RepoMirrors/mimikatz
1
0
Fork 0
mirror of https://github.com/gentilkiwi/mimikatz synced 2025-02-17 18:06:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

[fix] freeing memory with CredFree when using CredUnmarshalCredential

Browse Source 
[fix #289] casting FIELD_OFFSET to DWORD, like each time I commit ;)
This commit is contained in:
Benjamin DELPY 2020-06-14 12:52:08 +02:00
parent 4dd27c0a64
commit e10ec9aa5b
4 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mimikatz/modules/dpapi/packages/kuhl_m_dpapi_creds.c
View File

@ -185,7 +185,7 @@ void kuhl_m_dpapi_cred_tryEncrypted(LPCWSTR target, LPCBYTE data, DWORD dataLen,
else if(wcsstr(target, L"AppSense_DataNow_"))
{
kprintf(L"\n* Ivanti FileDirector credential blob *\n");
if(dataLen >= FIELD_OFFSET(KULL_M_CRED_APPSENSE_DN, data))
if(dataLen >= (DWORD) FIELD_OFFSET(KULL_M_CRED_APPSENSE_DN, data))
{
pAppDN = (PKULL_M_CRED_APPSENSE_DN) data;
if(!strcmp("AppN_DN_Win", pAppDN->type))

2
mimikatz/modules/kuhl_m_vault.c
View File

@ -524,7 +524,7 @@ void kuhl_m_vault_cred_tryEncrypted(PCREDENTIAL pCredential)
else if(wcsstr(pCredential->TargetName, L"AppSense_DataNow_"))
{
kprintf(L"* Ivanti FileDirector credential blob *\n");
if(pCredential->CredentialBlobSize >= FIELD_OFFSET(KULL_M_CRED_APPSENSE_DN, data))
if(pCredential->CredentialBlobSize >= (DWORD) FIELD_OFFSET(KULL_M_CRED_APPSENSE_DN, data))
{
pAppDN = (PKULL_M_CRED_APPSENSE_DN) pCredential->CredentialBlob;
if(!strcmp("AppN_DN_Win", pAppDN->type))

1
mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
View File

@ -1385,6 +1385,7 @@ VOID kuhl_m_sekurlsa_trymarshal(PCUNICODE_STRING MarshaledCredential)
default:
kprintf(L"[?] ?");
}
CredFree(Credential);
}
else PRINT_ERROR_AUTO(L"CredUnmarshalCredential");
}

14
modules/kull_m_net.h
View File

@ -161,6 +161,17 @@ typedef struct _SERVER_INFO_102 {
LMSTR sv102_userpath;
} SERVER_INFO_102, *PSERVER_INFO_102, *LPSERVER_INFO_102;
typedef struct _SHARE_INFO_2 {
LMSTR shi2_netname;
DWORD shi2_type;
LMSTR shi2_remark;
DWORD shi2_permissions;
DWORD shi2_max_uses;
DWORD shi2_current_uses;
LMSTR shi2_path;
LMSTR shi2_passwd;
} SHARE_INFO_2, *PSHARE_INFO_2, *LPSHARE_INFO_2;
#define SV_TYPE_WORKSTATION 0x00000001
#define SV_TYPE_SERVER 0x00000002
#define SV_TYPE_SQLSERVER 0x00000004
@ -200,4 +211,5 @@ NET_API_STATUS NET_API_FUNCTION NetWkstaUserEnum(IN LMSTR servername, IN DWORD l
NET_API_STATUS NET_API_FUNCTION NetShareEnum(IN LMSTR servername, IN DWORD level, OUT LPBYTE *bufptr, IN DWORD prefmaxlen, OUT LPDWORD entriesread, OUT LPDWORD totalentries, IN OUT LPDWORD resume_handle);
NET_API_STATUS NET_API_FUNCTION NetStatisticsGet(IN LPWSTR server, IN LPWSTR service, IN DWORD level, IN DWORD options, OUT LPBYTE *bufptr);
NET_API_STATUS NET_API_FUNCTION NetRemoteTOD(IN LPCWSTR UncServerName, OUT PTIME_OF_DAY_INFO *pToD);
NET_API_STATUS NET_API_FUNCTION NetServerGetInfo(IN LPWSTR servername, IN DWORD level, OUT LPBYTE *bufptr);
NET_API_STATUS NET_API_FUNCTION NetServerGetInfo(IN LPWSTR servername, IN DWORD level, OUT LPBYTE *bufptr);
NET_API_STATUS NET_API_FUNCTION NetShareAdd(IN LMSTR servername, IN DWORD level, IN LPBYTE buf, OUT LPDWORD parm_err);