dissect.database 1.2.dev2__tar.gz → 1.2.dev3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (216) hide show
  1. {dissect_database-1.2.dev2/dissect.database.egg-info → dissect_database-1.2.dev3}/PKG-INFO +1 -1
  2. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/ntds.py +47 -2
  3. dissect_database-1.2.dev3/dissect/database/ese/ntds/objects/secret.py +99 -0
  4. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3/dissect.database.egg-info}/PKG-INFO +1 -1
  5. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_ntds.py +28 -0
  6. dissect_database-1.2.dev2/dissect/database/ese/ntds/objects/secret.py +0 -13
  7. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/COPYRIGHT +0 -0
  8. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/LICENSE +0 -0
  9. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/MANIFEST.in +0 -0
  10. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/README.md +0 -0
  11. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/__init__.py +0 -0
  12. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/__init__.py +0 -0
  13. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/c_db.py +0 -0
  14. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/c_db.pyi +0 -0
  15. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/db.py +0 -0
  16. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/tools/__init__.py +0 -0
  17. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/tools/c_rpm.py +0 -0
  18. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/tools/c_rpm.pyi +0 -0
  19. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/bsd/tools/rpm.py +0 -0
  20. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/__init__.py +0 -0
  21. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/c_ese.py +0 -0
  22. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/c_ese.pyi +0 -0
  23. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/compression.py +0 -0
  24. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/cursor.py +0 -0
  25. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ese.py +0 -0
  26. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/exception.py +0 -0
  27. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/index.py +0 -0
  28. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/lcmapstring.py +0 -0
  29. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/__init__.py +0 -0
  30. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/c_ds.py +0 -0
  31. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/c_ds.pyi +0 -0
  32. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/c_pek.py +0 -0
  33. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/c_pek.pyi +0 -0
  34. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/c_sd.py +0 -0
  35. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/c_sd.pyi +0 -0
  36. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/database.py +0 -0
  37. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/__init__.py +0 -0
  38. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/applicationsettings.py +0 -0
  39. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/attributeschema.py +0 -0
  40. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/builtindomain.py +0 -0
  41. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/certificationauthority.py +0 -0
  42. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/classschema.py +0 -0
  43. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/classstore.py +0 -0
  44. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/computer.py +0 -0
  45. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/configuration.py +0 -0
  46. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/container.py +0 -0
  47. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/controlaccessright.py +0 -0
  48. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/crldistributionpoint.py +0 -0
  49. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/crossref.py +0 -0
  50. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/crossrefcontainer.py +0 -0
  51. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/dfsconfiguration.py +0 -0
  52. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/displayspecifier.py +0 -0
  53. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/dmd.py +0 -0
  54. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/dnsnode.py +0 -0
  55. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/dnszone.py +0 -0
  56. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/domain.py +0 -0
  57. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/domaindns.py +0 -0
  58. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/domainpolicy.py +0 -0
  59. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/dsuisettings.py +0 -0
  60. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/filelinktracking.py +0 -0
  61. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/foreignsecurityprincipal.py +0 -0
  62. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/group.py +0 -0
  63. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/grouppolicycontainer.py +0 -0
  64. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/infrastructureupdate.py +0 -0
  65. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/intersitetransport.py +0 -0
  66. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/intersitetransportcontainer.py +0 -0
  67. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ipsecbase.py +0 -0
  68. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ipsecfilter.py +0 -0
  69. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ipsecisakmppolicy.py +0 -0
  70. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ipsecnegotiationpolicy.py +0 -0
  71. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ipsecnfa.py +0 -0
  72. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ipsecpolicy.py +0 -0
  73. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/leaf.py +0 -0
  74. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/linktrackobjectmovetable.py +0 -0
  75. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/linktrackvolumetable.py +0 -0
  76. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/locality.py +0 -0
  77. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/lostandfound.py +0 -0
  78. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msauthz_centralaccesspolicies.py +0 -0
  79. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msauthz_centralaccessrules.py +0 -0
  80. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_content.py +0 -0
  81. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_contentset.py +0 -0
  82. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_globalsettings.py +0 -0
  83. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_localsettings.py +0 -0
  84. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_member.py +0 -0
  85. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_replicationgroup.py +0 -0
  86. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_subscriber.py +0 -0
  87. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_subscription.py +0 -0
  88. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdfsr_topology.py +0 -0
  89. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msdns_serversettings.py +0 -0
  90. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_authnpolicies.py +0 -0
  91. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_authnpolicysilos.py +0 -0
  92. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_claimstransformationpolicies.py +0 -0
  93. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_claimtype.py +0 -0
  94. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_claimtypepropertybase.py +0 -0
  95. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_claimtypes.py +0 -0
  96. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_optionalfeature.py +0 -0
  97. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_passwordsettingscontainer.py +0 -0
  98. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_quotacontainer.py +0 -0
  99. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_resourceproperties.py +0 -0
  100. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_resourceproperty.py +0 -0
  101. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_resourcepropertylist.py +0 -0
  102. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_shadowprincipalcontainer.py +0 -0
  103. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msds_valuetype.py +0 -0
  104. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msimaging_psps.py +0 -0
  105. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/mskds_provserverconfiguration.py +0 -0
  106. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msmqenterprisesettings.py +0 -0
  107. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/mspki_enterpriseoid.py +0 -0
  108. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/mspki_privatekeyrecoveryagent.py +0 -0
  109. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/msspp_activationobjectscontainer.py +0 -0
  110. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/mstpm_informationobjectscontainer.py +0 -0
  111. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ntdsconnection.py +0 -0
  112. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ntdsdsa.py +0 -0
  113. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ntdsservice.py +0 -0
  114. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ntdssitesettings.py +0 -0
  115. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ntfrssettings.py +0 -0
  116. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/object.py +0 -0
  117. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/organizationalperson.py +0 -0
  118. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/organizationalunit.py +0 -0
  119. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/person.py +0 -0
  120. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/physicallocation.py +0 -0
  121. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/pkicertificatetemplate.py +0 -0
  122. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/pkienrollmentservice.py +0 -0
  123. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/querypolicy.py +0 -0
  124. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ridmanager.py +0 -0
  125. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/ridset.py +0 -0
  126. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/rpccontainer.py +0 -0
  127. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/rrasadministrationdictionary.py +0 -0
  128. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/samserver.py +0 -0
  129. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/securityobject.py +0 -0
  130. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/server.py +0 -0
  131. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/serverscontainer.py +0 -0
  132. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/site.py +0 -0
  133. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/sitelink.py +0 -0
  134. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/sitescontainer.py +0 -0
  135. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/subnetcontainer.py +0 -0
  136. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/subschema.py +0 -0
  137. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/top.py +0 -0
  138. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/trusteddomain.py +0 -0
  139. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/objects/user.py +0 -0
  140. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/pek.py +0 -0
  141. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/query.py +0 -0
  142. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/schema.py +0 -0
  143. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/sd.py +0 -0
  144. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/tools/__init__.py +0 -0
  145. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/tools/ntds.py +0 -0
  146. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/util.py +0 -0
  147. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/page.py +0 -0
  148. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/record.py +0 -0
  149. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/sorting_table.py +0 -0
  150. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/table.py +0 -0
  151. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/tools/__init__.py +0 -0
  152. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/tools/certlog.py +0 -0
  153. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/tools/impacket.py +0 -0
  154. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/tools/sru.py +0 -0
  155. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/tools/ual.py +0 -0
  156. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/util.py +0 -0
  157. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/exception.py +0 -0
  158. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/__init__.py +0 -0
  159. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/c_sqlite3.py +0 -0
  160. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/c_sqlite3.pyi +0 -0
  161. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/encryption/__init__.py +0 -0
  162. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/encryption/sqlcipher/__init__.py +0 -0
  163. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/encryption/sqlcipher/exception.py +0 -0
  164. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/encryption/sqlcipher/sqlcipher.py +0 -0
  165. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/exception.py +0 -0
  166. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/sqlite3.py +0 -0
  167. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/util.py +0 -0
  168. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/sqlite3/wal.py +0 -0
  169. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect.database.egg-info/SOURCES.txt +0 -0
  170. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect.database.egg-info/dependency_links.txt +0 -0
  171. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect.database.egg-info/entry_points.txt +0 -0
  172. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect.database.egg-info/requires.txt +0 -0
  173. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect.database.egg-info/top_level.txt +0 -0
  174. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/pyproject.toml +0 -0
  175. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/setup.cfg +0 -0
  176. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/__init__.py +0 -0
  177. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/_docs/Makefile +0 -0
  178. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/_docs/conf.py +0 -0
  179. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/_docs/index.rst +0 -0
  180. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/_tools/sqlite3/__init__.py +0 -0
  181. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/_tools/sqlite3/generate_sqlite.py +0 -0
  182. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/_util.py +0 -0
  183. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/bsd/__init__.py +0 -0
  184. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/bsd/conftest.py +0 -0
  185. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/bsd/test_db.py +0 -0
  186. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/bsd/test_rpm.py +0 -0
  187. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/conftest.py +0 -0
  188. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/__init__.py +0 -0
  189. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/conftest.py +0 -0
  190. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/__init__.py +0 -0
  191. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/conftest.py +0 -0
  192. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_benchmark.py +0 -0
  193. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_pek.py +0 -0
  194. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_query.py +0 -0
  195. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_schema.py +0 -0
  196. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_sd.py +0 -0
  197. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_util.py +0 -0
  198. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/test_cursor.py +0 -0
  199. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/test_ese.py +0 -0
  200. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/test_index.py +0 -0
  201. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/test_page.py +0 -0
  202. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/test_record.py +0 -0
  203. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/test_table.py +0 -0
  204. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/tools/__init__.py +0 -0
  205. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/tools/test_certlog.py +0 -0
  206. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/tools/test_sru.py +0 -0
  207. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/tools/test_ual.py +0 -0
  208. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/__init__.py +0 -0
  209. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/conftest.py +0 -0
  210. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/test_default_values.py +0 -0
  211. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/test_row.py +0 -0
  212. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/test_sqlcipher.py +0 -0
  213. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/test_sqlite3.py +0 -0
  214. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/test_util.py +0 -0
  215. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/sqlite3/test_wal.py +0 -0
  216. {dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tox.ini +0 -0
{dissect_database-1.2.dev2/dissect.database.egg-info → dissect_database-1.2.dev3}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: dissect.database
3
- Version: 1.2.dev2
3
+ Version: 1.2.dev3
4
4
  Summary: A Dissect module implementing parsers for various database formats, including Berkeley DB, Microsofts Extensible Storage Engine (ESE) and SQLite3
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License-Expression: Apache-2.0
{dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/dissect/database/ese/ntds/ntds.py RENAMED
@@ -1,14 +1,25 @@
1
1
  from __future__ import annotations
2
2
 
3
3
  from typing import TYPE_CHECKING, BinaryIO
4
+ from uuid import UUID
4
5
 
5
6
  from dissect.database.ese.ntds.database import Database
7
+ from dissect.database.ese.ntds.objects.secret import BackupKey
6
8
 
7
9
  if TYPE_CHECKING:
8
10
  from collections.abc import Iterator
9
11
 
10
- from dissect.database.ese.ntds.objects import Computer, DomainDNS, Group, GroupPolicyContainer, Object, Server, User
11
- from dissect.database.ese.ntds.objects.trusteddomain import TrustedDomain
12
+ from dissect.database.ese.ntds.objects import (
13
+ Computer,
14
+ DomainDNS,
15
+ Group,
16
+ GroupPolicyContainer,
17
+ Object,
18
+ Secret,
19
+ Server,
20
+ TrustedDomain,
21
+ User,
22
+ )
12
23
  from dissect.database.ese.ntds.pek import PEK
13
24
 
14
25
 
@@ -93,3 +104,37 @@ class NTDS:
93
104
  def group_policies(self) -> Iterator[GroupPolicyContainer]:
94
105
  """Get all group policy objects (GPO) objects from the database."""
95
106
  yield from self.search(objectClass="groupPolicyContainer")
107
+
108
+ def secrets(self) -> Iterator[Secret]:
109
+ """Get all secret objects from the database."""
110
+ yield from self.search(objectClass="secret")
111
+
112
+ def backup_keys(self) -> Iterator[BackupKey]:
113
+ """Get all DPAPI backup keys from the database."""
114
+ if not self.pek.unlocked:
115
+ raise ValueError("PEK must be unlocked to retrieve backup keys")
116
+
117
+ for secret in self.secrets():
118
+ if secret.is_phantom or not secret.name.startswith("BCKUPKEY_") or secret.name.startswith("BCKUPKEY_P"):
119
+ continue
120
+
121
+ yield BackupKey(secret)
122
+
123
+ def preferred_backup_keys(self) -> Iterator[BackupKey]:
124
+ """Get preferred DPAPI backup keys from the database."""
125
+ if not self.pek.unlocked:
126
+ raise ValueError("PEK must be unlocked to retrieve backup keys")
127
+
128
+ # We could do this the proper way (lookup the BCKUPKEY_P* secrets and then directly lookup the
129
+ # corresponding BCKUPKEY_* secrets), but in practice there are only a few backup keys, so just
130
+ # filter after the fact
131
+ preferred_guids = []
132
+ for secret in self.secrets():
133
+ if secret.is_phantom or not secret.name.startswith("BCKUPKEY_P"):
134
+ continue
135
+
136
+ preferred_guids.append(UUID(bytes_le=secret.current_value))
137
+
138
+ for key in self.backup_keys():
139
+ if key.guid in preferred_guids:
140
+ yield key
dissect_database-1.2.dev3/dissect/database/ese/ntds/objects/secret.py ADDED
@@ -0,0 +1,99 @@
1
+ from __future__ import annotations
2
+
3
+ from functools import cached_property
4
+ from typing import TYPE_CHECKING
5
+ from uuid import UUID
6
+
7
+ from dissect.util.ts import wintimestamp
8
+
9
+ from dissect.database.ese.ntds.c_ds import c_ds
10
+ from dissect.database.ese.ntds.objects.leaf import Leaf
11
+
12
+ if TYPE_CHECKING:
13
+ from datetime import datetime
14
+
15
+
16
+ class Secret(Leaf):
17
+ """Represents a secret object in the Active Directory.
18
+
19
+ References:
20
+ - https://learn.microsoft.com/en-us/windows/win32/adschema/c-secret
21
+ """
22
+
23
+ __object_class__ = "secret"
24
+
25
+ def __repr_body__(self) -> str:
26
+ return f"name={self.name!r} last_set_time={self.last_set_time} prior_set_time={self.prior_set_time}"
27
+
28
+ @property
29
+ def current_value(self) -> bytes:
30
+ """Return the current value of the secret."""
31
+ return self.get("currentValue")
32
+
33
+ @property
34
+ def last_set_time(self) -> datetime | None:
35
+ """Return the last set time of the secret."""
36
+ if (ts := self.get("lastSetTime")) is not None:
37
+ return wintimestamp(ts)
38
+ return None
39
+
40
+ @property
41
+ def prior_value(self) -> bytes:
42
+ """Return the prior value of the secret."""
43
+ return self.get("priorValue")
44
+
45
+ @property
46
+ def prior_set_time(self) -> datetime | None:
47
+ """Return the prior set time of the secret."""
48
+ if (ts := self.get("priorSetTime")) is not None:
49
+ return wintimestamp(ts)
50
+ return None
51
+
52
+
53
+ class BackupKey:
54
+ """Represents a DPAPI backup key object in the Active Directory."""
55
+
56
+ def __init__(self, secret: Secret):
57
+ self.secret = secret
58
+
59
+ def __repr__(self) -> str:
60
+ return f"<BackupKey guid={self.guid} version={self.version}>"
61
+
62
+ @cached_property
63
+ def guid(self) -> UUID:
64
+ """The GUID of the backup key."""
65
+ return UUID(self.secret.name.removeprefix("BCKUPKEY_").removesuffix(" Secret"))
66
+
67
+ @cached_property
68
+ def version(self) -> int:
69
+ """The version of the backup key."""
70
+ return c_ds.DWORD(self.secret.current_value)
71
+
72
+ @cached_property
73
+ def is_legacy(self) -> bool:
74
+ """Whether the backup key is a legacy key (version 1)."""
75
+ return self.version == 1
76
+
77
+ @cached_property
78
+ def key(self) -> bytes:
79
+ """The key bytes of the backup key, for legacy keys (version 1)."""
80
+ if self.version == 1:
81
+ return self.secret.current_value[4:]
82
+ raise TypeError(f"Backup key version {self.version} does not have a single key value")
83
+
84
+ @cached_property
85
+ def private_key(self) -> bytes:
86
+ """The private key bytes of the backup key, for version 2 keys."""
87
+ if self.version == 2:
88
+ private_length = c_ds.DWORD(self.secret.current_value[4:8])
89
+ return self.secret.current_value[12 : 12 + private_length]
90
+ raise TypeError(f"Backup key version {self.version} does not have a private key value")
91
+
92
+ @cached_property
93
+ def public_key(self) -> bytes:
94
+ """The public key bytes of the backup key, for version 2 keys."""
95
+ if self.version == 2:
96
+ private_length = c_ds.DWORD(self.secret.current_value[4:8])
97
+ public_length = c_ds.DWORD(self.secret.current_value[8:12])
98
+ return self.secret.current_value[12 + private_length : 12 + private_length + public_length]
99
+ raise TypeError(f"Backup key version {self.version} does not have a public key value")
{dissect_database-1.2.dev2 → dissect_database-1.2.dev3/dissect.database.egg-info}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: dissect.database
3
- Version: 1.2.dev2
3
+ Version: 1.2.dev3
4
4
  Summary: A Dissect module implementing parsers for various database formats, including Berkeley DB, Microsofts Extensible Storage Engine (ESE) and SQLite3
5
5
  Author-email: Dissect Team <dissect@fox-it.com>
6
6
  License-Expression: Apache-2.0
{dissect_database-1.2.dev2 → dissect_database-1.2.dev3}/tests/ese/ntds/test_ntds.py RENAMED
@@ -1,6 +1,8 @@
1
1
  from __future__ import annotations
2
2
 
3
+ import hashlib
3
4
  from typing import TYPE_CHECKING
5
+ from uuid import UUID
4
6
 
5
7
  import pytest
6
8
 
@@ -265,6 +267,7 @@ def test_all_memberships(large: NTDS) -> None:
265
267
 
266
268
 
267
269
  def test_group_policies(goad: NTDS) -> None:
270
+ """Test retrieval of group policies."""
268
271
  gpos: list[GroupPolicyContainer] = sorted(goad.group_policies(), key=lambda x: x.distinguished_name)
269
272
  assert len(gpos) == 5
270
273
  assert isinstance(gpos[0], GroupPolicyContainer)
@@ -275,3 +278,28 @@ def test_group_policies(goad: NTDS) -> None:
275
278
  "CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=NORTH,DC=SEVENKINGDOMS,DC=LOCAL",
276
279
  "CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=POLICIES,CN=SYSTEM,DC=SEVENKINGDOMS,DC=LOCAL",
277
280
  ]
281
+
282
+
283
+ def test_backup_keys(goad: NTDS) -> None:
284
+ """Test retrieval of DPAPI backup keys."""
285
+ with pytest.raises(ValueError, match="PEK must be unlocked to retrieve backup keys"):
286
+ list(goad.backup_keys())
287
+
288
+ goad.pek.unlock(bytes.fromhex("079f95655b66f16deb28aa1ab3a81eb0"))
289
+
290
+ keys = list(goad.backup_keys())
291
+ assert len(keys) == 2
292
+ assert keys[0].guid == UUID("dbea00d0-005f-4233-b140-41a9961da100")
293
+ assert keys[0].version == 1
294
+ assert hashlib.sha256(keys[0].key).hexdigest() == "bae7b058f277922b75d63d9803b85fca40a95a3cc9d47c0ef0a644a203009562"
295
+
296
+ assert keys[1].guid == UUID("b7d3c47b-2efe-4cad-b37a-bb2f8b18bd87")
297
+ assert keys[1].version == 2 # Current key version
298
+ assert (
299
+ hashlib.sha256(keys[1].private_key).hexdigest()
300
+ == "e7317dfe5f962121afead04e0dbb4249aa395ef281e2332f6179f940b54f202f"
301
+ )
302
+ assert (
303
+ hashlib.sha256(keys[1].public_key).hexdigest()
304
+ == "398fef9281677096b18785d0ad000251d41f76b82e28687718d6a9812ddaca8a"
305
+ )
dissect_database-1.2.dev2/dissect/database/ese/ntds/objects/secret.py DELETED
@@ -1,13 +0,0 @@
1
- from __future__ import annotations
2
-
3
- from dissect.database.ese.ntds.objects.leaf import Leaf
4
-
5
-
6
- class Secret(Leaf):
7
- """Represents a secret object in the Active Directory.
8
-
9
- References:
10
- - https://learn.microsoft.com/en-us/windows/win32/adschema/c-secret
11
- """
12
-
13
- __object_class__ = "secret"