Skip to content

Commit

Permalink
quick fix for cloudap
Browse files Browse the repository at this point in the history
  • Loading branch information
@skelsec
skelsec committed Mar 7, 2021
1 parent f6405f3 commit 4c94b45
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 23 deletions.
2 changes: 1 addition & 1 deletion pypykatz/_version.py
View file
@@ -1,5 +1,5 @@

__version__ = "0.4.2"
__version__ = "0.4.3"
__banner__ = \
"""
# pypyKatz %s
Expand Down
50 changes: 28 additions & 22 deletions pypykatz/lsadecryptor/packages/cloudap/decryptor.py
View file
Expand Up @@ -48,30 +48,36 @@ def find_first_entry(self):
return ptr_entry, ptr_entry_loc

def add_entry(self, cloudap_entry):
cred = CloudapCredential()
cred.luid = cloudap_entry.LocallyUniqueIdentifier
try:
cred = CloudapCredential()
cred.luid = cloudap_entry.LocallyUniqueIdentifier

cache = cloudap_entry.cacheEntry.read(self.reader)
cred.cachedir = cache.toname.decode('utf-16-le').replace('\x00','')
if cache.cbPRT != 0 and cache.PRT.value != 0:
temp = self.decrypt_password(cache.PRT.read_raw(self.reader, cache.cbPRT), bytes_expected=True)
try:
temp = temp.decode()
except:
pass

cred.PRT = temp

if cache.toDetermine != 0:
unk = cache.toDetermine.read(self.reader)
if unk is not None:
cred.key_guid = unk.guid.value
cred.dpapi_key = self.decrypt_password(unk.unk)
cred.dpapi_key_sha1 = hashlib.sha1(bytes.fromhex(cred.dpapi_key)).hexdigest()
if cloudap_entry.cacheEntry is None or cloudap_entry.cacheEntry.value == 0:
return
cache = cloudap_entry.cacheEntry.read(self.reader)
cred.cachedir = cache.toname.decode('utf-16-le').replace('\x00','')
if cache.cbPRT != 0 and cache.PRT.value != 0:
temp = self.decrypt_password(cache.PRT.read_raw(self.reader, cache.cbPRT), bytes_expected=True)
try:
temp = temp.decode()
except:
pass

cred.PRT = temp

if cache.toDetermine != 0:
unk = cache.toDetermine.read(self.reader)
if unk is not None:
cred.key_guid = unk.guid.value
cred.dpapi_key = self.decrypt_password(unk.unk)
cred.dpapi_key_sha1 = hashlib.sha1(bytes.fromhex(cred.dpapi_key)).hexdigest()

if cred.PRT is None and cred.key_guid is None:
return
self.credentials.append(cred)
if cred.PRT is None and cred.key_guid is None:
return
self.credentials.append(cred)
except Exception as e:
self.log('CloudAP entry parsing error! Reason %s' % e)


def start(self):
try:
Expand Down

0 comments on commit 4c94b45

Please sign in to comment.