dissect.target 3.17.dev25__py3-none-any.whl → 3.17.dev27__py3-none-any.whl

dissect/target/helpers/network_managers.py

@@ -5,6 +5,7 @@ import re
 from collections import defaultdict
 from configparser import ConfigParser, MissingSectionHeaderError
 from io import StringIO
+from itertools import chain
 from re import compile, sub
 from typing import Any, Callable, Iterable, Match, Optional
 
@@ -299,7 +300,8 @@ class Parser:
             return
 
         if section:
-            config = config.get(section, {})
+            # account for values of sections which are None
+            config = config.get(section, {}) or {}
 
         for key, value in config.items():
             if key == option:
@@ -508,7 +510,7 @@ class LinuxNetworkManager:
 
 
 def parse_unix_dhcp_log_messages(target) -> list[str]:
-    """Parse local syslog and cloud init log files for DHCP lease IPs.
+    """Parse local syslog, journal and cloud init-log files for DHCP lease IPs.
 
     Args:
         target: Target to discover and obtain network information from.
@@ -516,53 +518,68 @@ def parse_unix_dhcp_log_messages(target) -> list[str]:
     Returns:
         List of DHCP ip addresses.
     """
-    ips = []
-
-    # Search through parsed syslogs for DHCP leases.
-    try:
-        messages = target.messages()
-        for record in messages:
-            line = record.message
-
-            # Ubuntu DHCP
-            if ("DHCPv4" in line or "DHCPv6" in line) and " address " in line and " via " in line:
-                ip = line.split(" address ")[1].split(" via ")[0].strip().split("/")[0]
-                if ip not in ips:
-                    ips.append(ip)
-
-            # Ubuntu DHCP NetworkManager
-            elif "option ip_address" in line and ("dhcp4" in line or "dhcp6" in line) and "=> '" in line:
-                ip = line.split("=> '")[1].replace("'", "").strip()
-                if ip not in ips:
-                    ips.append(ip)
-
-            # Debian and CentOS dhclient
-            elif record.daemon == "dhclient" and "bound to" in line:
-                ip = line.split("bound to")[1].split(" ")[1].strip()
-                if ip not in ips:
-                    ips.append(ip)
-
-            # CentOS DHCP and general NetworkManager
-            elif " address " in line and ("dhcp4" in line or "dhcp6" in line):
-                ip = line.split(" address ")[1].strip()
-                if ip not in ips:
-                    ips.append(ip)
-
-    except PluginError:
-        target.log.debug("Can not search for DHCP leases in syslog files as they does not exist.")
-
-    # A unix system might be provisioned using Ubuntu's cloud-init (https://cloud-init.io/).
-    if (path := target.fs.path("/var/log/cloud-init.log")).exists():
-        for line in path.open("rt"):
-            # We are interested in the following log line:
-            # YYYY-MM-DD HH:MM:SS,000 - dhcp.py[DEBUG]: Received dhcp lease on IFACE for IP/MASK
-            if "Received dhcp lease on" in line:
-                interface, ip, netmask = re.search(r"Received dhcp lease on (\w{0,}) for (\S+)\/(\S+)", line).groups()
-                if ip not in ips:
-                    ips.append(ip)
-
-    if not path and not messages:
-        target.log.warning("Can not search for DHCP leases in syslog or cloud-init.log files as they does not exist.")
+    ips = set()
+    messages = set()
+
+    for log_func in ["messages", "journal"]:
+        try:
+            messages = chain(messages, getattr(target, log_func)())
+        except PluginError:
+            target.log.debug(f"Could not search for DHCP leases in {log_func} files.")
+
+    if not messages:
+        target.log.warning(f"Could not search for DHCP leases using {log_func}: No log entries found.")
+
+    for record in messages:
+        line = record.message
+
+        # Ubuntu cloud-init
+        if "Received dhcp lease on" in line:
+            interface, ip, netmask = re.search(r"Received dhcp lease on (\w{0,}) for (\S+)\/(\S+)", line).groups()
+            ips.add(ip)
+            continue
+
+        # Ubuntu DHCP
+        if ("DHCPv4" in line or "DHCPv6" in line) and " address " in line and " via " in line:
+            ip = line.split(" address ")[1].split(" via ")[0].strip().split("/")[0]
+            ips.add(ip)
+            continue
+
+        # Ubuntu DHCP NetworkManager
+        if "option ip_address" in line and ("dhcp4" in line or "dhcp6" in line) and "=> '" in line:
+            ip = line.split("=> '")[1].replace("'", "").strip()
+            ips.add(ip)
+            continue
+
+        # Debian and CentOS dhclient
+        if hasattr(record, "daemon") and record.daemon == "dhclient" and "bound to" in line:
+            ip = line.split("bound to")[1].split(" ")[1].strip()
+            ips.add(ip)
+            continue
+
+        # CentOS DHCP and general NetworkManager
+        if " address " in line and ("dhcp4" in line or "dhcp6" in line):
+            ip = line.split(" address ")[1].strip()
+            ips.add(ip)
+            continue
+
+        # Ubuntu/Debian DHCP networkd (Journal)
+        if (
+            hasattr(record, "code_func")
+            and record.code_func == "dhcp_lease_acquired"
+            and " address " in line
+            and " via " in line
+        ):
+            interface, ip, netmask, gateway = re.search(
+                r"^(\S+): DHCPv[4|6] address (\S+)\/(\S+) via (\S+)", line
+            ).groups()
+            ips.add(ip)
+            continue
+
+        # Journals and syslogs can be large and slow to iterate,
+        # so we stop if we have some results and have reached the journal plugin.
+        if len(ips) >= 2 and record._desc.name == "linux/log/journal":
+            break
 
     return ips
 

dissect/target/plugins/apps/ssh/openssh.py

@@ -1,3 +1,4 @@
+import base64
 import re
 from itertools import product
 from pathlib import Path
@@ -14,6 +15,7 @@ from dissect.target.plugins.apps.ssh.ssh import (
     PrivateKeyRecord,
     PublicKeyRecord,
     SSHPlugin,
+    calculate_fingerprints,
 )
 
 
@@ -143,12 +145,14 @@ class OpenSSHPlugin(SSHPlugin):
                 continue
 
             key_type, public_key, comment = parse_ssh_public_key_file(file_path)
+            fingerprints = calculate_fingerprints(base64.b64decode(public_key))
 
             yield PublicKeyRecord(
                 mtime_ts=file_path.stat().st_mtime,
                 key_type=key_type,
                 public_key=public_key,
                 comment=comment,
+                fingerprint=fingerprints,
                 path=file_path,
                 _target=self.target,
                 _user=user,

dissect/target/plugins/apps/ssh/putty.py

@@ -1,4 +1,5 @@
 import logging
+from base64 import b64decode
 from datetime import datetime
 from pathlib import Path
 from typing import Iterator, Optional, Union
@@ -12,7 +13,11 @@ from dissect.target.helpers.fsutil import TargetPath, open_decompress
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.helpers.regutil import RegistryKey
 from dissect.target.plugin import export
-from dissect.target.plugins.apps.ssh.ssh import KnownHostRecord, SSHPlugin
+from dissect.target.plugins.apps.ssh.ssh import (
+    KnownHostRecord,
+    SSHPlugin,
+    calculate_fingerprints,
+)
 from dissect.target.plugins.general.users import UserDetails
 
 log = logging.getLogger(__name__)
@@ -96,12 +101,15 @@ class PuTTYPlugin(SSHPlugin):
             key_type, host = entry.name.split("@")
             port, host = host.split(":")
 
+            public_key, fingerprints = construct_public_key(key_type, entry.value)
+
             yield KnownHostRecord(
                 mtime_ts=ssh_host_keys.ts,
                 host=host,
                 port=port,
                 key_type=key_type,
-                public_key=construct_public_key(key_type, entry.value),
+                public_key=public_key,
+                fingerprint=fingerprints,
                 comment="",
                 marker=None,
                 path=windows_path(ssh_host_keys.path),
@@ -121,12 +129,15 @@ class PuTTYPlugin(SSHPlugin):
                 key_type, host = parts[0].split("@")
                 port, host = host.split(":")
 
+                public_key, fingerprints = construct_public_key(key_type, parts[1])
+
                 yield KnownHostRecord(
                     mtime_ts=ts,
                     host=host,
                     port=port,
                     key_type=key_type,
-                    public_key=construct_public_key(key_type, parts[1]),
+                    public_key=public_key,
+                    fingerprint=fingerprints,
                     comment="",
                     marker=None,
                     path=posix_path(ssh_host_keys_path),
@@ -197,8 +208,8 @@ def parse_host_user(host: str, user: str) -> tuple[str, str]:
     return host, user
 
 
-def construct_public_key(key_type: str, iv: str) -> str:
-    """Returns OpenSSH format public key calculated from PuTTY SshHostKeys format.
+def construct_public_key(key_type: str, iv: str) -> tuple[str, tuple[str, str, str]]:
+    """Returns OpenSSH format public key calculated from PuTTY SshHostKeys format and set of fingerprints.
 
     PuTTY stores raw public key components instead of OpenSSH-formatted public keys
     or fingerprints. With RSA public keys the exponent and modulus are stored.
@@ -206,9 +217,7 @@ def construct_public_key(key_type: str, iv: str) -> str:
 
     Currently supports ``ssh-ed25519``, ``ecdsa-sha2-nistp256`` and ``rsa2`` key types.
 
-    NOTE:
-        - Sha256 fingerprints of the reconstructed public keys are currently not generated.
-        - More key types could be supported in the future.
+    NOTE: More key types could be supported in the future.
 
     Resources:
         - https://github.com/github/putty/blob/master/contrib/kh2reg.py
@@ -217,20 +226,33 @@ def construct_public_key(key_type: str, iv: str) -> str:
         - https://github.com/mkorthof/reg2kh
     """
 
+    if not isinstance(key_type, str) or not isinstance(iv, str):
+        raise ValueError("Invalid key_type or iv")
+
+    key = None
+
     if key_type == "ssh-ed25519":
         x, y = iv.split(",")
         key = ECC.construct(curve="ed25519", point_x=int(x, 16), point_y=int(y, 16))
-        return key.public_key().export_key(format="OpenSSH").split()[-1]
 
     if key_type == "ecdsa-sha2-nistp256":
         _, x, y = iv.split(",")
         key = ECC.construct(curve="NIST P-256", point_x=int(x, 16), point_y=int(y, 16))
-        return key.public_key().export_key(format="OpenSSH").split()[-1]
 
     if key_type == "rsa2":
         exponent, modulus = iv.split(",")
         key = RSA.construct((int(modulus, 16), int(exponent, 16)))
-        return key.public_key().export_key(format="OpenSSH").decode("utf-8").split()[-1]
 
-    log.warning("Could not reconstruct public key: type %s not implemented.", key_type)
-    return iv
+    if key is None:
+        log.warning("Could not reconstruct public key: type %s not implemented", key_type)
+        return iv, (None, None, None)
+
+    openssh_public_key = key.public_key().export_key(format="OpenSSH")
+
+    if isinstance(openssh_public_key, bytes):
+        # RSA's export_key() returns bytes
+        openssh_public_key = openssh_public_key.decode()
+
+    key_part = openssh_public_key.split()[-1]
+    fingerprints = calculate_fingerprints(b64decode(key_part))
+    return key_part, fingerprints

dissect/target/plugins/apps/ssh/ssh.py

@@ -1,3 +1,6 @@
+import base64
+from hashlib import md5, sha1, sha256
+
 from dissect.target.helpers.descriptor_extensions import UserRecordDescriptorExtension
 from dissect.target.helpers.record import create_extended_descriptor
 from dissect.target.plugin import NamespacePlugin
@@ -29,6 +32,7 @@ KnownHostRecord = OpenSSHUserRecordDescriptor(
         ("varint", "port"),
         ("string", "public_key"),
         ("string", "marker"),
+        ("digest", "fingerprint"),
     ],
 )
 
@@ -50,9 +54,45 @@ PublicKeyRecord = OpenSSHUserRecordDescriptor(
         ("datetime", "mtime_ts"),
         *COMMON_ELLEMENTS,
         ("string", "public_key"),
+        ("digest", "fingerprint"),
     ],
 )
 
 
 class SSHPlugin(NamespacePlugin):
     __namespace__ = "ssh"
+
+
+def calculate_fingerprints(public_key_decoded: bytes, ssh_keygen_format: bool = False) -> tuple[str, str, str]:
+    """Calculate the MD5, SHA1 and SHA256 digest of the given decoded public key.
+
+    Adheres as much as possible to the output provided by ssh-keygen when ``ssh_keygen_format``
+    parameter is set to ``True``. When set to ``False`` (default) hexdigests are calculated
+    instead for ``sha1``and ``sha256``.
+
+    Resources:
+        - https://en.wikipedia.org/wiki/Public_key_fingerprint
+        - https://man7.org/linux/man-pages/man1/ssh-keygen.1.html
+        - ``ssh-keygen -l -E <alg> -f key.pub``
+    """
+    if not public_key_decoded:
+        raise ValueError("No decoded public key provided")
+
+    if not isinstance(public_key_decoded, bytes):
+        raise ValueError("Provided public key should be bytes")
+
+    if public_key_decoded[0:3] != b"\x00\x00\x00":
+        raise ValueError("Provided value does not look like a public key")
+
+    digest_md5 = md5(public_key_decoded).digest()
+    digest_sha1 = sha1(public_key_decoded).digest()
+    digest_sha256 = sha256(public_key_decoded).digest()
+
+    if ssh_keygen_format:
+        fingerprint_sha1 = base64.b64encode(digest_sha1).rstrip(b"=").decode()
+        fingerprint_sha256 = base64.b64encode(digest_sha256).rstrip(b"=").decode()
+    else:
+        fingerprint_sha1 = digest_sha1.hex()
+        fingerprint_sha256 = digest_sha256.hex()
+
+    return digest_md5.hex(), fingerprint_sha1, fingerprint_sha256

dissect/target/plugins/os/unix/log/messages.py

@@ -1,7 +1,8 @@
 import re
-from itertools import chain
+from pathlib import Path
 from typing import Iterator
 
+from dissect.target import Target
 from dissect.target.exceptions import UnsupportedPluginError
 from dissect.target.helpers.record import TargetRecordDescriptor
 from dissect.target.helpers.utils import year_rollover_helper
@@ -23,17 +24,28 @@ RE_TS = re.compile(r"(\w+\s{1,2}\d+\s\d{2}:\d{2}:\d{2})")
 RE_DAEMON = re.compile(r"^[^:]+:\d+:\d+[^\[\]:]+\s([^\[:]+)[\[|:]{1}")
 RE_PID = re.compile(r"\w\[(\d+)\]")
 RE_MSG = re.compile(r"[^:]+:\d+:\d+[^:]+:\s(.*)$")
+RE_CLOUD_INIT_LINE = re.compile(r"(?P<ts>.*) - (?P<daemon>.*)\[(?P<log_level>\w+)\]\: (?P<message>.*)$")
 
 
 class MessagesPlugin(Plugin):
+    def __init__(self, target: Target):
+        super().__init__(target)
+        self.log_files = set(self._find_log_files())
+
+    def _find_log_files(self) -> Iterator[Path]:
+        log_dirs = ["/var/log/", "/var/log/installer/"]
+        file_globs = ["syslog*", "messages*", "cloud-init.log*"]
+        for log_dir in log_dirs:
+            for glob in file_globs:
+                yield from self.target.fs.path(log_dir).glob(glob)
+
     def check_compatible(self) -> None:
-        var_log = self.target.fs.path("/var/log")
-        if not any(var_log.glob("syslog*")) and not any(var_log.glob("messages*")):
-            raise UnsupportedPluginError("No message files found")
+        if not self.log_files:
+            raise UnsupportedPluginError("No log files found")
 
     @export(record=MessagesRecord)
     def syslog(self) -> Iterator[MessagesRecord]:
-        """Return contents of /var/log/messages* and /var/log/syslog*.
+        """Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs.
 
         See ``messages`` for more information.
         """
@@ -41,7 +53,7 @@ class MessagesPlugin(Plugin):
 
     @export(record=MessagesRecord)
     def messages(self) -> Iterator[MessagesRecord]:
-        """Return contents of /var/log/messages* and /var/log/syslog*.
+        """Return contents of /var/log/messages*, /var/log/syslog* and cloud-init logs.
 
         Note: due to year rollover detection, the contents of the files are returned in reverse.
 
@@ -52,12 +64,16 @@ class MessagesPlugin(Plugin):
         References:
             - https://geek-university.com/linux/var-log-messages-file/
             - https://www.geeksforgeeks.org/file-timestamps-mtime-ctime-and-atime-in-linux/
+            - https://cloudinit.readthedocs.io/en/latest/development/logging.html#logging-command-output
         """
 
         tzinfo = self.target.datetime.tzinfo
 
-        var_log = self.target.fs.path("/var/log")
-        for log_file in chain(var_log.glob("syslog*"), var_log.glob("messages*")):
+        for log_file in self.log_files:
+            if "cloud-init" in log_file.name:
+                yield from self._parse_cloud_init_log(log_file)
+                continue
+
             for ts, line in year_rollover_helper(log_file, RE_TS, DEFAULT_TS_LOG_FORMAT, tzinfo):
                 daemon = dict(enumerate(RE_DAEMON.findall(line))).get(0)
                 pid = dict(enumerate(RE_PID.findall(line))).get(0)
@@ -71,3 +87,32 @@ class MessagesPlugin(Plugin):
                     source=log_file,
                     _target=self.target,
                 )
+
+    def _parse_cloud_init_log(self, log_file: Path) -> Iterator[MessagesRecord]:
+        """Parse a cloud-init.log file.
+
+        Lines are structured in the following format:
+        ``YYYY-MM-DD HH:MM:SS,000 - dhcp.py[DEBUG]: Received dhcp lease on IFACE for IP/MASK``
+
+        NOTE: ``cloud-init-output.log`` files are not supported as they do not contain structured logs.
+
+        Args:
+            ``log_file``: path to cloud-init.log file.
+
+        Returns: ``MessagesRecord``
+        """
+        for line in log_file.open("rt").readlines():
+            if line := line.strip():
+                if match := RE_CLOUD_INIT_LINE.match(line):
+                    match = match.groupdict()
+                    yield MessagesRecord(
+                        ts=match["ts"].split(",")[0],
+                        daemon=match["daemon"],
+                        pid=None,
+                        message=match["message"],
+                        source=log_file,
+                        _target=self.target,
+                    )
+                else:
+                    self.target.log.warning("Could not match cloud-init log line")
+                    self.target.log.debug("No match for line '%s'", line)

{dissect.target-3.17.dev25.dist-info → dissect.target-3.17.dev27.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: dissect.target
-Version: 3.17.dev25
+Version: 3.17.dev27
 Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
 Author-email: Dissect Team <dissect@fox-it.com>
 License: Affero General Public License v3

{dissect.target-3.17.dev25.dist-info → dissect.target-3.17.dev27.dist-info}/RECORD

@@ -57,7 +57,7 @@ dissect/target/helpers/loaderutil.py,sha256=kiyMWra_gVxfNSGwLlgxLcuuqAYuCMDc5NiC
 dissect/target/helpers/localeutil.py,sha256=Y4Fh4jDSGfm5356xSLMriUCN8SZP_FAHg_iodkAxNq4,1504
 dissect/target/helpers/mount.py,sha256=JxhUYyEbDnHfzPpfuWy4nV9OwCJPoDSGdHHNiyvd_l0,3949
 dissect/target/helpers/mui.py,sha256=i-7XoHbu4WO2fYapK9yGAMW04rFlgRispknc1KQIS5Q,22258
-dissect/target/helpers/network_managers.py,sha256=OgrYhbBqM6K5OfUnCdTLG0RBrR-DcpR1CPezbNddK7k,24667
+dissect/target/helpers/network_managers.py,sha256=uRh_P8ICbKke2N7eFJ6AS2-I5DmIRiaQUlxR7oqxPaU,24975
 dissect/target/helpers/polypath.py,sha256=h8p7m_OCNiQljGwoZh5Aflr9H2ot6CZr6WKq1OSw58o,2175
 dissect/target/helpers/protobuf.py,sha256=NwKrZD4q9v7J8GnZX9gbzMUMV5pR78eAV17jgWOz_EY,1730
 dissect/target/helpers/record.py,sha256=lWl7k2Mp9Axllm0tXzPGJx2zj2zONsyY_p5g424T0Lc,4826
@@ -133,10 +133,10 @@ dissect/target/plugins/apps/remoteaccess/teamviewer.py,sha256=SiEH36HM2NvdPuCjfL
 dissect/target/plugins/apps/shell/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/shell/powershell.py,sha256=biPSMRWxPI6kRqP0-75yMtrw0Ti2Bzfl_xI3xbmmF48,2641
 dissect/target/plugins/apps/ssh/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-dissect/target/plugins/apps/ssh/openssh.py,sha256=jDNP8aq9JHivosexPlxWRUgeJo1MHclb336dzO1zRJc,7086
+dissect/target/plugins/apps/ssh/openssh.py,sha256=yt3bX93Q9wfF25_vG9APMwfZWUUqCPyLlVJdhu20syI,7250
 dissect/target/plugins/apps/ssh/opensshd.py,sha256=DaXKdgGF3GYHHA4buEvphcm6FF4C8YFjgD96Dv6rRnM,5510
-dissect/target/plugins/apps/ssh/putty.py,sha256=N8ssjutUVN50JNA5fEIVISbP5sJ7bGTFidRbX3uNG5Y,9404
-dissect/target/plugins/apps/ssh/ssh.py,sha256=uCaoWlT2bgKLUHA1aL6XymJDWJ8JmLsN8PB1C66eidY,1409
+dissect/target/plugins/apps/ssh/putty.py,sha256=bTX6ZU6zsc78zBdsBGUotc_ek_E1a7HSowoqD1y4PzA,9927
+dissect/target/plugins/apps/ssh/ssh.py,sha256=tTA87u0B8yY1yVCPV0VJdRUct6ggkir_pIziP-eKnVo,3009
 dissect/target/plugins/apps/vpn/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/apps/vpn/openvpn.py,sha256=d-DGINTIHP_bvv3T09ZwbezHXGctvCyAhJ482m2_-a0,7654
 dissect/target/plugins/apps/vpn/wireguard.py,sha256=SoAMED_bwWJQ3nci5qEY-qV4wJKSSDZQ8K7DoJRYq0k,6521
@@ -247,7 +247,7 @@ dissect/target/plugins/os/unix/log/audit.py,sha256=OjorWTmCFvCI5RJq6m6WNW0Lhb-po
 dissect/target/plugins/os/unix/log/auth.py,sha256=l7gCuRdvv9gL0U1N0yrR9hVsMnr4t_k4t-n-f6PrOxg,2388
 dissect/target/plugins/os/unix/log/journal.py,sha256=eiNNVLmKWFj4dTQX8PNRNgKpVwzQWEHEsKyYfGUAPXQ,17376
 dissect/target/plugins/os/unix/log/lastlog.py,sha256=eL_dbB1sPoy0tyavIjT457ZLVfXcCr17GiwDrMEEh8A,2458
-dissect/target/plugins/os/unix/log/messages.py,sha256=W3CeI0tchdRql9SKLFDxk9AKwUvqIrnpCujcERvDt90,2846
+dissect/target/plugins/os/unix/log/messages.py,sha256=CXA-SkMPLaCgnTQg9nzII-7tO8Il_ENQmuYvDxo33rI,4698
 dissect/target/plugins/os/unix/log/utmp.py,sha256=21tvzG977LqzRShV6uAoU-83WDcLUrI_Tv__2ZVi9rw,7756
 dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 dissect/target/plugins/os/windows/_os.py,sha256=EA9B9Rgb1C9NMvlX3gXhTRFXYaI6zrrKRg0OYq4v1ts,12589
@@ -336,10 +336,10 @@ dissect/target/volumes/luks.py,sha256=OmCMsw6rCUXG1_plnLVLTpsvE1n_6WtoRUGQbpmu1z
 dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
 dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
 dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
-dissect.target-3.17.dev25.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
-dissect.target-3.17.dev25.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
-dissect.target-3.17.dev25.dist-info/METADATA,sha256=9gF0AAh1PZsU75RQtErozfTPL0q2jyWQo1i76L34lR0,11300
-dissect.target-3.17.dev25.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-dissect.target-3.17.dev25.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
-dissect.target-3.17.dev25.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
-dissect.target-3.17.dev25.dist-info/RECORD,,
+dissect.target-3.17.dev27.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
+dissect.target-3.17.dev27.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
+dissect.target-3.17.dev27.dist-info/METADATA,sha256=3-kTMZehcHT31jjm50J9_Msj1Pw6LqWUMsiMaSaLiBY,11300
+dissect.target-3.17.dev27.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+dissect.target-3.17.dev27.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
+dissect.target-3.17.dev27.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
+dissect.target-3.17.dev27.dist-info/RECORD,,