Code cleaning & Base64 output

2025-01-30 08:51:32 +00:00 · 2014-04-23 22:00:29 +02:00 · 2014-04-23 22:00:29 +02:00 · 853ee232f0
commit 853ee232f0
parent e85d87f6bb
8 changed files with 39 additions and 97 deletions
--- a/inc/globals.h
+++ b/inc/globals.h
@ -30,8 +30,7 @@
 #define MIMIKATZ_VERSION		L"2.0 alpha"
 #define MIMIKATZ_CODENAME		L"Kiwi en C"
 #define MIMIKATZ_FULL			MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") release \"" MIMIKATZ_CODENAME L"\" (" TEXT(__DATE__) L" " TEXT(__TIME__) L")"
-#define MIMIKATZ_PIPE_PATH		L"\\\\.\\pipe\\" MIMIKATZ
-#define MIMIKATZ_DEFAULT_LOG	L"mimikatz.log"
+#define MIMIKATZ_DEFAULT_LOG	MIMIKATZ L".log"
 #define MIMIKATZ_DRIVER			L"mimidrv"
 #define MIMIKATZ_KERBEROS_EXT	L"kirbi"

--- a/mimidrv/_build_.cmd
+++ b/mimidrv/_build_.cmd
@ -1,5 +1,5 @@
@echo off
-set winddk=c:\WinDDK\7600.16385.1
+set winddk=%SystemDrive%\WinDDK\7600.16385.1

 set mimidrv=%~dp0
 set path=%systemroot%;%systemroot%\system32
--- a/mimikatz/modules/kuhl_m_standard.c
+++ b/mimikatz/modules/kuhl_m_standard.c
@ -12,6 +12,7 @@ const KUHL_M_C kuhl_m_c_standard[] = {
 	{kuhl_m_standard_answer,	L"answer",	L"Answer to the Ultimate Question of Life, the Universe, and Everything"},
 	{kuhl_m_standard_sleep,		L"sleep",	L"Sleep an amount of milliseconds"},
 	{kuhl_m_standard_log,		L"log",		L"Log mimikatz input/output to file"},
+	{kuhl_m_standard_base64,	L"base64",	L"Switch file output/base64 output"},
 	{kuhl_m_standard_version,	L"version",	L"Display some version informations"},
 };
 const KUHL_M kuhl_m_standard = {
@ -21,60 +22,6 @@ const KUHL_M kuhl_m_standard = {
 /*
 NTSTATUS kuhl_m_standard_test(int argc, wchar_t * argv[])
 {
-	SC_HANDLE hSC, hS;
-	DWORD i, szRoot, szNeeded, cbServices;
-	LPWSTR systemRoot;
-	LPENUM_SERVICE_STATUS_PROCESSW pEnumServiceBuffer;
-	LPQUERY_SERVICE_CONFIG pServiceConfigBuffer;
-
-	if(szRoot = GetEnvironmentVariable(L"SystemRoot", NULL, 0))
-	{
-		if(systemRoot = (LPWSTR) LocalAlloc(LPTR, szRoot * sizeof(wchar_t)))
-		{
-			if(GetEnvironmentVariable(L"SystemRoot", systemRoot, szRoot))
-			{
-				if(hSC = OpenSCManager(NULL, SERVICES_ACTIVE_DATABASE, SC_MANAGER_CONNECT | SC_MANAGER_ENUMERATE_SERVICE))
-				{
-					if(!EnumServicesStatusEx(hSC, SC_ENUM_PROCESS_INFO, SERVICE_TYPE_ALL, SERVICE_STATE_ALL, NULL, 0, &szNeeded, &cbServices, NULL, NULL) && (GetLastError() == ERROR_MORE_DATA))
-					{
-						if(pEnumServiceBuffer = (LPENUM_SERVICE_STATUS_PROCESSW) LocalAlloc(LPTR, szNeeded))
-						{
-							if(EnumServicesStatusEx(hSC, SC_ENUM_PROCESS_INFO, SERVICE_TYPE_ALL, SERVICE_STATE_ALL, (PBYTE) pEnumServiceBuffer, szNeeded, &szNeeded, &cbServices, NULL, NULL))
-							{
-								for(i = 0; i < cbServices; i ++)
-								{
-									if(hS = OpenService(hSC, pEnumServiceBuffer[i].lpServiceName, SERVICE_QUERY_CONFIG))
-									{
-										if(!QueryServiceConfig(hS, NULL, 0, &szNeeded) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
-										{
-											if(pServiceConfigBuffer = (LPQUERY_SERVICE_CONFIG) LocalAlloc(LPTR, szNeeded))
-											{
-												if(QueryServiceConfig(hS, pServiceConfigBuffer, szNeeded, &szNeeded) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
-												{
-													if(
-														(_wcsnicmp(pServiceConfigBuffer->lpBinaryPathName, systemRoot, szRoot - 1) != 0) &&
-														(_wcsnicmp(pServiceConfigBuffer->lpBinaryPathName, L"system32\\", 9) != 0) &&
-														(_wcsnicmp(pServiceConfigBuffer->lpBinaryPathName, L"\\SystemRoot\\system32\\", 21) != 0) &&
-														(_wcsnicmp(pServiceConfigBuffer->lpBinaryPathName, L"\\??\\", 4) != 0)
-														)
-														kprintf(L"%s\t%s\n", pEnumServiceBuffer[i].lpServiceName, pServiceConfigBuffer->lpBinaryPathName);
-												}
-												LocalFree(pServiceConfigBuffer);
-											}
-										} else PRINT_ERROR_AUTO(L"QueryServiceConfig");
-										CloseServiceHandle(hS);
-									} else PRINT_ERROR_AUTO(L"OpenService");
-								}
-							} else PRINT_ERROR_AUTO(L"EnumServicesStatusEx");
-							LocalFree(pEnumServiceBuffer);
-						}
-					} else PRINT_ERROR_AUTO(L"EnumServicesStatusEx");
-					CloseServiceHandle(hSC);
-				}
-			}
-			LocalFree(systemRoot);
-		}
-	}
 	return STATUS_SUCCESS;
 }
 */
@ -119,6 +66,14 @@ NTSTATUS kuhl_m_standard_log(int argc, wchar_t * argv[])
 	return STATUS_SUCCESS;
 }

+NTSTATUS kuhl_m_standard_base64(int argc, wchar_t * argv[])
+{
+	kprintf(L"isBase64Intercept was    : %s\n", isBase64Intercept ? L"true" : L"false");
+	isBase64Intercept = !isBase64Intercept;
+	kprintf(L"isBase64Intercept is now : %s\n", isBase64Intercept ? L"true" : L"false");
+	return STATUS_SUCCESS;
+}
+
 NTSTATUS kuhl_m_standard_version(int argc, wchar_t * argv[])
 {
 	BOOL isWow64;
--- a/mimikatz/modules/kuhl_m_standard.h
+++ b/mimikatz/modules/kuhl_m_standard.h
@ -6,6 +6,7 @@
 #pragma once
 #include "kuhl_m.h"
 #include "../modules/kull_m_string.h"
+#include "../modules/kull_m_file.h"

 const KUHL_M kuhl_m_standard;

@ -15,6 +16,7 @@ NTSTATUS kuhl_m_standard_cite(int argc, wchar_t * argv[]);
 NTSTATUS kuhl_m_standard_answer(int argc, wchar_t * argv[]);
 NTSTATUS kuhl_m_standard_sleep(int argc, wchar_t * argv[]);
 NTSTATUS kuhl_m_standard_log(int argc, wchar_t * argv[]);
+NTSTATUS kuhl_m_standard_base64(int argc, wchar_t * argv[]);
 NTSTATUS kuhl_m_standard_version(int argc, wchar_t * argv[]);

 NTSTATUS kuhl_m_standard_test(int argc, wchar_t * argv[]);
--- a/modules/kull_m_file.c
+++ b/modules/kull_m_file.c
@ -5,6 +5,8 @@
 */
 #include "kull_m_file.h"

+BOOL isBase64Intercept = FALSE;
+
 BOOL kull_m_file_getCurrentDirectory(wchar_t ** ppDirName)
 {
 	BOOL reussite = FALSE;
@ -56,10 +58,28 @@ BOOL kull_m_file_isFileExist(wchar_t *fileName)
 BOOL kull_m_file_writeData(PCWCHAR fileName, PBYTE data, DWORD lenght)
 {
 	BOOL reussite = FALSE;
-	DWORD dwBytesWritten;
-	HANDLE hFile = CreateFile(fileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL);
+	DWORD dwBytesWritten = 0, i;
+	HANDLE hFile = NULL;
+	LPWSTR base64;
 	
-	if(hFile && hFile != INVALID_HANDLE_VALUE)
+	if(isBase64Intercept)
+	{
+		if(CryptBinaryToString(data, lenght, CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, NULL, &dwBytesWritten))
+		{
+			if(base64 = (LPWSTR) LocalAlloc(LPTR, dwBytesWritten * sizeof(wchar_t)))
+			{
+				if(reussite = CryptBinaryToString(data, lenght, CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, base64, &dwBytesWritten))
+				{
+					kprintf(L"\n===================\nBase64 interception\n===================\n");
+					for(i = 0; i < dwBytesWritten; i++)
+						kprintf(L"%c", base64[i]);
+					kprintf(L"\n===================\n");
+				}
+				LocalFree(base64);
+			}
+		}
+	}
+	else if((hFile = CreateFile(fileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL)) && hFile != INVALID_HANDLE_VALUE)
 	{
 		if(WriteFile(hFile, data, lenght, &dwBytesWritten, NULL) && (lenght == dwBytesWritten))
 			reussite = FlushFileBuffers(hFile);
--- a/modules/kull_m_file.h
+++ b/modules/kull_m_file.h
@ -4,9 +4,11 @@
 	Licence : http://creativecommons.org/licenses/by/3.0/fr/
 */
 #pragma once
-#include <windows.h>
+#include "globals.h"
 #include <shlwapi.h>

+BOOL isBase64Intercept;
+
 BOOL kull_m_file_getCurrentDirectory(wchar_t ** ppDirName);
 BOOL kull_m_file_getAbsolutePathOf(wchar_t *thisData, wchar_t ** reponse);
 BOOL kull_m_file_isFileExist(wchar_t *fileName);
--- a/modules/kull_m_string.c
+++ b/modules/kull_m_string.c
@ -47,40 +47,7 @@ void kull_m_string_freeUnicodeStringBuffer(PUNICODE_STRING pString)
 	if(pString->Buffer)
 		LocalFree(pString->Buffer);
 }
-/*
-VOID kull_m_string_outputHighUnicodeString(PLSA_UNICODE_STRING pString)
-{
-	DWORD dwSize;
-	wchar_t * ptr = NULL;
-	if(pString)
-	{
-		ptr = pString->Buffer;
-		dwSize =  pString->Length / sizeof(wchar_t);
-	}
-	kull_m_string_outputHighWideStringWithLen(ptr, dwSize);
-}

-VOID kull_m_string_outputHighWideString(wchar_t * pString)
-{
-	DWORD dwSize;
-	if(pString)
-		dwSize =  (DWORD) wcslen(pString);
-	kull_m_string_outputHighWideStringWithLen(pString, dwSize);
-}
-
-VOID kull_m_string_outputHighWideStringWithLen(wchar_t * pString, DWORD dwSize)
-{
-	//DWORD dwhConWritten;
-	//HANDLE hConOut = GetStdHandle(STD_OUTPUT_HANDLE);
-	if(!pString)
-	{
-		pString = L"(null)";
-		dwSize = 6;
-	}
-	kprintf(L"%.*s", dwSize, pString);
-	//WriteConsole(hConOut, pString, dwSize, &dwhConWritten, NULL); 
-}
-*/
 wchar_t * kull_m_string_qad_ansi_to_unicode(const char * ansi)
 {
 	wchar_t * buffer = NULL;
--- a/modules/kull_m_string.h
+++ b/modules/kull_m_string.h
@ -42,9 +42,6 @@ BOOL kull_m_string_suspectUnicodeStringStructure(IN PUNICODE_STRING pUnicodeStri
 BOOL kull_m_string_getUnicodeString(IN PUNICODE_STRING string, IN PKULL_M_MEMORY_HANDLE source);
 void kull_m_string_freeUnicodeStringBuffer(PUNICODE_STRING pString);
 BOOL kull_m_string_suspectUnicodeString(IN PUNICODE_STRING pUnicodeString);
-/*VOID kull_m_string_outputHighUnicodeString(PLSA_UNICODE_STRING pString);
-VOID kull_m_string_outputHighWideString(wchar_t * pString);
-VOID kull_m_string_outputHighWideStringWithLen(wchar_t * pString, DWORD dwSize);*/

 wchar_t * kull_m_string_qad_ansi_to_unicode(const char * ansi);
 wchar_t * kull_m_string_qad_ansi_c_to_unicode(const char * ansi, SIZE_T szStr);