login-securite / donpapi Goto Github PK

View Code? Open in Web Editor NEW

927.0 19.0 110.0 9.38 MB

Dumping DPAPI credz remotely

License: GNU General Public License v3.0

Python 77.56% HTML 0.41% Vue 18.50% JavaScript 2.28% SCSS 1.24%

dpapi password

donpapi's Introduction

DonPAPI

DonPAPI automates secrets dump remotely on multiple Windows computers, with defense evasion in mind.

Collected credentials:

Chromium browser Credentials, Cookies and Chrome Refresh Token
Windows Certificates
Credential Manager
Firefox browser Credentials and Cookies
Mobaxterm Credentials
MRemoteNg Credentials
RDC Manager Credentials
Files on Desktop and and Recent folder
SCCM Credentials
Vaults Credentials
VNC Credentials
Wifi Credentials

We made a talk in french about DPAPI called DPAPI - Don't Put Administration Passwords In 🇫🇷:

Slides

Table of Content

DonPAPI
- Installation
- Quick Start
- Usage
  - collect
  - gui
    - Web
    - Functionalities
- Disclaimer
- Credits

Installation

This tool should be install with pipx or in a dedicated virtual environment

pipx install donpapi

or (with latest commits)

pipx install git+https://github.com/login-securite/DonPAPI.git

or (to dev)

git clone git+https://github.com/login-securite/DonPAPI.git
cd DonPAPI
poetry update
poetry run DonPAPI

Quick Start

pipx install donpapi
donpapi collect -u admin -p 'Password123!' -d domain.local -t ALL --fetch-pvk
donpapi gui

Usage

usage: DonPAPI [-h] [-v] [-o DIRNAME] {collect,gui} ...

Dump revelant information on compromised targets without AV detection. Version: 2.0.0

positional arguments:
  {collect,gui}         DonPAPI Action
    collect             Dump secrets on a target list
    gui                 Spawn a Flask webserver to crawl DonPAPI database

options:
  -h, --help            show this help message and exit
  -v                    Verbosity level (-v or -vv)
  -o DIRNAME, --output-directory DIRNAME
                        Output directory. Default is ~/.donpapi/loot/

collect

This action is used to collect secrets on the targets specified in -t.

usage: dpp collect [-h] [--keep-collecting seconds] [--threads Number of threads] [--no-config] [-t TARGET [TARGET ...]] [-d domain.local]
                   [-u username] [-p password] [-H LMHASH:NTHASH] [--no-pass] [-k] [--aesKey hex key] [--laps Administrator] [--dc-ip IP address]
                   [-r /home/user/.donpapi/recover/recover_1718281433] [-c COLLECTORS] [-nr] [--fetch-pvk] [--pvkfile PVKFILE]
                   [--pwdfile PWDFILE] [--ntfile NTFILE] [--mkfile MKFILE]

options:
  -h, --help            show this help message and exit
  --keep-collecting seconds
                        Rerun the attack against all targets after X seconds, X being the value
  --threads Number of threads
                        Number of threads (default: 50)
  --no-config           Do not load donpapi config file (~/.donpapi/donpapi.conf)

authentication:
  -t TARGET [TARGET ...], --target TARGET [TARGET ...]
                        the target IP(s), range(s), CIDR(s), hostname(s), FQDN(s), file(s) containing a list of targets, ALL to fetch every
                        computer hostnames from LDAP
  -d domain.local, --domain domain.local
                        Domain
  -u username, --username username
                        Username
  -p password, --password password
                        Password
  -H LMHASH:NTHASH, --hashes LMHASH:NTHASH
                        NTLM hashes, format is LMHASH:NTHASH
  --no-pass             don't ask for password (useful for -k)
  -k                    Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters. If valid
                        credentials cannot be found, it will use the ones specified in the command line
  --aesKey hex key      AES key to use for Kerberos Authentication (1128 or 256 bits)
  --laps Administrator  use LAPS to request local admin password. The laps parameter value is the local admin account use to connect
  --dc-ip IP address    IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter
  -r /home/user/.donpapi/recover/recover_1718281433, --recover-file /home/user/.donpapi/recover/recover_1718281433
                        The recover file path. If used, the other parameters will be ignored

attacks:
  -c COLLECTORS, --collectors COLLECTORS
                        Chromium, Certificates, CredMan, Files, Firefox, MobaXterm, MRemoteNG, RDCMan, SCCM, Vaults, VNC, Wifi, All (all
                        previous) (default: All)
  -nr, --no-remoteops   Disable Remote Ops operations (basically no Remote Registry operations, no DPAPI System Credentials)
  --fetch-pvk           Will automatically use domain backup key from database, and if not already dumped, will dump it on a domain controller
  --pvkfile PVKFILE     Pvk file with domain backup key
  --pwdfile PWDFILE     File containing username:password that will be used eventually to decrypt masterkeys
  --ntfile NTFILE       File containing username:nthash that will be used eventually to decrypt masterkeys
  --mkfile MKFILE       File containing {GUID}:SHA1 masterkeys mappings

Authentication

Authentication works by specifying a domain with --domain, an username with --username, and eventually a password with --password, a hash with --hashes, an AES key with --aesKey or a Kerberos ticket in ccache format with -k (Impacket style). You can also authenticate through LAPS on the computer with --laps and the username of the local LAPS account as the value for this parameter.

Collection

By default, DonPAPI will collect:

Chromium: Chromium browser Credentials, Cookies and Chrome Refresh Token
Certificates: Windows Certificates
CredMan: Credential Manager
Firefox: Firefox browser Credentials and Cookies
MobaXterm: Mobaxterm Credentials
MRemoteNg: MRemoteNg Credentials
RDCMan: RDC Manager Credentials
Files: Files on Desktop and and Recent folder
SCCM: SCCM Credentials
Vaults: Vaults Credentials
VNC: VNC Credentials
Wifi: Wifi Credentials

You can specify each one you want to collect with --collectors (SharpHound style). If you use --fetch-pvk, DonPAPI will automatically fetch the Domain Backup Key of the AD domain and use it to decrypt masterkeys. Otherwise, you can bring one with --pvkfile. --pwdfile, --ntfile are used to feed DonPAPI with secrets in order to unlock masterkeys. But if you have freshly decrypted masterkeys, you can use --mkfile.

Warning

Some collection method will need to dump LSA secrets (in order to obtain the DPAPI machine key). This action can be noizy, and modern EDR will block you instantly. You can use -nr to avoid doing those noisy actions, but some secrets won't be collected.

OPSEC

DonPAPI now supports a configuration file in order to pimp Secretsdump behaviour. This file will be located at ~/.donpapi/donpapi.conf, and by default, it will looks like this:

[secretsdump]
share = C$
remote_filepath = \Users\Default\AppData\Local\Temp
filename_regex = \d{4}-\d{4}-\d{4}-[0-9]{4}
file_extension = .log

Recover

DonPAPI supports recover file. Each time you will run a collect command, it will save a recover file of the remaining targets and all the options. By default, the file is located in ~/.donpapi/register/ folder

Keep Collecting

Sometimes on an internal assessment, you want to go hard on some specific targets and collecting secrets on their computer again and again. Don't do a stupid bash loop, just use --keep-collecting X, X being the seconds you want to wait between each collecting sessions.

gui

Now that you have collected all those secrets, you want to crawl them. DonPAPI allow you to go through all collected secrets with a web GUI. To launch it, use donpapi gui.

usage: DonPAPI gui [-h] [--bind BIND] [--port PORT] [--ssl] [--basic-auth user:password]

options:
  -h, --help            show this help message and exit
  --bind BIND           HTTP Server bind address (default=127.0.0.1)
  --port PORT           HTTP Server port (default=8088)
  --ssl                 Use an encrypted connection
  --basic-auth user:password
                        Set up a basic auth

Web

General

This screen will show you every SAM reused passwords accross all collected computers, dumped scheduled tasks and service account passwords dumped from LSA. You can export all of them as CSV format.

Secrets

This screen will show you every secrets looted with DonPAPI. You can search on multiple elements and exports secrets in CSV

Cookies

This screen will show you every cookies looted with DonPAPI. You can search on multiple elements and exports cookies in CSV, but also copy paste them into JavaScript code to paste it in your browser.

Certificates

This screen will show you every certificates looted with DonPAPI. You can search on multiple elements and exports certificates in CSV, but also if a certificate allow client auth, then clicking on Yes will copy paste a Certipy command to use the certificate.

Disclaimer

This tool is for educational and ethical hacking purpose only. Login Sécurité is not responsible for the abuses committed with this tool.

Functionalities

The GUI frontend is developed in Vue3 + Vite.js, and the backend is Python Flask.

By default, it will be exposed at http://127.0.0.1:8088, but you can expose it the way you like, even at https://0.0.0.0:443.

Warning

Please never expose DonPAPI to a whole network like this, it can be very dangerous. DonPAPI supports HTTPS with --ssl and you can add a Basic Auth with --basic-auth. And moreover, please never expose DonPAPI on the Internet like this.

Clicking on a value in the tables will instantly put it in your clipboard.

A Hide Password checkbox is available in the GUI, in order to hide sensitive data in the GUI, perfect for screenshots.

Credits

All the credits goes to these great guys for doing the hard research & coding :

Benjamin Delpy for most of the DPAPI research (always greatly commented, <3 your code)
All the team working on Impacket (https://github.com/SecureAuthCorp/impacket). Almost everything we do here comes from impacket.
Alesandro Z & everyone who worked on Lazagne (https://github.com/AlessandroZ/LaZagne/wiki) for the VNC & Firefox modules, and most likely for a lots of other ones in the futur.
dirkjanm for the GUI idea in Roadtools & every research he ever did. I learned so much on so many subjects thanks to you. <3
Byt3bl33d3r for CrackMapExec & All the team working on NetExec(lots of inspiration and code comes from CME / NXC projects)
All the Team at Login Sécurité for their ideas and help in debugging my shitty code (special thanks to @layno & @HackAndDo for that)

donpapi's People

Contributors

Stargazers

Watchers

Forkers

superuser5 slooppe immunef1 topotam gavz jermainlaforce killvxk analyticsearch th3xace askyeye sairson cclauss bravery9 v4nyl zero-winter th3l5d inosec2 ovidsec gitttttbottttt red-infosec usama7628674 pentxter bigbrobro jack51706 munstar0s unleashedmen robinsonshai pycoder1 weldingwit evait-security whiteeyehansel leomatias prageeth1985 madusec hackndo epichoxha hjbfa th3k3ymak3r edvacco nusiloot crackercat fancysauced goowen hazarky jxpsx y0d4a indianamoreau bl4d3666 karmaz95 30579096 antondellua aurantst averroes dannymas 5xshanks hugo-syn addenial noraj cesarsilence zeecka hdys0vn breenmachine rkbennett 0next0 adturpin hartl3y94 txtanbu coolcoolnoworries 0xrobert mxrch fiebererdi gysf666 rvrsh3ll ericchauvette gilipat dinosn stephenbradshaw boydfields zr413 zblurx raystyle flx-0x00 cpo-eh swiftrix byehack d1ceman waldi084 osbarcelos79 devnsec turtlebear-work reket99 op0ssum outs1d3r-net davidlama thepiratewhosmellsofsunflowers fckoo nunomourinho zezebackup dipsec emadyay

donpapi's Issues

[bug] ImportError: cannot import name 'PrivateKeyTypes' from 'cryptography.hazmat.primitives.asymmetric.types'

Hi,

Upon installation with the commands on the README.md, we get an error when starting DonPAPI

root@podaliriuslab:~/DonPAPI# git clone https://github.com/login-securite/DonPAPI.git
Cloning into 'DonPAPI'...
remote: Enumerating objects: 787, done.
remote: Counting objects: 100% (381/381), done.
remote: Compressing objects: 100% (255/255), done.
remote: Total 787 (delta 166), reused 306 (delta 123), pack-reused 406
Receiving objects: 100% (787/787), 3.22 MiB | 26.34 MiB/s, done.
Resolving deltas: 100% (316/316), done.
Processing /root/DonPAPI/DonPAPI
  Installing build dependencies ... done
  Getting requirements to build wheel ... done
  Preparing metadata (pyproject.toml) ... done
Requirement already satisfied: LnkParse3<2.0.0,>=1.2.0 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (1.2.0)
Requirement already satisfied: M2Crypto<0.39.0,>=0.38.0 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (0.38.0)
Requirement already satisfied: impacket<0.10.0,>=0.9.23 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (0.9.24)
Requirement already satisfied: pyasn<2.0.0,>=1.6.1 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (1.6.1)
Requirement already satisfied: pycryptodome<4.0.0,>=3.11.0 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (3.18.0)
Requirement already satisfied: swig<5.0.0,>=4.1.1 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (4.1.1)
Requirement already satisfied: wheel<0.38.0,>=0.37.0 in /usr/local/lib/python3.11/dist-packages (from donpapi==1.1.0) (0.37.1)
Requirement already satisfied: chardet in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (5.1.0)
Requirement already satisfied: flask>=1.0 in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (2.2.2)
Requirement already satisfied: future in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (0.18.2)
Requirement already satisfied: ldap3!=2.5.0,!=2.5.2,!=2.6,>=2.5 in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (2.9.1)
Requirement already satisfied: ldapdomaindump>=0.9.0 in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (0.9.3)
Requirement already satisfied: pyOpenSSL>=0.16.2 in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (23.0.0)
Requirement already satisfied: pyasn1>=0.2.3 in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (0.4.8)
Requirement already satisfied: pycryptodomex in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (3.11.0)
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from impacket<0.10.0,>=0.9.23->donpapi==1.1.0) (1.16.0)
Building wheels for collected packages: donpapi
  Building wheel for donpapi (pyproject.toml) ... done
  Created wheel for donpapi: filename=donpapi-1.1.0-py3-none-any.whl size=692882 sha256=b90fce1ca309727c68f25d3c073f6332b9934f6b2d02ebbb185fbe70961a93eb
  Stored in directory: /tmp/pip-ephem-wheel-cache-_fzseqmg/wheels/f5/5d/af/daefae7c43f57686945d3ccdef02147a13c26bf4f09d46030f
Successfully built donpapi
Installing collected packages: donpapi
  Attempting uninstall: donpapi
    Found existing installation: donpapi 1.1.0
    Uninstalling donpapi-1.1.0:
      Successfully uninstalled donpapi-1.1.0
Successfully installed donpapi-1.1.0
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv

root@podaliriuslab:~/DonPAPI# cd DonPAPI; python3 -m pip install . ; DonPAPI
Traceback (most recent call last):
  File "/usr/local/bin/DonPAPI", line 5, in <module>
    from donpapi.entry import main
  File "/usr/local/lib/python3.11/dist-packages/donpapi/entry.py", line 26, in <module>
    from donpapi.myseatbelt import MySeatBelt
  File "/usr/local/lib/python3.11/dist-packages/donpapi/myseatbelt.py", line 11, in <module>
    from donpapi.lib.certificates import CertificatesTriage
  File "/usr/local/lib/python3.11/dist-packages/donpapi/lib/certificates.py", line 13, in <module>
    from cryptography.hazmat.primitives.asymmetric.types import PrivateKeyTypes
ImportError: cannot import name 'PrivateKeyTypes' from 'cryptography.hazmat.primitives.asymmetric.types' (/usr/lib/python3/dist-packages/cryptography/hazmat/primitives/asymmetric/types.py)

After a bit of research, this is because [cryptography=3.4] has a circular import bug, to fix it you should update to [cryptography=3.4.1].

For anyone having the bug now, you can just do:

root@podaliriuslab:~/DonPAPI# python3 -m pip install cryptography --upgrade
Requirement already satisfied: cryptography in /usr/local/lib/python3.11/dist-packages (3.4.8)
Collecting cryptography
  Using cached cryptography-41.0.2-cp37-abi3-manylinux_2_28_x86_64.whl (4.3 MB)
Requirement already satisfied: cffi>=1.12 in /usr/local/lib/python3.11/dist-packages (from cryptography) (1.15.1)
Requirement already satisfied: pycparser in /usr/local/lib/python3.11/dist-packages (from cffi>=1.12->cryptography) (2.21)
Installing collected packages: cryptography
  Attempting uninstall: cryptography
    Found existing installation: cryptography 3.4.8
    Uninstalling cryptography-3.4.8:
      Successfully uninstalled cryptography-3.4.8
Successfully installed cryptography-41.0.2

More infos about the bug: https://cryptography.io/en/latest/changelog/#v3-4-1

Short question: cme module

On the bottom of the readme you write that a lot of code comes from cme. I would love to see the project as a cme module. Is that currently on focus? Maybe you can write your thoughts about this and maybe some hints how to start with this project on my own.

Cheers.

zsh: bus error

Hello ,
I wanted to use donpapi
sudo python3 DonPAPI.py -H: ...
my python version is python3.11
but I have this mistake
zsh: bus error sudo python3.11 DonPAPI.py -H : ...
the program crashes during [mozilla cookie]
while on releases 1.0.0 I have no problems
Do you have a solution?

ModuleNotFoundError

Bonjour à tous, ça fait un p'tit moment que j'utilise DonPAPI et depuis une fresh install de Kali j'ai une erreur que je n'arrive pas debbugger si quelqu'un a une idée je suis preneur:

python3 DonPAPI.py

Traceback (most recent call last):
File "DonPAPI.py", line 27, in
from myseatbelt import MySeatBelt
File "myseatbelt.py", line 12, in
from lib.secretsdump import LSASecrets as MyLSASecrets
ModuleNotFoundError: No module named 'lib.secretsdump'

Alors que la lib est bien dispo dasn e dossier d'installation dans lib/secretsdump
Pour être sûr de moi j'avais ajouté le chemin d'exécution dans la variable $PATH, mais rien n'y fait.

Je n'ai aucune idée de comment debbugger ceci.

D'avance merci de l'attention porté à mon problème !

bus error

Can anyone tell me why this error occurs ? donpapi stops in failure
Python 3.9.0
kali - Release: 2023.3

[bug] struct.error: ('unpack requires a buffer of 4 bytes', "When unpacking field 'CryptAlgo | <L=0 | b''[:4]'", 'When unpacking field \'Blob

When I following the steps on GOAD, It turns out errors as follow:

└─$ proxychains -f /etc/proxychains_1080.conf DonPAPI -no-pass NORTH/[email protected]
[proxychains] config file found: /etc/proxychains_1080.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.16

                                                                                
         ,                                                                      
       ,                                                 LeHack Release! 💀                       
        (                                                                       
       .                                          by Touf & Zblurx @ Login Sécurité                       
                                &&&&&&                                                             
     &&&&&%%%.                  &&&&&&                                          
      &&&&%%%              &&&& &&&&&&       &&&&&&            &&&&&.           
      &&&&%%%           &&&&&&& &&&&&&    &&&&&&&&&&&&&     &&&&&&&&&&&         
      &&&&%%%         &&&&&&&&& &&&&&&  &&&&&&&&&&&&&&&&   &&&&&&&&&&&&&        
    &&&&&&%%%%%       &&&&&&    &&&&&&  &&&&&&    &&&&&&   &&&&&   &&&&&   #####  
 &&&&&&&&&%%%%%%%     &&&&&&&&&&&&&&&&  (&&&&&&&&&&&&&&&   &&&&&   &&&&&   # # #
 &/&/////////////%      &&&&&&&&&&&&      &&&&&&&&&&&&     &&&&&   &&&&&   #####
&&/&/#////////(//%         &&&&&&            &&&&&&        &&&&&   &&&&&    ###
&&/&/////////////%        
&&/&/////////////%        &&&&&&&&&        &&&&&&&&&&        &&&&&&&&&     &&&&&
&&/&//////////(//%     &&&&&&&&&&&&&&    &&&&&&&&&&&&&&   &&&&&&&&&&&&&&   &&&&&
&&/&/////////////%     &&&&&&   &&&&&&  &&&&&&   &&&&&&&  &&&&&&   &&&&&&  &&&&&
&&/&///////////(/%    &&&&&&    &&&&&&  &&&&&&    &&&&&& &&&&&&    &&&&&&  &&&&&
&&/&///(/////////%    &&&&&& &&&&&&&&&  &&&&&&&&& &&&&&& &&&&&& &&&&&&&&&  &&&&&
&&/&/////////////%    &&&&&& &&&&&&&      &&&&&&& &&&&&& &&&&&& &&&&&&&    &&&&&
&&#&###########/#%    &&&&&&                             &&&&&&                 
&&###############%    &&&&&&                             &&&&&&                

INFO Initializing database ./donpapi.db
INFO Loaded 1 targets
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
INFO [192.168.56.22] [+] CASTELBLACK (domain:north.sevenkingdoms.local) (Windows 10.0 Build 17763) [SMB Signing Disabled]
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
INFO host: \\192.168.56.98, user: eddard.stark, active:  2562, idle:     0
INFO Adding connected user eddard.stark from \\192.168.56.98
INFO host: \\192.168.56.98, user: robb.stark, active:  2616, idle:  2616
INFO Adding connected user robb.stark from \\192.168.56.98
INFO [192.168.56.22] [+] Found user .NET v2.0
INFO [192.168.56.22] [+] Found user .NET v2.0 Classic
INFO [192.168.56.22] [+] Found user .NET v4.5
INFO [192.168.56.22] [+] Found user .NET v4.5 Classic
INFO [192.168.56.22] [+] Found user Administrator
INFO [192.168.56.22] [+] Found user All Users
INFO [192.168.56.22] [+] Found user Classic .NET AppPool
INFO [192.168.56.22] [+] Found user Default
INFO [192.168.56.22] [+] Found user Default User
INFO [192.168.56.22] [+] Found user Public
INFO [192.168.56.22] [+] Found user robb.stark
INFO [192.168.56.22] [+] Found user sql_svc
INFO [192.168.56.22] [+] Found user vagrant
INFO [192.168.56.22] [+] Dumping LSA Secrets
INFO [192.168.56.22] [+] Dumping SAM Secrets
INFO [192.168.56.22] [+] SAM : Collected 6 hashes 
INFO [192.168.56.22] [+] Gathering DPAPI Secret blobs on the target
INFO [192.168.56.22] [+] Gathering Wifi Keys
INFO [192.168.56.22] [+] Gathering Vaults
INFO [192.168.56.22] [+] Gathering Certificates Secrets 
Traceback (most recent call last):
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/donpapi/lib/certificates.py", line 403, in loot_privatekeys
    masterkey_guid = self.get_masterkey_guid_for_privatekey(data)
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/donpapi/lib/certificates.py", line 516, in get_masterkey_guid_for_privatekey
    blob=PVKFile(privatekey_bytes)
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 87, in __init__
    self.fromString(data)
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 152, in fromString
    self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 382, in unpack
    return dataClassOrCode(data)
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 87, in __init__
    self.fromString(data)
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 152, in fromString
    self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 326, in unpack
    return self.unpack(two[0],data)
  File "/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/impacket/structure.py", line 385, in unpack
    return unpack(format, data)[0]
struct.error: ('unpack requires a buffer of 4 bytes', "When unpacking field 'CryptAlgo | <L=0 | b''[:4]'", 'When unpacking field \'Blob | : | b\'\\x01\\x00\\x00\\x00\\xfcP\\xc5F\\xdb\\xb69N\\x8dw\\xf3]\\xc2\\xb7\\xa4\\xc1\\x00\\x00\\x00\\x00,\\x00\\x00\\x00C\\x00r\\x00y\\x00p\\x00t\\x00o\\x00A\\x00P\\x00I\\x00 \\x00P\\x00r\\x00i\\x00v\\x00a\\x00t\\x00e\\x00 \\x00K\\x00e\\x00y\\x00\\x00\\x00\\x03f\\x00\\x00\\xc0\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\r\\xea?\\x8d\\x95@\\xfd\\x0c\\x82\\xf4\\x08\\tm\\x87\\xc5S\\x00\\x00\\x00\\x00\\x04\\x80\\x00\\x00\\xa0\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xd6\\x1e\\xb5A6&\\xdb!\\xbet\\xe6\\xb8*\\x82\\xd0U@\\x05\\x00\\x00\\xee\\xfc(&\\x1e\\x1b\\x07\\xea\\xf6\\xa7\\xd1\\\\.*\\x15\\x7f\\x15\\xc3,)\\xcd\\xc0\\xa6>\\xd4\\x9d\\r\\x80\\xf2L\\xddt\\x80%\\xd9\\x9d\\x91XN\\xf3\\xaf~s\\x11z8C\\xb8VP,I\\xc0\\xba\\xf1\\x7f\\xab\\x18\\xe9\\x1cU\\xb1~Bj\\xae\\x18\\xf4\\xdd\\xa7\\x1dJ_\\xa6\\x0bs\\x8d\\xf1\\xd62\\x17s\\x14D\\xe1\\xd1mk\\x9fT\\\\#\\xcd\\x91\\xd7$\\xc3\\x9dD@dy\\xe9E\\xfbj\\xc76|n\\x95\\xf1\\x1f\\xbe\\xf8\\xbe\\x8f\\xddu\\xbe\\xc7\\xefV\\xe0\\xba\\x01\\xfb\\xce\\x16\\xb56\\x95<\\xf1\\xfb\\xf5r\\xef\\xd5\\x06\\x99\\xf5\\xd7_\\xc8\\xa3\\xeb\\xa5It+\\xf4\\x1cA.\\xf1?\\xe3\\xa0\\xa7\\x13\\x1d\\xc5\\xfe\\x8bs\\xd1\\xe1\\x83\\x14\\xf7\\xc48\\x85\\x94\\x07\\x93\\xec,\\x98-\\x0c,\\xe9\\x1a8\\x8e\\x9b\\x9ak\\x8f\\xe1\\xf9d\\x94%;\\xd8\\xa4\\xabS(\\xb6\\x1c}\\xbbq\\xd5\\xf7\\xe1E\\n\\xedn\\xb8\\x03\\xb5\\x8d\\x15\\x11\\x9a\\x8b\\xdc\\xf8\\x0c\\xb9J%\\xab_\\xf0\\r\\x01P\\x8a\\x1e\\xe9\\x11T\\xf42".0`\\xfeJ\\xe0\\x86\\x17\\x90\\x00\\xb3\\x1d\\xe6\\x04\\x08\\xfd\\xf2\\xd5\\xc7L\\xc2$\\xe7\\x84`<*\\xa1faq\\x1dC\\x13!9\\x96q\\x9e\\xfe\\xbf\\x021\\xa2\\xb9\\x97\\x90a\\xc2\\xb5\\x81D-\\xadyP\\x1c\\xc4\\x95E\\x8a\\x9a\\xc2\\xab9\\xf9\\x18x\\xe7\\x19E\\xc6JB\\x12\\xa7\\x82\\x0c\\x82g\\xdbw\\xe8\\x96\\xc8*\\x12T&\\x94z\\x14\\x96\\x0030\\xd1\\xd6\\x1a\\xcd\\x9e\\xae\\xb1\\xafzk\\x01\\xe0\\xce\\xfa\\xf0\\xc5\\xdd\\xd8a\\xec\\xb1b\\xc2\\xb9\\xcf\\xbe\\r\\xa2\\x0e\\xef\\xf0P\\xb8\\x8d\\x8dO\\xa6\\\'b\\x97\\xe0\\x11s\\x1bN\\xcd\\xe5\\nt\\xe3]\\xd0\\xfd%\\x8f\\xa9N\\xc9\\xcbj\\x8d\\xdc\\xb4\\xbf\\xd8\\xfbE28\\xdc*\\xea\\xdb\\xdc\\x07\\x8e\\xbczKY\\x0c&H\\x1d8\\xac\\xc1i\\x17\\x8b\\xef\\x9e\\xeb\\xce%\\xbct@]\\x90\\x8d\\x06\\x96\\xc1\\x1b\\x93\\n~\\x95\\\\\\x85iB\\x1a\\xf0[\\xd4\\xed\\\'\\xac27\\x14\\xcah\\xd5j\\xa1\\xd3\\xcc\\xebX\\xae\\xda\\r\\x11\\xa5~T\\x1b\\xef\\x0f5\\xca\\xf3\\xf4\\tc\\xa7\\xb6P\\xa0V\\xf7\\x0b\\xde\\xb2\\xe1\\xfd\\x8c\\xe0\\xea\\xe3}\\xb6\\xd3*/A6XY\\xae\\xb5\\xea\\x8a\\x8fr\\xd0\\xe9\\xf6\\xe4a\\xcf\\xfe\\xce\\xf7,\\xa1{5\\xb9\\x8d\\xc1@\\xcf\\xb6\\xc9\\xa0a_\\x8ewQ\\xb7\\x0b\\x99\\nn\\x85y/5\\x19\\xfaMk\\xaa\\xce\\xde\\x80\\xa6\\xad\\x81\\xb8\\x10F\\xd9\\xe1)\\xbd\\xea\\xd3&Q\\x8eR\\x8f\\x95\\x19Q6\\x97\\x80\\x8a\\xc9\\x82ev\\xdb\\xa70\\xc4\\xe6\\xb0\\xc3)}c\\x9e\\xa9\\xe6\\xf4\\xcd\\xc7w\\xeb\\x95,L8\\xe8\\x16\\x85\\xddT]\\xf9\\x14d#d\\x9c+\\\'p\\x93\\xf5~^\\xde\\xb1\\xb6\\xef\\xa1|\\\'\\xb6;\\x9fl\\xb3rj\\x8c\\xd0\\xb0Sj]b\\xb7z\\xcb-\\x1b\\xcb\\xdfX\\xf6;\\x80\\xb14\\xea\\x14\\x1a\\x8c\\xfc\\x1e;\\xf0\\x84\\xb2Y\\xd4\\xf2r\\xf7D\\x93u\\xd2[\\x98\\xd9\\xdcX\\xe7Q\\xba\\x14\\xfe\\xfe1\\xe8\\xf0\\xedi\\xc8\\x7f\\xbae\\xdc\\x12\\xc4\\xca6\\xc5k\\x88\\xd2\\xc7\\x93\\x9f\\\'T\\xabO(\\x8d\\x8f4M\\x1c\\xf2\\xb6T\\xab\\xe5\\xc3\\xe0\\x04BbA\\x0b\\x82\\xe0\\xa2\\xe6\\xbaG\\xa56|mB3\\xb0+\\x97ah\\x1a\\x05Q\\xae\\xca\\x93\\x13\\x7f\\xa0\\xc4\\xde\\x83\\xcc\\xadVT\\xf7c\\r\\x97b\\x01\\xe7h\\xd1M!\\xb8\\x89\\xc8\\x94S\\x05\\xfbR\\xe9\\x01\\xe8~L\\xf5w\\xe2\\x0e\\xa0@A\\xe0\\x95 \\x95\\xcc\\x03\\x99Rv\\xf2\\x0f\\t\\x1a\\xdc;}\\xa8Y!\\xe5l\\xbfN>\\xc9\\xd2\\xc5\\x1e&\\xec\\x94\\xc6\\x7f\\x94T\\xde\\x02\\x8e\\xfe9>\\xc2\\x95\\x9a\\xed\\xa8\\xfc|[`i\\xadH\\xe5I\\x03\\xaak\\x9a\\x9f`\\x0e\\xc1M#@C-\\x04\\xf5K\\xef\\xa2g\\xf9P\\xfa\\x95\\xfc\\xf7\\xa0mG\\n\\x8e\\xf3\\xe1\\x88\\xaeMp=\\x86\\x15\\x9fi>-\\xb8\\x11\\\\\\x8d\\xb6R\\xc7z[(<F\\xa4\\x9b\\x8df\\x9a \\xba\\xca@Dc=\\x06\\x9c9\\x95 \\x92\\xfc\\xdf\\x19\\x08H\\xa3\\x87\\xc4\\x81@m\\xc21S:\\x08\\xd6\\x84\\x98\\xd2\\xd8\\x01\\xd0\\x08g\\x84-\\x92\\xd4\\xb1\\x9b\\x1d~\\xf6\\xec\\x05H\\xbfT\\xe5J\\xf2\\xb9d\\x0b\\x03\\xe0\\xcd\\x8fU\\x1b\\x0f>\\x05\\xd6h\\xee\\x81\\xdes\\xac\\xc6\\x1aw\\xcaPN\\xe2@\\xc9\\x93\\x92\\xb2ex9\\x15\\xa0m\\xad\\xa2U)\\xd5g\\x8c\\xde\\x84\\xd4\\x86i%:8\\x7fZ\\xe2KM\\xfbc4\\xba\\xb2\\x08\\xe0DA6W!\\xc5\\x10\\x04\\xef\\xf7\\x90\\xf5\\xff\\x9e\\xcc3\\x81\\xc4\\x1e\\x02Gs\\xd77\\x86\\x0eu\\xf4\\x84\\xab\\x94\\xcb{[K\\x97\\x1eD;\\x95b\\xee\\xf5\\xa1DR]\\xc2\\xc4\\xdf\\xd6\\xca\\xee\\xb7\\xe8\\x02\\xd3\\x80\\xcf\\xb5~A>$Xf\\xa4s\\x10\\x8fi\\xd83\\x9b\\xd4A\\xdcH\\xcd\\x9a\\x1b\\x7f\\xe2V\\x94\\xba\\x99X"\\xc2E\\xfc\\xdf\\xc14\\xfc\\x1cS\\xad>\\x97\\xbb]ti\\x19\\xda.>\\xd6M\\x93\\x8f\\xc6\\x8a\\x0f\\n\\xf1\\xae^\\x16WrH\\xb6q\\x8b\\xcd\\x93o\\xeba%>\\xff\\xf4\\xd5\\xcf\\x16\\xbc\\xd1\\\'\\xe6\\x9d\\xddfn\\xa4\\x9fV^\\x05\\xb9Au"?\\x0c\\x94\\x98r\\xe3\\xc6\\xa2<Q\\xdf\\xb0Ok\\xe9A\\xb4b\\x0e\\x17\\xccV\\x8f\\x8b\\xac\\xa8.L\\xbb\\x95\\\\\\xa4\\x01Z\\xa9\\x85\\x14.\\xa2\\xd3Q5\\xb0\\x1fd[.\\xf8E\\xda\\xad\\x9fH\\x809;\\xe7/\\x1d\\x1dM\\x19U\\x877\\xba\\x18h\\xd4\\x10<m\\x80\\x92\\x9c\\xab@:\\xbf\\xb4\\x7f\\xd7l\\xb6*\\t<\\x93\\xc5J\\xe8a\\xe9h\\xf3\\xf0\\t\\xa29\\xb8U0)IGf[\\x9f\\xbb\\x87\\xdc\\xe8\\x90!=\\x86\\xcd\\x94\\xaf\\x06\\xce\\xb2\\x99\\x9a%=i\\x9c?\\xc6<9K\\x1b:\\xb5\\x96?\\xab/\\xb2\\xa1\\x94^\\x0c\\x14\\x89\\xad"\\xc3\\x8a\\x8d\\xd9#\\xac\\x14\\x00\\x00\\x00],\\xbf\\xe4z\\xd7\\xd3\\x13\\xb3=\\xce\\x18k\\x8e\\xc7\\xd3\\xa7\\xe0\\xdd4\\x01\\x00\\x00\\x00\\xd0\\x8c\\x9d\\xdf\\x01\\x15\\xd1\\x11\\x8cz\\x00\\xc0O\\xc2\\x97\\xeb\\x01\\x00\\x00\\x00\\xfcP\\xc5F\\xdb\\xb69N\\x8dw\\xf3]\\xc2\\xb7\\xa4\\xc1\\x00\\x00\\x00\\x00\\x18\\x00\\x00\\x00E\\x00x\\x00p\\x00o\\x00r\\x00t\\x00 \\x00F\\x00l\\x00a\\x00g\\x00\\x00\\x00\\x03f\\x00\\x00\\xc0\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xac\\x98\\xc5;\\xd2\\xc0\\xc2M\\xfb\\xe1\\x93\\x8d\\x10Gq\\xd0\\x00\\x00\\x00\\x00\\x04\\x80\\x00\\x00\\xa0\\x00\\x00\\x00\\x10\\x00\\x00\\x00\\xff\\\\\\x17\\x1f\\xe2\\xf7\\xd5\\x1e\\xb8\\x95O\\x93\\xbe#o\\xe9\\x08\\x00\\x00\\x00q\\xd4\\x1e-\\x8aI\\x9c;\\x14\\x00\\x00\\x00\\xfc@\\x7f\\xadj&\\xc2\\xee\\xb8\\xac\\xc6\\x8dn\\x1a\\xd9=\\xc6\\x11Gh\'[:1524]\'')
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
INFO [192.168.56.22] [+] Gathering Chrome Secrets 
INFO [192.168.56.22] [+] Gathering MSEdge Secrets 
INFO [192.168.56.22] [+] Gathering Mozilla Secrets 
INFO [192.168.56.22] [+] Gathering mRemoteNG Secrets 
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
INFO [192.168.56.22] [+] Gathering VNC Passwords
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
[proxychains] Strict chain  ...  127.0.0.1:1080  ...  192.168.56.22:445  ...  OK
INFO [192.168.56.22] [+] Gathering Recent Files and Desktop Files 
/home/kali/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/LnkParse3/target_factory.py:87: UserWarning: Unknown TargetID `195`
  warnings.warn(msg)

While ntlmrelayx is listening on 1080:

ntlmrelayx> socks
Protocol  Target         Username            AdminStatus  Port 
--------  -------------  ------------------  -----------  ----
SMB       192.168.56.23  NORTH/ROBB.STARK    FALSE        445  
SMB       192.168.56.23  NORTH/EDDARD.STARK  FALSE        445  
SMB       192.168.56.22  NORTH/ROBB.STARK    FALSE        445  
SMB       192.168.56.22  NORTH/EDDARD.STARK  TRUE         445

Single Binaries

With all due respect to your (really incredible project), working with python dependencies is just terrible.
I have managed to install version 1.0 through pip3 install -r req.txt several times, but the latest versions via pipx/poetry (besides the fact that these are terrible platforms in themselves that don't work well) force me to download the msvsc compiler for Windows to install modules and I never have the moral strength to finish it

Maybe you could make a separate version for github sponsors with precompiled single binaries, like crackmapexec did?
Working with dependency modules in python completely destroy my mood for entire day and deprives me of my will to live, these are endless quicksands of traces and errors

Best regards

Problem with Chrome default profile

Hello,

During an engagement I found that DonPAPI looks for the Default user profile. However, many of my targets has non default profile name (such as "Profile 1") or multiple profiles. Current profile name can be found within the Local State file:

Renamed profile

{
  "info_cache": {
    "Profile 5": {
      "active_time": REDACTED.135468,
      "avatar_icon": "chrome://theme/IREDACTED",
      "background_apps": false,
      "first_account_name_hash": 477,
      "force_signin_profile_locked": false,
      "gaia_given_name": "REDACTED",
      "gaia_id": "REDACTED",
      "gaia_name": "REDACTED",
      "gaia_picture_file_name": "Google Profile Picture.png",
      "hosted_domain": "REDACTED",
      "is_consented_primary_account": false,
      "is_ephemeral": false,
      "is_using_default_avatar": true,
      "is_using_default_name": true,
      "last_downloaded_gaia_picture_url_with_size": "REDACTED",
      "managed_user_id": "",
      "metrics_bucket_index": 5,
      "name": "Personne 2",
      "shortcut_name": "REDACTED",
      "signin.with_credential_provider": false,
      "user_accepted_account_management": false,
      "user_name": "REDACTED"
    }
  },
  "last_active_profiles": [
    "Profile 5"
  ],
  "last_used": "Profile 5",
  "metrics": {
    "next_bucket_index": 6
  },
  "picker_shown": true,
  "profile_counts_reported": "REDACTED",
  "profiles_created": 6,
  "profiles_order": [
    "Profile 5"
  ]
}

Multiple Profiles

{
  "info_cache": {
    "Default": {
      "active_time": REDACTED.728178,
      "avatar_icon": "chrome://theme/REDACTED",
      "background_apps": false,
      "first_account_name_hash": 822,
      "force_signin_profile_locked": false,
      "gaia_given_name": "REDACTED",
      "gaia_id": "REDACTED",
      "gaia_name": "REDACTED REDACTED",
      "gaia_picture_file_name": "Google Profile Picture.png",
      "has_multiple_account_names": true,
      "hosted_domain": "REDACTED",
      "is_consented_primary_account": true,
      "is_ephemeral": false,
      "is_using_default_avatar": true,
      "is_using_default_name": true,
      "last_downloaded_gaia_picture_url_with_size": "REDACTED",
      "managed_user_id": "",
      "metrics_bucket_index": 1,
      "name": "Personne 1",
      "shortcut_name": "REDACTED",
      "signin.with_credential_provider": false,
      "user_accepted_account_management": true,
      "user_name": "REDACTED"
    },
    "Profile 1": {
      "active_time": REDACTED.65364,
      "avatar_icon": "chrome://theme/REDACTED",
      "background_apps": false,
      "first_account_name_hash": 822,
      "force_signin_profile_locked": false,
      "gaia_given_name": "",
      "gaia_id": "",
      "gaia_name": "",
      "gaia_picture_file_name": "",
      "hosted_domain": "",
      "is_consented_primary_account": false,
      "is_ephemeral": false,
      "is_using_default_avatar": true,
      "is_using_default_name": false,
      "last_downloaded_gaia_picture_url_with_size": "",
      "managed_user_id": "",
      "metrics_bucket_index": 2,
      "name": "REDACTED REDACTED",
      "shortcut_name": "REDACTED REDACTED",
      "user_accepted_account_management": false,
      "user_name": ""
    },
    "Profile 3": {
      "active_time": REDACTED.08738,
      "avatar_icon": "chrome://theme/REDACTED",
      "background_apps": false,
      "default_avatar_fill_color": -10831423,
      "default_avatar_stroke_color": -16248044,
      "first_account_name_hash": 655,
      "force_signin_profile_locked": false,
      "gaia_given_name": "",
      "gaia_id": "",
      "gaia_name": "",
      "gaia_picture_file_name": "",
      "hosted_domain": "",
      "is_consented_primary_account": false,
      "is_ephemeral": false,
      "is_using_default_avatar": true,
      "is_using_default_name": false,
      "last_downloaded_gaia_picture_url_with_size": "",
      "managed_user_id": "",
      "metrics_bucket_index": 4,
      "name": "REDACTED",
      "profile_highlight_color": -10831423,
      "shortcut_name": "REDACTED",
      "signin.with_credential_provider": false,
      "user_accepted_account_management": false,
      "user_name": ""
    },
[...]
  },
  "last_active_profiles": [
    "Default"
  ],
  "last_used": "Default",
  "metrics": {
    "next_bucket_index": 7
  },
  "picker_shown": true,
  "profile_counts_reported": "REDACTED",
  "profiles_created": 10,
  "profiles_order": [
    "Profile 2",
    "Profile 4",
    "Profile 3",
    "Default",
    "Profile 1",
    "Profile 8"
  ]
}

Maybe it is possible to loop through the profiles or just dump the last_active_profiles ?

🌻

Error when using --GetHashes

When running DonPAPI with "--GetHashes" I get the following error.

Traceback (most recent call last):
  File "/<mytoolspath>/DonPAPI/DonPAPI.py", line 273, in <module>
    main()
  File "/<mytoolspath>/DonPAPI/DonPAPI.py", line 185, in main
    my_report.export_hashes()
AttributeError: 'reporting' object has no attribute 'export_hashes'

DonPAPI is running on KALI 2021.4 with Impacket v0.9.24.dev1+20210720.100427.cd4fe47c.
The target is Windows 10 1803

[Idea] Added module for CrackMapExec

Adding DonPAPI on a Crackmapexec module could be cool.

ModuleNotFoundError: No module named 'lib.secretsdump'

Hi everyone,

For some time now, I have been facing an error that I don't understand and that I can't solve,
I am Kali Linux :

$ uname -a [10/03/23 | 9:22:47] Linux no0ne-kali 6.1.0-kali5-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.12-1kali2 (2023-02-23) x86_64 GNU/Linux

I use the version of python 3.11.2 :

$ python3 [10/03/23 | 9:20:59] Python 3.11.2 (main, Feb 12 2023, 00:48:52) [GCC 12.2.0] on linux Type "help", "copyright", "credits" or "license" for more information.

I proceeded to the installation of DonPAPI as explained on the Git but here, impossible to make it work:

$ python3 DonPAPI.py [10/03/23 | 9:30:04] Traceback (most recent call last): File "/home/no0ne/DonPAPI/DonPAPI.py", line 27, in <module> from myseatbelt import MySeatBelt File "/home/no0ne/DonPAPI/myseatbelt.py", line 12, in <module> from lib.secretsdump import LSASecrets as MyLSASecrets ModuleNotFoundError: No module named 'lib.secretsdump'

So I looked if the secretsdump module is present in the install directory :

$ ls DonPAPI/lib [10/03/23 | 9:21:32] adconnect.py dpapi_pick neo4jconnection.py secretsdump.py certificates.py dpapi.py new_module.py toolbox.py compliance_security.py eater.py RecentFiles.py wmi.py defines.py fileops.py reg.py

I don't have any explanation why it doesn't work, if anyone has an idea I'm interested.

For those who will take the time, thank you in advance.

Python SyntaxError

Hi,
When running the DonPAPI.py script I get the following python error:

File "./DonPAPI.py", line 157
    logging.info(f"Loaded {len(credz)} user credentials")
                                                       ^
SyntaxError: invalid syntax

Steps to reproduce:

git clone https://github.com/login-securite/DonPAPI.git
pip3 install -r requirements.txt
./DonPAPI.py

This looks like a great tool, looking forward to using it!

Missing license file

Hi,

This project looks amazing and solves a large amount of possible problems, However looking at the codebase I wasn't able to find a LICENSE file,
The only thing I could find is a message in the master file indicating the license is a modified version of Apache license with more details in the LICENSE file that I wasn't able to find.

This software is provided under under a slightly modified version

of the Apache Software License. See the accompanying LICENSE file

for more information.

If a license file could be added it will be great help !

Add option to retrieve cookies as well as saved logins

DonPAPI does a fantastic job of retrieving saved login credentials, however the option to retrieve cookies would be beneficial to be able to steal existing sessions and bypass 2FA protection. Currently it seems an attempt was made at adding this feature but it may have been abandoned (https://github.com/login-securite/DonPAPI/blob/main/myseatbelt.py#L460). I might try and have a go at this in a few weeks but not sure if I'll be able to pull it off.

Support for Proxied SMB Authentication Connections

Prior to version 2.0, it was possible to proxy smb relayed auth from ntlmrelayx.py to donpapi via the following syntax:

proxychains4 donpapi -o . -dc-ip <DCIP> -no-pass NETBIOSDOMAIN/[email protected]

^ This works properly as intended.

In the latest version since 2.0 release, I haven't been able to figure out how to get this to work. I've tried syntax such as but not limited to:

proxychains4 donpapi collect -d example.com --dc-ip <DCIP> --no-pass -u 'NETBIOSDOMAIN/USERNAME' -t 10.10.10.10
proxychains4 donpapi collect --dc-ip <DCIP> --no-pass -u 'NETBIOSDOMAIN/USERNAME' -t 10.10.10.10
proxychains4 donpapi collect -d NETBIOSDOMAIN --dc-ip <DCIP> --no-pass -u USERNAME -t 10.10.10.10

Is there a way in the latest version of donpapi for the collect sub-command to support proxied authentication?

ModuleNotFoundError: No module named 'pkg_resources'

❯ DonPAPI
Traceback (most recent call last):
  File "/home/user/.local/bin/DonPAPI", line 5, in <module>
    from donpapi.entry import main
  File "/home/user/.local/pipx/venvs/donpapi/lib/python3.12/site-packages/donpapi/entry.py", line 29, in <module>
    from donpapi.myseatbelt import MySeatBelt
  File "/home/user/.local/pipx/venvs/donpapi/lib/python3.12/site-packages/donpapi/myseatbelt.py", line 21, in <module>
    from donpapi.lib.adconnect import *
  File "/home/user/.local/pipx/venvs/donpapi/lib/python3.12/site-packages/donpapi/lib/adconnect.py", line 8, in <module>
    from impacket import version
  File "/home/user/.local/pipx/venvs/donpapi/lib/python3.12/site-packages/impacket/version.py", line 10, in <module>
    import pkg_resources
ModuleNotFoundError: No module named 'pkg_resources'

Installed with pipx (default and git). Hotfix:

pipx inject donpapi setuptools

setuptools should be added as dependency in pyproject.toml / poetry.lock

Cookie filtering

At the moment, depending on the network a lot of expired cookies can be returned. It would be nice if the tool could filter out those (at least by default).
In the same idea, a lot of cookies can be empty so 99.9% of the time useless, this could also be filtered out.

Enhancement: Retrieve Token Broker Cache Files

Hi there,

I wonder would you consider an enhancement to retrieve the Azure token broker cache files from their folder and potentially decrypt them? We could then laterally move to Azure potentially.

I think it would be an amazing feature. More info on where they are located here:

https://blog.xpnsec.com/wam-bam/

Microsoft Edge support

DonPAPI is able to retrieve credentials for Chrome, there should be support for edge considering the large-scale use of edge within environments.

Edge is based of chromium so it shouldn't be hard at all to implement, user data is stored in %localappdata%\microsoft\edge\User Data\Default

Truncated DDC2 hash in HTML report

I noticed that DCC2 hash are truncated in the HTML report

Is it normal ?

VNC plugin error on reading and parsing registry key

The VNC plugin in software/sysadmin/vnc.py does not handle properly the read of a registry key.

There is two issues:

After getting the key from registry, the variable is bytes, but on line 107, you triy to rstrip() some string, causing an error.
On the reverse_vncpassword method, you try to unhex/hex the same variable, but as it's bytes and not a string hex representation, it fails.

Allow working in local mode

Currently this tool allows reading files via SMB only.

I would like to run it locally, using Kali Live, with Windows drive(s) mounted in eg. /mnt/c, /mnt/d etc.

HTML report (-R) markup inconsistency & optimization

HTML reports have inconsistency (missing closing markup, no coherence with lowercase/uppercase, ...) and can be optimized (for instance: <a class="firstletter">H</a><a>ostname</A> can be replaced with <p>Hostname</p> using the CSS selector ::first-letter).

I'd like to work on the generate_report() function, using Jinja templating. Is it worth having a try and are you looking for a PR on this feature (report content won't change, only a refactoring) ?

User enumeration missing users stored under "Documents and Settings" on older Windows versions

Ive noticed that when enumerating older Windows Operating System versions that use the "%SystemDrive%\Documents and Settings" path to store user profiles that users are not correctly identified due to hardcoding of the modern "Users" path in various points in the code.

I have what I believe is a fix (e.g. "it works on my machine") in my local copy of the tool if you are happy to receive a PR to address this?

Thanks

Feature Request: Allow Specific User Selection

Background

This is less of a bug and more of a "program behavior" request.
As I run DonPAPI on a target, I encounter many junk accounts that exist on the remote machine's Users folder.
This was partially mitigated with the new "false positive" folders in each triage class.
However, usually when getting loot from a machine, there are more junk folders than can be expected to deal with.
This is an issue since we cannot expect to deal with every possible "false positive" we encounter.
So, I suggest an addition of a user selection prompt / flag, which will allow users to select specific windows users for enumeration.

Possible Implementations

Interactive prompting

This is obviously not ideal when we want to iterate over many machines but it might be useful to add.

Found 4 User Folders (Bob, Alice, John Doe, Trash), please select one or more (delimited by '^'):
> Bob^John Doe

Startup Parameter

donpapi -u admin -p admin -t 1.2.3.4 --windows-users "Bob" "John Doe"

Summary

This is obviously not an urgent matter but it is certainly a "nice to have" feature.
Thank you for reading, I wish you all the best!

Traceback crypto import error

Traceback when running DonPAPI, probably due to latest commits

Traceback (most recent call last):
      File "/root/.local/bin/DonPAPI", line 5, in <module>
        from donpapi.entry import main
      File "/root/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/donpapi/entry.py", line 26, in <module>
        from donpapi.myseatbelt import MySeatBelt
      File "/root/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/donpapi/myseatbelt.py", line 11, in <module>
        from donpapi.lib.certificates import CertificatesTriage
      File "/root/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/donpapi/lib/certificates.py", line 11, in <module>
        from cryptography.hazmat._oid import ExtensionOID
    ImportError: cannot import name 'ExtensionOID' from 'cryptography.hazmat._oid' (/root/.local/pipx/venvs/donpapi/lib/python3.9/site-packages/cryptography/hazmat/_oid.py)

[bug] Missing requirement to build DonPAPI through poetry: ModuleNotFoundError: No module named 'swig'

Missing requirement 'swig' to build DonPAPI through poetry

┌──(root㉿kali)-[/home/kali/Desktop/DonPAPI]
└─# poetry update
Creating virtualenv donpapi-WjBzr8W3-py3.11 in /root/.cache/pypoetry/virtualenvs
Updating dependencies
Resolving dependencies... Downloading https://files.pythonhosted.org/packages/15/b8/d99814bab6797ed0b9449390c8c2f9872d475c693d11957b8b61abbc0933/impacket-0.9.24.tar.gz  18% (6.Resolving dependencies... Downloading https://files.pythonhosted.org/packages/15/b8/d99814bab6797ed0b9449390c8c2f9872d475c693d11957b8b61abbc0933/impacket-0.9.24.tar.gz  95% (6.Resolving dependencies... Downloading https://files.pythonhosted.org/packages/a1/eb/030d2f273902f2b0c7d59bca28fe528dcc7213f2ddd5a65055a3f25101be/pycryptodome-3.18.0-cp27-cp27m-Resolving dependencies... Downloading https://files.pythonhosted.org/packages/7c/6f/fdf4620511f30482915c88cba42e82b2ce3444499bfeba572c16abfd22e6/pycryptodomex-3.18.0-cp27-cp27mResolving dependencies... (13.1s)

Writing lock file

Package operations: 31 installs, 1 update, 0 removals

  • Installing idna (3.4)
  • Installing sniffio (1.3.0)
  • Installing anyio (3.7.1)
  • Installing certifi (2023.7.22)
  • Installing h11 (0.14.0)
  • Installing pycparser (2.21)
  • Installing cffi (1.15.1)
  • Installing httpcore (0.17.3)
  • Installing markupsafe (2.1.3)
  • Installing pyasn1 (0.5.0)
  • Installing blinker (1.6.2)
  • Installing click (8.1.6)
  • Installing cryptography (41.0.2)
  • Installing dnspython (2.4.0)
  • Installing future (0.18.3)
  • Installing itsdangerous (2.1.2)
  • Installing jinja2 (3.1.2)
  • Installing ldap3 (2.9.1)
  • Installing werkzeug (2.3.6)
  • Installing chardet (5.1.0)
  • Installing flask (2.3.2)
  • Installing six (1.16.0)
  • Installing pycryptodomex (3.18.0)
  • Installing pyopenssl (23.2.0)
  • Installing ldapdomaindump (0.9.4)
  • Installing impacket (0.9.24): Installing...
  • Installing lnkparse3 (1.2.0)
  • Installing m2crypto (0.38.0): Failed

  CalledProcessError

  Command '['/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11', '--no-deps', '/root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz']' returned non-zero exit status 1.

  at /usr/lib/python3.11/subprocess.py:571 in run
       567│             # We don't call process.wait() as .__exit__ does that for us.
       568│             raise
       569│         retcode = process.poll()
       570│         if check and retcode:
    →  571│             raise CalledProcessError(retcode, process.args,
       572│                                      output=stdout, stderr=stderr)
       573│     return CompletedProcess(process.args, retcode, stdout, stderr)
       574│ 
       575│ 

The following error occurred when trying to handle this error:


  EnvCommandError

  Command ['/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11', '--no-deps', '/root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz'] errored with the following return code 1, and output: 
  Processing /root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz
    Installing build dependencies: started
    Installing build dependencies: finished with status 'done'
    Getting requirements to build wheel: started
    Getting requirements to build wheel: finished with status 'done'
    Preparing metadata (pyproject.toml): started
    Preparing metadata (pyproject.toml): finished with status 'done'
  Building wheels for collected packages: M2Crypto
    Building wheel for M2Crypto (pyproject.toml): started
    Building wheel for M2Crypto (pyproject.toml): finished with status 'error'
    error: subprocess-exited-with-error
    
    × Building wheel for M2Crypto (pyproject.toml) did not run successfully.
    │ exit code: 1
    ╰─> [64 lines of output]
        INFO:run_command:running bdist_wheel
        INFO:run_command:running build
        INFO:run_command:running build_py
        INFO:copy_file:copying src/M2Crypto/DH.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/threading.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/X509.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/EC.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/AuthCookie.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/six.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2crypto.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/BIO.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/DSA.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2urllib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2urllib2.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2xmlrpclib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/SMIME.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/ASN1.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/__init__.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/BN.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/RC4.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Rand.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/callback.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/util.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Err.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Engine.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/EVP.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/ftpslib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/RSA.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/httpslib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:mkpath:creating build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/SSLServer.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Checker.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Session.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Cipher.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Connection.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/timeout.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/TwistedProtocolWrapper.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Context.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/__init__.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/ssl_dispatcher.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/cb.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:run_command:running egg_info
        INFO:write_pkg_info:writing src/M2Crypto.egg-info/PKG-INFO
        INFO:write_file:writing dependency_links to src/M2Crypto.egg-info/dependency_links.txt
        INFO:write_file:writing top-level names to src/M2Crypto.egg-info/top_level.txt
        INFO:read_manifest:reading manifest file 'src/M2Crypto.egg-info/SOURCES.txt'
        INFO:read_template:reading manifest template 'MANIFEST.in'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.i'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.h'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.def'
        WARNING:process_template_line:warning: no files found matching 'SWIG/_m2crypto_wrap.c'
        WARNING:process_template_line:warning: no files found matching 'M2Crypto/m2crypto.py'
        INFO:add_license_files:adding license file 'LICENCE'
        INFO:execute:writing manifest file 'src/M2Crypto.egg-info/SOURCES.txt'
        INFO:run_command:running build_ext
        INFO:build_extension:building 'M2Crypto._m2crypto' extension
        INFO:swig_sources:swigging src/SWIG/_m2crypto.i to src/SWIG/_m2crypto_wrap.c
        INFO:spawn:swig -python -py3 -I/usr/lib/gcc/x86_64-linux-gnu/12/include -I/usr/local/include -I/usr/include/x86_64-linux-gnu -I/usr/include -D__x86_64__ -I/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/include -I/usr/include/python3.11 -I/usr/include/openssl -includeall -modern -builtin -outdir /tmp/pip-req-build-7ji35ain/src/M2Crypto -o src/SWIG/_m2crypto_wrap.c src/SWIG/_m2crypto.i
        Traceback (most recent call last):
          File "/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/swig", line 5, in <module>
            from swig import swig
        ModuleNotFoundError: No module named 'swig'
        error: command '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/swig' failed with exit code 1
  • Installing lnkparse3 (1.2.0)
  • Installing m2crypto (0.38.0): Failed

  CalledProcessError

  Command '['/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11', '--no-deps', '/root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz']' returned non-zero exit status 1.

  at /usr/lib/python3.11/subprocess.py:571 in run
       567│             # We don't call process.wait() as .__exit__ does that for us.
       568│             raise
       569│         retcode = process.poll()
       570│         if check and retcode:
    →  571│             raise CalledProcessError(retcode, process.args,
       572│                                      output=stdout, stderr=stderr)
       573│     return CompletedProcess(process.args, retcode, stdout, stderr)
       574│ 
       575│ 

The following error occurred when trying to handle this error:


  EnvCommandError

  Command ['/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11', '--no-deps', '/root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz'] errored with the following return code 1, and output: 
  Processing /root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz
    Installing build dependencies: started
    Installing build dependencies: finished with status 'done'
    Getting requirements to build wheel: started
    Getting requirements to build wheel: finished with status 'done'
    Preparing metadata (pyproject.toml): started
    Preparing metadata (pyproject.toml): finished with status 'done'
  Building wheels for collected packages: M2Crypto
    Building wheel for M2Crypto (pyproject.toml): started
    Building wheel for M2Crypto (pyproject.toml): finished with status 'error'
    error: subprocess-exited-with-error
    
    × Building wheel for M2Crypto (pyproject.toml) did not run successfully.
    │ exit code: 1
    ╰─> [64 lines of output]
        INFO:run_command:running bdist_wheel
        INFO:run_command:running build
        INFO:run_command:running build_py
        INFO:copy_file:copying src/M2Crypto/DH.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/threading.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/X509.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/EC.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/AuthCookie.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/six.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2crypto.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/BIO.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/DSA.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2urllib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2urllib2.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2xmlrpclib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/SMIME.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/ASN1.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/__init__.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/BN.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/RC4.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Rand.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/callback.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/util.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Err.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Engine.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/EVP.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/ftpslib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/RSA.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/httpslib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:mkpath:creating build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/SSLServer.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Checker.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Session.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Cipher.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Connection.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/timeout.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/TwistedProtocolWrapper.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Context.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/__init__.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/ssl_dispatcher.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/cb.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:run_command:running egg_info
        INFO:write_pkg_info:writing src/M2Crypto.egg-info/PKG-INFO
        INFO:write_file:writing dependency_links to src/M2Crypto.egg-info/dependency_links.txt
        INFO:write_file:writing top-level names to src/M2Crypto.egg-info/top_level.txt
        INFO:read_manifest:reading manifest file 'src/M2Crypto.egg-info/SOURCES.txt'
        INFO:read_template:reading manifest template 'MANIFEST.in'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.i'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.h'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.def'
        WARNING:process_template_line:warning: no files found matching 'SWIG/_m2crypto_wrap.c'
        WARNING:process_template_line:warning: no files found matching 'M2Crypto/m2crypto.py'
        INFO:add_license_files:adding license file 'LICENCE'
        INFO:execute:writing manifest file 'src/M2Crypto.egg-info/SOURCES.txt'
        INFO:run_command:running build_ext
        INFO:build_extension:building 'M2Crypto._m2crypto' extension
        INFO:swig_sources:swigging src/SWIG/_m2crypto.i to src/SWIG/_m2crypto_wrap.c
        INFO:spawn:swig -python -py3 -I/usr/lib/gcc/x86_64-linux-gnu/12/include -I/usr/local/include -I/usr/include/x86_64-linux-gnu -I/usr/include -D__x86_64__ -I/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/include -I/usr/include/python3.11 -I/usr/include/openssl -includeall -modern -builtin -outdir /tmp/pip-req-build-7ji35ain/src/M2Crypto -o src/SWIG/_m2crypto_wrap.c src/SWIG/_m2crypto.i
        Traceback (most recent call last):
          File "/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/swig", line 5, in <module>
            from swig import swig
        ModuleNotFoundError: No module named 'swig'
        error: command '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/swig' failed with exit code 1
  • Installing impacket (0.9.24)
  • Installing lnkparse3 (1.2.0)
  • Installing m2crypto (0.38.0): Failed

  CalledProcessError

  Command '['/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11', '--no-deps', '/root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz']' returned non-zero exit status 1.

  at /usr/lib/python3.11/subprocess.py:571 in run
       567│             # We don't call process.wait() as .__exit__ does that for us.
       568│             raise
       569│         retcode = process.poll()
       570│         if check and retcode:
    →  571│             raise CalledProcessError(retcode, process.args,
       572│                                      output=stdout, stderr=stderr)
       573│     return CompletedProcess(process.args, retcode, stdout, stderr)
       574│ 
       575│ 

The following error occurred when trying to handle this error:


  EnvCommandError

  Command ['/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/python', '-m', 'pip', 'install', '--use-pep517', '--disable-pip-version-check', '--isolated', '--no-input', '--prefix', '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11', '--no-deps', '/root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz'] errored with the following return code 1, and output: 
  Processing /root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz
    Installing build dependencies: started
    Installing build dependencies: finished with status 'done'
    Getting requirements to build wheel: started
    Getting requirements to build wheel: finished with status 'done'
    Preparing metadata (pyproject.toml): started
    Preparing metadata (pyproject.toml): finished with status 'done'
  Building wheels for collected packages: M2Crypto
    Building wheel for M2Crypto (pyproject.toml): started
    Building wheel for M2Crypto (pyproject.toml): finished with status 'error'
    error: subprocess-exited-with-error
    
    × Building wheel for M2Crypto (pyproject.toml) did not run successfully.
    │ exit code: 1
    ╰─> [64 lines of output]
        INFO:run_command:running bdist_wheel
        INFO:run_command:running build
        INFO:run_command:running build_py
        INFO:copy_file:copying src/M2Crypto/DH.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/threading.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/X509.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/EC.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/AuthCookie.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/six.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2crypto.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/BIO.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/DSA.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2urllib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2urllib2.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2xmlrpclib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/SMIME.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/ASN1.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/__init__.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/m2.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/BN.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/RC4.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Rand.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/callback.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/util.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Err.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/Engine.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/EVP.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/ftpslib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/RSA.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:copy_file:copying src/M2Crypto/httpslib.py -> build/lib.linux-x86_64-cpython-311/M2Crypto
        INFO:mkpath:creating build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/SSLServer.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Checker.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Session.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Cipher.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Connection.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/timeout.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/TwistedProtocolWrapper.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/Context.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/__init__.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/ssl_dispatcher.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:copy_file:copying src/M2Crypto/SSL/cb.py -> build/lib.linux-x86_64-cpython-311/M2Crypto/SSL
        INFO:run_command:running egg_info
        INFO:write_pkg_info:writing src/M2Crypto.egg-info/PKG-INFO
        INFO:write_file:writing dependency_links to src/M2Crypto.egg-info/dependency_links.txt
        INFO:write_file:writing top-level names to src/M2Crypto.egg-info/top_level.txt
        INFO:read_manifest:reading manifest file 'src/M2Crypto.egg-info/SOURCES.txt'
        INFO:read_template:reading manifest template 'MANIFEST.in'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.i'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.h'
        WARNING:process_template_line:warning: no files found matching 'SWIG/*.def'
        WARNING:process_template_line:warning: no files found matching 'SWIG/_m2crypto_wrap.c'
        WARNING:process_template_line:warning: no files found matching 'M2Crypto/m2crypto.py'
        INFO:add_license_files:adding license file 'LICENCE'
        INFO:execute:writing manifest file 'src/M2Crypto.egg-info/SOURCES.txt'
        INFO:run_command:running build_ext
        INFO:build_extension:building 'M2Crypto._m2crypto' extension
        INFO:swig_sources:swigging src/SWIG/_m2crypto.i to src/SWIG/_m2crypto_wrap.c
        INFO:spawn:swig -python -py3 -I/usr/lib/gcc/x86_64-linux-gnu/12/include -I/usr/local/include -I/usr/include/x86_64-linux-gnu -I/usr/include -D__x86_64__ -I/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/include -I/usr/include/python3.11 -I/usr/include/openssl -includeall -modern -builtin -outdir /tmp/pip-req-build-7ji35ain/src/M2Crypto -o src/SWIG/_m2crypto_wrap.c src/SWIG/_m2crypto.i
        Traceback (most recent call last):
          File "/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/swig", line 5, in <module>
            from swig import swig
        ModuleNotFoundError: No module named 'swig'
        error: command '/root/.cache/pypoetry/virtualenvs/donpapi-WjBzr8W3-py3.11/bin/swig' failed with exit code 1
        [end of output]
    
    note: This error originates from a subprocess, and is likely not a problem with pip.
    ERROR: Failed building wheel for M2Crypto
  Failed to build M2Crypto
  ERROR: Could not build wheels for M2Crypto, which is required to install pyproject.toml-based projects
  

  at /usr/lib/python3/dist-packages/poetry/utils/env.py:1540 in _run
      1536│                 output = subprocess.check_output(
      1537│                     command, stderr=subprocess.STDOUT, env=env, **kwargs
      1538│                 )
      1539│         except CalledProcessError as e:
    → 1540│             raise EnvCommandError(e, input=input_)
      1541│ 
      1542│         return decode(output)
      1543│ 
      1544│     def execute(self, bin: str, *args: str, **kwargs: Any) -> int:

The following error occurred when trying to handle this error:


  PoetryException

  Failed to install /root/.cache/pypoetry/artifacts/de/e9/1c/53d251c759c702dbaaaaca584d20259e0dac1d89660e8cf5208e6d1183/M2Crypto-0.38.0.tar.gz

  at /usr/lib/python3/dist-packages/poetry/utils/pip.py:58 in pip_install
       54│ 
       55│     try:
       56│         return environment.run_pip(*args)
       57│     except EnvCommandError as e:
    →  58│         raise PoetryException(f"Failed to install {path.as_posix()}") from e
       59│ 

  • Installing pyasn (1.6.1)
  • Installing pycryptodome (3.18.0)
  • Installing swig (4.1.1)
  • Updating wheel (0.38.4 -> 0.37.1)

Testing environnement was:

git clone https://github.com/login-securite/DonPAPI
cd DonPAPI
poetry update
poetry run DonPAPI

exception was : 'database' object has no attribute 'add_connected_user'

Having a problem with trying to dump data, here is the error I get

`2023-07-02,18:38:18.669 DEBUG {myseatbelt} [login_conn] [192.168.131.139] [-] initialising smb Authentification to [REDACTED] / [REDACTED] : , @ 192.168.131.139 , Hash : : [REDACTED], AESKey None

2023-07-02,18:38:19.861 DEBUG {myseatbelt} [is_admin] [192.168.131.139] Checking if is admin

2023-07-02,18:38:20.441 DEBUG {myseatbelt} [is_admin] [192.168.131.139] Is ADMIN

2023-07-02,18:38:20.442 DEBUG {myseatbelt} [init_connect] Error init connect

2023-07-02,18:38:24.011 INFO {myseatbelt} [do_who] host: \172.31.64.56, user: [REDACTED], active: 4, idle: 1

2023-07-02,18:38:24.011 DEBUG {myseatbelt} [do_test] [192.168.131.139] Not connected

2023-07-02,18:38:24.012 DEBUG {myseatbelt} [do_test] exception was : 'database' object has no attribute 'add_connected_user'`

This was the command:

DonPAPI --hashes :[REDACTED] [REDACTED]/[REDACTED]@192.168.131.139 -o /tmp/test -d -R -port 445 -pvk ./key.pvk --no_remoteops

Tried on latest version of Ubuntu, Python 3.10.6
Edit: Tried on Debian 11 and also get the same error, on Python 3.9.2

Wrong description for --no_recent and --no_sysadmins

The "--no_recent" and "--no_sysamins" options have the wrong description:

attacks:
  --no_browser          do not hunt for browser passwords
  --no_dpapi            do not hunt for DPAPI secrets
  --no_vnc              do not hunt for VNC passwords
  --no_remoteops        do not hunt for SAM and LSA with remoteops
  --GetHashes           Get all users Masterkey's hash & DCC2 hash
  --no_recent           Get recent files
  --no_sysadmins        Get sysadmins stuff (mRemoteNG, vnc, keepass, lastpass ...)

The Word "Get" should be replaced by "do not hunt for" for --no_recent and --no_sysamins

Lazagne with DonPAPI

Hello,

Nice project !

I wanted to give you some idea to deal with Lazagne modules. I think you could not managed with the lazagne project but you should use lazagne forensic which has been designed to have a similar idea. The project is not up to date but could be done easily copying the code from lazagne modules and modifying from where the data are retrieved.

What I would suggest you is to integrate lazagneforensic as an external project (like we do in pupy: https://github.com/n1nj4sec/pupy/tree/unstable/pupy/external), and you load the project as module into the code. We update all lazagneForensic modules and fix some compatible issue with your project (if there are).

Like that if a fix is done on your project or mine, it could be easily fixed.

If you don't want and want to do your own things, I have no problems with it.

Have a nice day.

ERROR derivekey exception : can only concatenate str (not "bytes") to str

Hello there,

When running DonPAPI with an admin user I get the following error repeated many times :
ERROR derivekey exception : can only concatenate str (not "bytes") to str

The command I'm running is :
DonPAPI -H <HASH> <DOMAIN>/<USER>@<TARGET> (redacted for privacy)

Tested on Kali Linux with Python 3.10.10