public void Execute(Dictionary <string, string> arguments)
{
Console.WriteLine("\r\n[*] Action: Describe PSCredential .xml");
string target = "";
bool unprotect = false; // whether to force CryptUnprotectData()
if (arguments.ContainsKey("/unprotect"))
{
Console.WriteLine("\r\n[*] Using CryptUnprotectData() for decryption.");
unprotect = true;
}
Console.WriteLine();
if (arguments.ContainsKey("/target"))
{
target = arguments["/target"];
}
else
{
Console.WriteLine("[X] A /target:<BASE64 | file.bin> must be supplied!");
return;
}
// {GUID}:SHA1 keys are the only ones that don't start with /
Dictionary <string, string> masterkeys = new Dictionary <string, string>();
foreach (KeyValuePair <string, string> entry in arguments)
{
if (!entry.Key.StartsWith("/"))
{
masterkeys.Add(entry.Key, entry.Value);
}
}
if (arguments.ContainsKey("/pvk"))
{
// use a domain DPAPI backup key to triage masterkeys
masterkeys = SharpDPAPI.Dpapi.PVKTriage(arguments);
}
else if (arguments.ContainsKey("/mkfile"))
{
masterkeys = SharpDPAPI.Helpers.ParseMasterKeyFile(arguments["/mkfile"]);
}
else if (arguments.ContainsKey("/password"))
{
string password = arguments["/password"];
Console.WriteLine("[*] Will decrypt user masterkeys with password: {0}\r\n", password);
if (arguments.ContainsKey("/server"))
{
masterkeys = Triage.TriageUserMasterKeys(null, true, arguments["/server"], password);
}
else
{
masterkeys = Triage.TriageUserMasterKeys(null, true, "", password);
}
}
Triage.TriagePSCredFile(masterkeys, target, unprotect);
}