| skipped 65 lines |
| 66 | 66 | | 'alias', 'pseudo', 'email', 'username', '_username', 'userid', 'form_loginname', 'loginname', |
| 67 | 67 | | 'login_id', 'loginid', 'session_key', 'sessionkey', 'pop_login', 'uid', 'id', 'user_id', 'screename', |
| 68 | 68 | | 'uname', 'ulogin', 'acctname', 'account', 'member', 'mailaddress', 'membername', 'login_username', |
| 69 | | - | 'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in'] |
| | 69 | + | 'login_email', 'loginusername', 'loginemail', 'uin', 'sign-in', 'j_username'] |
| 70 | 70 | | |
| 71 | 71 | | http_passfields = ['ahd_password', 'pass', 'password', '_password', 'passwd', 'session_password', 'sessionpassword', |
| 72 | 72 | | 'login_password', 'loginpassword', 'form_pw', 'pw', 'userpassword', 'pwd', 'upassword', 'login_password' |
| 73 | | - | 'passwort', 'passwrd', 'wppassword', 'upasswd'] |
| | 73 | + | 'passwort', 'passwrd', 'wppassword', 'upasswd', 'j_password'] |
| | 74 | + | |
| | 75 | + | SMBRead_userfields = ['Administrator','user', 'user_name', 'email', 'username', 'session_key', 'sessionkey'] |
| | 76 | + | |
| | 77 | + | SMBRead_passfields = ['cpassword','password', 'pass', 'password', '_password', 'passwd'] |
| 74 | 78 | | |
| 75 | 79 | | Filename = str(os.path.join(os.path.dirname(__file__),"CredentialDump-Session.log")) |
| 76 | 80 | | l= logging.getLogger('Credential-Session') |
| skipped 401 lines |
| 478 | 482 | | except: |
| 479 | 483 | | pass |
| 480 | 484 | | |
| | 485 | + | if SrcPort == 445: |
| | 486 | + | SMBRead_userfields = ['Administrator','user', 'email', 'username', 'session_key', 'sessionkey'] |
| | 487 | + | SMBRead_passfields = ['cpassword','password', 'pass', 'password', '_password', 'passwd'] |
| | 488 | + | for password in SMBRead_passfields: |
| | 489 | + | passw = re.findall('(?<=%s )[^\\r]*'%(password), decoded['data'], re.IGNORECASE) |
| | 490 | + | if passw: |
| | 491 | + | Message = "Found a password in an SMB read operation:\n%s:\n%s"%(password, passw) |
| | 492 | + | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| | 493 | + | if PrintPacket(Filename,Message): |
| | 494 | + | l.warning(HeadMessage) |
| | 495 | + | l.warning(Message) |
| | 496 | + | print HeadMessage+'\n'+Message |
| | 497 | + | |
| | 498 | + | for users in SMBRead_userfields: |
| | 499 | + | user = re.findall('(?<=%s )[^\\r]*'%(users), decoded['data'], re.IGNORECASE) |
| | 500 | + | if user: |
| | 501 | + | Message = "Found a username in an SMB read operation:\n%s:\n%s"%(users, user) |
| | 502 | + | HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort) |
| | 503 | + | if PrintPacket(Filename,Message): |
| | 504 | + | l.warning(HeadMessage) |
| | 505 | + | l.warning(Message) |
| | 506 | + | print HeadMessage+'\n'+Message |
| | 507 | + | |
| | 508 | + | |
| 481 | 509 | | if NTLMSSP2: |
| 482 | 510 | | global Chall |
| 483 | 511 | | Chall = ''.join(NTLMSSP2)[24:32].encode('hex') |
| skipped 196 lines |
| 680 | 708 | | |
| 681 | 709 | | Run() |
| 682 | 710 | | |
| | 711 | + | |
