From 34eded78b47f2a213a0db128d4624af18dc5b012 Mon Sep 17 00:00:00 2001 From: Kahvi-0xFF <46513413+Kahvi-0@users.noreply.github.com> Date: Fri, 18 Aug 2023 10:58:40 -0400 Subject: [PATCH] Add audit mode + reveal X chars to RDP protocol Add audit mode + reveal X chars to RDP protocol --- cme/protocols/rdp.py | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/cme/protocols/rdp.py b/cme/protocols/rdp.py index aa063ba8..25e7716c 100644 --- a/cme/protocols/rdp.py +++ b/cme/protocols/rdp.py @@ -13,6 +13,8 @@ from cme.connection import * from cme.helpers.bloodhound import add_user_bh from cme.logger import CMEAdapter from cme.config import host_info_colors +from cme.config import reveal_chars_of_pwd +from cme.config import audit_mode from aardwolf.connection import RDPConnection from aardwolf.commons.queuedata.constants import VIDEO_FORMAT @@ -24,6 +26,12 @@ from asyauth.common.credentials.kerberos import KerberosCredential from asyauth.common.constants import asyauthSecret from asysocks.unicomm.common.target import UniTarget, UniProto +if len(audit_mode)>= 1: + hidden = reveal_chars_of_pwd + audit = audit_mode*8 +else: + hidden = 999 + audit = "" class rdp(connection): def __init__(self, args, db, host): @@ -296,13 +304,13 @@ class rdp(connection): asyncio.run(self.connect_rdp()) self.admin_privs = True - self.logger.success(f"{domain}\\{username}:{password} {self.mark_pwned()}") + self.logger.success(f"{domain}\\{username}:{password[:hidden]+audit} {self.mark_pwned()}") if not self.args.local_auth: add_user_bh(username, domain, self.logger, self.config) return True except Exception as e: if "Authentication failed!" in str(e): - self.logger.success(f"{domain}\\{username}:{password} {self.mark_pwned()}") + self.logger.success(f"{domain}\\{username}:{password[:hidden]+audit} {self.mark_pwned()}") else: reason = None for word in self.rdp_error_status.keys(): @@ -311,7 +319,7 @@ class rdp(connection): if "cannot unpack non-iterable NoneType object" == str(e): reason = "User valid but cannot connect" self.logger.fail( - (f"{domain}\\{username}:{password} {f'({reason})' if reason else ''}"), + (f"{domain}\\{username}:{password[:hidden]+audit} {f'({reason})' if reason else ''}"), color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"), ) return False @@ -328,13 +336,13 @@ class rdp(connection): asyncio.run(self.connect_rdp()) self.admin_privs = True - self.logger.success(f"{self.domain}\\{username}:{ntlm_hash} {self.mark_pwned()}") + self.logger.success(f"{self.domain}\\{username}:{ntlm_hash[:hidden]+audit} {self.mark_pwned()}") if not self.args.local_auth: add_user_bh(username, domain, self.logger, self.config) return True except Exception as e: if "Authentication failed!" in str(e): - self.logger.success(f"{domain}\\{username}:{ntlm_hash} {self.mark_pwned()}") + self.logger.success(f"{domain}\\{username}:{ntlm_hash[:hidden]+audit} {self.mark_pwned()}") else: reason = None for word in self.rdp_error_status.keys(): @@ -344,7 +352,7 @@ class rdp(connection): reason = "User valid but cannot connect" self.logger.fail( - (f"{domain}\\{username}:{ntlm_hash} {f'({reason})' if reason else ''}"), + (f"{domain}\\{username}:{ntlm_hash[:hidden]+audit} {f'({reason})' if reason else ''}"), color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"), ) return False