RepoMirrors/mimikatz
1
0
Fork 0
mirror of https://github.com/gentilkiwi/mimikatz synced 2025-03-01 16:20:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Crypto & René Coty

Browse Source 
[new] crypto::certificates /silent & /nokey flags
[new] crypto::keys /silent flag
[new] kull_m_busylight module now support protocol for new devices
This commit is contained in:
Benjamin DELPY 2016-02-17 00:14:18 +01:00
parent e15b0ca68a
commit 5b72f2a31a
3 changed files with 61 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
mimikatz/modules/kuhl_m_busylight.c
View File

@ -31,15 +31,19 @@ const BUSYLIGHT_COMMAND_STEP kuhl_m_busylight_steps_KiwiHack[] = {
{0, 0, {0, 25, 0 }, 1, 0, BUSYLIGHT_MEDIA_MUTE},
},
kuhl_m_busylight_steps_ReneCotyHack[] = {
{1, 0, {0, 0, 100}, 7, 0, BUSYLIGHT_MEDIA_MUTE},
{2, 0, {100, 100, 100}, 7, 0, BUSYLIGHT_MEDIA_MUTE},
{3, 0, {100, 0, 0 }, 7, 10, BUSYLIGHT_MEDIA_MUTE},
{1, 0, {0, 0, 100}, 10, 0, BUSYLIGHT_MEDIA_MUTE},
{2, 0, {100, 100, 100}, 10, 0, BUSYLIGHT_MEDIA_MUTE},
{3, 0, {100, 0, 0 }, 10, 10, BUSYLIGHT_MEDIA_MUTE},
{4, 0, {0, 0, 100}, 2, 0, BUSYLIGHT_MEDIA_MUTE},
{5, 0, {100, 100, 100}, 2, 0, BUSYLIGHT_MEDIA_MUTE},
{0, 0, {100, 0, 0 }, 2, 20, BUSYLIGHT_MEDIA_MUTE},
};
NTSTATUS kuhl_m_busylight_init()
{
PBUSYLIGHT_DEVICE cur;
BOOL isKbFR = (PtrToUlong(GetKeyboardLayout(0)) >> 16) == 0x40c, isKiwi;
BOOL isKbFR = (PtrToUlong(GetKeyboardLayout(0)) >> 16) == 0x40c, isKiwi = FALSE;
if(isBusyLight = kull_m_busylight_devices_get(&kuhl_m_busylight_devices, NULL, BUSYLIGHT_CAP_LIGHT))
{
for(cur = kuhl_m_busylight_devices; cur; cur = cur->next)
@ -122,8 +126,7 @@ NTSTATUS kuhl_m_busylight_list(int argc, wchar_t * argv[])
{
for(cur = kuhl_m_busylight_devices; cur; cur = cur->next)
{
kprintf(L"[%3u] %s ( "
, cur->id, cur->deviceId->Description);
kprintf(L"[%3u] %s ( ", cur->id, cur->deviceId->Description);
for(i = 0; i < ARRAYSIZE(kuhl_m_busylight_capabilities_to_String); i++)
{
if((cur->deviceId->Capabilities >> i) & 1)
@ -145,7 +148,7 @@ NTSTATUS kuhl_m_busylight_single(int argc, wchar_t * argv[])
mdl.color = BUSYLIGHT_COLOR_CYAN;
if(isBusyLight)
{
mdl.AudioByte = BUSYLIGHT_MEDIA | BUSYLIGHT_MEDIA_VOLUME_4_MEDIUM | (kull_m_string_args_byName(argc, argv, L"sound", NULL, NULL) ? BUSYLIGHT_MEDIA_SOUND_OPENOFFICE : BUSYLIGHT_MEDIA_SOUND_FUNKY);
mdl.AudioByte = BUSYLIGHT_MEDIA | BUSYLIGHT_MEDIA_VOLUME_4_MEDIUM | (kull_m_string_args_byName(argc, argv, L"sound", NULL, NULL) ? BUSYLIGHT_MEDIA_SOUND_OPENOFFICE : BUSYLIGHT_MEDIA_JINGLE_IM2);
if(kull_m_string_args_byName(argc, argv, L"color", &szColor, NULL))
{
dwColor = wcstoul(szColor, NULL, 0);
@ -180,7 +183,7 @@ DWORD WINAPI kuhl_m_busylight_gradientThread(LPVOID lpThreadParameter)
PBUSYLIGHT_DEVICE device = (PBUSYLIGHT_DEVICE) lpThreadParameter;
BUSYLIGHT_COMMAND_STEP mdl = {0, 1, {100, 0, 0}, 1, 0, BUSYLIGHT_MEDIA_MUTE};
PBYTE toInc = &mdl.color.green, toDec = NULL;
BYTE step = 5;
BYTE step = 10;
while(device && device->hWorkerThread && device->dWorkerThread && device->hBusy)
{
if(kull_m_busylight_request_send(device, &mdl, 1, FALSE))

55
mimikatz/modules/kuhl_m_crypto.c
View File

@ -177,17 +177,20 @@ NTSTATUS kuhl_m_crypto_l_certificates(int argc, wchar_t * argv[])
{
HCERTSTORE hCertificateStore;
PCCERT_CONTEXT pCertContext;
DWORD i, j, dwSizeNeeded, keySpec;
DWORD i, j, dwSizeNeeded, keySpec, flags = CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG;
wchar_t *certName;
PCRYPT_KEY_PROV_INFO pBuffer;
HCRYPTPROV_OR_NCRYPT_KEY_HANDLE monProv;
HCRYPTKEY maCle;
BOOL keyToFree;
BOOL noKey, keyToFree;
PCWCHAR szSystemStore, szStore, name;
DWORD dwSystemStore = 0;
BOOL export = kull_m_string_args_byName(argc, argv, L"export", NULL, NULL);
if(kull_m_string_args_byName(argc, argv, L"silent", NULL, NULL))
flags |= CRYPT_ACQUIRE_SILENT_FLAG;
noKey = kull_m_string_args_byName(argc, argv, L"nokey", NULL, NULL);
kull_m_string_args_byName(argc, argv, L"systemstore", &szSystemStore, L"CURRENT_USER"/*kuhl_m_crypto_system_stores[0].name*/);
dwSystemStore = kull_m_crypto_system_store_to_dword(szSystemStore);
@ -200,7 +203,7 @@ NTSTATUS kuhl_m_crypto_l_certificates(int argc, wchar_t * argv[])
if(hCertificateStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, (HCRYPTPROV_LEGACY) NULL, dwSystemStore | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, szStore))
{
for (i = 0, pCertContext = CertEnumCertificatesInStore(hCertificateStore, NULL); pCertContext != NULL; pCertContext = CertEnumCertificatesInStore(hCertificateStore, pCertContext), i++)
for (i = 0, pCertContext = CertEnumCertificatesInStore(hCertificateStore, NULL); pCertContext != NULL; pCertContext = CertEnumCertificatesInStore(hCertificateStore, pCertContext), i++) // implicit CertFreeCertificateContext
{
for(j = 0; j < ARRAYSIZE(nameSrc); j++)
{
@ -228,31 +231,34 @@ NTSTATUS kuhl_m_crypto_l_certificates(int argc, wchar_t * argv[])
(pBuffer->pwszProvName ? pBuffer->pwszProvName : L"(null)"),
name ? name : L"?", pBuffer->dwProvType);
if(CryptAcquireCertificatePrivateKey(pCertContext, CRYPT_ACQUIRE_ALLOW_NCRYPT_KEY_FLAG /* CRYPT_ACQUIRE_SILENT_FLAG NULL */, NULL, &monProv, &keySpec, &keyToFree))
if(!noKey)
{
kprintf(L"\tType : %s (0x%08x)\n", kull_m_crypto_keytype_to_str(keySpec), keySpec);
if(keySpec != CERT_NCRYPT_KEY_SPEC)
if(CryptAcquireCertificatePrivateKey(pCertContext, flags, NULL, &monProv, &keySpec, &keyToFree))
{
if(CryptGetUserKey(monProv, keySpec, &maCle))
kprintf(L"\tType : %s (0x%08x)\n", kull_m_crypto_keytype_to_str(keySpec), keySpec);
if(keySpec != CERT_NCRYPT_KEY_SPEC)
{
kuhl_m_crypto_printKeyInfos(0, maCle);
CryptDestroyKey(maCle);
if(CryptGetUserKey(monProv, keySpec, &maCle))
{
kuhl_m_crypto_printKeyInfos(0, maCle);
CryptDestroyKey(maCle);
}
else PRINT_ERROR_AUTO(L"CryptGetUserKey");
if(keyToFree)
CryptReleaseContext(monProv, 0);
}
else PRINT_ERROR_AUTO(L"CryptGetUserKey");
else if(kuhl_m_crypto_hNCrypt)
{
kuhl_m_crypto_printKeyInfos(monProv, 0);
if(keyToFree)
K_NCryptFreeObject(monProv);
}
else PRINT_ERROR(L"keySpec == CERT_NCRYPT_KEY_SPEC without CNG Handle ?\n");
if(keyToFree)
CryptReleaseContext(monProv, 0);
}
else if(kuhl_m_crypto_hNCrypt)
{
kuhl_m_crypto_printKeyInfos(monProv, 0);
if(keyToFree)
K_NCryptFreeObject(monProv);
}
else PRINT_ERROR(L"keySpec == CERT_NCRYPT_KEY_SPEC without CNG Handle ?\n");
} else PRINT_ERROR_AUTO(L"CryptAcquireCertificatePrivateKey");
} else PRINT_ERROR_AUTO(L"CryptAcquireCertificatePrivateKey");
}
} else PRINT_ERROR_AUTO(L"CertGetCertificateContextProperty");
LocalFree(pBuffer);
}
@ -309,6 +315,9 @@ NTSTATUS kuhl_m_crypto_l_keys(int argc, wchar_t * argv[])
dwFlags = CRYPT_MACHINE_KEYSET; // same as NCRYPT_MACHINE_KEY_FLAG :)
szStore = dwFlags ? L"machine" : L"user";
if(kull_m_string_args_byName(argc, argv, L"silent", NULL, NULL))
dwFlags |= CRYPT_SILENT;
kull_m_string_args_byName(argc, argv, L"cngprovider", &szCngProvider, MS_KEY_STORAGE_PROVIDER);
kprintf(L" * Store : \'%s\'\n"

68
modules/kull_m_busylight.c
View File

@ -96,9 +96,9 @@ BOOL kull_m_busylight_devices_get(PBUSYLIGHT_DEVICE *devices, DWORD *count, DWOR
(*next)->DevicePath = _wcsdup(DeviceInterfaceDetailData->DevicePath);
(*next)->hidAttributes = attributes;
(*next)->deviceId = deviceId;
//(*next)->dpi.box_sensivity = 6;
//(*next)->dpi.box_timeout = 4;
//(*next)->dpi.box_triggertime = 85;
(*next)->dpi.box_sensivity = 4;
(*next)->dpi.box_timeout = 4;
(*next)->dpi.box_triggertime = 85;
(*next)->id = id;
(*next)->hBusy = CreateFile(DeviceInterfaceDetailData->DevicePath, FILE_READ_DATA | FILE_WRITE_DATA, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
@ -176,62 +176,20 @@ void kull_m_busylight_devices_free(PBUSYLIGHT_DEVICE devices, BOOL instantOff)
}
}
//BOOL kull_m_busylight_request_create(PBUSYLIGHT_COMMAND_STEP commands, DWORD count, PCBUSYLIGHT_DPI dpi, PBYTE *data, DWORD *size)
//{
// BOOL status = FALSE;
// DWORD i;
// USHORT sum;
//
// *size = BUSYLIGHT_OUTPUT_REPORT_SIZE;
// if(*data = (PBYTE) LocalAlloc(LPTR, *size))
// {
// for(i = 0; i < min(count, 7); i++)
// {
// (*data)[i * 8 + 1] = (commands[i].NextStep & 0xf0) ? commands[i].NextStep : (commands[i].NextStep | 0x10);
// (*data)[i * 8 + 2] = commands[i].RepeatInterval;
// // TODO avoid color (or not ?)
// (*data)[i * 8 + 3] = commands[i].color.red;
// (*data)[i * 8 + 4] = commands[i].color.green;
// (*data)[i * 8 + 5] = commands[i].color.blue;
//
// (*data)[i * 8 + 6] = commands[i].OnTimeSteps;
// (*data)[i * 8 + 7] = commands[i].OffTimeSteps;
// (*data)[i * 8 + 8] = commands[i].AudioByte;
// }
// if(dpi)
// {
// (*data)[57] = dpi->box_sensivity;
// (*data)[58] = dpi->box_timeout;
// (*data)[59] = dpi->box_triggertime;
// }
// (*data)[60] = (*data)[61] = (*data)[62] = 0xff;
//
// for(i = 1, sum = 0; i < (*size - 2); i++)
// sum += (*data)[i];
// (*data)[63] = (BYTE) (sum / 256);
// (*data)[64] = (BYTE) (sum % 256);
//
// status = TRUE; // TODO add checks
// if(!status)
// {
// *data = (PBYTE) LocalFree(*data);
// *size = 0;
// }
// }
// return status;
//}
BOOL kull_m_busylight_request_create(PCBUSYLIGHT_COMMAND_STEP commands, DWORD count, PBYTE *data, DWORD *size)
{
BOOL status = FALSE;
DWORD i;
USHORT sum;
*size = BUSYLIGHT_OUTPUT_REPORT_SIZE;
if(*data = (PBYTE) LocalAlloc(LPTR, *size))
{
for(i = 0; i < min(count, 8); i++)
if(count >=7)
PRINT_ERROR(L"count=%u (max is 7)\n", count);
for(i = 0; i < min(count, 7); i++)
{
(*data)[i * 8 + 1] = /*(commands[i].NextStep & 0xf0) ? */commands[i].NextStep/* : (commands[i].NextStep | 0x10)*/;
(*data)[i * 8 + 1] = (commands[i].NextStep & 0xf0) ? commands[i].NextStep : (commands[i].NextStep | 0x10);
(*data)[i * 8 + 2] = commands[i].RepeatInterval;
// TODO avoid color (or not ?)
(*data)[i * 8 + 3] = commands[i].color.red;
@ -242,6 +200,16 @@ BOOL kull_m_busylight_request_create(PCBUSYLIGHT_COMMAND_STEP commands, DWORD co
(*data)[i * 8 + 7] = commands[i].OffTimeSteps;
(*data)[i * 8 + 8] = commands[i].AudioByte;
}
(*data)[57] = 4;
(*data)[58] = 4;
(*data)[59] = 85;
(*data)[60] = (*data)[61] = (*data)[62] = 0xff;
for(i = 1, sum = 0; i < (*size - 2); i++)
sum += (*data)[i];
(*data)[63] = (BYTE) (sum / 256);
(*data)[64] = (BYTE) (sum % 256);
status = TRUE; // TODO add checks
if(!status)