Пример #1
0
    def run(self, args):
        files_with_error = []
        results = {}
        ###### Rekall
        if args.cmd == 'rekall':
            if args.kerberos_dir is not None and 'all' not in args.packages:
                args.packages.append('ktickets')
            mimi = pypykatz.parse_memory_dump_rekall(args.memoryfile,
                                                     args.timestamp_override,
                                                     packages=args.packages)
            results['rekall'] = mimi

        ###### Minidump
        elif args.cmd == 'minidump':
            if args.directory:
                dir_fullpath = os.path.abspath(args.memoryfile)
                file_pattern = '*.dmp'
                if args.recursive == True:
                    globdata = os.path.join(dir_fullpath, '**', file_pattern)
                else:
                    globdata = os.path.join(dir_fullpath, file_pattern)

                logger.info('Parsing folder %s' % dir_fullpath)
                for filename in glob.glob(globdata, recursive=args.recursive):
                    logger.info('Parsing file %s' % filename)
                    try:
                        if args.kerberos_dir is not None and 'all' not in args.packages:
                            args.packages.append('ktickets')
                        mimi = pypykatz.parse_minidump_file(
                            filename, packages=args.packages)
                        results[filename] = mimi
                        if args.halt_on_error == True and len(mimi.errors) > 0:
                            raise Exception('Error in modules!')
                    except Exception as e:
                        files_with_error.append(filename)
                        logger.exception('Error parsing file %s ' % filename)
                        if args.halt_on_error == True:
                            raise e
                        else:
                            pass

            else:
                logger.info('Parsing file %s' % args.memoryfile)
                try:
                    if args.kerberos_dir is not None and 'all' not in args.packages:
                        args.packages.append('ktickets')
                    mimi = pypykatz.parse_minidump_file(args.memoryfile,
                                                        packages=args.packages)
                    results[args.memoryfile] = mimi
                    if args.halt_on_error == True and len(mimi.errors) > 0:
                        raise Exception('Error in modules!')
                except Exception as e:
                    logger.exception('Error while parsing file %s' %
                                     args.memoryfile)
                    if args.halt_on_error == True:
                        raise e
                    else:
                        traceback.print_exc()

        self.process_results(results, files_with_error, args)
Пример #2
0
	def parse_minidump_file(filename, rdp_module, chunksize = 10*1024):
		try:
			minidump = MinidumpFile.parse(filename)
			reader = minidump.get_reader().get_buffered_reader(segment_chunk_size=chunksize)
			sysinfo = KatzSystemInfo.from_minidump(minidump)
		except Exception as e:
			logger.exception('Minidump parsing error!')
			raise e
		try:
			mimi = RDPCredParser(None, reader, sysinfo, rdp_module)
			mimi.start()
		except Exception as e:
			logger.info('Credentials parsing error!')
			raise e
		return [mimi]
Пример #3
0
	async def parse_minidump_file(filename, packages = ['all'], chunksize=10*1024):
		try:
			minidump = await AMinidumpFile.parse(filename)
			reader = minidump.get_reader().get_buffered_reader(chunksize)
			sysinfo = KatzSystemInfo.from_minidump(minidump)
		except Exception as e:
			logger.exception('Minidump parsing error!')
			raise e
		try:
			mimi = apypykatz(reader, sysinfo)
			await mimi.start(packages)
		except Exception as e:
			#logger.info('Credentials parsing error!')
			mimi.log_basic_info()
			raise e
		return mimi
Пример #4
0
 def parse_minidump_file(filename):
     try:
         minidump = MinidumpFile.parse(filename)
         reader = minidump.get_reader().get_buffered_reader()
         sysinfo = KatzSystemInfo.from_minidump(minidump)
     except Exception as e:
         logger.exception('Minidump parsing error!')
         raise e
     try:
         mimi = pypykatz(reader, sysinfo)
         mimi.start()
     except Exception as e:
         #logger.info('Credentials parsing error!')
         mimi.log_basic_info()
         raise e
     return mimi
Пример #5
0
 def get_lsa(self):
     #trying with automatic template detection
     try:
         lsa_dec_template = LsaTemplate.get_template(self.sysinfo)
         lsa_dec = LsaDecryptor.choose(self.reader, lsa_dec_template,
                                       self.sysinfo)
         logger.debug(lsa_dec.dump())
     except:
         logger.exception(
             'Failed to automatically detect correct LSA template!')
         lsa_dec = self.get_lsa_bruteforce()
         if lsa_dec is None:
             raise Exception('All detection methods failed.')
         return lsa_dec
     else:
         return lsa_dec
Пример #6
0
    async def run(self, args):
        files_with_error = []
        results = {}
        ###### Minidump
        if args.cmd == 'minidump':
            if args.directory:
                dir_fullpath = os.path.abspath(args.memoryfile)
                file_pattern = '*.dmp'
                if args.recursive == True:
                    globdata = os.path.join(dir_fullpath, '**', file_pattern)
                else:
                    globdata = os.path.join(dir_fullpath, file_pattern)

                logger.info('Parsing folder %s' % dir_fullpath)
                for filename in glob.glob(globdata, recursive=args.recursive):
                    logger.info('Parsing file %s' % filename)
                    try:
                        mimi = await apypykatz.parse_minidump_file(
                            filename, packages=args.packages)
                        results[filename] = mimi
                    except Exception as e:
                        files_with_error.append(filename)
                        logger.exception('Error parsing file %s ' % filename)
                        if args.halt_on_error == True:
                            raise e
                        else:
                            pass

            else:
                logger.info('Parsing file %s' % args.memoryfile)
                try:
                    mimi = await apypykatz.parse_minidump_file(
                        args.memoryfile, packages=args.packages)
                    results[args.memoryfile] = mimi
                except Exception as e:
                    logger.exception('Error while parsing file %s' %
                                     args.memoryfile)
                    if args.halt_on_error == True:
                        raise e
                    else:
                        traceback.print_exc()

        self.process_results(results, files_with_error, args)