Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix bug in skype #470

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix bug in skype #470

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6a32e8c
Merge pull request #8 from AlessandroZ/master
MyLoginOnGitHub Jan 5, 2020
c58ffcc
fixed bug for both python2 and python3 interpreter
MyLoginOnGitHub Jan 5, 2020
e5182e1
Added support of python3
MyLoginOnGitHub Jan 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 12 additions & 7 deletions Windows/lazagne/softwares/chats/skype.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,7 @@ def get_regkey(self):

# num = winreg.QueryInfoKey(hkey)[1]
k = winreg.EnumValue(hkey, 0)[1]
result_bytes = win.Win32CryptUnprotectData(k, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
return result_bytes.decode("utf-8")
return win.Win32CryptUnprotectData(k, is_current_user=constant.is_current_user, user_dpapi=constant.user_dpapi)
except Exception as e:
self.debug(str(e))
return False
Expand All @@ -61,28 +60,34 @@ def get_md5_hash(self, enc_hex, key):
enc_binary = binascii.unhexlify(enc_hex)

# retrieve the salt
salt = hashlib.sha1('\x00\x00\x00\x00' + key).digest() + hashlib.sha1('\x00\x00\x00\x01' + key).digest()
salt = hashlib.sha1(b'\x00\x00\x00\x00' + key).digest() + hashlib.sha1(b'\x00\x00\x00\x01' + key).digest()

# encrypt value used with the XOR operation
aes_key = self.aes_encrypt(struct.pack('I', 0) * 4, salt[0:32])[0:16]

# XOR operation
decrypted = []

# Make code python3-compatible
if win.python_version == 3:
enc_binary = [bytes([x]) for x in enc_binary]
aes_key = [bytes([x]) for x in aes_key]

for d in range(16):
decrypted.append(struct.unpack('B', enc_binary[d])[0] ^ struct.unpack('B', aes_key[d])[0])

# cast the result byte
tmp = ''
tmp = b''
for dec in decrypted:
tmp = tmp + struct.pack(">I", dec).strip('\x00')
tmp = tmp + struct.pack(">I", dec).strip(b'\x00')

# byte to hex
return binascii.hexlify(tmp)

def dictionary_attack(self, login, md5):
wordlist = constant.password_found + get_dic()
for word in wordlist:
hash_ = hashlib.md5('%s\nskyper\n%s' % (login, word)).hexdigest()
hash_ = hashlib.md5(('%s\nskyper\n%s' % (login, word)).encode()).hexdigest()
if hash_ == md5:
return word
return False
Expand Down Expand Up @@ -112,7 +117,7 @@ def get_info(self, key, username, path):
self.warning(u'No credential stored on the config.xml file.')
else:
# decrypt the hash to get the md5 to brue force
values['Hash'] = self.get_md5_hash(enc_hex, key)
values['Hash'] = self.get_md5_hash(enc_hex, key).decode()
values['Pattern to bruteforce using md5'] = win.string_to_unicode(values['Login']) + u'\\nskyper\\n<password>'

# Try a dictionary attack on the hash
Expand Down