From 904a28656b308b7d1be1095c7c113bd93dcbba5f Mon Sep 17 00:00:00 2001 From: Helvio Junior Date: Tue, 30 Jul 2024 19:05:47 -0300 Subject: [PATCH] BugFix --- knowsmore/cmd/hashes.py | 77 ++++++++++++++++++++--------------- knowsmore/password.py | 11 +++-- knowsmore/util/knowsmoredb.py | 10 ++++- 3 files changed, 60 insertions(+), 38 deletions(-) diff --git a/knowsmore/cmd/hashes.py b/knowsmore/cmd/hashes.py index d185f91..3f9941b 100644 --- a/knowsmore/cmd/hashes.py +++ b/knowsmore/cmd/hashes.py @@ -346,6 +346,8 @@ def run(self): username=usr, ntlm_hash=hash, type=type, + exclude_on_update=["object_identifier", "dn", "groups", + "enabled", "full_name"] ) # check if exists at pre computed hashes @@ -403,6 +405,12 @@ def run(self): exit(0) print(' ') + Logger.pl('{+} {W}Calculating company\'s name Leets{W}') + if len(Configuration.company) > 0: + for n in Configuration.company: + Password.leets_cache[n] = [l1 for l1 in Password.get_leets(n)] + + Logger.pl('{+} {W}Importing...{W}') total = Tools.count_file_lines(self.filename) with progress.Bar(label=" Processing ", expected_size=total) as bar: try: @@ -426,39 +434,42 @@ def run(self): if c1[0] == '': continue - password = Password( - ntlm_hash=None, # c1[0].lower(), # not use this - clear_text=c1[1] - ) - - #verify if exists - pwd = self.db.select('passwords', - ntlm_hash=password.ntlm_hash - ) - - if len(pwd) == 0: - # insert just at pre_computed - self.db.insert_ignore_one('pre_computed', - ntlm_hash=password.ntlm_hash, - md5_hash=password.md5_hash, - sha1_hash=password.sha1_hash, - sha256_hash=password.sha256_hash, - sha512_hash=password.sha512_hash, - password=password.clear_text, - ) - continue - - pdata = {} - - if len(Configuration.company) > 0: - pdata['company_similarity'] = sorted( - [password.calc_ratio(n1, 0.4) for n1 in Configuration.company] - )[-1] - - self.db.update_password( - password, - **pdata - ) + try: + password = Password( + ntlm_hash=None, # c1[0].lower(), # not use this + clear_text=c1[1] + ) + + #verify if exists + pwd = self.db.select('passwords', + ntlm_hash=password.ntlm_hash + ) + + if len(pwd) == 0: + # insert just at pre_computed + self.db.insert_ignore_one('pre_computed', + ntlm_hash=password.ntlm_hash, + md5_hash=password.md5_hash, + sha1_hash=password.sha1_hash, + sha256_hash=password.sha256_hash, + sha512_hash=password.sha512_hash, + password=password.clear_text + ) + continue + + pdata = {} + + if len(Configuration.company) > 0: + pdata['company_similarity'] = sorted( + [password.calc_ratio(n1, 0.4) for n1 in Configuration.company] + )[-1] + + self.db.update_password( + password, + **pdata + ) + except Exception as e: + print(e) #read next line finally: diff --git a/knowsmore/password.py b/knowsmore/password.py index 8e28daa..aa01087 100644 --- a/knowsmore/password.py +++ b/knowsmore/password.py @@ -155,7 +155,8 @@ def strength(self) -> int: return int(round((f(self.entropy - self.weak_bits) * float(100)), 0)) # with offset - def get_leets(self, word, index=0) -> list: + @classmethod + def get_leets(cls, word, index=0) -> list: if index == 0: word = word.lower() c = word[index:index + 1] @@ -166,7 +167,7 @@ def get_leets(self, word, index=0) -> list: yield p else: p = "%s%s%s" % (word[0:index], s, word[index + 1:]) - yield from self.get_leets(p, index + 1) + yield from cls.get_leets(p, index + 1) def calc_ratio(self, name: str, score_cutoff: float = 0.0) -> int: if len(name) == 0: @@ -187,7 +188,11 @@ def calc_ratio(self, name: str, score_cutoff: float = 0.0) -> int: # Use a static cache to increase speed if name not in Password.leets_cache.keys(): - Password.leets_cache[name] = [l1 for l1 in self.get_leets(name)] + # Permit up to 6 digits + if len(name) >= 6: + Password.leets_cache[name] = [name, name.lower(), name.upper()] + else: + Password.leets_cache[name] = [l1 for l1 in self.get_leets(name)] l1 = sorted( [ diff --git a/knowsmore/util/knowsmoredb.py b/knowsmore/util/knowsmoredb.py index f9733a1..0e70e59 100644 --- a/knowsmore/util/knowsmoredb.py +++ b/knowsmore/util/knowsmoredb.py @@ -180,7 +180,9 @@ def insert_or_update_bloodhound_edge(self, source: str, target: str, source_labe def insert_or_update_credential(self, domain: int, username: str, ntlm_hash: str, dn: str = '', groups: str = '', object_identifier: str = '', type: str = 'U', full_name: str = '', enabled: bool = True, - pwd_last_set: datetime.datetime = datetime.datetime(1970, 1, 1, 0, 0, 0, 0)): + pwd_last_set: datetime.datetime = datetime.datetime(1970, 1, 1, 0, 0, 0, 0), + exclude_on_update: list = None + ): try: # Hard-coded empty password @@ -219,8 +221,12 @@ def insert_or_update_credential(self, domain: int, username: str, ntlm_hash: str if pwd_last_set is not None and pwd_last_set.year > 1970: data['pwd_last_set'] = pwd_last_set + ex = ['password_id'] if not update_password else [] + if exclude_on_update is not None and isinstance(exclude_on_update, list): + ex += [str(x) for x in exclude_on_update] + self.insert_update_one_exclude('credentials', - exclude_on_update=['password_id'] if not update_password else [], + exclude_on_update=exclude_on_update, **data) except Exception as e: