1 1 import logging 2 2 import binascii,os,json,datetime,shutil,base64 3 - from datetime import date 3 + from datetime import date, datetime , timedelta 4 4 from lib.toolbox import bcolors 5 5 6 6 skipped 69 lines 76 76 <html> 77 77 <head> 78 78 <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> 79 - <title>MySeatBelt - Result for %s</title> 79 + <title>DonPapi - Result for %s</title> 80 80 </head> 81 - <body>\n""" % ('res/style.css', "[client_name]") 81 + <body onload="toggleAll()"> 82 + \n""" % ('res/style.css', "[client_name]") 82 83 self.add_to_resultpage(data) 83 84 84 85 # Tableau en top de page pour les liens ? 85 86 data = """<table class="statistics"><TR><Th><a class="firstletter">M</a><a>enu</A></Th></TR>\n""" 86 87 data = """<div class="navbar">\n""" 87 - for menu in ['wifi', 'taskscheduler', 'credential-blob', 'browser-internet_explorer', 'SAM', 'LSA', 'DCC2', 88 + for menu in ['wifi', 'taskscheduler', 'credential-blob', 'browser-internet_explorer', 'cookies ' , ' SAM', 'LSA', 'DCC2', 88 89 'Files', 'Connected-users', 'Local_account_reuse', 'Scope_Audited']: 89 90 # data += f"""<TR><TD class="menu_top"><BR><a href="#{menu}"> {menu} </A><BR></TD></TR>\n""" 90 91 data += f"""<a href="#{menu}"> {menu.upper()}</A>\n""" skipped 4 lines 95 96 data = """<DIV class="main">\n""" 96 97 data += """<table class="main"><TR><TD>\n""" 97 98 98 - data += """<table><TR><TD class="menu_top"><a class="firstletter">P </a><a>assword Audit - % s </a></TD></TR>\n""" % ' [ client_name ] ' . upper ( ) 99 + data += """<table><TR><TD class="menu_top"><a class="firstletter">D </a><a>onPapi Audit</a></TD></TR>\n""" 99 100 data += """<TR><TD class="menu_top"><BR> %s <BR></TD></TR></TABLE><BR>\n""" % date.today().strftime("%d/%m/%Y") 100 101 101 102 data += """<table><TR><TD><img class="logo_left" src='%s'></TD>""" % os.path.join('res','Logo_LOGIN.PNG') skipped 26 lines 128 129 } 129 130 } 130 131 } 132 + 133 + function toggleAll() { 134 + toggle_it("cookies"); 135 + toggle_it("wifi"); 136 + toggle_it("taskscheduler"); 137 + toggle_it("credential-blob"); 138 + toggle_it("browser-internet_explorer"); 139 + toggle_it("browser-firefox"); 140 + toggle_it("browser-chrome"); 141 + toggle_it("SAM"); 142 + toggle_it("LSA"); 143 + toggle_it("DCC2"); 144 + toggle_it("VNC"); 145 + toggle_it("MRemoteNG"); 146 + } 131 147 </script> 132 148 """ 133 149 self.add_to_resultpage(data) 134 150 135 151 results = self.get_credz() 136 152 137 - data = """<table class="statistics"><TR>< Th > < a class = " firstletter " > U < / a > < a > sername < / A > < / Th > 153 + data = """<table class="statistics"><TR> 154 + <Th><a class="firstletter">U</a><a>sername</A></Th> 138 155 <Th><a class="firstletter">P</a><a>assword</A></Th> 139 156 <Th><a class="firstletter">T</a><a>arget</A></Th> 140 157 <Th><a class="firstletter">T</a><a>ype</A></Th> skipped 6 lines 147 164 cred_id, file_path, username, password, target, type, pillaged_from_computerid, pillaged_from_userid = cred 148 165 if type != current_type: 149 166 current_type=type 150 - data += f"""<TR id={current_type}><TD colspan="6" class="toggle_menu" onClick="toggle_it('{current_type}')"><A>{current_type}</A></TD></TR>""" 167 + current_type_count=self.get_credz_count(current_type)[0][0] 168 + data += f"""<TR id={current_type}><TD colspan="6" class="toggle_menu" onClick="toggle_it('{current_type}')"><A>{current_type} ({current_type_count})</A></TD></TR>""" 151 169 152 170 153 171 #Skip infos of skipped 79 lines 233 251 data += """</TABLE><BR>""" 234 252 self.add_to_resultpage(data) 235 253 ### 254 + ##### List cookies 255 + results = self.get_cookies() 256 + 257 + data = """<table class="statistics"><TR> 258 + <Th><a class="firstletter">N</a><a>ame</A></Th> 259 + <Th><a class="firstletter">V</a><a>alue</A></Th> 260 + <Th><a class="firstletter">U</a><a>ntil</A></Th> 261 + <Th><a class="firstletter">T</a><a>arget</A></Th> 262 + <Th><a class="firstletter">P</a><a>illaged_from_computerid</A></Th> 263 + <Th><a class="firstletter">P</a><a>illaged_from_userid</A></Th></TR>\n""" 264 + 265 + # <a href="#" id="toggle" onClick="toggle_it('tr1');toggle_it('tr2')"> 266 + current_type = 'cookies' 267 + data += f"""<TR id=cookies><TD colspan="6" class="toggle_menu" onClick="toggle_it('cookies')"><A>Cookies ({len(results)})</A></TD></TR>""" 268 + for index, cred in enumerate(results): 269 + name,value,expires_utc,target,type,pillaged_from_computerid,pillaged_from_userid = cred 270 + # Skip infos of 271 + # Get computer infos 272 + res = self.get_computer_infos(pillaged_from_computerid) 273 + for index_, res2 in enumerate(res): 274 + ip, hostname = res2 275 + computer_info = f"{ip} | {hostname}" 276 + # pillaged_from_userid 277 + if pillaged_from_userid != None: 278 + res = self.get_user_infos(pillaged_from_userid) 279 + for index_, pillaged_username in enumerate(res): 280 + pillaged_from_userid = pillaged_username[0] 281 + else: 282 + pillaged_from_userid = str(pillaged_from_userid) 283 + 284 + if index % 2 == 0: 285 + data += f"""<TR class=tableau_resultat_row0 {current_type}=1>""" 286 + else: 287 + data += f"""<TR class=tableau_resultat_row1 {current_type}=1>""" 288 + 289 + special_style = "" 290 + 291 + ###Print block 292 + for info in [name,value]: 293 + data += f"""<TD {special_style} ><A title="{info}"> {str(info)[:48]} </A></TD>""" 294 + for info in [expires_utc]: 295 + data += f"""<TD {special_style} ><A title="{info}"> {(datetime(1601, 1, 1) + timedelta(microseconds=info)).strftime('%b %d %Y %H:%M:%S')} </A></TD>""" 296 + 297 + # check if info contains a URL 298 + if 'http:' in target or 'https:' in target: 299 + info2 = target[target.index('http'):] 300 + special_ref = f'''href="{info2}" target="_blank" title="{target}"''' 301 + elif 'ftp:' in target: 302 + info2 = target[target.index('ftp'):] 303 + special_ref = f'''href="{info2}" target="_blank" title="{target}"''' 304 + elif "Domain:target=" in target: 305 + info2 = f'''rdp://full%20address=s:{target[target.index('Domain:target=') + len('Domain:target='):]}:3389&username=s:{username}&audiomode=i:2&disable%20themes=i:1''' 306 + special_ref = f'''href="{info2}" title="{target}"''' 307 + elif "LegacyGeneric:target=MicrosoftOffice1" in target: 308 + target = f'''{target[target.index('LegacyGeneric:target=') + len('LegacyGeneric:target='):]}''' 309 + special_ref = f'''href="https://login.microsoftonline.com/" target="_blank" title="OfficeLogin"''' 310 + else: 311 + special_ref = f'''title="{target}"''' 312 + data += f"""<TD {special_style} ><A {special_ref}> {str(target)[:48]} </A></TD>""" 313 + 314 + for info in [type, computer_info, pillaged_from_userid]: 315 + data += f"""<TD {special_style} ><A title="{info}"> {str(info)[:48]} </A></TD>""" 316 + data += """</TR>\n""" 317 + 318 + data += """</TABLE><BR>""" 319 + self.add_to_resultpage(data) 236 320 ##### List gathered files 237 321 results = self.get_file() 238 322 skipped 206 lines 445 529 self.logging.debug(ex) 446 530 self.logging.debug(f"Export Done!") 447 531 532 + def get_credz_count(self,current_type): 533 + with self.conn: 534 + cur = self.conn.cursor() 535 + cur.execute(f"SELECT count(id) FROM credz WHERE LOWER(type)=LOWER('{current_type}')") 536 + results = cur.fetchall() 537 + return results 538 + 448 539 def get_credz(self, filterTerm=None, credz_type=None): 449 540 """ 450 541 Return credentials from the database. skipped 92 lines 543 634 results = cur.fetchall() 544 635 return results 545 636 637 + def get_cookies(self): 638 + with self.conn: 639 + cur = self.conn.cursor() 640 + cur.execute(f"SELECT name,value,expires_utc,target,type,pillaged_from_computerid,pillaged_from_userid FROM cookies ORDER BY pillaged_from_computerid ASC, expires_utc DESC ") 641 + results = cur.fetchall() 642 + return results 546 643 class database: 547 644 548 645 def __init__(self, conn,logger): skipped 1019 lines