swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
NetExec/cme/protocols/smb/db_navigator.py

573 lines
22 KiB
Python
Raw Normal View History

Adding shebang and encoding utf-8 for all python files
2022-07-18 23:59:14 +00:00
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
from cme.helpers.misc import validate_ntlm
feat(cmedb): add help string to shares command
2023-03-06 23:41:33 +00:00
from cme.cmedb import DatabaseNavigator, print_table, print_help
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
class navigator(DatabaseNavigator):
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
def display_creds(self, creds):
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
data = [['CredID', 'Admin On', 'CredType', 'Domain', 'UserName', 'Password']]
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
for cred in creds:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id = cred[0]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
# pillaged_from = cred[5]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
links = self.db.get_admin_relations(user_id=cred_id)
data.append([cred_id, str(len(links)) + ' Host(s)', credtype, domain, username, password])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Credentials')
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
def display_groups(self, groups):
fix(cmedb): fix group display columns
2023-03-16 22:02:48 +00:00
data = [['GroupID', 'Domain', 'Name', 'RID', 'Enumerated Members', 'AD Members', 'Last Query Time']]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
for group in groups:
small formatting fix in db_navigator
2023-03-05 02:48:19 +00:00
group_id = group[0]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
domain = group[1]
name = group[2]
fix(cmedb): fix group display columns
2023-03-16 22:02:48 +00:00
rid = group[3]
small formatting fix in db_navigator
2023-03-05 02:48:19 +00:00
members = len(self.db.get_group_relations(group_id=group_id))
fix(cmedb): fix group display columns
2023-03-16 22:02:48 +00:00
ad_members = group[4]
last_query_time = group[5]
data.append([group_id, domain, name, rid, members, ad_members, last_query_time])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Groups')
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
refactor(cmedb): pass dbengine object instead of session object
2023-03-05 00:00:20 +00:00
# pull/545
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
def display_hosts(self, hosts):
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data = [[
'HostID',
'Admins',
'IP',
'Hostname',
'Domain',
'OS',
'SMBv1',
'Signing',
'Spooler',
'Zerologon',
'PetitPotam'
]]
finish adding smbv1 and signing into cmedb
2022-06-18 21:43:09 +00:00
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
for host in hosts:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
host_id = host[0]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
ip = host[1]
hostname = host[2]
domain = host[3]
feat(cmedb): add additional fields to smb db
2023-03-03 14:50:28 +00:00
Fix cmedb encoding error #439
2021-01-21 10:08:06 +00:00
try:
os = host[4].decode()
except:
os = host[4]
finish adding smbv1 and signing into cmedb
2022-06-18 21:43:09 +00:00
try:
smbv1 = host[6]
signing = host[7]
fix(display table): properly check for new DB additions and clean up previous checks
2023-03-03 17:04:46 +00:00
except IndexError:
smbv1 = ''
signing = ''
try:
spooler = host[8]
zerologon = host[9]
petitpotam = host[10]
except IndexError:
spooler = ''
zerologon = ''
petitpotam = ''
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
links = self.db.get_admin_relations(host_id=host_id)
data.append([
host_id,
str(len(links)) + ' Cred(s)',
ip,
hostname,
domain,
os,
smbv1,
signing,
spooler,
zerologon,
petitpotam
])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Hosts')
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
def display_shares(self, shares):
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
data = [["ShareID", "host", "Name", "Remark", "Read Access", "Write Access"]]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
for share in shares:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
share_id = share[0]
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id = share[1]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
name = share[3]
remark = share[4]
users_r_access = self.db.get_users_with_share_access(
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id=host_id,
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
share_name=name,
permissions='r'
)
users_w_access = self.db.get_users_with_share_access(
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id=host_id,
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
share_name=name,
permissions='w'
)
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([
share_id,
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id,
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
name,
remark,
f"{len(users_r_access)} User(s)",
f"{len(users_w_access)} Users"
])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data)
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
def do_shares(self, line):
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
filter_term = line.strip()
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
if filter_term == "":
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
shares = self.db.get_shares()
self.display_shares(shares)
feat(smbdb): add feature to allow search on r/w/rw shares
2023-03-09 22:39:07 +00:00
elif filter_term in ["r", "w", "rw"]:
shares = self.db.get_shares_by_access(line)
self.display_shares(shares)
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
else:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
shares = self.db.get_shares(filter_term=filter_term)
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
if len(shares) > 1:
self.display_shares(shares)
elif len(shares) == 1:
share = shares[0]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
share_id = share[0]
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id = share[1]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
name = share[3]
remark = share[4]
users_r_access = self.db.get_users_with_share_access(
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id=host_id,
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
share_name=name,
permissions='r'
)
users_w_access = self.db.get_users_with_share_access(
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host_id=host_id,
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
share_name=name,
permissions='w'
)
small formatting fix in db_navigator
2023-03-05 02:48:19 +00:00
data = [["ShareID", "Name", "Remark"], [share_id, name, remark]]
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Share')
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
host = self.db.get_hosts(filter_term=host_id)[0]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
data = [['HostID', 'IP', 'Hostname', 'Domain', 'OS', 'DC']]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
host_id = host[0]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
ip = host[1]
hostname = host[2]
domain = host[3]
os = host[4]
dc = host[5]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([host_id, ip, hostname, domain, os, dc])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Share Location')
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
if users_r_access:
data = [['CredID', 'CredType', 'Domain', 'UserName', 'Password']]
for user in users_r_access:
userid = user[0]
feat(cmedb): update some functions for smb.creds
2023-03-04 01:38:31 +00:00
creds = self.db.get_credentials(filter_term=userid)
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
for cred in creds:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id = cred[0]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([cred_id, credtype, domain, username, password])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Users(s) with Read Access')
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
if users_w_access:
data = [['CredID', 'CredType', 'Domain', 'UserName', 'Password']]
for user in users_w_access:
userid = user[0]
feat(cmedb): update some functions for smb.creds
2023-03-04 01:38:31 +00:00
creds = self.db.get_credentials(filter_term=userid)
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
for cred in creds:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id = cred[0]
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([cred_id, credtype, domain, username, password])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Users(s) with Write Access')
Version 5.1.3 🔥 - Replaced Gevent with AsyncIO - Shares are now logged in the database and can be queried - You can now press enter while a scan is being performed and CME will give you a completion percentage and the number of hosts remaining to scan
2020-11-15 23:42:28 +00:00
feat(cmedb): add help string to shares command
2023-03-06 23:41:33 +00:00
def help_shares(self):
help_string = """
shares [filter_term]
By default prints all shares
Can use a filter term to filter shares
"""
print_help(help_string)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
def do_groups(self, line):
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
filter_term = line.strip()
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
if filter_term == "":
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
groups = self.db.get_groups()
self.display_groups(groups)
else:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
groups = self.db.get_groups(filter_term=filter_term)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
if len(groups) > 1:
self.display_groups(groups)
elif len(groups) == 1:
fix(cmedb): fix group display columns
2023-03-16 22:02:48 +00:00
data = [['GroupID', 'Domain', 'Name', 'RID', 'Enumerated Members', 'AD Members', 'Last Query Time']]
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
for group in groups:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
group_id = group[0]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
domain = group[1]
name = group[2]
fix(cmedb): fix group display columns
2023-03-16 22:02:48 +00:00
rid = group[3]
members = len(self.db.get_group_relations(group_id=group_id))
ad_members = group[4]
last_query_time = group[5]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
fix(cmedb): fix group display columns
2023-03-16 22:02:48 +00:00
data.append([group_id, domain, name, rid, members, ad_members, last_query_time])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Group')
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
data = [['CredID', 'CredType', 'Pillaged From HostID', 'Domain', 'UserName', 'Password']]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
for group in groups:
feat(cmedb): update queries for smb.hosts
2023-03-04 00:37:02 +00:00
members = self.db.get_group_relations(group_id=group[0])
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
for member in members:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
_, userid, _ = member
feat(cmedb): update some functions for smb.creds
2023-03-04 01:38:31 +00:00
creds = self.db.get_credentials(filter_term=userid)
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
for cred in creds:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id = cred[0]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
pillaged_from = cred[5]
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([cred_id, credtype, pillaged_from, domain, username, password])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Member(s)')
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
feat(cmedb): add help string to groups command
2023-03-06 23:42:34 +00:00
def help_groups(self):
help_string = """
groups [filter_term]
By default prints all groups
Can use a filter term to filter groups
"""
print_help(help_string)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
def do_hosts(self, line):
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
filter_term = line.strip()
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
if filter_term == "":
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
hosts = self.db.get_hosts()
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
self.display_hosts(hosts)
else:
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
hosts = self.db.get_hosts(filter_term=filter_term)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
if len(hosts) > 1:
self.display_hosts(hosts)
elif len(hosts) == 1:
feat(cmedb): update table when printing specific host to include additional info
2023-03-09 23:28:35 +00:00
data = [[
'HostID',
'IP',
'Hostname',
'Domain',
'OS',
'DC',
'SMBv1',
'Signing',
'Spooler',
'Zerologon',
'PetitPotam'
]]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
host_id_list = []
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
for host in hosts:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
host_id = host[0]
host_id_list.append(host_id)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
ip = host[1]
hostname = host[2]
domain = host[3]
feat(cmedb): update table when printing specific host to include additional info
2023-03-09 23:28:35 +00:00
try:
os = host[4].decode()
except:
os = host[4]
try:
dc = host[5]
except IndexError:
dc = ''
try:
smbv1 = host[6]
signing = host[7]
except IndexError:
smbv1 = ''
signing = ''
try:
spooler = host[8]
zerologon = host[9]
petitpotam = host[10]
except IndexError:
spooler = ''
zerologon = ''
petitpotam = ''
data.append([
host_id,
ip,
hostname,
domain,
os,
dc,
smbv1,
signing,
spooler,
zerologon,
petitpotam,
])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Host')
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
data = [['CredID', 'CredType', 'Domain', 'UserName', 'Password']]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
for host_id in host_id_list:
links = self.db.get_admin_relations(host_id=host_id)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
for link in links:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
link_id, cred_id, host_id = link
creds = self.db.get_credentials(filter_term=cred_id)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
for cred in creds:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id = cred[0]
DB schema for the smb protocol is now final! - added two more attributes to use in modules:opsec_safe and multiple_hosts - renamed db function names - Added the python_injector module and it's necessary files as a reminder
2016-12-20 07:23:40 +00:00
domain = cred[1]
username = cred[2]
password = cred[3]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
credtype = cred[4]
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
# pillaged_from = cred[5]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([cred_id, credtype, domain, username, password])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Credential(s) with Admin Access')
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
feat(cmedb): add help string to hosts command
2023-03-06 23:45:44 +00:00
def help_hosts(self):
help_string = """
docs(cmedb): update help strings for smb cmedb
2023-03-10 04:36:31 +00:00
hosts [dc|spooler|zerologon|petitpotam|filter_term]
feat(cmedb): add help string to hosts command
2023-03-06 23:45:44 +00:00
By default prints all hosts
docs(cmedb): update help strings for smb cmedb
2023-03-10 04:36:31 +00:00
Table format:
| 'HostID', 'IP', 'Hostname', 'Domain', 'OS', 'DC', 'SMBv1', 'Signing', 'Spooler', 'Zerologon', 'PetitPotam' |
Subcommands:
dc - list all domain controllers
spooler - list all hosts with Spooler service enabled
zerologon - list all hosts vulnerable to zerologon
petitpotam - list all hosts vulnerable to petitpotam
filter_term - filters hosts with filter_term
If a single host is returned (e.g. `hosts 15`, it prints the following tables:
Host | 'HostID', 'IP', 'Hostname', 'Domain', 'OS', 'DC', 'SMBv1', 'Signing', 'Spooler', 'Zerologon', 'PetitPotam' |
Credential(s) with Admin Access | 'CredID', 'CredType', 'Domain', 'UserName', 'Password' |
Otherwise, it prints the default host table from a `like` query on the `ip` and `hostname` columns
feat(cmedb): add help string to hosts command
2023-03-06 23:45:44 +00:00
"""
print_help(help_string)
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
def do_dpapi(self, line):
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
filter_term = line.strip()
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
if filter_term == "":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets()
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
elif filter_term.split()[0].lower() == "browser":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets(dpapi_type="MSEDGE")
secrets += self.db.get_dpapi_secrets(dpapi_type="GOOGLE CHROME")
secrets += self.db.get_dpapi_secrets(dpapi_type="IEX")
secrets += self.db.get_dpapi_secrets(dpapi_type="FIREFOX")
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
elif filter_term.split()[0].lower() == "chrome":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets(dpapi_type="GOOGLE CHROME")
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
elif filter_term.split()[0].lower() == "msedge":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets(dpapi_type="MSEDGE")
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
elif filter_term.split()[0].lower() == "credentials":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets(dpapi_type="CREDENTIAL")
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
elif filter_term.split()[0].lower() == "iex":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets(dpapi_type="IEX")
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
elif filter_term.split()[0].lower() == "firefox":
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
secrets = self.db.get_dpapi_secrets(dpapi_type="FIREFOX")
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
else:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets = self.db.get_dpapi_secrets(filter_term=filter_term)
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
if len(secrets) > 0:
fix(dpapi): update dpapi feature to sqlalchmey and update formatting
2023-03-14 05:24:42 +00:00
secrets.insert(0, ["ID", "Host", "DPAPI Type", "Windows User", "Username", "Password", "URL"])
print_table(secrets, title='DPAPI Secrets')
store dpapi secrets in cmedb
2023-02-22 12:58:53 +00:00
add helper for cmedb dpapi
2023-03-21 09:41:10 +00:00
def help_dpapi(self):
help_string = """
dpapi [browser|chrome|msedge|credentials|iex|firefox|filter_term]
By default prints all dpapi dumped secrets
Table format:
| 'ID', 'Host', 'DPAPI Type', 'Windows User', 'Username', 'Password', 'URL' |
Subcommands:
browser - list all secrets dumped from browser
chrome - list all secrets dumped from chrome
msedge - list all secrets dumped from microsoft edge
credentials - list all secrets dumped from credential manager (user and system)
iex - list all secrets dumped from Internet Explorer
firefox - list all secrets dumped from Firefox
filter_term - filters dpapi secrets with filter_term
"""
print_help(help_string)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
def do_creds(self, line):
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
filter_term = line.strip()
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
if filter_term == "":
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
creds = self.db.get_credentials()
self.display_creds(creds)
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
elif filter_term.split()[0].lower() == "add":
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
# add format: "domain username password <notes> <credType> <sid>
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
args = filter_term.split()[1:]
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
if len(args) == 3:
domain, username, password = args
if validate_ntlm(password):
self.db.add_credential("hash", domain, username, password)
else:
self.db.add_credential("plaintext", domain, username, password)
else:
Migrate cmedb to python3
2019-11-12 21:39:26 +00:00
print("[!] Format is 'add domain username password")
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
return
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
elif filter_term.split()[0].lower() == "remove":
args = filter_term.split()[1:]
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
if len(args) != 1:
Migrate cmedb to python3
2019-11-12 21:39:26 +00:00
print("[!] Format is 'remove <credID>'")
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
return
else:
self.db.remove_credentials(args)
feat(cmedb): update queries and fix parameter names
2023-03-04 20:33:07 +00:00
self.db.remove_admin_relation(user_ids=args)
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
elif filter_term.split()[0].lower() == "plaintext":
feat(cmedb): update some functions for smb.creds
2023-03-04 01:38:31 +00:00
creds = self.db.get_credentials(cred_type="plaintext")
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
self.display_creds(creds)
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
elif filter_term.split()[0].lower() == "hash":
feat(cmedb): update some functions for smb.creds
2023-03-04 01:38:31 +00:00
creds = self.db.get_credentials(cred_type="hash")
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
self.display_creds(creds)
else:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
creds = self.db.get_credentials(filter_term=filter_term)
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
if len(creds) != 1:
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
self.display_creds(creds)
elif len(creds) == 1:
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
data = [['CredID', 'CredType', 'Pillaged From HostID', 'Domain', 'UserName', 'Password']]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id_list = []
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
for cred in creds:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
cred_id = cred[0]
cred_id_list.append(cred_id)
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
domain = cred[1]
username = cred[2]
password = cred[3]
credtype = cred[4]
pillaged_from = cred[5]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([cred_id, credtype, pillaged_from, domain, username, password])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Credential(s)')
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
data = [['GroupID', 'Domain', 'Name']]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
for cred_id in cred_id_list:
feat(smbdb): add help_creds
2023-03-08 06:43:55 +00:00
links = self.db.get_group_relations(user_id=cred_id)
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
for link in links:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
link_id, user_id, group_id = link
groups = self.db.get_groups(group_id)
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
for group in groups:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
group_id = group[0]
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
domain = group[1]
name = group[2]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([group_id, domain, name])
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Member of Group(s)')
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
data = [['HostID', 'IP', 'Hostname', 'Domain', 'OS']]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
for cred_id in cred_id_list:
links = self.db.get_admin_relations(user_id=cred_id)
Initial commit for v4.0 Just fyi for anyone reading this, it's not even close to being finished. The amount of changes are pretty insane, this commit is to serve as a refrence point for myself. Highlights for v4.0: - The whole codebase has been re-written from scratch - Codebase has been cut around 2/4 - Protocols are now modular! In theory we could use CME for everything - Module chaining has been removed for now, still trying to figure out a more elegant solution - Workspaces have implemented in cmedb - The smb protocol's database schema has been changed to support storing users, groups and computers with their respective memberships and relations. - I'm in the process of re-writing most of the modules, will re-add them once i've finished
2016-12-15 07:28:00 +00:00
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
for link in links:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
link_id, cred_id, host_id = link
refactor: standardize nomenclature to uses 'hosts' instead of 'computers'
2023-03-12 02:25:23 +00:00
hosts = self.db.get_hosts(host_id)
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
for host in hosts:
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
host_id = host[0]
Y'all better be ready for this, initial 4.0 release - Fixed an edge case in gpp_decrypt.py also renamed to gpp_password - Added the gpp_autologin module - Added a workaround for the current impacket smb server bug in get_keystrokes - fixed formatting in the SMB database navigator - fixed an error where DC would have there dc attribute overwritten - Other stuff that i don't remember
2017-04-07 04:34:30 +00:00
ip = host[1]
hostname = host[2]
domain = host[3]
os = host[4]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
data.append([host_id, ip, hostname, domain, os])
fix(cmedb): import print_table from cmedb
2023-03-04 00:06:18 +00:00
print_table(data, title='Admin Access to Host(s)')
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
feat(smbdb): add help_creds
2023-03-08 06:43:55 +00:00
def help_creds(self):
help_string = """
creds [add|remove|plaintext|hash|filter_term]
By default prints all creds
Table format:
| 'CredID', 'Admin On', 'CredType', 'Domain', 'UserName', 'Password' |
Subcommands:
add - format: "add domain username password <notes> <credType> <sid>"
remove - format: "remove <credID>"
plaintext - prints plaintext creds
hash - prints hashed creds
filter_term - filters creds with filter_term
If a single credential is returned (e.g. `creds 15`, it prints the following tables:
Credential(s) | 'CredID', 'CredType', 'Pillaged From HostID', 'Domain', 'UserName', 'Password' |
Member of Group(s) | 'GroupID', 'Domain', 'Name' |
Admin Access to Host(s) | 'HostID', 'IP', 'Hostname', 'Domain', 'OS'
docs(cmedb): update help strings for smb cmedb
2023-03-10 04:36:31 +00:00
Otherwise, it prints the default credential table from a `like` query on the `username` column
feat(smbdb): add help_creds
2023-03-08 06:43:55 +00:00
"""
print_help(help_string)
feat(database): update each protocol to use sqlalchemy table reference and add database clear function; closes #189
2023-03-04 16:12:29 +00:00
def do_clear_database(self, line):
feat(dbs): add help string and confirmation for all database clear_database functions
2023-03-10 00:25:18 +00:00
if input("This will destroy all data in the current database, are you SURE you want to run this? (y/n): ") == "y":
self.db.clear_database()
def help_clear_database(self):
help_string = """
clear_database
THIS COMPLETELY DESTROYS ALL DATA IN THE CURRENTLY CONNECTED DATABASE
YOU CANNOT UNDO THIS COMMAND
"""
print_help(help_string)
feat(database): update each protocol to use sqlalchemy table reference and add database clear function; closes #189
2023-03-04 16:12:29 +00:00
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
def complete_hosts(self, text, line):
"""
fix comment
2023-03-06 23:29:08 +00:00
Tab-complete 'hosts' commands.
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
"""
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
commands = ["add", "remove", "dc"]
Initial 4.0 pre-release
2017-03-27 21:09:36 +00:00
mline = line.partition(' ')[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]
chore(smbdb): fix formatting
2023-03-05 00:10:18 +00:00
def complete_creds(self, text, line):
"""
Tab-complete 'creds' commands.
"""
Refactored Database Menu code - Fixed some MSSQL DB interaction bugs - Made MSSQL DB schema more consistent - cmedb output now gets formatted using terminaltables (so perty) - Made everything a bit more PEP8 compliant
2017-11-02 09:43:08 +00:00
commands = ["add", "remove", "hash", "plaintext"]
Added enum_avproducts module, fixed module logging - Modules now do not print output of commands called from their protocol - Added the enum_avproducts module - Fixed the mimikatz_enum_vault_creds to not display creds with invalid passwords - Added an export command to the SMB protocols DB navigator (as suggested by @hatredshapedlikeaman) - Misc output fixes
2017-05-08 03:16:18 +00:00
mline = line.partition(' ')[2]
offs = len(mline) - len(text)
return [s[offs:] for s in commands if s.startswith(mline)]