dissect.target.plugins.os.windows.dpapi.master_key
#
Module Contents#
Classes#
Attributes#
- dissect.target.plugins.os.windows.dpapi.master_key.master_key_def = Multiline-String#
Show Value
""" struct DomainKey { DWORD dwVersion; DWORD secretLen; DWORD accessCheckLen; char guid[16]; char encryptedSecret[secretLen]; char accessCheckLen[accessCheckLen]; }; struct CredHist { DWORD dwVersion; char guid[16]; }; struct MasterKey { DWORD dwVersion; char pSalt[16]; DWORD dwPBKDF2IterationCount; DWORD HMACAlgId; // This is actually ALG_ID DWORD CryptAlgId; // This is actually ALG_ID // BYTE pKey[]; }; struct CredSystem { DWORD dwRevision; char pMachine[20]; char pUser[20]; }; struct MasterKeyFileHeader { DWORD dwVersion; // Masterkey version. Should be 1 or 2 DWORD dwReserved1; DWORD dwReserved2; WCHAR szGuid[36]; // GUID of master key. Should match filename DWORD dwUnused1; DWORD dwUnused2; DWORD dwPolicy; QWORD qwUserKeySize; QWORD qwLocalEncKeySize; QWORD qwLocalKeySize; QWORD qwDomainKeySize; }; """
- dissect.target.plugins.os.windows.dpapi.master_key.c_master_key#
- class dissect.target.plugins.os.windows.dpapi.master_key.MasterKey(data: bytes)#
- decrypt_with_hash(user_sid: str, password_hash: bytes) bool #
Decrypts the master key with the given user’s SID and password hash.
- decrypt_with_hash_10(user_sid: str, password_hash: bytes) bool #
Decrypts the master key with the given user’s hash and SID.
Newer version of
decrypt_with_hash()
- decrypt_with_password(user_sid: str, pwd: str) bool #
Decrypts the master key with the given user’s password and SID.
- class dissect.target.plugins.os.windows.dpapi.master_key.MasterKeyFile(fh: BinaryIO)#
- property decrypted: bool#
- decrypt_with_hash(user_sid: str, password_hash: bytes) bool #
See
MasterKey.decrypt_with_hash()
andMasterKey.decrypt_with_hash_10()
.
- decrypt_with_password(user_sid: str, pwd: str) bool #