search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.56k stars 3.59k forks source link

Hexdump in LSASecrets does not use the impacket logger #240

Closed byt3bl33d3r closed 7 years ago

byt3bl33d3r commented 7 years ago

Hey mate!

The hexdump() function here in the LSASecrets Class does not use the Impacket root logger and just prints to stdout. Although this output might be useful in most cases, whoever uses the library might not want this (which unfortunately is my case lol): 

(CME) λ pwnb0x CrackMapExec → λ git v4.0* → sudo cme smb 192.168.10.11 -u yomama -p 'P@ssw0rd' --lsa
SMB          192.168.10.11:445 WIN7BOX         [*] Windows 6.1 Build 7601 (name:WIN7BOX) (domain:LAB)
SMB          192.168.10.11:445 WIN7BOX         [+] LAB\yomama:P@ssw0rd (Pwn3d!)
SMB          192.168.10.11:445 WIN7BOX         [+] Dumping LSA secrets
 0000   01 00 00 00 B2 93 6D BE  72 C6 1F C1 72 EE 2D 73   ......m.r...r.-s
 0010   D7 4C 4B B3 DF 81 7B 63  8F B1 0C EF B2 19 2B 7D   .LK...{c......+}
 0020   53 31 0D 21 E3 28 67 FD  AC 23 5C 13               S1.!.(g..#\.
 0000   D8 BA 73 D4 89 66 46 70  CC 00 1C 92 A9 A7 C6 B5   ..s..fFp........
 0010   F5 52 1D 28 42 E1 52 15  2B AB 07 AF DD 2A C8 C9   .R.(B.R.+....*..
 0020   F2 2D 04 E7 78 DD 3D D3  0F 58 0E D7 B5 D9 60 AF   .-..x.=..X....`.
 0030   50 FC AF 57 A0 71 F2 5D  92 BA 5F 97 2A 90 1C 62   P..W.q.].._.*..b
SMB          192.168.10.11:445 WIN7BOX         [+] Added 5 LSA secrets to the database

I'd submit a PR but don't know exactly how you'd want to go about this, there are many ways to skin this cat.

Cheers, and happy holidays!

asolino commented 7 years ago

Hola @byt3bl33d3r!

I think this commit https://github.com/CoreSecurity/impacket/commit/5819161f6846d3cbd8295d81373f014bd1b0ab84 will help you doing what you need. Set the perSecretCallback when you create instantiate LSASecrets and you should be called for every secrets grabbed. The do whatever you want.

Let me know.

Happy holidays for you too!

byt3bl33d3r commented 7 years ago

Yup! that's exactly what I did but the hexdump output is still being printed to stdout.

asolino commented 7 years ago

Oops.. small detail @byt3bl33d3r .. thanks for pointing it out.

Let me know how things work now..

byt3bl33d3r commented 7 years ago

That did it! thanks man! 👍