swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add audit mode + reveal X chars to RDP protocol 

Add audit mode + reveal X chars to RDP protocol
main
Kahvi-0xFF 2023-08-18 10:58:40 -04:00 committed by GitHub
parent 2ce24a3a55
commit 34eded78b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
cme/protocols/rdp.py
View File

@ -13,6 +13,8 @@ from cme.connection import *
from cme.helpers.bloodhound import add_user_bh from cme.helpers.bloodhound import add_user_bh
from cme.logger import CMEAdapter from cme.logger import CMEAdapter
from cme.config import host_info_colors from cme.config import host_info_colors
from cme.config import reveal_chars_of_pwd
from cme.config import audit_mode
from aardwolf.connection import RDPConnection from aardwolf.connection import RDPConnection
from aardwolf.commons.queuedata.constants import VIDEO_FORMAT from aardwolf.commons.queuedata.constants import VIDEO_FORMAT
@ -24,6 +26,12 @@ from asyauth.common.credentials.kerberos import KerberosCredential
from asyauth.common.constants import asyauthSecret from asyauth.common.constants import asyauthSecret
from asysocks.unicomm.common.target import UniTarget, UniProto from asysocks.unicomm.common.target import UniTarget, UniProto
if len(audit_mode)>= 1:
hidden = reveal_chars_of_pwd
audit = audit_mode*8
else:
hidden = 999
audit = ""
class rdp(connection): class rdp(connection):
def __init__(self, args, db, host): def __init__(self, args, db, host):
@ -296,13 +304,13 @@ class rdp(connection):
asyncio.run(self.connect_rdp()) asyncio.run(self.connect_rdp())
self.admin_privs = True self.admin_privs = True
self.logger.success(f"{domain}\\{username}:{password} {self.mark_pwned()}") self.logger.success(f"{domain}\\{username}:{password[:hidden]+audit} {self.mark_pwned()}")
if not self.args.local_auth: if not self.args.local_auth:
add_user_bh(username, domain, self.logger, self.config) add_user_bh(username, domain, self.logger, self.config)
return True return True
except Exception as e: except Exception as e:
if "Authentication failed!" in str(e): if "Authentication failed!" in str(e):
self.logger.success(f"{domain}\\{username}:{password} {self.mark_pwned()}") self.logger.success(f"{domain}\\{username}:{password[:hidden]+audit} {self.mark_pwned()}")
else: else:
reason = None reason = None
for word in self.rdp_error_status.keys(): for word in self.rdp_error_status.keys():
@ -311,7 +319,7 @@ class rdp(connection):
if "cannot unpack non-iterable NoneType object" == str(e): if "cannot unpack non-iterable NoneType object" == str(e):
reason = "User valid but cannot connect" reason = "User valid but cannot connect"
self.logger.fail( self.logger.fail(
(f"{domain}\\{username}:{password} {f'({reason})' if reason else ''}"), (f"{domain}\\{username}:{password[:hidden]+audit} {f'({reason})' if reason else ''}"),
color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"), color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"),
) )
return False return False
@ -328,13 +336,13 @@ class rdp(connection):
asyncio.run(self.connect_rdp()) asyncio.run(self.connect_rdp())
self.admin_privs = True self.admin_privs = True
self.logger.success(f"{self.domain}\\{username}:{ntlm_hash} {self.mark_pwned()}") self.logger.success(f"{self.domain}\\{username}:{ntlm_hash[:hidden]+audit} {self.mark_pwned()}")
if not self.args.local_auth: if not self.args.local_auth:
add_user_bh(username, domain, self.logger, self.config) add_user_bh(username, domain, self.logger, self.config)
return True return True
except Exception as e: except Exception as e:
if "Authentication failed!" in str(e): if "Authentication failed!" in str(e):
self.logger.success(f"{domain}\\{username}:{ntlm_hash} {self.mark_pwned()}") self.logger.success(f"{domain}\\{username}:{ntlm_hash[:hidden]+audit} {self.mark_pwned()}")
else: else:
reason = None reason = None
for word in self.rdp_error_status.keys(): for word in self.rdp_error_status.keys():
@ -344,7 +352,7 @@ class rdp(connection):
reason = "User valid but cannot connect" reason = "User valid but cannot connect"
self.logger.fail( self.logger.fail(
(f"{domain}\\{username}:{ntlm_hash} {f'({reason})' if reason else ''}"), (f"{domain}\\{username}:{ntlm_hash[:hidden]+audit} {f'({reason})' if reason else ''}"),
color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"), color=("magenta" if ((reason or "CredSSP" in str(e)) and reason != "STATUS_LOGON_FAILURE") else "red"),
) )
return False return False