Fix DPAPI credential lookup: add lowercase username for dploot compatibility #1113
Open
mverschu wants to merge 1 commit intoPennyw0rth:mainfrom
Open
Fix DPAPI credential lookup: add lowercase username for dploot compatibility #1113mverschu wants to merge 1 commit intoPennyw0rth:mainfrom
mverschu wants to merge 1 commit intoPennyw0rth:mainfrom
Conversation
…ibility dploot looks up credentials with user.lower() (e.g. 'administrator'), but we only stored them under context.username (e.g. 'Administrator'). Python dict lookups are case-sensitive, so the credential wasn't found and master keys were never decrypted. Co-authored-by: Cursor <cursoragent@cursor.com>
mverschu
requested review from
Marshall-Hallenbeck,
NeffIsBack,
mpgn and
zblurx
as code owners
Member
|
Thanks for the bug fix PR! I'll take a look at it soon. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes DPAPI master key decryption when the username contains uppercase letters (e.g.
Administrator).dploot looks up credentials using
user.lower()(e.g."administrator"), but credentials were only stored undercontext.username(e.g."Administrator"). Because Python dict lookups are case-sensitive, the credential lookup failed and master keys were not decrypted.This change adds the lowercase username as an additional key in both
plaintextsandnthashesso dploot can find the credentials regardless of casing.No new dependencies.
Type of change
Insert an "x" inside the brackets for relevant items (do not delete options)
Setup guide for the review
Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions.
In particular:
Administrator,DOMAIN\User). Before the fix, master keys for that user were not decrypted because the credential lookup failed. After the fix, credentials are found and master keys decrypt successfully.Checklist:
Insert an "x" inside the brackets for completed and relevant items (do not delete options)
poetry run python -m ruff check . --preview, use--fixto automatically fix what it can)tests/e2e_commands.txtfile if necessary (new modules or features are required to be added to the e2e tests)