読者です 読者をやめる 読者になる 読者になる

Windowsの資格マネージャからパスワードを拾う

以下のコードで取れた。あとはTargetNameでマッチングしてやれば目的のパスワードが拾えそう。

# Python3.4.2(x64)
import sys
from ctypes import *

class CREDENTIAL(Structure):
    _fields_ = [('Flags',              c_uint),
                ('Type',               c_uint),
                ('TargetName',         c_wchar_p),
                ('Comment',            c_wchar_p),
                ('LastWritten',        c_ulonglong),
                ('CredentialBlobSize', c_uint),
                ('CredentialBlob',     c_wchar_p),
                ('Persist',            c_uint),
                ('AttributeCount',     c_uint),
                ('Attributes',         c_void_p),
                ('TargetAlias',        c_wchar_p),
                ('UserName',           c_wchar_p)]

count = c_uint()
creds = POINTER(POINTER(CREDENTIAL))()
if not windll.advapi32.CredEnumerateW(None, 0, byref(count), byref(creds)):
    sys.exit(-1)

for Li in range(count.value):
    cred = creds[Li].contents
    print('CREDENTIAL[{}]:'.format(Li))
    print('  TargetName:', cred.TargetName)
    print('  Comment:', cred.Comment)
    print('  UserName:', cred.UserName)
    print('  Password:', cred.CredentialBlob)

windll.advapi32.CredFree(creds)