search

skelsec / pypykatz

Mimikatz implementation in pure Python
MIT License
2.81k stars 371 forks source link

package "cryptography" not listed as dependency #104

Closed presianbg closed 2 years ago

presianbg commented 2 years ago

Hi,

I'm trying to use the newly added dpapi chrome offline functionality, but looks like the requirements of the project are not complete:

  File "/home/pyankulov/.local/pipx/venvs/pypykatz/lib/python3.10/site-packages/unicrypto/__init__.py", line 52, in get_cipher_by_name
    return import_from(moduleName , ciphername)
  File "/home/pyankulov/.local/pipx/venvs/pypykatz/lib/python3.10/site-packages/unicrypto/__init__.py", line 15, in import_from
    module = __import__(module, fromlist=[name])
  File "/home/pyankulov/.local/pipx/venvs/pypykatz/lib/python3.10/site-packages/unicrypto/backends/cryptography/AES.py", line 2, in <module>
    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
ModuleNotFoundError: No module named 'cryptography'

This is easily fixed with:

pipx runpip pypykatz install cryptography

Cheers, PY

skelsec commented 2 years ago

To be honest I dunno how you got this issue.
Foreword: the unicrypto module is new and despite having extensive testcases it probably has issues.
With that being said, unicrypto specifically asks for pycryptodomex here

presianbg commented 2 years ago

Looks like I've messed up my virtual env and pipx installation. All good, sorry for the false alarm.

presianbg commented 2 years ago

Nope, the missing dependency is real. I've pulled latest git version of pypykatz and created a new python3 venv.

Then:

pip3 install minidump minikerberos aiowinreg msldap winacl

python3 setup.py install

Here is the traceback when I run pypykatz dpapi chrome --logindata login-data master.txt local-state

Traceback (most recent call last):
  File "/tmp/test-env/bin/pypykatz", line 33, in <module>
    sys.exit(load_entry_point('pypykatz==0.5.8', 'console_scripts', 'pypykatz')())
  File "/tmp/test-env/lib/python3.10/site-packages/pypykatz-0.5.8-py3.10.egg/pypykatz/__main__.py", line 89, in main
  File "/tmp/test-env/lib/python3.10/site-packages/pypykatz-0.5.8-py3.10.egg/pypykatz/dpapi/cmdhelper.py", line 132, in execute
  File "/tmp/test-env/lib/python3.10/site-packages/pypykatz-0.5.8-py3.10.egg/pypykatz/dpapi/cmdhelper.py", line 261, in run
  File "/tmp/test-env/lib/python3.10/site-packages/pypykatz-0.5.8-py3.10.egg/pypykatz/dpapi/dpapi.py", line 685, in decrypt_all_chrome
  File "/tmp/test-env/lib/python3.10/site-packages/unicrypto/__init__.py", line 52, in get_cipher_by_name
    return import_from(moduleName , ciphername)
  File "/tmp/test-env/lib/python3.10/site-packages/unicrypto/__init__.py", line 15, in import_from
    module = __import__(module, fromlist=[name])
  File "/tmp/test-env/lib/python3.10/site-packages/unicrypto/backends/cryptography/AES.py", line 2, in <module>
    from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
ModuleNotFoundError: No module named 'cryptography'

This are the files I'm testing with: seized-ctf.zip This are from this challenge -> https://ctftime.org/task/21479

Looks like unicrypto AES.py is using this library: https://cryptography.io/en/latest/hazmat/primitives/symmetric-encryption/

If I install cryptography:

pypykatz dpapi chrome --logindata login-data master.txt local-state 
file: login-data user: ransomoperator@draeglocker.com pass: b'HTB{Br0ws3rs_C4nt_s4v3_y0u_n0w}' url: https://windowsliveupdater.com/

But perhaps this issue should be raised on the unicrypto project.

Cheers, PY