{"id":815,"date":"2016-12-17T01:47:29","date_gmt":"2016-12-17T04:47:29","guid":{"rendered":"http:\/\/leandroascierto.com\/blog\/?p=815"},"modified":"2016-12-18T15:25:25","modified_gmt":"2016-12-18T18:25:25","slug":"contrasenas-de-internet-explorer-y-microsoft-edge","status":"publish","type":"post","link":"https:\/\/leandroascierto.com\/blog\/contrasenas-de-internet-explorer-y-microsoft-edge\/","title":{"rendered":"Contrase\u00f1as de Internet Explorer y Microsoft Edge"},"content":{"rendered":"

Este c\u00f3digo hace tiempo que hab\u00eda quedado pendiente en un hilo del foro<\/a>\u00a0por el amigo 79137913 el cual sirve para recuperar contrase\u00f1as guardadas en Windows 8 y posteriores, haciendo un breve res\u00famen en versiones anteriores Internet explorer\u00a0(IE7) \u00e9ste almacenaba sus contrase\u00f1as en el registro de windows, las cuales utilizando algunas apis de desencriptaci\u00f3n se pod\u00edan obtener todos los datos. Con la llegada de Windows 8 el sistema cambi\u00f3 y comenzaron a guardarlas en Windows Vault, si nos metemos desde el Administrador de credenciales podemos ver todas las contrase\u00f1as guardas con sus respectivos\u00a0Usuarios y Url.<\/p>\n

Me di\u00f3 mucho trabajo poder traducir el c\u00f3digo de C, ya que son todas apis indocumentadas y el manejo desde VB y los punteros a las estructuras es un tanto engorroso, pero tras prueba y error pude \u00a0lograr recuperar las contrase\u00f1as.<\/p>\n

Tanto I.Explorer como Microsoft Edge guardan las contrase\u00f1as en el mismo lugar con el mismo seud\u00f3nimo (Intenet Explorer) (ya sabemos que ambos son la misma cosa).<\/p>\n

El c\u00f3digo se puede resumir si se quiere, pero trat\u00e9 de mantener todas las estructuras y enumeraciones para que sea m\u00e1s entendible su funcionamiento o poder usar otras funcionalidades de las credenciales.<\/p>\n

(Aclaro esto s\u00f3lo sirve en Windows 8 y posteriores, si bien las credenciales estaban disponibles en Windows 7, mi \u00a0internet explorer no almacenaba sus contrase\u00f1as en vault, y si estoy equivocado es f\u00e1cil corregir, s\u00f3lo hay que verificar la versi\u00f3n de windows y cambiar la estructura seg\u00fan el S.O.).<\/p>\n

\n
\r\nOption Explicit\r\nPrivate Declare Function VaultOpenVault Lib "vaultcli.dll" (ByRef VaultGuid As GUID, ByVal dwFlags As Long, ByRef VaultHandle As Long) As Long\r\nPrivate Declare Function VaultCloseVault Lib "vaultcli.dll" (ByRef VaultHandle As Long) As Long\r\nPrivate Declare Function VaultEnumerateItems Lib "vaultcli.dll" (ByVal VaultHandle As Long, ByVal dwFlags As Long, ByRef ItemsCount As Long, ByRef Items As Long) As Long\r\nPrivate Declare Function VaultGetItem Lib "vaultcli.dll" (ByVal VaultHandle As Long, pSchemaId As GUID, ByVal pResource As Long, ByVal pIdentity As Long, ByVal pPackageSid As Long, ByVal hwndOwner As Long, ByVal dwFlags As Long, ppItem As Long) As Long\r\nPrivate Declare Function VaultFree Lib "vaultcli.dll" (ByVal ppItem As Long) As Long\r\n\r\nPrivate Declare Function CLSIDFromString Lib "ole32" (ByVal str As Long, id As GUID) As Long\r\nPrivate Declare Sub CopyMemory Lib "kernel32.dll" Alias "RtlMoveMemory" (ByRef Destination As Any, ByRef Source As Any, ByVal Length As Long)\r\nPrivate Declare Function lstrlenW Lib "kernel32" (ByVal lpString As Long) As Long\r\n\r\n\r\nPrivate Enum VAULT_SCHEMA_ELEMENT_ID\r\n ElementId_Illegal = 0\r\n ElementId_Resource = 1\r\n ElementId_Identity = 2\r\n ElementId_Authenticator = 3\r\n ElementId_Tag = 4\r\n ElementId_PackageSid = 5\r\n ElementId_AppStart = &H64\r\n ElementId_AppEnd = &H2710\r\nEnd Enum\r\n \r\nPrivate Enum VAULT_ELEMENT_TYPE\r\n ElementType_Boolean = 0\r\n ElementType_Short = 1\r\n ElementType_UnsignedShort = 2\r\n ElementType_Integer = 3\r\n ElementType_UnsignedInteger = 4\r\n ElementType_Double = 5\r\n ElementType_Guid = 6\r\n ElementType_String = 7\r\n ElementType_ByteArray = 8\r\n ElementType_TimeStamp = 9\r\n ElementType_ProtectedArray = 10\r\n ElementType_Attribute = 11\r\n ElementType_Sid = 12\r\n ElementType_Last = 13\r\n ElementType_Undefined = -1\r\nEnd Enum\r\n\r\nPrivate Type FILETIME\r\n dwLowDateTime As Long\r\n dwHighDateTime As Long\r\nEnd Type\r\n\r\nPrivate Type VAULT_VARIANT\r\n veType As VAULT_ELEMENT_TYPE\r\n Unknown As Long\r\n lpString As Long\r\nEnd Type\r\n \r\nPrivate Type VAULT_ITEM_ELEMENT\r\n SchemaElementId As VAULT_SCHEMA_ELEMENT_ID\r\n Unknown As Long\r\n ItemValue As VAULT_VARIANT\r\nEnd Type\r\n \r\nPrivate Type GUID\r\n Data1 As Long\r\n Data2 As Integer\r\n Data3 As Integer\r\n Data4(0 To 7) As Byte\r\nEnd Type\r\n \r\nPrivate Type VAULT_ITEM_W8\r\n SchemaId As GUID\r\n pszCredentialFriendlyName As Long\r\n pResourceElement As Long ' VAULT_ITEM_ELEMENT\r\n pIdentityElement As Long ' VAULT_ITEM_ELEMENT\r\n pAuthenticatorElement As Long ' VAULT_ITEM_ELEMENT\r\n pPackageSid As Long ' VAULT_ITEM_ELEMENT\r\n LastModified As FILETIME\r\n dwFlags As Long\r\n dwPropertiesCount As Long\r\n pPropertyElements As Long ' VAULT_ITEM_ELEMENT\r\nEnd Type\r\n\r\nPrivate Type VAULT_ITEM_W7\r\n SchemaId As GUID\r\n pszCredentialFriendlyName As Long\r\n pResourceElement As Long ' VAULT_ITEM_ELEMENT\r\n pIdentityElement As Long ' VAULT_ITEM_ELEMENT\r\n pAuthenticatorElement As Long ' VAULT_ITEM_ELEMENT\r\n LastModified As FILETIME\r\n dwFlags As Long\r\n dwPropertiesCount As Long\r\n pPropertyElements As Long ' VAULT_ITEM_ELEMENT\r\nEnd Type\r\n\r\nConst WEB_CREDENTIALS As String = "{4BF4C442-9B8A-41A0-B380-DD4A704DDB28}"\r\nConst VAULT_ENUMERATE_ALL_ITEMS = 512\r\n \r\nPublic Function GetVaultCredentials() As String\r\n Dim tGUID As GUID\r\n Dim hVault As Long\r\n Dim ItemsCount As Long, i As Long\r\n Dim Items As Long\r\n Dim VI_W8() As VAULT_ITEM_W8\r\n Dim dwError As Long\r\n Dim ppCredentials As Long 'VAULT_ITEM_W8\r\n Dim tVIE As VAULT_ITEM_ELEMENT\r\n Dim sResult As String\r\n Dim tItemVault As VAULT_ITEM_W8\r\n \r\n CLSIDFromString StrPtr(WEB_CREDENTIALS), tGUID\r\n \r\n If VaultOpenVault(tGUID, 0, hVault) <> 0 Then Exit Function\r\n \r\n Call VaultEnumerateItems(hVault, 0, ItemsCount, Items)\r\n ReDim VI_W8(ItemsCount - 1)\r\n CopyMemory VI_W8(0), ByVal Items, Len(VI_W8(0)) * ItemsCount\r\n \r\n For i = 0 To ItemsCount - 1\r\n If VI_W8(i).dwPropertiesCount <> 0 Then\r\n \r\n dwError = VaultGetItem(hVault, VI_W8(i).SchemaId, VI_W8(i).pResourceElement, VI_W8(i).pIdentityElement, 0&, 0&, 0&, ppCredentials)\r\n\r\n If dwError = 0 Then\r\n sResult = sResult & "Account: " & PtrToString(VI_W8(i).pszCredentialFriendlyName)\r\n \r\n CopyMemory tVIE, ByVal VI_W8(i).pResourceElement, Len(tVIE)\r\n \r\n sResult = sResult & " URL: " & PtrToString(tVIE.ItemValue.lpString)\r\n \r\n CopyMemory tVIE, ByVal VI_W8(i).pIdentityElement, Len(tVIE)\r\n \r\n sResult = sResult & " User: " & PtrToString(tVIE.ItemValue.lpString)\r\n\r\n CopyMemory tItemVault, ByVal ppCredentials, Len(tItemVault)\r\n CopyMemory tVIE, ByVal tItemVault.pAuthenticatorElement, Len(tVIE)\r\n \r\n sResult = sResult & " Pass: " & PtrToString(tVIE.ItemValue.lpString) & vbCrLf\r\n \r\n VaultFree (ppCredentials)\r\n ppCredentials = 0\r\n End If\r\n End If\r\n Next\r\n\r\n VaultCloseVault (hVault)\r\n \r\n GetVaultCredentials = sResult\r\nEnd Function\r\n \r\nPrivate Function PtrToString(lpwString As Long) As String\r\n Dim Buffer() As Byte\r\n Dim nLen As Long\r\n If lpwString Then\r\n nLen = lstrlenW(lpwString) * 2\r\n If nLen Then\r\n ReDim Buffer(0 To (nLen - 1)) As Byte\r\n CopyMemory Buffer(0), ByVal lpwString, nLen\r\n PtrToString = Buffer\r\n End If\r\n End If\r\nEnd Function\r\n\r\nPrivate Sub Form_Load()\r\n Text1.Text = GetVaultCredentials\r\nEnd Sub\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Este c\u00f3digo hace tiempo que hab\u00eda quedado pendiente en un hilo del foro\u00a0por el amigo 79137913 el cual sirve para recuperar contrase\u00f1as guardadas en Windows 8 y posteriores, haciendo un breve res\u00famen en versiones anteriores Internet explorer\u00a0(IE7) \u00e9ste almacenaba sus contrase\u00f1as en el registro de windows, las cuales utilizando algunas apis de desencriptaci\u00f3n se pod\u00edan […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[42,29],"tags":[153,152,155,154,150,69,18,151],"class_list":["post-815","post","type-post","status-publish","format-standard","hentry","category-funciones","category-modulos","tag-contrasenas","tag-credenciales","tag-internet-explorer","tag-password","tag-vaultcli-dll","tag-vb6","tag-visual-basic","tag-window-vault","category-42-id","category-29-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts\/815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/comments?post=815"}],"version-history":[{"count":5,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts\/815\/revisions"}],"predecessor-version":[{"id":821,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/posts\/815\/revisions\/821"}],"wp:attachment":[{"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/media?parent=815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/categories?post=815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/leandroascierto.com\/blog\/wp-json\/wp\/v2\/tags?post=815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}