def dump_processes(self): for p in processes().get_all(): print p.as_text() # When listing DLLs for a process we need to see the filesystem like they do if p.is_wow64(): wpc.utils.enable_wow64() if p.get_exe(): print "Security Descriptor for Exe File %s" % p.get_exe( ).get_name() if p.get_exe().get_sd(): print p.get_exe().get_sd().as_text() else: print "[unknown]" for dll in p.get_dlls(): print "\nSecurity Descriptor for DLL File %s" % dll.get_name( ) sd = dll.get_sd() if sd: print sd.as_text() if p.is_wow64(): wpc.utils.disable_wow64()
def dump_processes(self): for p in processes().get_all(): print p.as_text() # When listing DLLs for a process we need to see the filesystem like they do if p.is_wow64(): wpc.utils.enable_wow64() if p.get_exe(): print "Security Descriptor for Exe File %s" % p.get_exe().get_name() if p.get_exe().get_sd(): print p.get_exe().get_sd().as_text() else: print "[unknown]" for dll in p.get_dlls(): print "\nSecurity Descriptor for DLL File %s" % dll.get_name() sd = dll.get_sd() if sd: print sd.as_text() if p.is_wow64(): wpc.utils.disable_wow64()
got_a_hash = 1 print hash if not got_a_hash: print "[E] No hashes. Are you running as SYSTEM?" # credman if options.do_all or options.do_credman: section("Dumping Current User's Credentials from Credential Manager") creds = get_credman_creds() if creds: for package in creds: dump_cred(package) sid_done = {} for p in processes().get_all(): for t in p.get_tokens(): x = t.get_token_user().get_fq_name().encode("utf8") if t.get_token_user().get_fq_name().encode( "utf8") in sid_done.keys(): pass else: sid_done[t.get_token_user().get_fq_name().encode("utf8")] = 1 section("Dumping Credentials from Credential Manager for: %s" % t.get_token_user().get_fq_name()) win32security.ImpersonateLoggedOnUser(t.get_th()) creds = get_credman_creds() if creds: for package in creds: dump_cred(package) win32security.RevertToSelf()
def dumptab_processes(self): for p in processes().get_all(): print p.as_tab()
got_a_hash = 1 print hash if not got_a_hash: print "[E] No hashes. Are you running as SYSTEM?" # credman if options.do_all or options.do_credman: section("Dumping Current User's Credentials from Credential Manager") creds = get_credman_creds() if creds: for package in creds: dump_cred(package) sid_done = {} for p in processes().get_all(): for t in p.get_tokens(): x = t.get_token_user().get_fq_name().encode("utf8") if t.get_token_user().get_fq_name().encode("utf8") in sid_done.keys(): pass else: sid_done[t.get_token_user().get_fq_name().encode("utf8")] = 1 section("Dumping Credentials from Credential Manager for: %s" % t.get_token_user().get_fq_name()) win32security.ImpersonateLoggedOnUser(t.get_th()) creds = get_credman_creds() if creds: for package in creds: dump_cred(package) win32security.RevertToSelf() # lsadump