Fix a lot things but good pr

main
mpgn 2022-10-20 15:40:53 -04:00
parent c52031f344
commit 53f5791e7c
3 changed files with 43 additions and 22 deletions

View File

@ -168,7 +168,6 @@ class connection(object):
creds = self.db.get_credentials() creds = self.db.get_credentials()
else: else:
creds = self.db.get_credentials(filterTerm=int(cred_id)) creds = self.db.get_credentials(filterTerm=int(cred_id))
print(creds)
for cred in creds: for cred in creds:
logging.debug(cred) logging.debug(cred)
try: try:
@ -186,12 +185,12 @@ class connection(object):
if credtype == 'hash' and not self.over_fail_limit(username): if credtype == 'hash' and not self.over_fail_limit(username):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(domain, username, '', password, '', self.kdcHost, False): return True if self.kerberos_login(domain, username, '', password, '', self.kdcHost, False): return True
if self.hash_login(domain, username, password): return True elif self.hash_login(domain, username, password): return True
elif credtype == 'plaintext' and not self.over_fail_limit(username): elif credtype == 'plaintext' and not self.over_fail_limit(username):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(domain, username, password, '' , '', self.kdcHost, False): return True if self.kerberos_login(domain, username, password, '' , '', self.kdcHost, False): return True
if self.plaintext_login(domain, username, password): return True elif self.plaintext_login(domain, username, password): return True
except IndexError: except IndexError:
self.logger.error("Invalid database credential ID!") self.logger.error("Invalid database credential ID!")
@ -216,19 +215,19 @@ class connection(object):
if not self.over_fail_limit(usr.strip()): if not self.over_fail_limit(usr.strip()):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True elif self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
elif self.args.no_bruteforce == True: elif self.args.no_bruteforce == True:
user_file.seek(0) # HACK: this should really not be in the usr for loop user_file.seek(0) # HACK: this should really not be in the usr for loop
for usr, f_hash in zip(user_file, ntlm_hash_file): for usr, f_hash in zip(user_file, ntlm_hash_file):
if not self.over_fail_limit(usr.strip()): if not self.over_fail_limit(usr.strip()):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True if self.kerberos_login(self.domain, usr.strip(), '', f_hash.strip(), '', self.kdcHost, False): return True
if self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True elif self.hash_login(self.domain, usr.strip(), f_hash.strip()): return True
else: # ntlm_hash is a string else: # ntlm_hash is a string
if not self.over_fail_limit(usr.strip()): if not self.over_fail_limit(usr.strip()):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, usr.strip(), '', ntlm_hash.strip(), '', self.kdcHost, False): return True if self.kerberos_login(self.domain, usr.strip(), '', ntlm_hash.strip(), '', self.kdcHost, False): return True
if self.hash_login(self.domain, usr.strip(), ntlm_hash.strip()): return True elif self.hash_login(self.domain, usr.strip(), ntlm_hash.strip()): return True
elif self.args.password: elif self.args.password:
with sem: with sem:
@ -241,7 +240,7 @@ class connection(object):
if hasattr(self.args, 'domain'): if hasattr(self.args, 'domain'):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True elif self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
else: else:
if self.plaintext_login(usr.strip(), f_pass.strip()): return True if self.plaintext_login(usr.strip(), f_pass.strip()): return True
elif self.args.no_bruteforce == True: elif self.args.no_bruteforce == True:
@ -251,7 +250,7 @@ class connection(object):
if hasattr(self.args, 'domain'): if hasattr(self.args, 'domain'):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True if self.kerberos_login(self.domain, usr.strip(), f_pass.strip(), '', '', self.kdcHost, False): return True
if self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True elif self.plaintext_login(self.domain, usr.strip(), f_pass.strip()): return True
else: else:
if self.plaintext_login(usr.strip(), f_pass.strip()): return True if self.plaintext_login(usr.strip(), f_pass.strip()): return True
else: # password is a string else: # password is a string
@ -259,7 +258,7 @@ class connection(object):
if hasattr(self.args, 'domain'): if hasattr(self.args, 'domain'):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, usr.strip(), password, '', '', self.kdcHost, False): return True if self.kerberos_login(self.domain, usr.strip(), password, '', '', self.kdcHost, False): return True
if self.plaintext_login(self.domain, usr.strip(), password): return True elif self.plaintext_login(self.domain, usr.strip(), password): return True
else: else:
if self.plaintext_login(usr.strip(), password): return True if self.plaintext_login(usr.strip(), password): return True
@ -273,12 +272,12 @@ class connection(object):
if not self.over_fail_limit(user): if not self.over_fail_limit(user):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True
if self.hash_login(self.domain, user, f_hash.strip()): return True elif self.hash_login(self.domain, user, f_hash.strip()): return True
else: # ntlm_hash is a string else: # ntlm_hash is a string
if not self.over_fail_limit(user): if not self.over_fail_limit(user):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True if self.kerberos_login(self.domain, user, '', ntlm_hash.strip(), '', self.kdcHost, False): return True
if self.hash_login(self.domain, user, ntlm_hash.strip()): return True elif self.hash_login(self.domain, user, ntlm_hash.strip()): return True
elif self.args.password: elif self.args.password:
with sem: with sem:
@ -290,7 +289,7 @@ class connection(object):
if hasattr(self.args, 'domain'): if hasattr(self.args, 'domain'):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, user, f_pass.strip(), '', '', self.kdcHost, False): return True if self.kerberos_login(self.domain, user, f_pass.strip(), '', '', self.kdcHost, False): return True
if self.plaintext_login(self.domain, user, f_pass.strip()): return True elif self.plaintext_login(self.domain, user, f_pass.strip()): return True
else: else:
if self.plaintext_login(user, f_pass.strip()): return True if self.plaintext_login(user, f_pass.strip()): return True
else: # password is a string else: # password is a string
@ -298,7 +297,7 @@ class connection(object):
if hasattr(self.args, 'domain'): if hasattr(self.args, 'domain'):
if self.args.kerberos: if self.args.kerberos:
if self.kerberos_login(self.domain, user, password, '', '', self.kdcHost, False): return True if self.kerberos_login(self.domain, user, password, '', '', self.kdcHost, False): return True
if self.plaintext_login(self.domain, user, password): return True elif self.plaintext_login(self.domain, user, password): return True
else: else:
if self.plaintext_login(user, password): return True if self.plaintext_login(user, password): return True

View File

@ -238,6 +238,8 @@ class ldap(connection):
return True return True
def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey = '', kdcHost = '', useCache = False): def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey = '', kdcHost = '', useCache = False):
self.logger.extra['protocol'] = "LDAP"
self.logger.extra['port'] = "389"
# Get ldap info (target, targetDomain, baseDN) # Get ldap info (target, targetDomain, baseDN)
target, self.targetDomain, self.baseDN = self.get_ldap_info(self.host) target, self.targetDomain, self.baseDN = self.get_ldap_info(self.host)
@ -270,12 +272,25 @@ class ldap(connection):
self.username, self.username,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
self.logger.extra['protocol'] = "LDAP"
self.logger.extra['port'] = "389"
self.logger.success(out) self.logger.success(out)
if not self.args.local_auth: if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config) add_user_bh(self.username, self.domain, self.logger, self.config)
if not self.args.continue_on_success:
return True
except SessionError as e:
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
self.username,
self.password,
str(e)),
color='red')
return False
except KeyError as e:
self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
self.username,
'',
''),
color='red')
except ldap_impacket.LDAPSessionError as e: except ldap_impacket.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0: if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL # We need to try SSL
@ -300,6 +315,8 @@ class ldap(connection):
if not self.args.local_auth: if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config) add_user_bh(self.username, self.domain, self.logger, self.config)
if not self.args.continue_on_success:
return True
else: else:
errorCode = str(e).split()[-2][:-1] errorCode = str(e).split()[-2][:-1]
self.logger.error(u'{}\\{}:{} {}'.format(self.domain, self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
@ -308,9 +325,9 @@ class ldap(connection):
ldap_error_status[errorCode] if errorCode in ldap_error_status else ''), ldap_error_status[errorCode] if errorCode in ldap_error_status else ''),
color='magenta' if errorCode in ldap_error_status else 'red') color='magenta' if errorCode in ldap_error_status else 'red')
return True
def plaintext_login(self, domain, username, password): def plaintext_login(self, domain, username, password):
self.logger.extra['protocol'] = "LDAP"
self.logger.extra['port'] = "389"
self.username = username self.username = username
self.password = password self.password = password
self.domain = domain self.domain = domain
@ -337,8 +354,6 @@ class ldap(connection):
self.username, self.username,
self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8, self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8,
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
self.logger.extra['protocol'] = "LDAP"
self.logger.extra['port'] = "389"
self.logger.success(out) self.logger.success(out)
if not self.args.local_auth: if not self.args.local_auth:
@ -366,6 +381,8 @@ class ldap(connection):
if not self.args.local_auth: if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config) add_user_bh(self.username, self.domain, self.logger, self.config)
if not self.args.continue_on_success:
return True
except ldap_impacket.LDAPSessionError as e: except ldap_impacket.LDAPSessionError as e:
errorCode = str(e).split()[-2][:-1] errorCode = str(e).split()[-2][:-1]
self.logger.error(u'{}\\{}:{} {}'.format(self.domain, self.logger.error(u'{}\\{}:{} {}'.format(self.domain,
@ -391,6 +408,8 @@ class ldap(connection):
def hash_login(self, domain, username, ntlm_hash): def hash_login(self, domain, username, ntlm_hash):
self.logger.extra['protocol'] = "LDAP"
self.logger.extra['port'] = "389"
lmhash = '' lmhash = ''
nthash = '' nthash = ''
@ -456,6 +475,8 @@ class ldap(connection):
if not self.args.local_auth: if not self.args.local_auth:
add_user_bh(self.username, self.domain, self.logger, self.config) add_user_bh(self.username, self.domain, self.logger, self.config)
if not self.args.continue_on_success:
return True
except ldap_impacket.LDAPSessionError as e: except ldap_impacket.LDAPSessionError as e:
errorCode = str(e).split()[-2][:-1] errorCode = str(e).split()[-2][:-1]
self.logger.error(u'{}\\{}:{} {}'.format(self.domain, self.logger.error(u'{}\\{}:{} {}'.format(self.domain,

View File

@ -354,8 +354,6 @@ class smb(connection):
self.hash = ntlm_hash self.hash = ntlm_hash
if lmhash: self.lmhash = lmhash if lmhash: self.lmhash = lmhash
if nthash: self.nthash = nthash if nthash: self.nthash = nthash
self.conn.kerberosLogin(username, password, domain, lmhash, nthash, aesKey, kdcHost, useCache=useCache) self.conn.kerberosLogin(username, password, domain, lmhash, nthash, aesKey, kdcHost, useCache=useCache)
# self.check_if_admin() # currently pywerview does not support kerberos auth # self.check_if_admin() # currently pywerview does not support kerberos auth
@ -372,6 +370,9 @@ class smb(connection):
self.conn.getCredentials()[0], self.conn.getCredentials()[0],
highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else ''))
self.logger.success(out) self.logger.success(out)
if not self.args.local_auth:
add_user_bh(username, domain, self.logger, self.config)
if not self.args.continue_on_success:
return True return True
else: else:
self.logger.error(u'{} {} {}'.format(self.domain, self.logger.error(u'{} {} {}'.format(self.domain,