[go: up one dir, main page]
Skip to content

Commit

Permalink
fixing dpapi chrome issue
Browse files Browse the repository at this point in the history
  • Loading branch information
skelsec committed May 31, 2022
1 parent a12d371 commit a41d4a2
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions pypykatz/dpapi/dpapi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -637,7 +637,7 @@ def find_chrome_database_file_offline(users_path):
return db_paths

@staticmethod
def get_chrome_encrypted_secret(db_path):
def get_chrome_encrypted_secret(db_path, dbtype):
results = {}
results['logins'] = []
results['cookies'] = []
Expand All @@ -650,7 +650,7 @@ def get_chrome_encrypted_secret(db_path):
logger.debug('Failed to open chrome DB file %s' % db_path)
return results

if ntpath.basename(db_path).lower() == 'cookies':
if dbtype.lower() == 'cookies':
try:
#totally not stolen from here https://github.com/byt3bl33d3r/chrome-decrypter/blob/master/chrome_decrypt.py
cursor.execute('SELECT host_key, name, path, encrypted_value FROM cookies')
Expand All @@ -661,7 +661,7 @@ def get_chrome_encrypted_secret(db_path):
for host_key, name, path, encrypted_value in cursor.fetchall():
results['cookies'].append((host_key, name, path, encrypted_value))

elif ntpath.basename(db_path).lower() == 'login data':
elif dbtype.lower() == 'logindata':

try:
#totally not stolen from here https://github.com/byt3bl33d3r/chrome-decrypter/blob/master/chrome_decrypt.py
Expand Down Expand Up @@ -704,7 +704,7 @@ def decrypt_all_chrome(self, dbpaths, throw = False):
# this localstate was encrypted for another user...
continue
if 'cookies' in dbpaths[username]:
secrets = DPAPI.get_chrome_encrypted_secret(dbpaths[username]['cookies'])
secrets = DPAPI.get_chrome_encrypted_secret(dbpaths[username]['cookies'], 'cookies')
for host_key, name, path, encrypted_value in secrets['cookies']:
if encrypted_value.startswith(b'v10'):
nonce = encrypted_value[3:3+12]
Expand All @@ -720,7 +720,7 @@ def decrypt_all_chrome(self, dbpaths, throw = False):
results['fmtcookies'].append(DPAPI.cookieformatter('https://' + host_key, name, path, dec_val))

if 'logindata' in dbpaths[username]:
secrets = DPAPI.get_chrome_encrypted_secret(dbpaths[username]['logindata'])
secrets = DPAPI.get_chrome_encrypted_secret(dbpaths[username]['logindata'], 'logindata')
for url, user, enc_password in secrets['logins']:
if enc_password.startswith(b'v10'):
nonce = enc_password[3:3+12]
Expand Down

0 comments on commit a41d4a2

Please sign in to comment.