Fr3ki
69 lines
2.1 KiB
Python
69 lines
2.1 KiB
Python
import argparse
|
|
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument("-f", "--file", help="Mimikatz output file", required=True)
|
|
parser.add_argument("-m", "--mode", help="Mimikatz mode used to obtain the output logonpasswords|cache", required=True)
|
|
args = parser.parse_args()
|
|
|
|
def dump(creds):
|
|
if isinstance(creds, list) and len(creds) >= 2:
|
|
username = creds[0]
|
|
hsh = creds[1]
|
|
dumpfile = username+".txt"
|
|
with open(dumpfile, "w+") as df:
|
|
df.write(hsh)
|
|
else:
|
|
pass
|
|
|
|
def sekurlsa():
|
|
filename = args.file
|
|
creds = []
|
|
with open(filename) as f:
|
|
for line in f:
|
|
if "authentication" in line.lower():
|
|
dump(creds)
|
|
creds = []
|
|
elif "username" in line.lower():
|
|
username = line.split(":")[1].strip()
|
|
if username.lower() in creds or username.lower() == "(null)":
|
|
pass
|
|
else:
|
|
creds.append(username.lower())
|
|
elif "ntlm" in line.lower():
|
|
ntlm = line.strip().split(":")[1].strip()
|
|
if ntlm in creds:
|
|
pass
|
|
else:
|
|
creds.append(ntlm)
|
|
|
|
def cache():
|
|
filename = args.file
|
|
creds = []
|
|
with open(filename) as f:
|
|
for line in f:
|
|
if "nl$" in line.lower():
|
|
print(creds)
|
|
dump(creds)
|
|
creds = []
|
|
elif "user" in line.lower():
|
|
username = line.split(":")[1].strip()
|
|
if username.lower() in creds or username.lower() == "(null)":
|
|
pass
|
|
else:
|
|
creds.append(username.lower())
|
|
elif "mscachev2" in line.lower():
|
|
mscache = line.strip().split(":")[1].strip()
|
|
if mscache in creds:
|
|
pass
|
|
else:
|
|
creds.append(mscache)
|
|
|
|
print("[+] Credential pairs written to disk")
|
|
|
|
if __name__ == "__main__":
|
|
match args.mode:
|
|
case "logonpasswords":
|
|
sekurlsa()
|
|
case "cache":
|
|
cache()
|