c# - Decrypt Windows Credential Files -


i'm project need manage (write/read) cached credentials. in case, specially (termsrv) or popular known remote desktop.

on windows 7, discovered files stored in "appdata\local\microsoft\credentials". when open mstsc (remote desktop client), , save credential, new file (occult , protected system) created on dir. tried open file on notepad, , it's encrypted data. saw, looks windows use data protection api(dpapi), cryptprotectdata/cryptunprotectdata functions, save/retrieve cached credentials.

my first try, on credread function, discovered domain passwords (cred_type_domain_password - type terminal services), can read authentication packages. after discover, started searching tools, , found people injecting dll lsass process, job. saw nirsoft netpass decrypt saved passwords, , through process explorer, didn't saw new dll injected on lsass. looks works directly on credential file using cryptunprotectdata.

the question is: there anyway retrieve cached passwords, file, without need inject dll , kind of stuff? if yes, way cryptunprotectdata? finally, if yes, data_blob function receives? content of file? can't understand how use function, take blob?

edit::

i posted question on windows/winapi tags only, no views , no answers. believe main question, language independent, i'm doing project in delphi, here goes delphi code credread, gets username, can't list password, because account domain type (cred_type_domain_password)

type  pcredential_attributew = ^_credential_attributew;   _credential_attributew = record     keyword: lpwstr;     flags: dword;     valuesize: dword;     value: lpbyte;   end;     pcredentialw = ^_credentialw;   _credentialw = record     flags: dword;     type_: dword;     targetname: lpwstr;     comment: lpwstr;     lastwritten: filetime;     credentialblobsize: dword;     credentialblob: lpbyte;     persist: dword;     attributecount: dword;     attributes: pcredential_attributew;     targetalias: lpwstr;     username: lpwstr;   end;  pcredentialarray = array of pcredentialw;  const   cred_type_generic                 = 1;   cred_type_domain_password         = 2;   cred_type_domain_certificate      = 3;   cred_type_domain_visible_password = 4;   cred_type_maximum                 = 5;  // maximum supported cred type   cred_type_maximum_ex              = cred_type_maximum + 1000;  // allow new applications run on old oses  var   form1: tform1;  function credreadw(targetname: lpcwstr; type_: dword; flags: dword; var credential: pcredentialw): bool; stdcall; external 'advapi32.dll'; function credenumeratew(filter: lpcwstr; flags: dword; out count: dword; out credential: pcredentialarray): bool; stdcall; external 'advapi32.dll';  implementation  {$r *.dfm}  procedure tform1.formcreate(sender: tobject); var   credentials: pcredentialarray;   credential: pcredentialw;   username: widestring;   i: integer;   dwcount: dword; begin     if credenumeratew(pchar('term*'), 0, dwcount, credentials)     begin       i:= 0 dwcount - 1          begin             if credreadw(credentials[i].targetname, credentials[i].type_, 0, credential)             begin               username:= credential.username;               memo1.lines.add(credentials[i].targetname + ' :: ' + username + ' >> ' + inttostr(credentials[i].type_));               memo1.lines.add(inttostr(credential.credentialblobsize));             end;         end;     end; end;


Comments

Post a Comment

Popular posts from this blog

searchKeyword not working in AngularJS filter -

i writing app using angularjs on front end. want search through table word/field; 1 search box everything. according article here: http://hello-angularjs.appspot.com/searchtable can use filter: searchkeyword this. this code, , not working expected. <label>search: <input ng-model="searchkeyword"></label> <table ng-repeat="post in posts | orderby: sort | filter: searchkeyword"> <tr> <td> {{index(post)}} </td> <td> {{post.title}} </td> <td> {{post.author}} </td> <td> {{post.content}} </td> <td> {{post.date | date: "d/m/yyyy"}} </td> </tr> </table> what should do? thank you try this: controller $scope.posts = [ {title:'title one', author:'author one', content: 'content one'}, {title:'title two', author:'author two', content: 'cont...
Read more

sequelize.js - Sequelize: sort by enum cases -

i have model ( article ) field (the name type ) of type enum('source', 'translated') , return 1 article ordered type field. source articles should returned before translated articles. like: article.findone(order: [ { type: [ 'source', 'translated' ] } ]); unfortunately there appears no built-in solution sorting enums. instead have sort by case , couldn't find documentation on how sequelize. what conventional approach here? sorting case hard in sequelize, sort field (the second answer in linked post) should possible: order: sequelize.fn('field', sequelize.col('type'), 'source', 'translated') it's supported mysql far know though
Read more

user interface - how to replace an ongoing process of image capture from another process call over the same ImageLabel in python's GUI TKinter -

i trying use following code create interactive gui changes color-space(hsv, rbg, grayscale etc) on event of button click. display opencv video in tkinter using multiprocessing being new python having problems multiprocessing , attempts on making gui change it's color space on button clicks hangs entire system. on it's implementation highly appreciated. thankyou. below code: import cv2 pil import image,imagetk import tkinter tk import numpy np multiprocessing import process , queue def quit_it(root,process): root.destroy() process.terminate() def black_andwhite(root,process): process.terminate p=process(target=capture_image, args=(5,queue, )) p.start() root.after(0, func=lambda: update_all(root, image_label, queue)) def update_image(image_label, queue): frame = queue.get() = image.fromarray(frame) b = imagetk.photoimage(image=a) image_label.configure(image=b) image_label._image_cache = b root.update() def update_all(root...
Read more