DonPAPI icon indicating copy to clipboard operation
DonPAPI copied to clipboard
verified publisher icon login-securite

Fix secretsdump not able to retrieve autologon default username

Open Dfte opened this issue 1 year ago • 0 comments

As of now, DonPAPI isn't able to retrieve the default username used for autologon:

image

This is because in the secretdumps DonPAPIRemoteOperations, the getDefaultLoginAccount function was omitted. As such, I added this piece of code (line 3268):

def getDefaultLoginAccount(self):
        try:
            ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon')
            keyHandle = ans['phkResult']
            dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultUserName')
            username = dataValue[:-1]
            dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultDomainName')
            domain = dataValue[:-1]
            rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
            if len(domain) > 0:
                return '%s\\%s' % (domain,username)
            else:
                return username
        except:
            return None

DonPAPIRemoteOperations having the necessary function, it can now retrieve this value and print the correct value:

image

Note: before merging, this branch will be in conflit with this PR:

  • https://github.com/login-securite/DonPAPI/pull/98

Dfte avatar Oct 21 '24 15:10 Dfte