forked from EmpireProject/Empire
-
-
Notifications
You must be signed in to change notification settings - Fork 585
/
Copy pathcredentials.py
161 lines (139 loc) · 5.2 KB
/
credentials.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
"""
Credential handling functionality for Empire.
"""
import logging
import warnings
from sqlalchemy import and_, or_
from empire.server.core.db import models
from empire.server.core.db.base import SessionLocal
log = logging.getLogger(__name__)
class Credentials:
"""
Class that handles interaction with the backend credential model
(adding creds, displaying, etc.).
"""
def __init__(self, MainMenu, args=None):
# pull out the controller objects
self.mainMenu = MainMenu
self.installPath = self.mainMenu.installPath
self.args = args
# credential database schema:
# (ID, credtype, domain, username, password, host, OS, notes, sid)
# credtype = hash or plaintext
# sid is stored for krbtgt
def is_credential_valid(self, credentialID):
"""
Check if this credential ID is valid.
"""
warnings.warn(
"This has been deprecated and may be removed. Use credential_service.get_by_id() instead.",
DeprecationWarning,
stacklevel=2,
)
with SessionLocal() as db:
if (
db.query(models.Credential)
.filter(models.Credential.id == credentialID)
.first()
):
return True
return False
def get_credentials(self, filter_term=None, credtype=None, note=None, os=None):
"""
Return credentials from the database.
'credtype' can be specified to return creds of a specific type.
Values are: hash, plaintext, and token.
"""
warnings.warn(
"This has been deprecated and may be removed. Use credential_service.get_all().",
DeprecationWarning,
stacklevel=2,
)
# if we're returning a single credential by ID
with SessionLocal() as db:
if self.is_credential_valid(filter_term):
results = (
db.query(models.Credential)
.filter(models.Credential.id == filter_term)
.first()
)
# if we're filtering by host/username
elif filter_term and filter_term != "":
filter_term = filter_term.replace("*", "%")
search = f"%{filter_term}%"
results = (
db.query(models.Credential)
.filter(
or_(
models.Credential.domain.like(search),
models.Credential.username.like(search),
models.Credential.host.like(search),
models.Credential.password.like(search),
)
)
.all()
)
# if we're filtering by credential type (hash, plaintext, token)
elif credtype and credtype != "":
results = (
db.query(models.Credential)
.filter(models.Credential.credtype.ilike("%credtype%"))
.all()
)
# if we're filtering by content in the note field
elif note and note != "":
search = f"%{note}%"
results = (
db.query(models.Credential)
.filter(models.Credential.note.ilike("%search%"))
.all()
)
# if we're filtering by content in the OS field
elif os and os != "":
search = f"%{os}%"
results = (
db.query(models.Credential)
.filter(models.Credential.os.ilike("%search%"))
.all()
)
# otherwise return all credentials
else:
results = db.query(models.Credential).all()
return results
def add_credential( # noqa: PLR0913
self, credtype, domain, username, password, host, os="", sid="", notes=""
):
"""
Add a credential with the specified information to the database.
"""
warnings.warn(
"This has been deprecated and may be removed. Use credential_service.create_credential().",
DeprecationWarning,
stacklevel=2,
)
with SessionLocal.begin() as db:
results = (
db.query(models.Credential)
.filter(
and_(
models.Credential.credtype.like(credtype),
models.Credential.domain.like(domain),
models.Credential.username.like(username),
models.Credential.password.like(password),
)
)
.all()
)
if len(results) == 0:
credential = models.Credential(
credtype=credtype,
domain=domain,
username=username,
password=password,
host=host,
os=os,
sid=sid,
notes=notes,
)
db.add(credential)
db.flush()