| skipped 65 lines |
66 | 66 | | 'alias', 'pseudo', 'email', 'username', '_username', 'userid', 'form_loginname', 'loginname', |
67 | 67 | | 'login_id', 'loginid', 'session_key', 'sessionkey', 'pop_login', 'uid', 'id', 'user_id', 'screename', |
68 | 68 | | 'uname', 'ulogin', 'acctname', 'account', 'member', 'mailaddress', 'membername', 'login_username', |
69 | | - | 'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in'] |
| 69 | + | 'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in', 'j_username'] |
70 | 70 | | |
71 | 71 | | http_passfields = ['ahd_password', 'pass', 'password', '_password', 'passwd', 'session_password', 'sessionpassword', |
72 | 72 | | 'login_password', 'loginpassword', 'form_pw', 'pw', 'userpassword', 'pwd', 'upassword', 'login_password' |
73 | | - | 'passwort', 'passwrd', 'wppassword', 'upasswd'] |
| 73 | + | 'passwort', 'passwrd', 'wppassword', 'upasswd', 'j_password'] |
| 74 | + | |
| 75 | + | SMBRead_userfields = ['Administrator','user', 'user_name', 'email', 'username', 'session_key', 'sessionkey'] |
| 76 | + | |
| 77 | + | SMBRead_passfields = ['cpassword','password', 'pass', 'password', '_password', 'passwd'] |
74 | 78 | | |
75 | 79 | | Filename = str(os.path.join(os.path.dirname(__file__),"CredentialDump-Session.log")) |
76 | 80 | | l= logging.getLogger('Credential-Session') |
| skipped 401 lines |
478 | 482 | | except: |
479 | 483 | | pass |
480 | 484 | | |
| 485 | + | if SrcPort == 445: |
| 486 | + | SMBRead_userfields = ['Administrator','user', 'email', 'username', 'session_key', 'sessionkey'] |
| 487 | + | SMBRead_passfields = ['cpassword','password', 'pass', 'password', '_password', 'passwd'] |
| 488 | + | for password in SMBRead_passfields: |
| 489 | + | passw = re.findall('(?<=%s )[^\\r]*'%(password), decoded['data'], re.IGNORECASE) |
| 490 | + | if passw: |
| 491 | + | Message = "Found a password in an SMB read operation:\n%s:\n%s"%(password, passw) |
| 492 | + | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| 493 | + | if PrintPacket(Filename,Message): |
| 494 | + | l.warning(HeadMessage) |
| 495 | + | l.warning(Message) |
| 496 | + | print HeadMessage+'\n'+Message |
| 497 | + | |
| 498 | + | for users in SMBRead_userfields: |
| 499 | + | user = re.findall('(?<=%s )[^\\r]*'%(users), decoded['data'], re.IGNORECASE) |
| 500 | + | if user: |
| 501 | + | Message = "Found a username in an SMB read operation:\n%s:\n%s"%(users, user) |
| 502 | + | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| 503 | + | if PrintPacket(Filename,Message): |
| 504 | + | l.warning(HeadMessage) |
| 505 | + | l.warning(Message) |
| 506 | + | print HeadMessage+'\n'+Message |
| 507 | + | |
| 508 | + | |
481 | 509 | | if NTLMSSP2: |
482 | 510 | | global Chall |
483 | 511 | | Chall = ''.join(NTLMSSP2)[24:32].encode('hex') |
| skipped 196 lines |
680 | 708 | | |
681 | 709 | | Run() |
682 | 710 | | |
| 711 | + | |