本文整理汇总了Python中pypykatz.pypykatz.pypykatz.parse_minidump_file方法的典型用法代码示例。如果您正苦于以下问题:Python pypykatz.parse_minidump_file方法的具体用法?Python pypykatz.parse_minidump_file怎么用?Python pypykatz.parse_minidump_file使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pypykatz.pypykatz.pypykatz的用法示例。
在下文中一共展示了pypykatz.parse_minidump_file方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: save_loot
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import parse_minidump_file [as 别名]
def save_loot(file, loot_id, encrypted=False):
"""Process the loot file"""
filename = save_file(file, dir=LOOT_DIR, encrypted=encrypted)
loot_type = get_loot_type(filename)
try:
if loot_type == "DMP":
from pypykatz.pypykatz import pypykatz
mimi = pypykatz.parse_minidump_file(filename)
creds = [json.loads(v.to_json())
for _, v in mimi.logon_sessions.items()]
store_minidump(loot_id, json.dumps(creds), filename)
elif loot_type == "SYSINFO":
add_sysinfo(loot_id, filename)
else: # registry hive
add_hive(loot_id, loot_type, filename)
except ImportError as e:
log.error("You have unmet dependencies, loot could not be processed")
log.exception(e) 示例2: get_by_procdump
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import parse_minidump_file [as 别名]
def get_by_procdump(self):
try:
mimi = pypykatz.parse_minidump_file(self.file_dump)
except:
return {}
return self._extract_from_dump(mimi, 'procdump') 示例3: get_masterkeys_from_lsass_dump
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import parse_minidump_file [as 别名]
def get_masterkeys_from_lsass_dump(self, file_path):
"""
Parses the mindiump of an LSASS process file and extracts the plaintext masterkeys
file_path: path to the mindiump file
return: dictionary of guid->keybytes
"""
from pypykatz.pypykatz import pypykatz
katz = pypykatz.parse_minidump_file(file_path)
for x in katz.logon_sessions:
for dc in katz.logon_sessions[x].dpapi_creds:
logger.debug('[DPAPI] Got masterkey for GUID %s via minidump LSASS method' % dc.key_guid)
self.masterkeys[dc.key_guid] = bytes.fromhex(dc.masterkey)
return self.masterkeys 示例4: parsedump
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import parse_minidump_file [as 别名]
def parsedump(self, loggers, smb_con, dumpfile):
# Modified from:
# https://github.com/awsmhacks/CrackMapExtreme/blob/a3a0ca13014b88dd2feb6db2ac522e2573321d6c/cmx/protocols/smb.py
# & Inspiration by @HackAndDo aka Pixis for these parse bits
arg = Namespace(outfile = False,
json = False,
grep = False,
kerberos_dir = False,
recursive = False,
directory = False)
out = pypykatz.parse_minidump_file(dumpfile)
f = io.StringIO()
with redirect_stdout(f): # Hides output
LSACMDHelper().process_results({"dumpfile": out}, [], arg)
logger = loggers['console']
db_updates = 0
for cred in self.parse_output(f.getvalue()):
if cred['Password']:
smb_con.db.update_user(cred['Username'], cred['Password'], cred['Domain'], '')
logger.success([smb_con.host, smb_con.ip, self.name.upper(), "{}\\{}:{}".format(cred['Domain'], cred['Username'], cred['Password'])])
db_updates += 1
elif cred['Hash']:
smb_con.db.update_user(cred['Username'], '', cred['Domain'], cred['Hash'])
logger.success([smb_con.host, smb_con.ip, self.name.upper(), "{}\\{}:{}".format(cred['Domain'], cred['Username'], cred['Hash'])])
db_updates += 1
logger.info([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])
logger.info([smb_con.host, smb_con.ip, self.name.upper(), "Dmp file saved to: {}".format(self.local_output)]) 示例5: run
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import parse_minidump_file [as 别名]
def run(self, args):
files_with_error = []
results = {}
###### Rekall
if args.cmd == 'rekall':
mimi = pypykatz.parse_memory_dump_rekall(args.memoryfile, args.timestamp_override)
results['rekall'] = mimi
###### Minidump
elif args.cmd == 'minidump':
if args.directory:
dir_fullpath = os.path.abspath(args.memoryfile)
file_pattern = '*.dmp'
if args.recursive == True:
globdata = os.path.join(dir_fullpath, '**', file_pattern)
else:
globdata = os.path.join(dir_fullpath, file_pattern)
logging.info('Parsing folder %s' % dir_fullpath)
for filename in glob.glob(globdata, recursive=args.recursive):
logging.info('Parsing file %s' % filename)
try:
mimi = pypykatz.parse_minidump_file(filename)
results[filename] = mimi
except Exception as e:
files_with_error.append(filename)
logging.exception('Error parsing file %s ' % filename)
if args.halt_on_error == True:
raise e
else:
pass
else:
logging.info('Parsing file %s' % args.memoryfile)
try:
mimi = pypykatz.parse_minidump_file(args.memoryfile)
results[args.memoryfile] = mimi
except Exception as e:
logging.exception('Error while parsing file %s' % args.memoryfile)
if args.halt_on_error == True:
raise e
else:
traceback.print_exc()
self.process_results(results, files_with_error, args)