Merge pull request #636 from malcomvetter/master

Capture OSX credentials from the Prompt Module in the Empire DB
2017-08-15 09:53:55 -04:00 · 2017-08-15 09:53:55 -04:00 · 8b8741242e
parent 37c72f0428 f8a4d8208d
commit 8b8741242e
1 changed files with 33 additions and 26 deletions
--- a/lib/common/helpers.py
+++ b/lib/common/helpers.py
@ -368,7 +368,7 @@ def parse_credentials(data):
    if parts[0].startswith("Hostname:"):
        return parse_mimikatz(data)

-    # collection/prompt output
+    # powershell/collection/prompt output
    elif parts[0].startswith("[+] Prompted credentials:"):

        parts = parts[0].split("->")
@ -389,6 +389,13 @@ def parse_credentials(data):
            print color("[!] Error in parsing prompted credential output.")
            return None

+    # python/collection/prompt (Mac OS)
+    elif "text returned:" in parts[0]:
+        parts2 = parts[0].split("text returned:")
+        if len(parts2) >= 2:
+            password = parts2[-1]
+            return [("plaintext", "", "", password, "", "")]
+
    else:
        return None

@ -608,7 +615,7 @@ def lhost():
                return socket.inet_ntoa(fcntl.ioctl(
                        s.fileno(),
                        0x8915,  # SIOCGIFADDR
-                        struct.pack('256s', str(ifname[:15]))
+                        struct.pack('256s', ifname[:15])
                    )[20:24])
            except IOError as e:
                return ""