streams are stored in Encryption Stream
stm = StringIO.StringIO(data)
- unused = stm.read(2)
+ stm.read(2) # unused
# RC4 CryptoAPI Encryption Header
- major_version = unpack("<h", stm.read(2))[0]
- minor_version = unpack("<h", stm.read(2))[0]
- encryptionFlags = unpack("<I", stm.read(4))[0]
+ unpack("<h", stm.read(2))[0] # major_version
+ unpack("<h", stm.read(2))[0] # minor_version
+ unpack("<I", stm.read(4))[0] # encryptionFlags
headerLength = unpack("<I", stm.read(4))[0]
- skipFlags = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # skipFlags
headerLength -= 4
- sizeExtra = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # sizeExtra
headerLength -= 4
- algId = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # algId
headerLength -= 4
- algHashId = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # algHashId
headerLength -= 4
keySize = unpack("<I", stm.read(4))[0]
if keySize == 40:
typ = 3
else:
typ = 4
headerLength -= 4
- providerType = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # providerType
headerLength -= 4
- x = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # unused
headerLength -= 4
- x = unpack("<I", stm.read(4))[0]
+ unpack("<I", stm.read(4))[0] # unused
headerLength -= 4
CSPName = stm.read(headerLength)
provider = CSPName.decode('utf-16').lower()
@@ -1529,13 +1529,13 @@ def find_rc4_passinfo_xls(filename, stream):
typ, binascii.hexlify(salt), binascii.hexlify(encryptedVerifier),
binascii.hexlify(encryptedVerifierHash)))
-
return None
+
def find_doc_type(filename, stream):
w_ident = stream.read(2)
assert(w_ident == "\xec\xa5")
- unused = stream.read(9)
+ stream.read(9) # unused
flags = ord(stream.read(1))
if (flags & 1) != 0:
F = 1
@@ -1546,25 +1546,27 @@ def find_doc_type(filename, stream):
else:
M = 0
if F == 1 and M == 1:
- unused = stream.read(2)
+ stream.read(2) # unused
i_key = stream.read(4)
print >> sys.stderr, "%s : XOR obfuscation detected, Password Verifier : %s" % (filename, binascii.hexlify(i_key))
return True
if F == 0:
print >> sys.stderr, "%s : Document is not encrypted!" % (filename)
return True
+
def find_ppt_type(filename, stream):
# read CurrentUserRec's RecordHeader
- unused = stream.read(2)
- recType = unpack("<h", stream.read(2))[0]
- recLen = unpack("<L", stream.read(4))[0]
+ stream.read(2) # unused
+ unpack("<h", stream.read(2))[0] # recType
+ unpack("<L", stream.read(4))[0] # recLen
# read rest of CurrentUserRec
- size = unpack("<L", stream.read(4))[0]
- headerToken = unpack("<L", stream.read(4))[0]
+ unpack("<L", stream.read(4))[0] # size
+ unpack("<L", stream.read(4))[0] # headerToken
offsetToCurrentEdit = unpack("<L", stream.read(4))[0]
return offsetToCurrentEdit
+
def find_rc4_passinfo_doc(filename, stream):
major_version = unpack("<h", stream.read(2))[0]
minor_version = unpack("<h", stream.read(2))[0]
@@ -1577,23 +1579,23 @@ def find_rc4_passinfo_doc(filename, stream):
return (salt, verifier, verifierHash)
elif major_version >= 2 and minor_version == 2:
# RC4 CryptoAPI Encryption Header
- encryptionFlags = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # encryptionFlags
headerLength = unpack("<I", stream.read(4))[0]
- skipFlags = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # skipFlags
headerLength -= 4
- sizeExtra = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # sizeExtra
headerLength -= 4
- algId = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # algId
headerLength -= 4
- algHashId = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # algHashId
headerLength -= 4
- keySize = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # keySize
headerLength -= 4
- providerType = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # providerType
headerLength -= 4
- x = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # unused
headerLength -= 4
- x = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # unused
headerLength -= 4
CSPName = stream.read(headerLength)
provider = CSPName.decode('utf-16').lower()
@@ -1617,9 +1619,9 @@ def find_rc4_passinfo_doc(filename, stream):
def find_rc4_passinfo_ppt(filename, stream, offset):
- unused = stream.read(offset)
+ stream.read(offset) # unused
# read UserEditAtom's RecordHeader
- unused = stream.read(2)
+ stream.read(2) # unused
recType = unpack("<h", stream.read(2))[0]
recLen = unpack("<L", stream.read(4))[0]
if recLen != 32:
@@ -1629,60 +1631,60 @@ def find_rc4_passinfo_ppt(filename, stream, offset):
print >> sys.stderr, "%s : Document is corrupt!" % (filename)
return
# read reset of UserEditAtom
- lastSlideRef = unpack("<L", stream.read(4))[0]
- version = unpack("<h", stream.read(2))[0]
- minorVersion = ord(stream.read(1))
- majorVersion = ord(stream.read(1))
- offsetLastEdit = unpack("<L", stream.read(4))[0]
+ unpack("<L", stream.read(4))[0] # lastSlideRef
+ unpack("<h", stream.read(2))[0] # version
+ ord(stream.read(1)) # minorVersion
+ ord(stream.read(1)) # majorVersion
+ unpack("<L", stream.read(4))[0] # offsetLastEdit
offsetPersistDirectory = unpack("<L", stream.read(4))[0]
- docPersistIdRef= unpack("<L", stream.read(4))[0]
- persistIdSeed = unpack("<L", stream.read(4))[0]
- lastView = unpack("<h", stream.read(2))[0]
- unused_ = unpack("<h", stream.read(2))[0]
+ unpack("<L", stream.read(4))[0] # docPersistIdRef
+ unpack("<L", stream.read(4))[0] # persistIdSeed
+ unpack("<h", stream.read(2))[0] # lastView
+ unpack("<h", stream.read(2))[0] # unused
encryptSessionPersistIdRef = unpack("<h", stream.read(2))[0]
# if( offset.LowPart < userAtom.offsetPersistDirectory ||
# userAtom.offsetPersistDirectory < userAtom.offsetLastEdit )
# goto CorruptFile;
# jump and read RecordHeader
stream.seek(offsetPersistDirectory, 0)
- unused = stream.read(2)
+ stream.read(2) # unused
recType = unpack("<h", stream.read(2))[0]
recLen = unpack("<L", stream.read(4))[0]
# BUGGY: PersistDirectoryAtom and PersistDirectoryEntry processing
i = 0
- unused = stream.read(4)
+ stream.read(4) # unused
while i < encryptSessionPersistIdRef:
i += 1
persistOffset = unpack("<L", stream.read(4))[0]
# print persistOffset
# go to the offset of encryption header
stream.seek(persistOffset, 0)
# read RecordHeader
- unused = stream.read(2)
+ stream.read(2) # unused
recType = unpack("<h", stream.read(2))[0]
recLen = unpack("<L", stream.read(4))[0]
major_version = unpack("<h", stream.read(2))[0]
minor_version = unpack("<h", stream.read(2))[0]
if major_version >= 2 and minor_version == 2:
# RC4 CryptoAPI Encryption Header
- encryptionFlags = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # encryptionFlags
headerLength = unpack("<I", stream.read(4))[0]
- skipFlags = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # skipFlags
headerLength -= 4
- sizeExtra = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # sizeExtra
headerLength -= 4
- algId = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # algId
headerLength -= 4
- algHashId = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # algHashId
headerLength -= 4
- keySize = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # keySize
headerLength -= 4
- providerType = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0] # providerType
headerLength -= 4
- x = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0]
headerLength -= 4
- x = unpack("<I", stream.read(4))[0]
+ unpack("<I", stream.read(4))[0]
headerLength -= 4
CSPName = stream.read(headerLength)
provider = CSPName.decode('utf-16').lower()
@@ -1704,6 +1706,7 @@ def find_rc4_passinfo_ppt(filename, stream, offset):
else:
print >> sys.stderr, "%s : Cannot find RC4 pass info, is document encrypted?" % filename
+
def process_file(filename):
# Test if a file is an OLE container:
@@ -1727,23 +1730,23 @@ def process_file(filename):
return 2
workbookStream = ole.openstream(stream)
- if workbookStream == None:
+ if workbookStream is None:
print >> sys.stderr, "%s : Error opening stream, %s" % filename
(filename, stream)
return 3
if stream == "Workbook":
typ = 0
passinfo = find_rc4_passinfo_xls(filename, workbookStream)
- if passinfo == None:
+ if passinfo is None:
return 4
elif stream == "1Table":
typ = 1
sdoc = ole.openstream("WordDocument")
ret = find_doc_type(filename, sdoc)
if not ret:
passinfo = find_rc4_passinfo_doc(filename, workbookStream)
- if passinfo == None:
+ if passinfo is None:
return 4
else:
return 5
@@ -1754,7 +1757,6 @@ def process_file(filename):
find_rc4_passinfo_ppt(filename, sppt, offset)
return 6
-
(salt, verifier, verifierHash) = passinfo
sys.stdout.write("%s:$oldoffice$%s*%s*%s*%s\n" % (os.path.basename(filename),
typ, binascii.hexlify(salt), binascii.hexlify(verifier),
View
@@ -5,11 +5,12 @@
import sys
+
def process_file(filename):
with open(filename, "r") as f:
for line in f.readlines():
line = line.rstrip().replace('"', '*').replace(':', '*')
- data = line.split('*');
+ data = line.split('*')
print "%s-%s:$sip$*%s" % (data[0], data[1], line)
if __name__ == "__main__":
@@ -19,5 +20,3 @@ def process_file(filename):
for i in range(1, len(sys.argv)):
process_file(sys.argv[i])
-
-

0 comments on commit 2bf0281

Please sign in to comment.