Skip to content
/ Win_ZIP_password Public

Python script to hook ZIP files passwords in Windows 10

72 stars 20 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

vah13/Win_ZIP_password

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits

README.md

README.md

 
 

hook.js

hook.js

 
 

hook2.gif

hook2.gif

 
 

main.py

main.py

 
 

Repository files navigation

Win_ZIP_password

Description:

With Windows 10, Microsoft added a new feature for encrypted ZIP files to increase user-friendliness. When you open an encrypted ZIP file, Windows 10 saves the password to memory. When you try to open the same ZIP file again, Windows takes the file path, searches the memory and will use the stored password.

I saw that if you hook SHUnicodeToAnsi from ShLwApi.dll while opening a ZIP, you can see the password of the encrypted ZIP file.

(https://raw.githubusercontent.com/vah13/Win_ZIP_password/master/hook2.gif)

Windows 10 version

OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.17134 N/A Build 17134
explorer.exe               10.0.17134.1

TODO

Need to

  1. Get all ZIP files paths from explorer.exe and extract passwords
  2. Analyze password storage (because if you kill explorer.exe process and run it, the method works)

Useful for

CTF/Forensic

Thank you

https://twitter.com/NewFranny https://www.reddit.com/user/TheMooligan101

About

Python script to hook ZIP files passwords in Windows 10

Topics

security windows-10 frida

Resources

Readme
Activity

Stars

72 stars

Watchers

5 watching

Forks

20 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages