NTSTATUS kuhl_m_dpapi_wwan(int argc, wchar_t * argv[]) { PBYTE pFile, hex, dataOut; DWORD dwData, lenHex, lenDataOut; LPWSTR dataU, dataF; LPCWSTR infile; PKULL_M_DPAPI_BLOB blob; if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL)) { if(kull_m_file_readData(infile, &pFile, &dwData)) { if(dataU = kull_m_string_qad_ansi_to_unicode((const char *) pFile)) { if(kull_m_string_quickxml_simplefind(dataU, L"Name", &dataF)) { kprintf(L"Profile \'%s\'\n\n", dataF); LocalFree(dataF); } if(kull_m_string_quickxml_simplefind(dataU, L"AccessString", &dataF)) { kprintf(L" * AccessString : %s\n", dataF); LocalFree(dataF); } if(kull_m_string_quickxml_simplefind(dataU, L"SubscriberID", &dataF)) { if(kull_m_string_stringToHexBuffer(dataF, &hex, &lenHex)) { if(blob = kull_m_dpapi_blob_create(hex)) { kprintf(L"\n"); kull_m_dpapi_blob_descr(0, blob); if(kuhl_m_dpapi_unprotect_raw_or_blob(hex, lenHex, NULL, argc, argv, NULL, 0, (LPVOID *) &dataOut, &lenDataOut, NULL)) { kprintf(L" * SubscriberID : "); kull_m_string_wprintf_hex(dataOut, lenDataOut, 0); kprintf(L"\n"); kprintf(L"%.*s", lenDataOut / sizeof(wchar_t), dataOut); LocalFree(dataOut); } kull_m_dpapi_blob_delete(blob); } LocalFree(hex); } LocalFree(dataF); } LocalFree(dataU); } LocalFree(pFile); } else PRINT_ERROR_AUTO(L"kull_m_file_readData"); } else PRINT_ERROR(L"Input Wwan XML profile needed (/in:file)\n"); return STATUS_SUCCESS; }
NTSTATUS kuhl_m_dpapi_protect(int argc, wchar_t * argv[]) { DATA_BLOB dataIn, dataOut, dataEntropy = {0, NULL}; PKULL_M_DPAPI_BLOB blob; PCWSTR description = NULL, szEntropy, outfile; CRYPTPROTECT_PROMPTSTRUCT promptStructure = {sizeof(CRYPTPROTECT_PROMPTSTRUCT), CRYPTPROTECT_PROMPT_ON_PROTECT | CRYPTPROTECT_PROMPT_ON_UNPROTECT | CRYPTPROTECT_PROMPT_STRONG, NULL, MIMIKATZ}, *pPrompt; DWORD flags = 0, outputMode = 1; kull_m_string_args_byName(argc, argv, L"data", (PCWSTR *) &dataIn.pbData, MIMIKATZ); kull_m_string_args_byName(argc, argv, L"description", &description, NULL); if(kull_m_string_args_byName(argc, argv, L"entropy", &szEntropy, NULL)) kull_m_string_stringToHexBuffer(szEntropy, &dataEntropy.pbData, &dataEntropy.cbData); if(kull_m_string_args_byName(argc, argv, L"machine", NULL, NULL)) flags |= CRYPTPROTECT_LOCAL_MACHINE; pPrompt = kull_m_string_args_byName(argc, argv, L"prompt", NULL, NULL) ? &promptStructure : NULL; if(kull_m_string_args_byName(argc, argv, L"c", NULL, NULL)) outputMode = 2; kprintf(L"\ndata : %s\n", dataIn.pbData); kprintf(L"description : %s\n", description ? description : L""); kprintf(L"flags : "); kull_m_dpapi_displayProtectionFlags(flags); kprintf(L"\n"); kprintf(L"prompt flags: "); if(pPrompt) kull_m_dpapi_displayPromptFlags(pPrompt->dwPromptFlags); kprintf(L"\n"); kprintf(L"entropy : "); kull_m_string_wprintf_hex(dataEntropy.pbData, dataEntropy.cbData, 0); kprintf(L"\n\n"); dataIn.cbData = (DWORD) ((wcslen((PCWSTR) dataIn.pbData) + 1) * sizeof(wchar_t)); if(CryptProtectData(&dataIn, description, &dataEntropy, NULL, pPrompt, flags, &dataOut)) { if(blob = kull_m_dpapi_blob_create(dataOut.pbData)) { kull_m_dpapi_blob_descr(blob); kull_m_dpapi_blob_delete(blob); } kprintf(L"\n"); if(kull_m_string_args_byName(argc, argv, L"out", &outfile, NULL)) { if(kull_m_file_writeData(outfile, dataOut.pbData, dataOut.cbData)) kprintf(L"Write to file \'%s\' is OK\n", outfile); } else { kprintf(L"Blob:\n"); kull_m_string_wprintf_hex(dataOut.pbData, dataOut.cbData, outputMode | (16 << 16)); kprintf(L"\n"); } LocalFree(dataOut.pbData); } else PRINT_ERROR_AUTO(L"CryptProtectData"); if(dataEntropy.pbData) LocalFree(dataEntropy.pbData); return STATUS_SUCCESS; }
NTSTATUS kuhl_m_dpapi_blob(int argc, wchar_t * argv[]) { PKULL_M_DPAPI_BLOB blob; PBYTE buffer; DWORD szBuffer; if(argc && kull_m_file_readData(argv[0], &buffer, &szBuffer)) { if(blob = kull_m_dpapi_blob_create(buffer)) { kull_m_dpapi_blob_descr(blob); kull_m_dpapi_blob_delete(blob); } LocalFree(buffer); } return STATUS_SUCCESS; }
NTSTATUS kuhl_m_dpapi_unprotect(int argc, wchar_t * argv[]) { DATA_BLOB dataIn, dataOut, dataEntropy = {0, NULL}; PKULL_M_DPAPI_BLOB blob; PCWSTR szEntropy, outfile, infile, szMasterkey, szPassword = NULL; PWSTR description = NULL; CRYPTPROTECT_PROMPTSTRUCT promptStructure = {sizeof(CRYPTPROTECT_PROMPTSTRUCT), CRYPTPROTECT_PROMPT_ON_PROTECT | CRYPTPROTECT_PROMPT_ON_UNPROTECT | CRYPTPROTECT_PROMPT_STRONG, NULL, MIMIKATZ}, *pPrompt; DWORD flags = 0; UNICODE_STRING uString; BOOL statusDecrypt = FALSE; PBYTE masterkey = NULL; DWORD masterkeyLen = 0; if(kull_m_string_args_byName(argc, argv, L"entropy", &szEntropy, NULL)) kull_m_string_stringToHexBuffer(szEntropy, &dataEntropy.pbData, &dataEntropy.cbData); if(kull_m_string_args_byName(argc, argv, L"machine", NULL, NULL)) flags |= CRYPTPROTECT_LOCAL_MACHINE; pPrompt = kull_m_string_args_byName(argc, argv, L"prompt", NULL, NULL) ? &promptStructure : NULL; if(kull_m_string_args_byName(argc, argv, L"masterkey", &szMasterkey, NULL)) kull_m_string_stringToHexBuffer(szMasterkey, &masterkey, &masterkeyLen); kull_m_string_args_byName(argc, argv, L"password", &szPassword, NULL); kprintf(L"\nflags : "); kull_m_dpapi_displayProtectionFlags(flags); kprintf(L"\n"); kprintf(L"prompt flags: "); if(pPrompt) kull_m_dpapi_displayPromptFlags(pPrompt->dwPromptFlags); kprintf(L"\n"); kprintf(L"entropy : "); kull_m_string_wprintf_hex(dataEntropy.pbData, dataEntropy.cbData, 0); kprintf(L"\n"); kprintf(L"masterkey : "); kull_m_string_wprintf_hex(masterkey, masterkeyLen, 0); kprintf(L"\n"); kprintf(L"password : %s\n\n", szPassword ? szPassword : L""); if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL)) { if(kull_m_file_readData(infile, &dataIn.pbData, &dataIn.cbData)) { if(blob = kull_m_dpapi_blob_create(dataIn.pbData)) { kull_m_dpapi_blob_descr(blob); if(masterkey && masterkeyLen) statusDecrypt = kull_m_dpapi_unprotect_blob(blob, masterkey, masterkeyLen, dataEntropy.pbData, dataEntropy.cbData, szPassword, (LPVOID *) &dataOut.pbData, &dataOut.cbData); else statusDecrypt = CryptUnprotectData(&dataIn, &description, &dataEntropy, NULL, pPrompt, 0, &dataOut); if(statusDecrypt) { if(description) { kprintf(L"description : %s\n", description); LocalFree(description); } if(kull_m_string_args_byName(argc, argv, L"out", &outfile, NULL)) { if(kull_m_file_writeData(outfile, dataOut.pbData, dataOut.cbData)) kprintf(L"Write to file \'%s\' is OK\n", outfile); } else { uString.Length = uString.MaximumLength = (USHORT) dataOut.cbData; uString.Buffer = (PWSTR) dataOut.pbData; kprintf(L"data - "); if((uString.Length <= USHRT_MAX) && (kull_m_string_suspectUnicodeString(&uString))) kprintf(L"text : %s", dataOut.pbData); else { kprintf(L"hex : "); kull_m_string_wprintf_hex(dataOut.pbData, dataOut.cbData, 1 | (16 << 16)); } kprintf(L"\n"); } LocalFree(dataOut.pbData); } else if(!masterkey) PRINT_ERROR_AUTO(L"CryptUnprotectData"); kull_m_dpapi_blob_delete(blob); } LocalFree(dataIn.pbData); } } if(dataEntropy.pbData) LocalFree(dataEntropy.pbData); if(masterkey) LocalFree(masterkey); return STATUS_SUCCESS; }
NTSTATUS kuhl_m_dpapi_wifi(int argc, wchar_t * argv[]) { PBYTE pFile, hex, dataOut; DWORD dwData, lenHex, lenDataOut; LPWSTR dataU, dataSSID, dataF, dataAuth; LPCWSTR infile; PKULL_M_DPAPI_BLOB blob; if(kull_m_string_args_byName(argc, argv, L"in", &infile, NULL)) { if(kull_m_file_readData(infile, &pFile, &dwData)) { if(dataU = kull_m_string_qad_ansi_to_unicode((const char *) pFile)) { if(kull_m_string_quickxml_simplefind(dataU, L"name", &dataF)) { kprintf(L"Profile \'%s\'\n\n", dataF); LocalFree(dataF); } if(kull_m_string_quickxml_simplefind(dataU, L"SSID", &dataSSID)) { kprintf(L" * SSID "); if(kull_m_string_quickxml_simplefind(dataSSID, L"name", &dataF)) { kprintf(L"name : %s\n", dataF); LocalFree(dataF); } else if(kull_m_string_quickxml_simplefind(dataSSID, L"hex", &dataF)) { kprintf(L"hex : %s\n", dataF); LocalFree(dataF); } else kprintf(L"?\n"); LocalFree(dataSSID); } if(kull_m_string_quickxml_simplefind(dataU, L"authentication", &dataAuth)) { kprintf(L" * Authentication: %s\n", dataAuth); if(kull_m_string_quickxml_simplefind(dataU, L"encryption", &dataF)) { kprintf(L" * Encryption : %s\n", dataF); LocalFree(dataF); } if(kull_m_string_quickxml_simplefind(dataU, L"keyMaterial", &dataF)) { if(kull_m_string_stringToHexBuffer(dataF, &hex, &lenHex)) { if(blob = kull_m_dpapi_blob_create(hex)) { kprintf(L"\n"); kull_m_dpapi_blob_descr(0, blob); if(kuhl_m_dpapi_unprotect_raw_or_blob(hex, lenHex, NULL, argc, argv, NULL, 0, (LPVOID *) &dataOut, &lenDataOut, NULL)) { kprintf(L" * Key Material : "); if(_wcsicmp(dataAuth, L"WEP") == 0) { kprintf(L"(hex) "); kull_m_string_wprintf_hex(dataOut, lenDataOut, 0); } else kprintf(L"%.*S", lenDataOut, dataOut); kprintf(L"\n"); LocalFree(dataOut); } kull_m_dpapi_blob_delete(blob); } LocalFree(hex); } LocalFree(dataF); } LocalFree(dataAuth); } LocalFree(dataU); } LocalFree(pFile); } else PRINT_ERROR_AUTO(L"kull_m_file_readData"); } else PRINT_ERROR(L"Input Wlan XML profile needed (/in:file)\n"); return STATUS_SUCCESS; }