Codebase list python-lsassy / 4b4d930 lsassy / modules / parser.py
4b4d930

Tree @4b4d930 (Download .tar.gz)

parser.py @4b4d930raw · history · blame 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Author:
#  Romain Bentz (pixis - @hackanddo)
# Website:
#  https://beta.hackndo.com [FR]
#  https://en.hackndo.com [EN]



from pypykatz.pypykatz import pypykatz

from lsassy.utils.defines import *


class Parser:
    class Options:
        def __init__(self, raw=False):
            self.raw = raw

    def __init__(self, dumpfile, options=Options()):
        self._log = dumpfile.get_connection().get_logger()
        self._dumpfile = dumpfile
        self._raw = options.raw
        self._credentials = []
    
    def parse(self):
        pypy_parse = pypykatz.parse_minidump_external(self._dumpfile)
        self._dumpfile.close()

        ssps = ['msv_creds', 'wdigest_creds', 'ssp_creds', 'livessp_creds', 'kerberos_creds', 'credman_creds', 'tspkg_creds']
        for luid in pypy_parse.logon_sessions:
            
            for ssp in ssps:
                for cred in getattr(pypy_parse.logon_sessions[luid], ssp, []):
                    domain = getattr(cred, "domainname", None)
                    username = getattr(cred, "username", None)
                    password = getattr(cred, "password", None)
                    LMHash = getattr(cred, "LMHash", None)
                    NThash = getattr(cred, "NThash", None)
                    SHAHash = getattr(cred, "SHAHash", None)
                    if LMHash is not None:
                        LMHash = LMHash.hex()
                    if NThash is not None:
                        NThash = NThash.hex()
                    if SHAHash is not None:
                        SHAHash = SHAHash.hex()
                    # Remove empty password, machine accounts and buggy entries
                    if self._raw:
                        self._credentials.append([ssp, domain, username, password, LMHash, NThash, SHAHash])
                    elif (not all(v is None or v == '' for v in [password, LMHash, NThash, SHAHash])
                            and username is not None
                            and not username.endswith('$')
                            and not username == ''):
                        self._credentials.append((ssp, domain, username, password, LMHash, NThash, SHAHash))
        return RetCode(ERROR_SUCCESS)

    def get_credentials(self):
        return self._credentials

    def clean(self):
        return RetCode(ERROR_SUCCESS)