Merge pull request #58 from p0dalirius/secretsdump-parsing-opengpg-keys

fortra#1301 [secretsdump] Added OpenGPG public/private key parsing in secretsdump.py
ThePorgs · Jun 3, 2024 · 24f1690 · 24f1690
2 parents a16335a + d7aa6d2
commit 24f1690
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/impacket/examples/secretsdump.py b/impacket/examples/secretsdump.py
@@ -1779,6 +1779,24 @@ def __printSecret(self, name, secretItem):
                     LOG.warning("Unknown SQSA version (%s), please open an issue with the following data so we can add a parser for it." % str(strDecoded['version']))
                     LOG.warning("Don't forget to remove sensitive content before sending the data in a Github issue.")
                     secret = json.dumps(strDecoded, indent=4)
+        elif re.match('^L\$([0-9A-Z]{3})-PRV-([0-9A-F]{32})$', upperName) is not None:
+            # Decode stored OpenGPG private key
+            keyid = re.search('^L\$([0-9A-Z]{3})-PRV-([0-9A-F]{32})$', upperName).group(2)
+            try:
+                b64key = secretItem.decode('utf-16le')
+            except:
+                pass
+            else:
+                secret = 'OpenGPG private key %s: \n%s' % (keyid, b64key)
+        elif re.match('^L\$([0-9A-Z]{3})-PUB-([0-9A-F]{32})$', upperName) is not None:
+            # Decode stored OpenGPG public key
+            keyid = re.search('^L\$([0-9A-Z]{3})-PUB-([0-9A-F]{32})$', upperName).group(2)
+            try:
+                b64key = secretItem.decode('utf-16le')
+            except:
+                pass
+            else:
+                secret = 'OpenGPG public key %s: \n%s' % (keyid, b64key)
 
         if secret != '':
             printableSecret = secret