You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
And here is the failing command for extracting data using lazagne forensics and the password (I have created the Windows installation, so we know the password in advance).
mba@mba-ThinkPad-T450s:~/myproject/src$ python2.7 lf/LaZagneForensic/LaZagneForensic/laZagneForensic.py all -vv -local /mnt/mp -password 'Kirkemus'
|====================================================================|
| |
| The LaZagne Project |
| |
| ! BANG BANG ! |
| |
|====================================================================|
########## User: ovelse21offline ##########
[!] Kirkemus ok for masterkey a0d2ea99-ab04-4a7a-bb26-51e28e18df34
[!] [+] System masterkey decrypted for 1bf990f9-d699-49a6-9a8b-d594e9883ad3
[!] [+] System masterkey decrypted for ccb68759-69a6-49e4-8059-31e2d620fae8
------------------- Pidgin passwords -----------------
[!] Profile path found: /mnt/mp/Users/ovelse21offline/AppData/Roaming/Mozilla/Firefox/Profiles/0dnz79y8.default
Traceback (most recent call last):
File "lf/LaZagneForensic/LaZagneForensic/laZagneForensic.py", line 100, in run_module
pwdFound = module.run(title.capitalize()) # run the module
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/mozilla.py", line 364, in run
key = self.get_key(profile)
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/mozilla.py", line 73, in get_key
key_data = self.readBsddb(os.path.join(profile, 'key3.db'))
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/mozilla.py", line 132, in readBsddb
with open(name, 'rb') as f:
IOError: [Errno 2] No such file or directory: u'/mnt/mp/Users/ovelse21offline/AppData/Roaming/Mozilla/Firefox/Profiles/0dnz79y8.default/key3.db'
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/PepperFlash/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/BrowserMetrics/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/BrowserMetrics-spare.pma/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/CertificateRevocation/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/chrome_shutdown_ms.txt/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Crashpad/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/CrashpadMetrics-active.pma/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Crowd Deny/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Default/Login Data
[!] Traceback (most recent call last):
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/chrome.py", line 70, in run
password = constant.user_dpapi.decrypt_blob(result[2])
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/dpapi.py", line 96, in decrypt_blob
blob = DPAPIBlob(dpapi_blob)
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/DPAPI/blob.py", line 15, in init
self.dpapiblob = DPAPI_BLOB_STRUCT.parse(dpapiblob)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 260, in parse
return self.parse_stream(io.BytesIO(data), **contextkw)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 268, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 747, in _parse
return _read_stream(stream, length)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 84, in _read_stream
raise StreamError("could not read enough bytes, expected %d, found %d" % (length, len(data)))
StreamError: could not read enough bytes, expected 8, found 7
[!] Traceback (most recent call last):
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/chrome.py", line 70, in run
password = constant.user_dpapi.decrypt_blob(result[2])
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/dpapi.py", line 96, in decrypt_blob
blob = DPAPIBlob(dpapi_blob)
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/DPAPI/blob.py", line 15, in init
self.dpapiblob = DPAPI_BLOB_STRUCT.parse(dpapiblob)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 260, in parse
return self.parse_stream(io.BytesIO(data), **contextkw)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 268, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 893, in _parse
data = _read_stream(stream, self.length)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 84, in _read_stream
raise StreamError("could not read enough bytes, expected %d, found %d" % (length, len(data)))
StreamError: could not read enough bytes, expected 2, found 1
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/FileTypePolicies/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/First Run/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Floc/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/GrShaderCache/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Last Browser/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Last Version/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Local State/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/MEIPreload/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Module Info Cache/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/OriginTrials/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/pnacl/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/RecoveryImproved/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Safe Browsing/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/SafetyTips/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/ShaderCache/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/SSLErrorAssistant/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Subresource Filter/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/SwReporter/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/ThirdPartyModuleList64/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/TLSDeprecationConfig/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/TrustTokenKeyCommitments/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/WidevineCdm/Login Data
[!] No passwords found
------------------- Opera passwords -----------------
[!] No .vcrd file found. Nothing to decrypt.
[!] Policy file not found: /mnt/mp/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Vault/UserProfileRoaming/Policy.vpol
[!] No passwords found
I am stuck here, getting the StreamError as described in the subject. The full error can be seen in the output below.
Hoping someone could give me a hint to what I am doing wrong....?
Thanks for sharing your project by the way,
Mark
Here is my setup:
I have mounted an EWF file using ewfmount like this:
mkdir /mnt/e01
ewfmount /file/path/to/xx.E01 /mnt/e01
mkdir /mnt/mp
mount /mnt/e01/ewf1 /mnt/mp -o ro,loop,show_sys_files,offset=$((239616*512))
Here is the content of the windows file system:
ls -alh /mnt/mp/
total 9.9G
drwxrwxrwx 1 root root 4.0K Sep 28 10:59 .
drwxr-xr-x 14 root root 4.0K Oct 5 11:23 ..
-rwxrwxrwx 1 root root 2.5K Sep 28 11:54 '$AttrDef'
-rwxrwxrwx 1 root root 0 Sep 28 11:54 '$BadClus'
-rwxrwxrwx 1 root root 7.5M Sep 28 11:54 '$Bitmap'
-rwxrwxrwx 1 root root 8.0K Sep 28 11:54 '$Boot'
lrwxrwxrwx 2 root root 13 Sep 28 10:59 'Documents and Settings' -> /mnt/mp/Users
-rwxrwxrwx 2 root root 8.0K Sep 28 10:59 DumpStack.log.tmp
drwxrwxrwx 1 root root 0 Sep 28 11:54 '$Extend'
-rwxrwxrwx 1 root root 7.9G Sep 28 12:24 hiberfil.sys
-rwxrwxrwx 1 root root 64M Sep 28 11:54 '$LogFile'
-rwxrwxrwx 1 root root 4.0K Sep 28 11:54 '$MFTMirr'
-rwxrwxrwx 1 root root 1.9G Sep 28 10:59 pagefile.sys
drwxrwxrwx 1 root root 0 Dec 7 2019 PerfLogs
drwxrwxrwx 1 root root 4.0K Sep 28 12:14 ProgramData
drwxrwxrwx 1 root root 4.0K Sep 28 12:20 'Program Files'
drwxrwxrwx 1 root root 4.0K Sep 28 12:20 'Program Files (x86)'
lrwxrwxrwx 2 root root 21 Sep 28 10:59 Programmer -> '/mnt/mp/Program Files'
drwxrwxrwx 1 root root 0 Sep 28 10:59 Recovery
drwxrwxrwx 1 root root 0 Sep 28 12:06 '$Recycle.Bin'
---------- 1 root root 0 Sep 28 11:54 '$Secure'
-rwxrwxrwx 1 root root 16M Sep 28 10:59 swapfile.sys
drwxrwxrwx 1 root root 4.0K Sep 28 11:01 'System Volume Information'
-rwxrwxrwx 1 root root 128K Sep 28 11:54 '$UpCase'
drwxrwxrwx 1 root root 4.0K Sep 28 12:22 Users
-rwxrwxrwx 1 root root 0 Sep 28 11:54 '$Volume'
drwxrwxrwx 1 root root 16K Sep 28 12:02 Windows
And here is the failing command for extracting data using lazagne forensics and the password (I have created the Windows installation, so we know the password in advance).
mba@mba-ThinkPad-T450s:~/myproject/src$ python2.7 lf/LaZagneForensic/LaZagneForensic/laZagneForensic.py all -vv -local /mnt/mp -password 'Kirkemus'
|====================================================================|
| |
| The LaZagne Project |
| |
| ! BANG BANG ! |
| |
|====================================================================|
########## User: ovelse21offline ##########
[!] Kirkemus ok for masterkey a0d2ea99-ab04-4a7a-bb26-51e28e18df34
[!] [+] System masterkey decrypted for 1bf990f9-d699-49a6-9a8b-d594e9883ad3
[!] [+] System masterkey decrypted for ccb68759-69a6-49e4-8059-31e2d620fae8
------------------- Pidgin passwords -----------------
[!] Pidgin not found.
[!] No passwords found
------------------- Thunderbird passwords -----------------
[!] Thunderbird not found.
[!] No passwords found
------------------- Apachedirectorystudio passwords -----------------
[!] Apachedirectorystudio not found.
[!] No passwords found
------------------- Filezilla passwords -----------------
[!] Filezilla not found.
[!] No passwords found
------------------- Firefox passwords -----------------
[!] Profile path found: /mnt/mp/Users/ovelse21offline/AppData/Roaming/Mozilla/Firefox/Profiles/0dnz79y8.default
Traceback (most recent call last):
File "lf/LaZagneForensic/LaZagneForensic/laZagneForensic.py", line 100, in run_module
pwdFound = module.run(title.capitalize()) # run the module
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/mozilla.py", line 364, in run
key = self.get_key(profile)
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/mozilla.py", line 73, in get_key
key_data = self.readBsddb(os.path.join(profile, 'key3.db'))
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/mozilla.py", line 132, in readBsddb
with open(name, 'rb') as f:
IOError: [Errno 2] No such file or directory: u'/mnt/mp/Users/ovelse21offline/AppData/Roaming/Mozilla/Firefox/Profiles/0dnz79y8.default/key3.db'
------------------- Dbvis passwords -----------------
[!] Dbvis not found.
[!] No passwords found
------------------- Robomongo passwords -----------------
[!] No passwords found
------------------- Sqldeveloper passwords -----------------
[!] Sqldeveloper not found.
[!] No passwords found
------------------- Squirrel passwords -----------------
[!] Squirrel not found.
[!] No passwords found
------------------- Windows passwords -----------------
[+] Password found !!!
Login: ovelse21offline
Password: Kirkemus
------------------- Chrome passwords -----------------
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/PepperFlash/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/BrowserMetrics/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/BrowserMetrics-spare.pma/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/CertificateRevocation/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/chrome_shutdown_ms.txt/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Crashpad/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/CrashpadMetrics-active.pma/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Crowd Deny/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Default/Login Data
[!] Traceback (most recent call last):
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/chrome.py", line 70, in run
password = constant.user_dpapi.decrypt_blob(result[2])
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/dpapi.py", line 96, in decrypt_blob
blob = DPAPIBlob(dpapi_blob)
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/DPAPI/blob.py", line 15, in init
self.dpapiblob = DPAPI_BLOB_STRUCT.parse(dpapiblob)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 260, in parse
return self.parse_stream(io.BytesIO(data), **contextkw)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 268, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 747, in _parse
return _read_stream(stream, length)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 84, in _read_stream
raise StreamError("could not read enough bytes, expected %d, found %d" % (length, len(data)))
StreamError: could not read enough bytes, expected 8, found 7
[!] Traceback (most recent call last):
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/softwares/browsers/chrome.py", line 70, in run
password = constant.user_dpapi.decrypt_blob(result[2])
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/dpapi.py", line 96, in decrypt_blob
blob = DPAPIBlob(dpapi_blob)
File "/home/mba/polenta/src/lf/LaZagneForensic/LaZagneForensic/lazagne/config/DPAPI/blob.py", line 15, in init
self.dpapiblob = DPAPI_BLOB_STRUCT.parse(dpapiblob)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 260, in parse
return self.parse_stream(io.BytesIO(data), **contextkw)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 268, in parse_stream
return self._parsereport(stream, context, "(parsing)")
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 1891, in _parse
subobj = sc._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 2376, in _parse
return self.subcon._parsereport(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 280, in _parsereport
obj = self._parse(stream, context, path)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 893, in _parse
data = _read_stream(stream, self.length)
File "/home/mba/.local/lib/python2.7/site-packages/construct/core.py", line 84, in _read_stream
raise StreamError("could not read enough bytes, expected %d, found %d" % (length, len(data)))
StreamError: could not read enough bytes, expected 2, found 1
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/FileTypePolicies/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/First Run/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Floc/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/GrShaderCache/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Last Browser/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Last Version/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Local State/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/MEIPreload/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Module Info Cache/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/OriginTrials/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/pnacl/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/RecoveryImproved/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Safe Browsing/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/SafetyTips/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/ShaderCache/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/SSLErrorAssistant/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/Subresource Filter/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/SwReporter/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/ThirdPartyModuleList64/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/TLSDeprecationConfig/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/TrustTokenKeyCommitments/Login Data
[!] Cookie dump not enabled
[!] History export not enabled
[!] User database not found: /mnt/mp/Users/ovelse21offline/AppData/Local/Google/Chrome/User Data/WidevineCdm/Login Data
[!] No passwords found
------------------- Opera passwords -----------------
[!] Opera not found.
[!] No passwords found
------------------- Coccoc passwords -----------------
[!] Coccoc not found.
[!] No passwords found
------------------- Tortoise passwords -----------------
[!] Tortoise not found.
[!] No passwords found
------------------- Credentials passwords -----------------
[!] No passwords found
------------------- Vault passwords -----------------
[!] No passwords found
########## User: SYSTEM ##########
------------------- Ftpnavigator passwords -----------------
[!] Ftpnavigator not found.
[!] No passwords found
------------------- Unattended passwords -----------------
[!] No passwords found
------------------- Sysvault passwords -----------------
[!] No .vcrd file found. Nothing to decrypt.
[!] Policy file not found: /mnt/mp/Windows/System32/config/systemprofile/AppData/Local/Microsoft/Vault/UserProfileRoaming/Policy.vpol
[!] No passwords found
------------------- Cachedump passwords -----------------
[!] No passwords found
------------------- Lsasecrets passwords -----------------
NL$KM
0000 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 @...............
0010 C3 7D 43 24 8E 18 72 C4 DE 97 7F 3E A4 65 F2 A8 .}C$..r....>.e..
0020 BB 9E C0 AC 00 E8 27 4D F3 58 E5 47 22 E4 E1 FB ......'M.X.G"...
0030 70 3A 98 B3 7C 84 45 10 4A EC 89 15 6F EA 66 11 p:..|.E.J...o.f.
0040 3A 6F 24 EE EA D9 38 A1 1A 32 0A 7E 83 D1 5A 0B :o$...8..2.~..Z.
0050 93 3F 50 35 FA 9C 00 AA 69 15 59 49 36 C3 76 DB .?P5....i.YI6.v.
DPAPI_SYSTEM
0000 2C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ,...............
0010 01 00 00 00 F7 C2 0E 1B BA 86 A3 7B FE 02 51 63 ...........{..Qc
0020 26 F4 47 D4 2D 1F F0 54 8C 81 51 93 6F 3F D4 CE &.G.-..T..Q.o?..
0030 E5 E5 F9 0F E8 8F C6 F9 FA 33 00 DB 00 00 00 00 .........3......
DefaultPassword
0000 1C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0010 4F 00 34 00 4D 00 46 00 4C 00 30 00 44 00 39 00 O.4.M.F.L.0.D.9.
0020 34 00 31 00 52 00 39 00 4C 00 42 00 00 00 00 00 4.1.R.9.L.B.....
------------------- Hashes passwords -----------------
Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
Gæst:501:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
DefaultAccount:503:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
WDAGUtilityAccount:504:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
ovelse21offline:1001:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0:::
------------------- Wifi passwords -----------------
[+] Password found !!!
Authentication: WPA2PSK
Wifi: Galaxy A402420
Password: pkew5783
[+] 2 passwords found.
elapsed time = 1.06723499298
The text was updated successfully, but these errors were encountered: