def get_uncracked_all(domainid, hashtype='nt'):
hashtype = hashtype.upper()
db = current_app.db
creds = JackDawCredentials(None, domain_id=domainid, db_session=db.session)
hashes = []
for data in creds.get_uncracked_hashes(hashtype, True):
hashes.append(data)
return hashes, 200
def get_pwsharing(domainid):
db = current_app.db
creds = JackDawCredentials(None, domain_id = domainid, db_session = db.session)
pw_sharing_total, pw_sharing_cracked, pw_sharing_notcracked, new_pwshare = creds.get_pwsharing()
return {
'pw_sharing_total' : pw_sharing_total,
'pw_sharing_cracked' : pw_sharing_cracked,
'pw_sharing_notcracked' : pw_sharing_notcracked,
'pwsharing_users' : new_pwshare
}
def potfile_upload():
disable_usercheck = False
disable_passwordcheck = False
file_to_upload = connexion.request.files['file_to_upload']
db = current_app.db
creds = JackDawCredentials(None, db_session=db.session)
gen = HashEntry.from_potfile_stream(file_to_upload.stream)
creds.add_cracked_passwords_gen(gen, disable_usercheck,
disable_passwordcheck)
return {}
def passwords_upload(passwords):
def pwit(passwords):
for pw in passwords:
nt_hash = NT(pw).hex()
print(pw)
print(nt_hash)
yield HashEntry(pw, nt_hash=nt_hash)
db = current_app.db
disable_usercheck = False
disable_passwordcheck = False
gen = pwit(passwords)
creds = JackDawCredentials(None, db_session = db.session)
creds.add_cracked_passwords_gen(gen, disable_usercheck, disable_passwordcheck)
return {}
def passwords_upload_file():
def pwit(fs):
for line in fs:
line = line.decode()
line = line.strip()
nt_hash = NT(line).hex()
yield HashEntry(line, nt_hash=nt_hash)
file_to_upload = connexion.request.files['file_to_upload']
db = current_app.db
disable_usercheck = False
disable_passwordcheck = False
gen = pwit(file_to_upload.stream)
creds = JackDawCredentials(None, db_session = db.session)
creds.add_cracked_passwords_gen(gen, disable_usercheck, disable_passwordcheck)
return {}
def get_stats(domainid):
db = current_app.db
creds = JackDawCredentials(None, domain_id=domainid, db_session=db.session)
res = creds.cracked_stats()
return res
def get_cracked_users(domainid):
db = current_app.db
creds = JackDawCredentials(None, domain_id=domainid, db_session=db.session)
rows = creds.get_cracked_users()
return rows, 200
async def run(args):
print(__banner__)
if args.verbose == 0:
logging.basicConfig(level=logging.INFO)
jdlogger.setLevel(logging.INFO)
msldaplogger.setLevel(logging.WARNING)
smblogger.setLevel(logging.CRITICAL)
elif args.verbose == 1:
logging.basicConfig(level=logging.DEBUG)
jdlogger.setLevel(logging.DEBUG)
msldaplogger.setLevel(logging.INFO)
smblogger.setLevel(logging.INFO)
elif args.verbose > 1:
logging.basicConfig(level=1)
msldaplogger.setLevel(logging.DEBUG)
jdlogger.setLevel(1)
smblogger.setLevel(1)
if not args.sql:
print(
'SQL connection identification is missing! You need to provide the --sql parameter'
)
sys.exit()
db_conn = args.sql
if args.sql.lower().startswith('sqlite'):
os.environ['JACKDAW_SQLITE'] = '1'
if args.command == 'enum':
smb_mgr = construct_smbdef(args)
ldap_mgr = construct_ldapdef(args)
mgr = LDAPEnumeratorManager(db_conn,
ldap_mgr,
agent_cnt=args.ldap_workers)
adifo_id = await mgr.run()
jdlogger.info('ADInfo entry successfully created with ID %s' %
adifo_id)
mgr = SMBGathererManager(smb_mgr,
worker_cnt=args.smb_workers,
queue_size=args.smb_queue_size)
mgr.gathering_type = ['all']
mgr.db_conn = db_conn
mgr.target_ad = adifo_id
await mgr.run()
if args.smb_share_enum is True:
settings_base = SMBShareGathererSettings(adifo_id, smb_mgr, None,
None, None)
settings_base.dir_depth = args.smb_folder_depth
mgr = ShareGathererManager(settings_base,
db_conn=db_conn,
worker_cnt=args.smb_workers)
mgr.run()
elif args.command == 'dbinit':
create_db(db_conn)
elif args.command == 'adinfo':
session = get_session(db_conn)
from jackdaw.dbmodel.adinfo import JackDawADInfo
from jackdaw.utils.table import print_table
rows = [['Ad ID', 'domain name', 'scantime']]
for did, distinguishedName, creation in session.query(
JackDawADInfo).with_entities(JackDawADInfo.id,
JackDawADInfo.distinguishedName,
JackDawADInfo.fetched_at).all():
name = distinguishedName.replace('DC=', '')
name = name.replace(',', '.')
rows.append([str(did), name, creation.isoformat()])
print_table(rows)
elif args.command == 'ldap':
ldap_mgr = construct_ldapdef(args)
ldap_conn = ldap_mgr.get_client()
mgr = LDAPEnumeratorManager(db_conn,
ldap_mgr,
agent_cnt=args.ldap_workers,
queue_size=args.ldap_queue_size,
ad_id=args.ad_id)
adifo_id = await mgr.run()
jdlogger.info('ADInfo entry successfully created with ID %s' %
adifo_id)
elif args.command in ['shares', 'sessions', 'localgroups', 'smball']:
if args.command == 'smball':
args.command = 'all'
smb_mgr = construct_smbdef(args)
mgr = SMBGathererManager(smb_mgr,
worker_cnt=args.smb_workers,
queue_size=args.smb_queue_size)
mgr.gathering_type = [args.command]
mgr.db_conn = db_conn
mgr.lookup_ad = args.lookup_ad
if args.ldap_url:
ldap_mgr = construct_ldapdef(args)
ldap_conn = ldap_mgr.get_client()
mgr.ldap_conn = ldap_conn
if args.ad_id:
mgr.target_ad = args.ad_id
if args.target_file:
mgr.targets_file = args.target_file
await mgr.run()
elif args.command == 'files':
if args.src == 'domain':
if not args.ad_id:
raise Exception('ad-id parameter is mandatory in ldap mode')
mgr = SMBConnectionURL(args.smb_url)
settings_base = SMBShareGathererSettings(args.ad_id, mgr, None,
None, None)
settings_base.dir_depth = args.smb_folder_depth
settings_base.dir_with_sd = args.with_sid
settings_base.file_with_sd = args.with_sid
mgr = ShareGathererManager(settings_base,
db_conn=db_conn,
worker_cnt=args.smb_workers)
mgr.run()
# elif args.src == 'file':
# if not args.target_file:
# raise Exception('target-file parameter is mandatory in file mode')
#
# args.target_file
# args.lookup_ad
# args.with_sid
# args.smb_workers
#
# elif args.src == 'ldap':
# if not args.ldap_url:
# raise Exception('ldap-url parameter is mandatory in ldap mode')
# args.lookup_ad
# args.with_sid
# args.smb_workers
#
#
#
# elif args.src == 'cmd':
elif args.command == 'creds':
creds = JackDawCredentials(args.db_conn, args.domain_id)
creds.add_credentials_impacket(args.impacket_file)
elif args.command == 'passwords':
creds = JackDawCredentials(args.db_conn)
creds.add_cracked_passwords(args.potfile, args.disable_usercheck,
args.disable_passwordcheck)
elif args.command == 'uncracked':
creds = JackDawCredentials(args.db_conn, args.domain_id)
creds.get_uncracked_hashes(args.hash_type, args.history)
elif args.command == 'cracked':
creds = JackDawCredentials(args.db_conn, args.domain_id)
creds.get_cracked_info()
elif args.command == 'nest':
from jackdaw.nest.wrapper import NestServer
debug = bool(args.verbose)
server = NestServer(args.sql,
bind_ip=args.ip,
bind_port=args.port,
debug=debug)
server.run()
async def run(args):
try:
if args.silent is True:
print(__banner__)
if args.verbose == 0:
logging.basicConfig(level=logging.INFO)
jdlogger.setLevel(logging.INFO)
msldaplogger.setLevel(logging.CRITICAL)
smblogger.setLevel(100)
elif args.verbose == 1:
logging.basicConfig(level=logging.DEBUG)
jdlogger.setLevel(logging.DEBUG)
msldaplogger.setLevel(logging.WARNING)
smblogger.setLevel(logging.CRITICAL)
elif args.verbose > 1:
logging.basicConfig(level=1)
msldaplogger.setLevel(logging.DEBUG)
jdlogger.setLevel(1)
smblogger.setLevel(1)
if not args.sql and args.command != 'auto':
print(
'SQL connection identification is missing! You need to provide the --sql parameter'
)
sys.exit()
work_dir = './workdir'
ldap_url = None
smb_url = None
if hasattr(args, 'ldap_url'):
ldap_url = args.ldap_url
if hasattr(args, 'smb_url'):
smb_url = args.smb_url
db_conn = args.sql
if db_conn is not None:
os.environ['JACKDAW_SQLITE'] = '0'
if args.sql.lower().startswith('sqlite'):
os.environ['JACKDAW_SQLITE'] = '1'
else:
os.environ['JACKDAW_SQLITE'] = '1'
if args.command == 'enum':
with multiprocessing.Pool() as mp_pool:
gatherer = Gatherer(db_conn,
work_dir,
ldap_url,
smb_url,
kerb_url=args.kerberoast,
ldap_worker_cnt=args.ldap_workers,
smb_worker_cnt=args.smb_workers,
mp_pool=mp_pool,
smb_gather_types=['all'],
progress_queue=None,
show_progress=args.silent,
calc_edges=True,
ad_id=None,
dns=args.dns,
no_work_dir=args.no_work_dir)
res, err = await gatherer.run()
if err is not None:
raise err
elif args.command == 'auto':
_, err = await run_auto(ldap_worker_cnt=args.ldap_workers,
smb_worker_cnt=args.smb_workers,
dns=args.dns,
work_dir=work_dir,
show_progress=args.silent,
no_work_dir=args.no_work_dir)
if err is not None:
print(err)
elif args.command == 'dbinit':
create_db(db_conn)
elif args.command == 'adinfo':
session = get_session(db_conn)
from jackdaw.dbmodel.adinfo import ADInfo
from jackdaw.utils.table import print_table
rows = [['Ad ID', 'domain name', 'scantime']]
for did, distinguishedName, creation in session.query(
ADInfo).with_entities(ADInfo.id, ADInfo.distinguishedName,
ADInfo.fetched_at).all():
name = distinguishedName.replace('DC=', '')
name = name.replace(',', '.')
rows.append([str(did), name, creation.isoformat()])
print_table(rows)
elif args.command == 'ldap':
with multiprocessing.Pool() as mp_pool:
gatherer = Gatherer(db_conn,
work_dir,
ldap_url,
smb_url,
ldap_worker_cnt=args.ldap_workers,
smb_worker_cnt=None,
mp_pool=mp_pool,
smb_gather_types=['all'],
progress_queue=None,
show_progress=args.silent,
calc_edges=args.calculate_edges,
ad_id=args.ad_id,
no_work_dir=args.no_work_dir)
await gatherer.run()
elif args.command == 'kerberoast':
gatherer = Gatherer(db_conn,
work_dir,
None,
None,
kerb_url=args.kerberos_url,
ldap_worker_cnt=None,
smb_worker_cnt=None,
mp_pool=None,
smb_gather_types=[],
progress_queue=None,
show_progress=False,
calc_edges=False,
ad_id=args.ad_id)
await gatherer.run()
print('Kerberoast Finished!')
elif args.command in ['shares', 'sessions', 'localgroups', 'smball']:
if args.command == 'smball':
args.command = 'all'
gatherer = Gatherer(
db_conn,
work_dir,
ldap_url,
smb_url,
ad_id=args.ad_id,
ldap_worker_cnt=None,
smb_worker_cnt=args.smb_workers,
mp_pool=None,
smb_gather_types=args.command,
progress_queue=None,
show_progress=args.silent,
calc_edges=False,
dns=args.dns,
)
await gatherer.run()
elif args.command == 'dns':
gatherer = Gatherer(
db_conn,
work_dir,
None,
None,
ad_id=args.ad_id,
ldap_worker_cnt=None,
smb_worker_cnt=None,
mp_pool=None,
smb_gather_types=None,
progress_queue=None,
show_progress=args.silent,
calc_edges=False,
dns=args.dns,
)
await gatherer.run()
elif args.command == 'version':
print('Jackdaw version: %s' % jdversion)
print('MSLDAP version : %s' % ldapversion)
print('AIOSMB version : %s' % smbversion)
elif args.command == 'files':
raise Exception('not yet implemented!')
#if args.src == 'domain':
# if not args.ad_id:
# raise Exception('ad-id parameter is mandatory in ldap mode')
#
# mgr = SMBConnectionURL(args.smb_url)
# settings_base = SMBShareGathererSettings(args.ad_id, mgr, None, None, None)
# settings_base.dir_depth = args.smb_folder_depth
# settings_base.dir_with_sd = args.with_sid
# settings_base.file_with_sd = args.with_sid
#
# mgr = ShareGathererManager(settings_base, db_conn = db_conn, worker_cnt = args.smb_workers)
# mgr.run()
elif args.command == 'creds':
creds = JackDawCredentials(db_conn, args.domain_id)
creds.add_credentials_impacket(args.impacket_file)
elif args.command == 'passwords':
creds = JackDawCredentials(db_conn)
creds.add_cracked_passwords(args.potfile, args.disable_usercheck,
args.disable_passwordcheck)
elif args.command == 'uncracked':
creds = JackDawCredentials(db_conn, args.domain_id)
creds.get_uncracked_hashes(args.hash_type, args.history)
elif args.command == 'cracked':
creds = JackDawCredentials(db_conn, args.domain_id)
creds.get_cracked_info()
elif args.command == 'recalc':
with multiprocessing.Pool() as mp_pool:
gatherer = Gatherer(db_conn,
work_dir,
None,
None,
mp_pool=mp_pool,
progress_queue=None,
show_progress=args.silent,
calc_edges=True,
store_to_db=True,
ad_id=None,
graph_id=args.graphid)
await gatherer.run()
elif args.command == 'nest':
from jackdaw.nest.wrapper import NestServer
debug = bool(args.verbose)
server = NestServer(
args.sql,
bind_ip=args.ip,
bind_port=args.port,
debug=debug,
work_dir=args.work_dir,
graph_backend=args.backend,
)
server.run()
elif args.command == 'ws':
from jackdaw.nest.ws.server import NestWebSocketServer
server = NestWebSocketServer(args.listen_ip,
args.listen_port,
args.sql,
args.work_dir,
args.backend,
ssl_ctx=None)
await server.run()
elif args.command == 'bhimport':
from jackdaw.utils.bhimport import BHImport
print(
'DISCLAIMER! This feature is still beta! Bloodhound acquires way less data than Jackdaw therefore not all functionality will work after import. Any errors during import will be silently ignored, use "-vvv" verbosity level to see all errors.'
)
bh = BHImport.from_zipfile(args.bhfile)
bh.db_conn = db_conn
if args.verbose > 1:
bh.set_debug(True)
bh.run()
print('Import complete!')
except Exception as e:
jdlogger.exception('main')
def run(args):
if args.verbose == 0:
logging.basicConfig(level=logging.INFO)
jdlogger.setLevel(logging.INFO)
msldaplogger.setLevel(logging.WARNING)
smblogger.setLevel(logging.CRITICAL)
elif args.verbose == 1:
logging.basicConfig(level=logging.DEBUG)
jdlogger.setLevel(logging.DEBUG)
msldaplogger.setLevel(logging.INFO)
smblogger.setLevel(logging.INFO)
elif args.verbose > 1:
logging.basicConfig(level=1)
msldaplogger.setLevel(logging.DEBUG)
jdlogger.setLevel(1)
smblogger.setLevel(1)
if not args.sql:
print(
'SQL connection identification is missing! You need to provide the --sql parameter'
)
sys.exit()
db_conn = args.sql
if args.command == 'enum':
smb_mgr = construct_smbdef(args)
ldap_mgr = construct_ldapdef(args)
mgr = LDAPEnumeratorManager(db_conn,
ldap_mgr,
agent_cnt=args.ldap_workers)
adifo_id = mgr.run()
print('ADInfo entry successfully created with ID %s' % adifo_id)
mgr = SMBGathererManager(smb_mgr, worker_cnt=args.smb_workers)
mgr.gathering_type = ['all']
mgr.db_conn = db_conn
mgr.target_ad = adifo_id
mgr.run()
elif args.command == 'dbinit':
create_db(db_conn)
elif args.command == 'adinfo':
session = get_session(db_conn)
from jackdaw.dbmodel.adinfo import JackDawADInfo
from jackdaw.utils.table import print_table
rows = [['Ad ID', 'domain name', 'scantime']]
for did, distinguishedName, creation in session.query(
JackDawADInfo).with_entities(JackDawADInfo.id,
JackDawADInfo.distinguishedName,
JackDawADInfo.fetched_at).all():
name = distinguishedName.replace('DC=', '')
name = name.replace(',', '.')
rows.append([str(did), name, creation.isoformat()])
print_table(rows)
elif args.command == 'ldap':
ldap_mgr = construct_ldapdef(args)
ldap_conn = ldap_mgr.get_connection()
ldap_conn.connect()
mgr = LDAPEnumeratorManager(db_conn,
ldap_mgr,
agent_cnt=args.ldap_workers)
adifo_id = mgr.run()
print('ADInfo entry successfully created with ID %s' % adifo_id)
elif args.command in ['shares', 'sessions', 'localgroups']:
smb_mgr = construct_smbdef(args)
mgr = SMBGathererManager(smb_mgr)
mgr.gathering_type = [args.command]
mgr.db_conn = db_conn
mgr.lookup_ad = args.lookup_ad
if args.ldap_url:
ldap_mgr = construct_ldapdef(args)
ldap_conn = ldap_mgr.get_connection()
ldap_conn.connect()
mgr.ldap_conn = ldap_conn
if args.ad_id:
mgr.target_ad = args.ad_id
if args.target_file:
mgr.targets_file = args.target_file
mgr.run()
elif args.command == 'creds':
creds = JackDawCredentials(args.db_conn, args.domain_id)
creds.add_credentials_impacket(args.impacket_file)
elif args.command == 'passwords':
creds = JackDawCredentials(args.db_conn)
creds.add_cracked_passwords(args.potfile, args.disable_usercheck,
args.disable_passwordcheck)
elif args.command == 'uncracked':
creds = JackDawCredentials(args.db_conn, args.domain_id)
creds.get_uncracked_hashes(args.hash_type, args.history)
elif args.command == 'cracked':
creds = JackDawCredentials(args.db_conn, args.domain_id)
creds.get_cracked_info()
elif args.command == 'nest':
from jackdaw.nest.wrapper import NestServer
debug = bool(args.verbose)
server = NestServer(args.sql,
bind_ip=args.ip,
bind_port=args.port,
debug=debug)
server.run()
