hatRiot / clusterd

application server attack toolkit
MIT License
687 stars 198 forks source link

Dev #8

Closed sk1tt1sh closed 10 years ago

sk1tt1sh commented 10 years ago

getSAM modules added for automatic sam and system hive retrieval.

hatRiot commented 10 years ago

Nice PR; changes noted.

Other questions/things to consider:

With some work I think it would make a neat addition.

sk1tt1sh commented 10 years ago

I will continue adding debug info. The flag has been updated to --[platform]-sam as well. Just need to go over a couple things and I think it'll be ready.

sk1tt1sh commented 10 years ago

Updates as requested. Sticking with string.replace since something causes it the think its unicode for .translate and bugs it out.

hatRiot commented 10 years ago

Why should this module require root?

I just ran this against Tomcat 5.5 on Windows 7 and it failed to dump SAM/SYSTEM correctly. It pulled down 0 byte files.

sk1tt1sh commented 10 years ago

Root privs aren't necessary I suppose. The files are saved to clustered so...if there's access on that dir for non-root cool.

It will pull 0 byte files if the service is run as a user in admin that is not running TC as an admin. Same with JBoss. I will see if there's a way to get a privs level... or a "runas option" but that will probably fail if there's UAC at all turned on.

I'll clean up the string split, and debug/bold green happiness stuff today. Thanks.

sk1tt1sh commented 10 years ago

Pushed changes.

hatRiot commented 10 years ago

I'm not convinced the module is stable enough for a merge yet, but i'll be doing some testing over the weekend.

hatRiot commented 10 years ago

Closed as per offline discussion.