Credentials from collection/prompt now scraped into the creds db
Harmj0y
parent
a669c85824
commit
c021bdf6f3
|
|
@ -892,6 +892,19 @@ class Agents:
|
||||||
|
|
||||||
# dynamic script output -> blocking
|
# dynamic script output -> blocking
|
||||||
self.update_agent_results(sessionID, data)
|
self.update_agent_results(sessionID, data)
|
||||||
|
|
||||||
|
# see if there are any credentials to parse
|
||||||
|
time = helpers.get_datetime()
|
||||||
|
creds = helpers.parse_credentials(data)
|
||||||
|
for cred in creds:
|
||||||
|
|
||||||
|
hostname = cred[4]
|
||||||
|
|
||||||
|
if hostname == "":
|
||||||
|
hostname = self.get_agent_hostname(sessionID)
|
||||||
|
|
||||||
|
self.mainMenu.credentials.add_credential(cred[0], cred[1], cred[2], cred[3], hostname, cred[5], time)
|
||||||
|
|
||||||
# update the agent log
|
# update the agent log
|
||||||
self.save_agent_log(sessionID, data)
|
self.save_agent_log(sessionID, data)
|
||||||
|
|
||||||
|
|
@ -938,8 +951,8 @@ class Agents:
|
||||||
hostname = cred[4]
|
hostname = cred[4]
|
||||||
|
|
||||||
if hostname == "":
|
if hostname == "":
|
||||||
hostname = self.get_agent_hostname(sessionID
|
hostname = self.get_agent_hostname(sessionID)
|
||||||
)
|
|
||||||
self.mainMenu.credentials.add_credential(cred[0], cred[1], cred[2], cred[3], hostname, cred[5], time)
|
self.mainMenu.credentials.add_credential(cred[0], cred[1], cred[2], cred[3], hostname, cred[5], time)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -203,6 +203,42 @@ def strip_powershell_comments(data):
|
||||||
#
|
#
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
|
def parse_credentials(data):
|
||||||
|
"""
|
||||||
|
Parse module output, looking for any parseable sections.
|
||||||
|
"""
|
||||||
|
|
||||||
|
parts = data.split("\n")
|
||||||
|
|
||||||
|
# tag for Invoke-Mimikatz output
|
||||||
|
if parts[0].startswith("Hostname:"):
|
||||||
|
return parse_mimikatz(data)
|
||||||
|
|
||||||
|
# collection/prompt output
|
||||||
|
elif parts[0].startswith("[+] Prompted credentials:"):
|
||||||
|
|
||||||
|
parts = parts[0].split("->")
|
||||||
|
if len(parts) == 2:
|
||||||
|
|
||||||
|
username = parts[1].split(":",1)[0].strip()
|
||||||
|
password = parts[1].split(":",1)[1].strip()
|
||||||
|
|
||||||
|
if "\\" in username:
|
||||||
|
domain = username.split("\\")[0].strip()
|
||||||
|
username = username.split("\\")[1].strip()
|
||||||
|
else:
|
||||||
|
domain = ""
|
||||||
|
|
||||||
|
return [("plaintext", domain, username, password, "", "")]
|
||||||
|
|
||||||
|
else:
|
||||||
|
print helpers.color("[!] Error in parsing prompted credential output.")
|
||||||
|
return None
|
||||||
|
|
||||||
|
else:
|
||||||
|
return None
|
||||||
|
|
||||||
|
|
||||||
def parse_mimikatz(data):
|
def parse_mimikatz(data):
|
||||||
"""
|
"""
|
||||||
Parse the output from Invoke-Mimikatz to return credential sets.
|
Parse the output from Invoke-Mimikatz to return credential sets.
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue