Dic 172016
 

Este código hace tiempo que había quedado pendiente en un hilo del foro por el amigo 79137913 el cual sirve para recuperar contraseñas guardadas en Windows 8 y posteriores, haciendo un breve resúmen en versiones anteriores Internet explorer (IE7) éste almacenaba sus contraseñas en el registro de windows, las cuales utilizando algunas apis de desencriptación se podían obtener todos los datos. Con la llegada de Windows 8 el sistema cambió y comenzaron a guardarlas en Windows Vault, si nos metemos desde el Administrador de credenciales podemos ver todas las contraseñas guardas con sus respectivos Usuarios y Url.

Me dió mucho trabajo poder traducir el código de C, ya que son todas apis indocumentadas y el manejo desde VB y los punteros a las estructuras es un tanto engorroso, pero tras prueba y error pude  lograr recuperar las contraseñas.

Tanto I.Explorer como Microsoft Edge guardan las contraseñas en el mismo lugar con el mismo seudónimo (Intenet Explorer) (ya sabemos que ambos son la misma cosa).

El código se puede resumir si se quiere, pero traté de mantener todas las estructuras y enumeraciones para que sea más entendible su funcionamiento o poder usar otras funcionalidades de las credenciales.

(Aclaro esto sólo sirve en Windows 8 y posteriores, si bien las credenciales estaban disponibles en Windows 7, mi  internet explorer no almacenaba sus contraseñas en vault, y si estoy equivocado es fácil corregir, sólo hay que verificar la versión de windows y cambiar la estructura según el S.O.).


Option Explicit
Private Declare Function VaultOpenVault Lib "vaultcli.dll" (ByRef VaultGuid As GUID, ByVal dwFlags As Long, ByRef VaultHandle As Long) As Long
Private Declare Function VaultCloseVault Lib "vaultcli.dll" (ByRef VaultHandle As Long) As Long
Private Declare Function VaultEnumerateItems Lib "vaultcli.dll" (ByVal VaultHandle As Long, ByVal dwFlags As Long, ByRef ItemsCount As Long, ByRef Items As Long) As Long
Private Declare Function VaultGetItem Lib "vaultcli.dll" (ByVal VaultHandle As Long, pSchemaId As GUID, ByVal pResource As Long, ByVal pIdentity As Long, ByVal pPackageSid As Long, ByVal hwndOwner As Long, ByVal dwFlags As Long, ppItem As Long) As Long
Private Declare Function VaultFree Lib "vaultcli.dll" (ByVal ppItem As Long) As Long

Private Declare Function CLSIDFromString Lib "ole32" (ByVal str As Long, id As GUID) As Long
Private Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long)
Private Declare Function lstrlenW Lib "kernel32" (ByVal lpString As Long) As Long


Private Enum VAULT_SCHEMA_ELEMENT_ID
 ElementId_Illegal = 0
 ElementId_Resource = 1
 ElementId_Identity = 2
 ElementId_Authenticator = 3
 ElementId_Tag = 4
 ElementId_PackageSid = 5
 ElementId_AppStart = &H64
 ElementId_AppEnd = &H2710
End Enum
 
Private Enum VAULT_ELEMENT_TYPE
 ElementType_Boolean = 0
 ElementType_Short = 1
 ElementType_UnsignedShort = 2
 ElementType_Integer = 3
 ElementType_UnsignedInteger = 4
 ElementType_Double = 5
 ElementType_Guid = 6
 ElementType_String = 7
 ElementType_ByteArray = 8
 ElementType_TimeStamp = 9
 ElementType_ProtectedArray = 10
 ElementType_Attribute = 11
 ElementType_Sid = 12
 ElementType_Last = 13
 ElementType_Undefined = -1
End Enum

Private Type FILETIME
 dwLowDateTime As Long
 dwHighDateTime As Long
End Type

Private Type VAULT_VARIANT
 veType As VAULT_ELEMENT_TYPE
 Unknown As Long
 lpString As Long
End Type
 
Private Type VAULT_ITEM_ELEMENT
 SchemaElementId As VAULT_SCHEMA_ELEMENT_ID
 Unknown As Long
 ItemValue As VAULT_VARIANT
End Type
 
Private Type GUID
 Data1 As Long
 Data2 As Integer
 Data3 As Integer
 Data4(0 To 7) As Byte
End Type
 
Private Type VAULT_ITEM_W8
 SchemaId As GUID
 pszCredentialFriendlyName As Long
 pResourceElement As Long ' VAULT_ITEM_ELEMENT
 pIdentityElement As Long ' VAULT_ITEM_ELEMENT
 pAuthenticatorElement As Long ' VAULT_ITEM_ELEMENT
 pPackageSid As Long ' VAULT_ITEM_ELEMENT
 LastModified As FILETIME
 dwFlags As Long
 dwPropertiesCount As Long
 pPropertyElements As Long ' VAULT_ITEM_ELEMENT
End Type

Private Type VAULT_ITEM_W7
 SchemaId As GUID
 pszCredentialFriendlyName As Long
 pResourceElement As Long ' VAULT_ITEM_ELEMENT
 pIdentityElement As Long ' VAULT_ITEM_ELEMENT
 pAuthenticatorElement As Long ' VAULT_ITEM_ELEMENT
 LastModified As FILETIME
 dwFlags As Long
 dwPropertiesCount As Long
 pPropertyElements As Long ' VAULT_ITEM_ELEMENT
End Type

Const WEB_CREDENTIALS As String = "{4BF4C442-9B8A-41A0-B380-DD4A704DDB28}"
Const VAULT_ENUMERATE_ALL_ITEMS = 512
 
Public Function GetVaultCredentials() As String
 Dim tGUID As GUID
 Dim hVault As Long
 Dim ItemsCount As Long, i As Long
 Dim Items As Long
 Dim VI_W8() As VAULT_ITEM_W8
 Dim dwError As Long
 Dim ppCredentials As Long 'VAULT_ITEM_W8
 Dim tVIE As VAULT_ITEM_ELEMENT
 Dim sResult As String
 Dim tItemVault As VAULT_ITEM_W8
 
 CLSIDFromString StrPtr(WEB_CREDENTIALS), tGUID
 
 If VaultOpenVault(tGUID, 0, hVault) <> 0 Then Exit Function
 
 Call VaultEnumerateItems(hVault, 0, ItemsCount, Items)
 ReDim VI_W8(ItemsCount - 1)
 CopyMemory VI_W8(0), ByVal Items, Len(VI_W8(0)) * ItemsCount
 
 For i = 0 To ItemsCount - 1
 If VI_W8(i).dwPropertiesCount <> 0 Then
 
 dwError = VaultGetItem(hVault, VI_W8(i).SchemaId, VI_W8(i).pResourceElement, VI_W8(i).pIdentityElement, 0&, 0&, 0&, ppCredentials)

 If dwError = 0 Then
 sResult = sResult & "Account: " & PtrToString(VI_W8(i).pszCredentialFriendlyName)
 
 CopyMemory tVIE, ByVal VI_W8(i).pResourceElement, Len(tVIE)
 
 sResult = sResult & " URL: " & PtrToString(tVIE.ItemValue.lpString)
 
 CopyMemory tVIE, ByVal VI_W8(i).pIdentityElement, Len(tVIE)
 
 sResult = sResult & " User: " & PtrToString(tVIE.ItemValue.lpString)

 CopyMemory tItemVault, ByVal ppCredentials, Len(tItemVault)
 CopyMemory tVIE, ByVal tItemVault.pAuthenticatorElement, Len(tVIE)
 
 sResult = sResult & " Pass: " & PtrToString(tVIE.ItemValue.lpString) & vbCrLf
 
 VaultFree (ppCredentials)
 ppCredentials = 0
 End If
 End If
 Next

 VaultCloseVault (hVault)
 
 GetVaultCredentials = sResult
End Function
 
Private Function PtrToString(lpwString As Long) As String
 Dim Buffer() As Byte
 Dim nLen As Long
 If lpwString Then
 nLen = lstrlenW(lpwString) * 2
 If nLen Then
 ReDim Buffer(0 To (nLen - 1)) As Byte
 CopyMemory Buffer(0), ByVal lpwString, nLen
 PtrToString = Buffer
 End If
 End If
End Function

Private Sub Form_Load()
 Text1.Text = GetVaultCredentials
End Sub
 

  3 Responses to “Contraseñas de Internet Explorer y Microsoft Edge”

  1. Broder no puedo imaginar el esfuerzo que haz puesto para lograr esto sin embargo imagino lo feliz que estabas cuando terminaste tu proyecto, gracias por compartir

     
  2. Hi! I am the local marketing business manager at https://theeliquidboutique.co.uk – The Eliquid Boutique, an online vape company in the UK. I noticed some enquiries pertaining to our worldwide vape store database and vape company email directory. In summary, the https://theeliquidboutique.co.uk/products/global-vape-shop-database – Global Vape Shop Database incorporates contact details for all of the vape stores on the planet, including UK, U.S.A., Canada, Europe, Russia and CIS, Middle East and Australia. It comes in an Excel spreadsheet and has the vape company name, e-mail, internet site, telephone number, address, social media sites websites and even more. Meanwhile, the https://theeliquidboutique.co.uk/products/vape-company-e-mail-mailing-list – Vape Company E-Mail List is actually a list with e-mails of each and every single business all over the world. The list has about 40,000+ emails of e-liquid labels, on-line and brick-and-mortar vape companies, vape wholesalers and distros, CBD websites, vape exhibition organisers and a lot more. These vape leads are ideal for e-newsletter advertising and marketing as this is the primary function of the database. The vape company leads are all GDPR compliant and you would get free lifetime updates delivered straight to your inbox. We upgrade the vape store database and vape company e-mail list at the very least two times a calendar month. We do a three level verification on all emails including for phrase structure, deserted domains and closed e-mail inboxes. If you have some queries, you can get in touch with me via our https://www.facebook.com/theeliquidboutique/ – Facebook web page. The world-wide vape store database and vape company e mails have really helped about five hundred e-liquid labels and vape wholesalers to advertise their items to all vape shops around the world and is actually all you require to take your vape brand name to a brand new level. I really hope that this answers all of your queries guys! We will be releasing another update right now!

     
  3. Mortal Engines movie in high quality, http://disqus.com/home/discussion/channel-titilbaba/kqs2ya/ Mortal Engines It Movie Imdb, The Glass Movie Download Mediafire, http://disqus.com/home/discussion/channel-titilbaba/ytp1h9/ Glass The Movie To Download, How to Train Your Dragon: The Hidden World The Movie, http://disqus.com/home/discussion/channel-titilbaba/ccxcbj/ How to Train Your Dragon: The Hidden World film downloads, Robin Hood Filmography, http://disqus.com/home/discussion/channel-titilbaba/4tvrjh/ Download Robin Hood Film Tumblr, Where Can I Download The T-34 Trailer, http://disqus.com/home/discussion/channel-titilbaba/iiolat/ Downloadable T-34 Movie, dvd T-34 online, http://disqus.com/home/discussion/channel-titilbaba/iiolat/ Download full movie T-34 for free without registration, The Robin Hood movie online, http://disqus.com/home/discussion/channel-titilbaba/4tvrjh/ Robin Hood Movie Reviews, Downloadable Films Alita: Battle Angel, http://disqus.com/home/discussion/channel-titilbaba/t2bdmw/ Alita: Battle Angel film in english to download, Full Alita: Battle Angel Film Downloads, http://disqus.com/home/discussion/channel-titilbaba/t2bdmw/ Download Dvd Movie Alita: Battle Angel, the full film of Alita: Battle Angel, http://disqus.com/home/discussion/channel-titilbaba/t2bdmw/ Download Of Alita: Battle Angel Film,

     

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)


*