public static void ParseSecrets(string sampath, string systempath, string securitypath, List <byte[]> machineMasterKeys = null, List <byte[]> userMasterKeys = null, string credDirs = null, string vaultDirs = null, string certDirs = null)
{
StringBuilder sb = new StringBuilder();
byte[] bootKey = new byte[16];
RegistryHive system = RegistryHive.ImportHiveDump(systempath);
if (system != null)
{
bootKey = GetBootKey(system);
if (bootKey == null)
{
sb.AppendLine("[-] Failed to parse bootkey");
return;
}
}
else
{
sb.AppendLine("[-] Unable to access to SYSTEM dump file");
}
RegistryHive sam = RegistryHive.ImportHiveDump(sampath);
if (sam != null)
{
ParseSam(bootKey, sam).ForEach(item => sb.Append(item + Environment.NewLine));
}
else
{
sb.AppendLine("[-] Unable to access to SAM dump file");
}
RegistryHive security = RegistryHive.ImportHiveDump(securitypath);
if (security != null)
{
ParseLsa(security, bootKey, system).ForEach(item => sb.Append(item + Environment.NewLine));
}
else
{
sb.AppendLine("[-] Unable to access to SECURITY dump file");
}
if (machineMasterKeys != null || userMasterKeys != null)
{
List <byte[]> dpapikeys = new List <byte[]>();
foreach (string line in sb.ToString().Split(new string[] { Environment.NewLine }, StringSplitOptions.None).ToList())
{
if (line.Contains("dpapi_machinekey:") || line.Contains("dpapi_userkey:"))
{
byte[] bytes = Helpers.Misc.HexToByteArray(line.Split(':').Last());
dpapikeys.Add(bytes);
}
}
SharpDPAPI.SharpDPAPI.ParseDpapi(sb, dpapikeys, machineMasterKeys, userMasterKeys, credDirs, vaultDirs, certDirs);
}
Console.WriteLine(sb.ToString());
}
