| skipped 267 lines |
268 | 268 | | |
269 | 269 | | decryptedKey = cipher.decrypt(dk['SecretData'][::-1], None) |
270 | 270 | | if decryptedKey: |
271 | | - | domain_master_key = DPAPI_DOMAIN_RSA_MASTER_KEY(decryptedKey) |
272 | | - | key = domain_master_key['buffer'][:domain_master_key['cbMasterKey']] |
273 | | - | self.logging.debug('Decrypted key with domain backup key provided') |
274 | | - | self.logging.debug('Decrypted key: 0x%s' % hexlify(key).decode('latin-1')) |
275 | | - | return '0x%s' % hexlify(key).decode('latin-1') |
| 271 | + | try: |
| 272 | + | domain_master_key = DPAPI_DOMAIN_RSA_MASTER_KEY(decryptedKey) |
| 273 | + | key = domain_master_key['buffer'][:domain_master_key['cbMasterKey']] |
| 274 | + | self.logging.debug('Decrypted key with domain backup key provided') |
| 275 | + | self.logging.debug('Decrypted key: 0x%s' % hexlify(key).decode('latin-1')) |
| 276 | + | return '0x%s' % hexlify(key).decode('latin-1') |
| 277 | + | except: # on extrait l'info en dur |
| 278 | + | self.logging.debug('excepted, maybe because of a known DPAPI_PVK fuckup. trying to adjust ... ') |
| 279 | + | key = decryptedKey[8:96 + 8 - 32] |
| 280 | + | self.logging.debug('Decrypted key: 0x%s' % hexlify(key).decode('latin-1')) |
| 281 | + | return '0x%s' % hexlify(key).decode('latin-1') |
276 | 282 | | else: |
277 | 283 | | logging.debug("Error in decryptedKey with PVK") |
278 | | - | #Lets try to decrypt it with another method |
279 | | - | #return -1 |
| 284 | + | # Lets try to decrypt it with another method |
| 285 | + | # return -1 |
280 | 286 | | if self.options.key and self.options.sid: #LSA machine/user Key + SID |
281 | 287 | | self.logging.debug("Decrypting with SID and key") |
282 | 288 | | key = unhexlify(self.options.key[2:]) |
| skipped 467 lines |