Merge branch 'master' of https://github.com/mattifestation/PowerSploit

Conflicts: Recon/Get-ComputerDetails.ps1 Recon/Recon.psd1
author: clymb3r <bialek.joseph@gmail.com> 2014-04-16 21:02:50 -0700
committer: clymb3r <bialek.joseph@gmail.com> 2014-04-16 21:02:50 -0700
commit: b783b459c12112509a733253df9f5935e104200c (patch)
tree: e58bce1f7d2f2584d1426262cc609f153d774e51 /Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_process.cpp
parent: 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff)
parent: 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff)
download: PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz
PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip
1 files changed, 0 insertions, 298 deletions
diff --git a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_process.cpp b/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_process.cpp
deleted file mode 100644
index d18ca8b..0000000
--- a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_process.cpp
+++ /dev/null
@@ -1,298 +0,0 @@
-/*	Benjamin DELPY `gentilkiwi`
-	http://blog.gentilkiwi.com
-	benjamin@gentilkiwi.com
-	Licence : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#include "mod_mimikatz_process.h"
-#include "..\global.h"
-
-vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> mod_mimikatz_process::getMimiKatzCommands()
-{
-	vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> monVector;
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(list,	L"list",	L"Liste les processus"));
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(start,	L"start",	L"Exécute un processus, /paused et/ou /sudo"));
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(suspend,	L"suspend",	L"Suspend l\'exécution d\'un processus"));
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(resume,	L"resume",	L"Reprend un processus"));
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(stop,	L"stop",	L"Stoppe un (ou plusieurs) processus"));
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(modules,	L"modules",	L"Liste les modules (pour le moment du PID courant)"));
-	monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(iat,		L"iat",		L"Liste la table d\'adressage"));
-	return monVector;
-}
-
-bool mod_mimikatz_process::start(vector<wstring> * arguments)
-{
-	if(!arguments->empty())
-	{
-		wstring commande = arguments->back();
-		bool paused = false;
-		bool sudo = false;
-
-		(*outputStream) << L"Demande d\'exécution de : \'" << commande << L"'" << endl;
-		PROCESS_INFORMATION pi = {INVALID_HANDLE_VALUE, INVALID_HANDLE_VALUE, 0, 0};
-
-		switch(arguments->size())
-		{
-		case 2:
-			if(_wcsicmp(arguments->front().c_str(), L"/paused") == 0)
-				paused = true;
-			else if(_wcsicmp(arguments->front().c_str(), L"/sudo") == 0)
-				sudo = true;
-			else
-				goto doStartProcess_syntaxerror;
-
-			break;
-		case 3:
-			if(_wcsicmp(arguments->front().c_str(), L"/paused") == 0)
-				paused = true;
-			else
-				goto doStartProcess_syntaxerror;
-
-			if(_wcsicmp(arguments->at(1).c_str(), L"/sudo") == 0)
-				sudo = true;
-			else
-				goto doStartProcess_syntaxerror;
-			
-			break;
-		}
-
-		if(mod_process::start(&commande, &pi, paused, sudo))
-		{
-			if(paused)
-				(*outputStream) << L" * Le Thread principal est suspendu ! Reprise avec : thread::resume " << pi.dwThreadId << endl;
-
-			if(sudo)
-				(*outputStream) << L" * Le processus est démarré avec de fausses données d\'identification" << endl;
-
-			printInfosFromPid(pi.dwProcessId, pi.dwThreadId);
-		}
-		else (*outputStream) << L"mod_process::start ; " <<  mod_system::getWinError() << endl;
-	}
-	else
-	{
-doStartProcess_syntaxerror:
-		(*outputStream) << L"Erreur de syntaxe ; " << L"process::start [/paused] [/sudo] commande" << endl;
-	}
-	
-	return true;
-}
-
-bool mod_mimikatz_process::stop(vector<wstring> * arguments)
-{
-	for(vector<wstring>::iterator monProcessName = arguments->begin(); monProcessName != arguments->end(); monProcessName++)
-	{
-		mod_process::KIWI_PROCESSENTRY32 monProcess;
-		wstring procName = *monProcessName;
-
-		if(mod_process::getUniqueForName(&monProcess, &procName))
-		{
-			(*outputStream) << L"Fin de : " <<  procName << L'\t';
-			if(mod_process::stop(monProcess.th32ProcessID))
-				(*outputStream) << L"OK";
-			else
-				(*outputStream) << L"KO - mod_process::stop ; " << mod_system::getWinError();
-			(*outputStream) << endl;
-		}
-		else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
-	}
-
-	return true;
-}
-
-
-bool mod_mimikatz_process::suspend(vector<wstring> * arguments)
-{
-	for(vector<wstring>::iterator monProcessName = arguments->begin(); monProcessName != arguments->end(); monProcessName++)
-	{
-		mod_process::KIWI_PROCESSENTRY32 monProcess;
-		wstring procName = *monProcessName;
-
-		if(mod_process::getUniqueForName(&monProcess, &procName))
-		{
-			(*outputStream) << L"Suspension de : " <<  procName << L'\t';
-			if(mod_process::suspend(monProcess.th32ProcessID))
-				(*outputStream) << L"OK";
-			else
-				(*outputStream) << L"KO - mod_process::suspend ; " << mod_system::getWinError();
-			(*outputStream) << endl;
-		}
-		else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
-	}
-
-	return true;
-}
-
-
-bool mod_mimikatz_process::resume(vector<wstring> * arguments)
-{
-	for(vector<wstring>::iterator monProcessName = arguments->begin(); monProcessName != arguments->end(); monProcessName++)
-	{
-		mod_process::KIWI_PROCESSENTRY32 monProcess;
-		wstring procName = *monProcessName;
-
-		if(mod_process::getUniqueForName(&monProcess, &procName))
-		{
-			(*outputStream) << L"Reprise de : " <<  procName << L'\t';
-			if(mod_process::resume(monProcess.th32ProcessID))
-				(*outputStream) << L"OK";
-			else
-				(*outputStream) << L"KO - mod_process::resume ; " << mod_system::getWinError();
-			(*outputStream) << endl;
-		}
-		else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
-	}
-
-	return true;
-}
-
-
-
-
-bool mod_mimikatz_process::list(vector<wstring> * arguments)
-{
-	vector<mod_process::KIWI_PROCESSENTRY32> * vectorProcess = new vector<mod_process::KIWI_PROCESSENTRY32>();
-	if(mod_process::getList(vectorProcess))
-	{
-		(*outputStream) << L"PID\tPPID\t#Ths\tpri\timage" << endl;
-		for(vector<mod_process::KIWI_PROCESSENTRY32>::iterator monProcess = vectorProcess->begin(); monProcess != vectorProcess->end(); monProcess++)
-		{
-			(*outputStream) << 
-				setw(5) << setfill(wchar_t(' ')) << monProcess->th32ProcessID << L'\t' <<
-				setw(5) << setfill(wchar_t(' ')) << monProcess->th32ParentProcessID << L'\t' <<
-				setw(5) << setfill(wchar_t(' ')) << monProcess->cntThreads << L'\t' <<
-				setw(5) << setfill(wchar_t(' ')) << monProcess->pcPriClassBase << L'\t' <<
-				monProcess->szExeFile <<
-			endl;
-		}
-	}
-	else (*outputStream) << L"mod_process::getList ; " << mod_system::getWinError() << endl;
-
-	delete vectorProcess;
-	return true;
-}
-
-bool mod_mimikatz_process::modules(vector<wstring> * arguments)
-{
-	DWORD processId = 0 ;
-
-	if(!arguments->empty() && !(arguments->size() > 1))
-	{
-		wstringstream monBuffer;
-		monBuffer << arguments->front();
-		monBuffer >> processId;
-	}
-
-	vector<mod_process::KIWI_MODULEENTRY32> * vectorModules = new vector<mod_process::KIWI_MODULEENTRY32>();
-	if(mod_process::getModulesListForProcessId(vectorModules, &processId))
-	{
-		(*outputStream) << L"@Base\tTaille\tModule\tPath" << endl;
-		for(vector<mod_process::KIWI_MODULEENTRY32>::iterator monModule = vectorModules->begin(); monModule != vectorModules->end(); monModule++)
-		{
-			(*outputStream) << monModule->modBaseAddr << L'\t' << monModule->modBaseSize << '\t' << monModule->szModule << L'\t' << monModule->szExePath << endl;
-		}
-	}
-	else
-		(*outputStream) << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl;
-
-	delete vectorModules;
-	return true;
-}
-
-bool mod_mimikatz_process::iat(vector<wstring> * arguments)
-{
-	wstring process;
-	wstring module;
-
-	switch(arguments->size())
-	{
-	case 2:
-		process = arguments->at(0);
-		module = arguments->at(1);
-		break;
-	case 1:
-		process = arguments->at(0);
-		break;
-	default:
-		;
-	}
-	
-	mod_process::KIWI_PROCESSENTRY32 monProcess;
-	if(mod_process::getUniqueForName(&monProcess, &process))
-	{
-		if(HANDLE monHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, false, monProcess.th32ProcessID))
-		{
-			if(module.empty() || (module.front() != L'*'))
-			{
-				if(module.empty())
-					module.assign(process);
-				
-				mod_process::KIWI_MODULEENTRY32 * monModule = new mod_process::KIWI_MODULEENTRY32();
-				if(mod_process::getUniqueModuleForName(monModule, &module, &monProcess.th32ProcessID))
-				{
-					printIATFromModule(monModule, monHandle);
-				}
-				else (*outputStream) << L"mod_process::getUniqueModuleForName ; " << mod_system::getWinError() << endl;
-				delete monModule;
-			}
-			else
-			{
-				vector<mod_process::KIWI_MODULEENTRY32> * vectorModules = new vector<mod_process::KIWI_MODULEENTRY32>();
-				if(mod_process::getModulesListForProcessId(vectorModules, &monProcess.th32ProcessID))
-				{
-					for(vector<mod_process::KIWI_MODULEENTRY32>::iterator monModule = vectorModules->begin(); monModule != vectorModules->end(); monModule++)
-						printIATFromModule(&*monModule, monHandle);
-				}
-				else (*outputStream) << L"mod_process::getModulesListForProcessId ; " << mod_system::getWinError() << endl;
-
-				delete vectorModules;
-			}
-			
-			CloseHandle(monHandle);
-		}
-	}
-	else (*outputStream) << L"mod_process::getUniqueForName ; " << mod_system::getWinError() << endl;
-
-	return true;
-}
-
-void mod_mimikatz_process::printInfosFromPid(DWORD &PID, DWORD ThreadId)
-{
-	(*outputStream) << L"PID      : " << PID << endl;
-
-	if(ThreadId)
-	{
-		(*outputStream) << L"ThreadID : " << ThreadId << endl;
-	}
-
-	LUID monId = {0, 0};
-	if(mod_process::getAuthentificationIdFromProcessId(PID, monId))
-	{
-		(*outputStream) << "AuthId_h : " << monId.HighPart << endl;
-		(*outputStream) << "AuthId_l : " << monId.LowPart << endl;
-	}
-	else (*outputStream) << L"Erreur : " <<  mod_system::getWinError() << endl;
-}
-
-void mod_mimikatz_process::printIATFromModule(mod_process::KIWI_MODULEENTRY32 * monModule, HANDLE monHandle)
-{
-	(*outputStream) << monModule->szModule << L" -> " << monModule->szExePath << endl;
-	PBYTE baseAddr = reinterpret_cast<PBYTE>(monModule->modBaseAddr);
-
-	vector<pair<string, vector<mod_process::KIWI_IAT_MODULE>>> * monIAT = new vector<pair<string, vector<mod_process::KIWI_IAT_MODULE>>>();
-	if(mod_process::getIAT(baseAddr, monIAT, monHandle))
-	{
-		for(vector<pair<string, vector<mod_process::KIWI_IAT_MODULE>>>::iterator monModuleImporte = monIAT->begin(); monModuleImporte != monIAT->end(); monModuleImporte++)
-		{
-			(*outputStream) << L" - Imports depuis : " << monModuleImporte->first.c_str() << endl;
-			for(vector<mod_process::KIWI_IAT_MODULE>::iterator maFonctionImporte = monModuleImporte->second.begin(); maFonctionImporte != monModuleImporte->second.end(); maFonctionImporte++)
-			{
-				(*outputStream) << L"      " << maFonctionImporte->ptrToFunc << L" -> " << maFonctionImporte->ptrFunc << L' ';
-				if(maFonctionImporte->Ordinal != 0)
-					(*outputStream) << L"O# " << maFonctionImporte->Ordinal;
-				else
-					(*outputStream) << maFonctionImporte->funcName.c_str();
-				(*outputStream) << endl;
-			}
-		}
-	}
-	delete monIAT;
-}
author	clymb3r <bialek.joseph@gmail.com>	2014-04-16 21:02:50 -0700
committer	clymb3r <bialek.joseph@gmail.com>	2014-04-16 21:02:50 -0700
commit	b783b459c12112509a733253df9f5935e104200c (patch)
tree	e58bce1f7d2f2584d1426262cc609f153d774e51 /Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_process.cpp
parent	47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff)
parent	946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff)
download	PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip