zblurx / dploot Goto Github PK

View Code? Open in Web Editor NEW

380.0 380.0 51.0 157 KB

DPAPI looting remotely in Python

License: MIT License

Python 99.83% Makefile 0.17%

dploot's Introduction

Thomas Seigneuret (zblurx)

dploot's People

Contributors

Stargazers

Watchers

dploot's Issues

[dploot Kali Packaging] SyntaxWarning: invalid escape sequence

Hey @zblurx,

While packaging and testing the provisional python3-dploot package, I noticed the Debian throwing SyntaxWarning for the following files/lines:

dploot/triage/sccm.py:90
dploot/triage/sccm.py:91
dploot/triage/sccm.py:92
dploot/triage/sccm.py:117

I wanted to bring this to your attention to see if this is something fixable.

$ sudo apt install ./python3-dploot_2.6.0-0kali2_amd64.deb 

[...]

/usr/lib/python3/dist-packages/dploot/triage/sccm.py:90: SyntaxWarning: invalid escape sequence '\['
  regex_naa = b"CCM_NetworkAccessAccount.*<PolicySecret Version=\"1\"><!\[CDATA\[(.*?)\]\]><\/PolicySecret>.*<PolicySecret Version=\"1\"><!\[CDATA\[(.*?)\]\]><\/PolicySecret>"
/usr/lib/python3/dist-packages/dploot/triage/sccm.py:91: SyntaxWarning: invalid escape sequence '\['
  regex_task = b"</SWDReserved>.*<PolicySecret Version=\"1\"><!\[CDATA\[(.*?)\]\]><\/PolicySecret>"
/usr/lib/python3/dist-packages/dploot/triage/sccm.py:92: SyntaxWarning: invalid escape sequence '\['
  regex_collection = b"CCM_CollectionVariable\x00\x00(.*?)\x00\x00.*<PolicySecret Version=\"1\"><!\[CDATA\[(.*?)\]\]><\/PolicySecret>"
/usr/lib/python3/dist-packages/dploot/triage/sccm.py:117: SyntaxWarning: invalid escape sequence '\['
  regex = "<PolicySecret Version=\"1\"><!\[CDATA\[(.*?)\]\]><\/PolicySecret>"

[...]

If it is, would it be possible to post the fix under tag 2.6.1?

CryptographyDeprecationWarning: Use PrivateKeyTypes Instead

Hey @zblurx,

While packaging dploot for Kali Linux, I discovered the following warning:

$ dploot -h
/usr/lib/python3/dist-packages/dploot/triage/certificates.py:12: CryptographyDeprecationWarning: Use PrivateKeyTypes instead
  from cryptography.hazmat.primitives.asymmetric.types import PRIVATE_KEY_TYPES
usage: dploot [-h] [-debug] [-quiet]
              {certificates,credentials,masterkeys,vaults,backupkey,rdg,triage,machinemasterkeys,machinecredentials,machinevaults,machinecertificates,machinetriage,browser,wifi}
              ...

DPAPI looting remotely in Python

[...]

If this warning could be addressed and released as v2.1.5, it'd be great, and I'd sincerely appreciate it.

Thanks in advance.

KeyError: 'HashRecords'

facing some error
[*] Connected to 192.168.0.104 as marvel.local\amit.prajapati (admin)

[*] Triage SYSTEM masterkeys

[-] Got error: 'HashRecords'
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/dploot/entry.py", line 74, in main
actionsoptions.action
File "/usr/local/lib/python3.11/dist-packages/dploot/action/machinecertificates.py", line 86, in entry
a.run()
File "/usr/local/lib/python3.11/dist-packages/dploot/action/machinecertificates.py", line 50, in run
self.masterkeys = triage.triage_system_masterkeys()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/dploot/triage/masterkeys.py", line 64, in triage_system_masterkeys
LSA.dumpSecrets()
File "/usr/lib/python3/dist-packages/impacket/examples/secretsdump.py", line 1721, in dumpSecrets
value = self.getValue('\Policy\Secrets\{}\{}\default'.format(key,valueType))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/examples/secretsdump.py", line 1192, in getValue
value = self.__registryHive.getValue(keyValue)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/winregistry.py", line 460, in getValue
key = self.findKey(regKey)
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/winregistry.py", line 378, in findKey
res = self.__findSubKey(parentKey, subKey)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/winregistry.py", line 299, in __findSubKey
data = lf['HashRecords']
~~^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 169, in getitem
return self.fields[key]
~~~~~~~~~~~^^^^^
KeyError: 'HashRecords'

proxychains dploot triage -d 'domain.com' -u 'user' -no-pass -use-kcache -kdcHost FQDN.domain.com targetfqdn.domain.com -pvk DPAPI-backupkey.pvk -debug

[-] Got error: 'Namespace' object has no attribute 'aes'
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/dist-packages/dploot/entry.py", line 74, in main
    actions[options.action](options)
  File "/usr/local/lib/python3.10/dist-packages/dploot/action/triage.py", line 150, in entry
    a = TriageAction(options)
  File "/usr/local/lib/python3.10/dist-packages/dploot/action/triage.py", line 24, in __init__
    self.target = Target.from_options(options)
  File "/usr/local/lib/python3.10/dist-packages/dploot/lib/target.py", line 34, in from_options
    and options.aes is None
AttributeError: 'Namespace' object has no attribute 'aes'

Could not decode to UTF-8 column 'encrypted_value' in triage_browsers

Hi @zblurx , could you please take a look at this issue, is it due to old chrome version?

Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 111, in triage_browsers
    user_credentials, user_cookies=self.triage_browsers_for_user(user, gather_cookies)
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 123, in triage_browsers_for_user
    return self.triage_chrome_browsers_for_user(user=user, gather_cookies=gather_cookies)
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 170, in triage_chrome_browsers_for_user
    query = cursor.execute(
sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10B}*\ufffd\ufffdC\ufffd8\ufffd#\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd%L@\ufffd^X\ufffd\ufffdc\ufffd\ufffdl\ufffd'\ufffd\ufffdI'
--- Logging error ---
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 111, in triage_browsers
    user_credentials, user_cookies=self.triage_browsers_for_user(user, gather_cookies)
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 123, in triage_browsers_for_user
    return self.triage_chrome_browsers_for_user(user=user, gather_cookies=gather_cookies)
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 170, in triage_chrome_browsers_for_user
    query = cursor.execute(
sqlite3.OperationalError: Could not decode to UTF-8 column 'encrypted_value' with text 'v10B}*\ufffd\ufffdC\ufffd8\ufffd#\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd%L@\ufffd^X\ufffd\ufffdc\ufffd\ufffdl\ufffd'\ufffd\ufffdI'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.8/logging/__init__.py", line 1088, in emit
    stream.write(msg + self.terminator)
UnicodeEncodeError: 'latin-1' codec can't encode characters in position 73-74: ordinal not in range(256)
Call stack:
  File "/usr/local/bin/dploot", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/dist-packages/dploot/entry.py", line 74, in main
    actions[options.action](options)
  File "/usr/local/lib/python3.8/dist-packages/dploot/action/browser.py", line 90, in entry
    a.run()
  File "/usr/local/lib/python3.8/dist-packages/dploot/action/browser.py", line 62, in run
    credentials, cookies = triage.triage_browsers(gather_cookies=self.options.show_cookies)
  File "/usr/local/lib/python3.8/dist-packages/dploot/triage/browser.py", line 118, in triage_browsers
    logging.debug(str(e))
Message: "Could not decode to UTF-8 column 'encrypted_value' with text 'v10B}*\x18\ufffd\ufffdC\ufffd8\ufffd\x1a#\ufffd\ufffd\ufffdh\ufffd\ufffd\ufffd\ufffd%L@\ufffd^X\ufffd\ufffdc\ufffd\u

Updating Chrome and Edge paths

I think dploot cannot fetch Chrome (and sometimes Edge) data on newer systems because of the new paths, maybe there are all the information you need in login-securite/DonPAPI#40 ? :)

zblurx / dploot Goto Github PK

dploot's Introduction

Thomas Seigneuret (zblurx)

dploot's People

Contributors

Stargazers

Watchers

Forkers

dploot's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs