Fix a lot things but good pr
mpgn
parent
c52031f344
commit
53f5791e7c
|
|
@ -168,7 +168,6 @@ class connection(object):
|
|||
creds = self.db.get_credentials()
|
||||
else:
|
||||
creds = self.db.get_credentials(filterTerm=int(cred_id))
|
||||
print(creds)
|
||||
for cred in creds:
|
||||
logging.debug(cred)
|
||||
try:
|
||||
|
|
@ -186,12 +185,12 @@ class connection(object):
|
|||
if credtype == 'hash' and not self.over_fail_limit(username):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(domain, username, '', password, '', self.kdcHost, False): return True
|
||||
if self.hash_login(domain, username, password): return True
|
||||
elif self.hash_login(domain, username, password): return True
|
||||
|
||||
elif credtype == 'plaintext' and not self.over_fail_limit(username):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(domain, username, password, '' , '', self.kdcHost, False): return True
|
||||
if self.plaintext_login(domain, username, password): return True
|
||||
elif self.plaintext_login(domain, username, password): return True
|
||||
|
||||
except IndexError:
|
||||
self.logger.error("Invalid database credential ID!")
|
||||
|
|
@ -216,19 +215,19 @@ class connection(object):
|
|||
if not self.over_fail_limit(usr.strip()):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True
|
||||
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
|
||||
elif self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
|
||||
elif self.args.no_bruteforce == True:
|
||||
user_file.seek(0) # HACK: this should really not be in the usr for loop
|
||||
for usr, f_hash in zip(user_file, ntlm_hash_file):
|
||||
if not self.over_fail_limit(usr.strip()):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True
|
||||
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
|
||||
elif self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
|
||||
else: # ntlm_hash is a string
|
||||
if not self.over_fail_limit(usr.strip()):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, usr.strip(), '', ntlm_hash.strip(), '', self.kdcHost, False): return True
|
||||
if self.hash_login(self.domain, usr.strip(), ntlm_hash.strip()): return True
|
||||
elif self.hash_login(self.domain, usr.strip(), ntlm_hash.strip()): return True
|
||||
|
||||
elif self.args.password:
|
||||
with sem:
|
||||
|
|
@ -241,7 +240,7 @@ class connection(object):
|
|||
if hasattr(self.args, 'domain'):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True
|
||||
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
|
||||
elif self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
|
||||
else:
|
||||
if self.plaintext_login(usr.strip(), f_pass.strip()): return True
|
||||
elif self.args.no_bruteforce == True:
|
||||
|
|
@ -251,7 +250,7 @@ class connection(object):
|
|||
if hasattr(self.args, 'domain'):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True
|
||||
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
|
||||
elif self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
|
||||
else:
|
||||
if self.plaintext_login(usr.strip(), f_pass.strip()): return True
|
||||
else: # password is a string
|
||||
|
|
@ -259,7 +258,7 @@ class connection(object):
|
|||
if hasattr(self.args, 'domain'):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, usr.strip(), password, '', '', self.kdcHost, False): return True
|
||||
if self.plaintext_login(self.domain, usr.strip(), password): return True
|
||||
elif self.plaintext_login(self.domain, usr.strip(), password): return True
|
||||
else:
|
||||
if self.plaintext_login(usr.strip(), password): return True
|
||||
|
||||
|
|
@ -273,12 +272,12 @@ class connection(object):
|
|||
if not self.over_fail_limit(user):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True
|
||||
if self.hash_login(self.domain, user, f_hash.strip()): return True
|
||||
elif self.hash_login(self.domain, user, f_hash.strip()): return True
|
||||
else: # ntlm_hash is a string
|
||||
if not self.over_fail_limit(user):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True
|
||||
if self.hash_login(self.domain, user, ntlm_hash.strip()): return True
|
||||
elif self.hash_login(self.domain, user, ntlm_hash.strip()): return True
|
||||
|
||||
elif self.args.password:
|
||||
with sem:
|
||||
|
|
@ -290,7 +289,7 @@ class connection(object):
|
|||
if hasattr(self.args, 'domain'):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, user, f_pass.strip(), '', '', self.kdcHost, False): return True
|
||||
if self.plaintext_login(self.domain, user, f_pass.strip()): return True
|
||||
elif self.plaintext_login(self.domain, user, f_pass.strip()): return True
|
||||
else:
|
||||
if self.plaintext_login(user, f_pass.strip()): return True
|
||||
else: # password is a string
|
||||
|
|
@ -298,7 +297,7 @@ class connection(object):
|
|||
if hasattr(self.args, 'domain'):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.domain, user, password, '', '', self.kdcHost, False): return True
|
||||
if self.plaintext_login(self.domain, user, password): return True
|
||||
elif self.plaintext_login(self.domain, user, password): return True
|
||||
else:
|
||||
if self.plaintext_login(user, password): return True
|
||||
|
||||
|
|
|
|||
|
|
@ -238,6 +238,8 @@ class ldap(connection):
|
|||
return True
|
||||
|
||||
def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey = '', kdcHost = '', useCache = False):
|
||||
self.logger.extra['protocol'] = "LDAP"
|
||||
self.logger.extra['port'] = "389"
|
||||
# Get ldap info (target, targetDomain, baseDN)
|
||||
target, self.targetDomain, self.baseDN = self.get_ldap_info(self.host)
|
||||
|
||||
|
|
@ -270,12 +272,25 @@ class ldap(connection):
|
|||
self.username,
|
||||
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
|
||||
|
||||
self.logger.extra['protocol'] = "LDAP"
|
||||
self.logger.extra['port'] = "389"
|
||||
self.logger.success(out)
|
||||
|
||||
if not self.args.local_auth:
|
||||
add_user_bh(self.username, self.domain, self.logger, self.config)
|
||||
if not self.args.continue_on_success:
|
||||
return True
|
||||
except SessionError as e:
|
||||
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
|
||||
self.username,
|
||||
self.password,
|
||||
str(e)),
|
||||
color='red')
|
||||
return False
|
||||
except KeyError as e:
|
||||
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
|
||||
self.username,
|
||||
'',
|
||||
''),
|
||||
color='red')
|
||||
except ldap_impacket.LDAPSessionError as e:
|
||||
if str(e).find('strongerAuthRequired') >= 0:
|
||||
# We need to try SSL
|
||||
|
|
@ -300,6 +315,8 @@ class ldap(connection):
|
|||
|
||||
if not self.args.local_auth:
|
||||
add_user_bh(self.username, self.domain, self.logger, self.config)
|
||||
if not self.args.continue_on_success:
|
||||
return True
|
||||
else:
|
||||
errorCode = str(e).split()[-2][:-1]
|
||||
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
|
||||
|
|
@ -308,9 +325,9 @@ class ldap(connection):
|
|||
ldap_error_status[errorCode] if errorCode in ldap_error_status else ''),
|
||||
color='magenta' if errorCode in ldap_error_status else 'red')
|
||||
|
||||
return True
|
||||
|
||||
def plaintext_login(self, domain, username, password):
|
||||
self.logger.extra['protocol'] = "LDAP"
|
||||
self.logger.extra['port'] = "389"
|
||||
self.username = username
|
||||
self.password = password
|
||||
self.domain = domain
|
||||
|
|
@ -337,8 +354,6 @@ class ldap(connection):
|
|||
self.username,
|
||||
self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
|
||||
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
|
||||
self.logger.extra['protocol'] = "LDAP"
|
||||
self.logger.extra['port'] = "389"
|
||||
self.logger.success(out)
|
||||
|
||||
if not self.args.local_auth:
|
||||
|
|
@ -366,6 +381,8 @@ class ldap(connection):
|
|||
|
||||
if not self.args.local_auth:
|
||||
add_user_bh(self.username, self.domain, self.logger, self.config)
|
||||
if not self.args.continue_on_success:
|
||||
return True
|
||||
except ldap_impacket.LDAPSessionError as e:
|
||||
errorCode = str(e).split()[-2][:-1]
|
||||
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
|
||||
|
|
@ -391,6 +408,8 @@ class ldap(connection):
|
|||
|
||||
|
||||
def hash_login(self, domain, username, ntlm_hash):
|
||||
self.logger.extra['protocol'] = "LDAP"
|
||||
self.logger.extra['port'] = "389"
|
||||
lmhash = ''
|
||||
nthash = ''
|
||||
|
||||
|
|
@ -456,6 +475,8 @@ class ldap(connection):
|
|||
|
||||
if not self.args.local_auth:
|
||||
add_user_bh(self.username, self.domain, self.logger, self.config)
|
||||
if not self.args.continue_on_success:
|
||||
return True
|
||||
except ldap_impacket.LDAPSessionError as e:
|
||||
errorCode = str(e).split()[-2][:-1]
|
||||
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
|
||||
|
|
|
|||
|
|
@ -354,8 +354,6 @@ class smb(connection):
|
|||
self.hash = ntlm_hash
|
||||
if lmhash: self.lmhash = lmhash
|
||||
if nthash: self.nthash = nthash
|
||||
|
||||
|
||||
self.conn.kerberosLogin(username, password, domain, lmhash, nthash, aesKey, kdcHost, useCache=useCache)
|
||||
|
||||
# self.check_if_admin() # currently pywerview does not support kerberos auth
|
||||
|
|
@ -372,7 +370,10 @@ class smb(connection):
|
|||
self.conn.getCredentials()[0],
|
||||
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
|
||||
self.logger.success(out)
|
||||
return True
|
||||
if not self.args.local_auth:
|
||||
add_user_bh(username, domain, self.logger, self.config)
|
||||
if not self.args.continue_on_success:
|
||||
return True
|
||||
else:
|
||||
self.logger.error(u'{} {} {}'.format(self.domain,
|
||||
error,
|
||||
|
|
|
|||
Loading…
Reference in New Issue