Discussion :

[Lunixinclar]

Salut, besoin d'un coup de main pour récupérer un mot de passe avec CryptUnprotectData sous windows.

Il affiche NULL il parle de moi je crois, mais le mot de passe ne devrait pas NULL ça c'est sûr.

Une idée? merci d'avance

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
#include <windows.h>
#include <wincrypt.h>
#include <stdio.h>
 
#pragma comment(lib, "Crypt32.lib")
 
 
//de wincred.h
 
typedef struct _CREDENTIAL_ATTRIBUTEA {
    LPSTR Keyword;
    DWORD Flags;
    DWORD ValueSize;
    LPBYTE Value;
}
CREDENTIAL_ATTRIBUTEA,*PCREDENTIAL_ATTRIBUTEA;
 
typedef struct _CREDENTIALA {
    DWORD Flags;
    DWORD Type;
    LPSTR TargetName;
    LPSTR Comment;
    FILETIME LastWritten;
    DWORD CredentialBlobSize;
    LPBYTE CredentialBlob;
    DWORD Persist;
    DWORD AttributeCount;
    PCREDENTIAL_ATTRIBUTEA Attributes;
    LPSTR TargetAlias;
    LPSTR UserName;
} CREDENTIALA,*PCREDENTIALA;
 
typedef CREDENTIALA CREDENTIAL;
typedef PCREDENTIALA PCREDENTIAL;
 
 
 
typedef BOOL (WINAPI *typeCredEnumerateA)(LPCTSTR, DWORD, DWORD *, PCREDENTIALA **);
typedef BOOL (WINAPI *typeCredReadA)(LPCTSTR, DWORD, DWORD, PCREDENTIALA *);
typedef VOID (WINAPI *typeCredFree)(PVOID);
 
typeCredEnumerateA pfCredEnumerateA;
typeCredReadA pfCredReadA;
typeCredFree pfCredFree;
 
void enumerate()
{
 PCREDENTIAL *CredentialCollection = NULL;
 DATA_BLOB blobCrypt, blobPlainText, blobEntropy;
 
 //used for filling up blobEntropy
 char szEntropyStringSeed[37] = "82BD0E67-9FEA-4748-8672-D5EFE5B779B0"; //credui.dll
 short int EntropyData[37];
 short int tmp;
 
 HMODULE hDLL;
 DWORD Count, i;
 
 //Locate CredEnumerate, CredRead, CredFree fromadvapi32.dll
 if( hDLL = LoadLibrary("advapi32.dll") )
 {
  pfCredEnumerateA = (typeCredEnumerateA)GetProcAddress(hDLL, "CredEnumerateA");
  pfCredReadA = (typeCredReadA)GetProcAddress(hDLL, "CredReadA");
  pfCredFree = (typeCredFree)GetProcAddress(hDLL, "CredFree");
 
  if( pfCredEnumerateA == NULL|| pfCredReadA == NULL || pfCredFree == NULL )
  {
   printf("error!\n");
   return ;
  }
 }
 
 //Get an array of 'credential', satisfying the filter
 pfCredEnumerateA("*", 0, &Count, &CredentialCollection);
 
 if(Count) //usually this value is only 1
 {
  //Calculate Entropy Data
  for(i=0; i<37; i++) // strlen(szEntropyStringSeed) = 37
  {
   tmp = (short int)szEntropyStringSeed[i];
   tmp <<= 2;
   EntropyData[i] = tmp;
  }
 
  for(i=0; i<Count; i++)
  {
   blobEntropy.pbData = (BYTE *)&EntropyData;
   blobEntropy.cbData = 74; //sizeof(EntropyData)
 
   blobCrypt.pbData = CredentialCollection[i]->CredentialBlob;
   blobCrypt.cbData = CredentialCollection[i]->CredentialBlobSize;
 
   CryptUnprotectData(&blobCrypt, NULL, &blobEntropy, NULL, NULL, 1, &blobPlainText);
 
   printf("Username : %s\n", CredentialCollection[i]->UserName);
   printf("Password : %ls\n\n", blobPlainText.pbData);
  }
 }
 
 pfCredFree(CredentialCollection);
}
 
 
 
int main()
{
 enumerate();
 return 0;
}