Esempio n. 1
0
    def disable(self):
        remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
        remoteOps.enableRegistry()
        self.rrp = remoteOps._RemoteOperations__rrp

        if self.rrp is not None:
            ans = rrp.hOpenLocalMachine(self.rrp)
            regHandle = ans['phKey']

            ans = rrp.hBaseRegOpenKey(
                self.rrp, regHandle,
                'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest'
            )
            keyHandle = ans['phkResult']

            rrp.hBaseRegDeleteValue(self.rrp, keyHandle,
                                    'UseLogonCredential\x00')

            try:
                #Check to make sure the reg key is actually deleted
                rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle,
                                                     'UseLogonCredential\x00')
            except DCERPCException:
                self.logger.success(
                    'UseLogonCredential registry key deleted successfully')

        try:
            remoteOps.finish()
        except:
            pass
Esempio n. 2
0
    def enable(self):
        remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
        remoteOps.enableRegistry()
        self.rrp = remoteOps._RemoteOperations__rrp

        if self.rrp is not None:
            ans = rrp.hOpenLocalMachine(self.rrp)
            regHandle = ans['phKey']

            ans = rrp.hBaseRegOpenKey(
                self.rrp, regHandle,
                'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest'
            )
            keyHandle = ans['phkResult']

            rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00',
                                 rrp.REG_DWORD, '\x01\x00')

            rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle,
                                                 'UseLogonCredential\x00')

            if int(data) == 1:
                self.logger.success(
                    'UseLogonCredential registry key created successfully')

        try:
            remoteOps.finish()
        except:
            pass
Esempio n. 3
0
 def enableRemoteRegistry(self):
     bootKey = None
     try:
         self.__remoteOps = RemoteOperations(self.__smbConnection,
                                             self.__doKerberos)
         #if self.__justDC is False and self.__justDCNTLM is False or self.__useVSSMethod is True:
         self.__remoteOps.enableRegistry()
         self.__bootKey = self.__remoteOps.getBootKey()
         # Let's check whether target system stores LM Hashes
         self.__noLMHash = self.__remoteOps.checkNoLMHashPolicy()
     except Exception as e:
         traceback.print_exc()
         logging.error('RemoteOperations failed: %s' % str(e))
Esempio n. 4
0
    def enum(self):
        remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
        remoteOps.enableRegistry()
        ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
        regHandle = ans['phKey']
        ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
        keyHandle = ans['phkResult']
        dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')

        self.logger.success("Enumerating UAC status")
        if uac_value == 1:
            self.logger.highlight('1 - UAC Enabled')
        elif uac_value == 0:
            self.logger.highlight('0 - UAC Disabled')

        rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
        remoteOps.finish()