Exemplo n.º 1
0
    def dump_processes(self):
        for p in processes().get_all():
            print p.as_text()

            # When listing DLLs for a process we need to see the filesystem like they do
            if p.is_wow64():
                wpc.utils.enable_wow64()

            if p.get_exe():
                print "Security Descriptor for Exe File %s" % p.get_exe(
                ).get_name()
                if p.get_exe().get_sd():
                    print p.get_exe().get_sd().as_text()
                else:
                    print "[unknown]"

                for dll in p.get_dlls():
                    print "\nSecurity Descriptor for DLL File %s" % dll.get_name(
                    )
                    sd = dll.get_sd()
                    if sd:
                        print sd.as_text()

            if p.is_wow64():
                wpc.utils.disable_wow64()
 def dump_processes(self):
     for p in processes().get_all():
         print p.as_text()
 
         # When listing DLLs for a process we need to see the filesystem like they do
         if p.is_wow64():
             wpc.utils.enable_wow64()
 
         if p.get_exe():
             print "Security Descriptor for Exe File %s" % p.get_exe().get_name()
             if p.get_exe().get_sd():
                 print p.get_exe().get_sd().as_text()
             else:
                 print "[unknown]"
 
             for dll in p.get_dlls():
                 print "\nSecurity Descriptor for DLL File %s" % dll.get_name()
                 sd = dll.get_sd()
                 if sd:
                     print sd.as_text()
 
         if p.is_wow64():
             wpc.utils.disable_wow64()
Exemplo n.º 3
0
        got_a_hash = 1
        print hash

    if not got_a_hash:
        print "[E] No hashes.  Are you running as SYSTEM?"

# credman
if options.do_all or options.do_credman:
    section("Dumping Current User's Credentials from Credential Manager")
    creds = get_credman_creds()
    if creds:
        for package in creds:
            dump_cred(package)

    sid_done = {}
    for p in processes().get_all():
        for t in p.get_tokens():
            x = t.get_token_user().get_fq_name().encode("utf8")
            if t.get_token_user().get_fq_name().encode(
                    "utf8") in sid_done.keys():
                pass
            else:
                sid_done[t.get_token_user().get_fq_name().encode("utf8")] = 1
                section("Dumping Credentials from Credential Manager for: %s" %
                        t.get_token_user().get_fq_name())
                win32security.ImpersonateLoggedOnUser(t.get_th())
                creds = get_credman_creds()
                if creds:
                    for package in creds:
                        dump_cred(package)
                win32security.RevertToSelf()
Exemplo n.º 4
0
 def dumptab_processes(self):
     for p in processes().get_all():
         print p.as_tab()
 def dumptab_processes(self):
     for p in processes().get_all():
         print p.as_tab()
Exemplo n.º 6
0
		got_a_hash = 1
		print hash	
		
	if not got_a_hash:
		print "[E] No hashes.  Are you running as SYSTEM?"

# credman
if options.do_all or options.do_credman:
	section("Dumping Current User's Credentials from Credential Manager")
	creds = get_credman_creds()
	if creds:
		for package in creds:
			dump_cred(package)
	
	sid_done = {}
	for p in processes().get_all():
		for t in p.get_tokens():
			x = t.get_token_user().get_fq_name().encode("utf8")
			if t.get_token_user().get_fq_name().encode("utf8") in sid_done.keys():
				pass
			else:
				sid_done[t.get_token_user().get_fq_name().encode("utf8")] = 1
				section("Dumping Credentials from Credential Manager for: %s" % t.get_token_user().get_fq_name())
				win32security.ImpersonateLoggedOnUser(t.get_th())
				creds = get_credman_creds()
				if creds:
					for package in creds:
						dump_cred(package)
				win32security.RevertToSelf()

# lsadump