Skip to content

Commit

Permalink
Enhancements
Browse files Browse the repository at this point in the history 
* Code cleaning
  • Loading branch information
@gentilkiwi
gentilkiwi committed Sep 6, 2015
1 parent bea89c6 commit 5f12ced
Show file tree
Hide file tree
Showing 9 changed files with 42 additions and 14 deletions.
1 change: 1 addition & 0 deletions mimikatz/mimikatz.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@
<LinkErrorReporting>NoErrorReport</LinkErrorReporting>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
Expand Down
15 changes: 5 additions & 10 deletions mimikatz/modules/kuhl_m_lsadump.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1714,16 +1714,15 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
{
LSA_OBJECT_ATTRIBUTES objectAttributes = {0};
PPOLICY_DNS_DOMAIN_INFO pPolicyDnsDomainInfo = NULL;
PDOMAIN_CONTROLLER_INFO cInfo = NULL;
RPC_BINDING_HANDLE hBinding;
DRS_HANDLE hDrs = NULL;
DSNAME dsName = {0};
DRS_MSG_GETCHGREQ getChReq = {0};
DWORD dwOutVersion = 0;
DRS_MSG_GETCHGREPLY getChRep = {0};
ULONG drsStatus;
DWORD ret;
LPCWSTR szUser = NULL, szGuid = NULL, szDomain = NULL, szDc = NULL;
LPWSTR szTmpDc = NULL;

if(!kull_m_string_args_byName(argc, argv, L"domain", &szDomain, NULL))
if(kull_m_net_getCurrentDomainInfo(&pPolicyDnsDomainInfo))
Expand All @@ -1733,12 +1732,8 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
{
kprintf(L"[DC] \'%s\' will be the domain\n", szDomain);
if(!(kull_m_string_args_byName(argc, argv, L"dc", &szDc, NULL) || kull_m_string_args_byName(argc, argv, L"kdc", &szDc, NULL)))
{
ret = DsGetDcName(NULL, szDomain, NULL, NULL, DS_DIRECTORY_SERVICE_REQUIRED | DS_IS_DNS_NAME | DS_RETURN_DNS_NAME, &cInfo);
if(ret == ERROR_SUCCESS)
szDc = cInfo->DomainControllerName + 2;
else PRINT_ERROR(L"[DC] DsGetDcName: %u\n", ret);
}
if(kull_m_net_getDC(szDomain, DS_DIRECTORY_SERVICE_REQUIRED, &szTmpDc))
szDc = szTmpDc;

if(szDc)
{
Expand Down Expand Up @@ -1795,8 +1790,8 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
}
else PRINT_ERROR(L"Domain not present, or doesn\'t look like a FQDN\n");

if(cInfo)
NetApiBufferFree(cInfo);
if(szTmpDc)
LocalFree(szTmpDc);
if(pPolicyDnsDomainInfo)
LsaFreeMemory(pPolicyDnsDomainInfo);

Expand Down
2 changes: 0 additions & 2 deletions mimikatz/modules/kuhl_m_lsadump.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -377,8 +377,6 @@ PKERB_KEY_DATA kuhl_m_lsadump_lsa_keyDataInfo(PVOID base, PKERB_KEY_DATA keys, U
PKERB_KEY_DATA_NEW kuhl_m_lsadump_lsa_keyDataNewInfo(PVOID base, PKERB_KEY_DATA_NEW keys, USHORT Count, PCWSTR title);
void kuhl_m_lsadump_lsa_DescrBuffer(DWORD type, PVOID Buffer, DWORD BufferSize);

extern DWORD WINAPI NetApiBufferFree (IN LPVOID Buffer);

PVOID kuhl_m_lsadump_dcsync_findMonoAttr(ATTRBLOCK *attributes, ATTRTYP type, PVOID data, DWORD *size);
void kuhl_m_lsadump_dcsync_findPrintMonoAttr(LPCWSTR prefix, ATTRBLOCK *attributes, ATTRTYP type, BOOL newLine);

Expand Down
1 change: 1 addition & 0 deletions mimilib/mimilib.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@
<LinkErrorReporting>NoErrorReport</LinkErrorReporting>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
<ModuleDefinitionFile>mimilib.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
Expand Down
1 change: 1 addition & 0 deletions mimilove/mimilove.vcxproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
<LinkErrorReporting>NoErrorReport</LinkErrorReporting>
<ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers>
<TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors>
<LinkTimeCodeGeneration>UseLinkTimeCodeGeneration</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
Expand Down
20 changes: 20 additions & 0 deletions modules/kull_m_net.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,24 @@ BOOL kull_m_net_CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, PSID Do
if(!(status = CreateWellKnownSid(WellKnownSidType, DomainSid, *pSid, &szNeeded)))
*pSid = LocalFree(*pSid);
return status;
}

BOOL kull_m_net_getDC(LPCWSTR fullDomainName, DWORD altFlags, LPWSTR * fullDCName)
{
BOOL status = FALSE;
DWORD ret, size;
PDOMAIN_CONTROLLER_INFO cInfo = NULL;
ret = DsGetDcName(NULL, fullDomainName, NULL, NULL, altFlags | DS_IS_DNS_NAME | DS_RETURN_DNS_NAME, &cInfo);
if(ret == ERROR_SUCCESS)
{
size = (DWORD) (wcslen(cInfo->DomainControllerName + 2) + 1) * sizeof(wchar_t);
if(*fullDCName = (wchar_t *) LocalAlloc(LPTR, size))
{
status = TRUE;
RtlCopyMemory(*fullDCName, cInfo->DomainControllerName + 2, size);
}
NetApiBufferFree(cInfo);
}
else PRINT_ERROR(L"DsGetDcName: %u\n", ret);
return status;
}
5 changes: 4 additions & 1 deletion modules/kull_m_net.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,8 @@
#include "globals.h"
#include <DsGetDC.h>

extern DWORD WINAPI NetApiBufferFree (IN LPVOID Buffer);

BOOL kull_m_net_getCurrentDomainInfo(PPOLICY_DNS_DOMAIN_INFO * pDomainInfo);
BOOL kull_m_net_CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, PSID DomainSid, PSID * pSid);
BOOL kull_m_net_CreateWellKnownSid(WELL_KNOWN_SID_TYPE WellKnownSidType, PSID DomainSid, PSID * pSid);
BOOL kull_m_net_getDC(LPCWSTR fullDomainName, DWORD altFlags, LPWSTR * fullDCName);
2 changes: 1 addition & 1 deletion modules/kull_m_rpc_drsr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ BOOL kull_m_rpc_drsr_createBinding(LPCWSTR server, RPC_BINDING_HANDLE *hBinding)
RPC_STATUS rpcStatus;
RPC_WSTR StringBinding = NULL;
RPC_SECURITY_QOS SecurityQOS = {RPC_C_SECURITY_QOS_VERSION, RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH, RPC_C_QOS_IDENTITY_STATIC, RPC_C_IMP_LEVEL_DEFAULT};
LPWSTR fullServer = NULL;
LPWSTR fullServer;
DWORD szServer = (DWORD) (wcslen(server) * sizeof(wchar_t)), szPrefix = sizeof(PREFIX_LDAP); // includes NULL;

*hBinding = NULL;
Expand Down
9 changes: 9 additions & 0 deletions modules/kull_m_samlib.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,14 @@ typedef struct _SAMPR_RID_ENUMERATION {
LSA_UNICODE_STRING Name;
} SAMPR_RID_ENUMERATION, *PSAMPR_RID_ENUMERATION;

typedef struct _SAMPR_GET_MEMBERS_BUFFER {
DWORD MemberCount;
DWORD *Members;
DWORD *Attributes;
} SAMPR_GET_MEMBERS_BUFFER, *PSAMPR_GET_MEMBERS_BUFFER;

extern NTSTATUS WINAPI SamConnect(IN PUNICODE_STRING ServerName, OUT SAMPR_HANDLE * ServerHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted);
extern NTSTATUS WINAPI SamConnectWithCreds(IN PUNICODE_STRING ServerName, OUT SAMPR_HANDLE * ServerHandle, IN ACCESS_MASK DesiredAccess, IN LSA_OBJECT_ATTRIBUTES * ObjectAttributes, IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, IN PWSTR ServerPrincName, OUT ULONG * unk0);
extern NTSTATUS WINAPI SamEnumerateDomainsInSamServer(IN SAMPR_HANDLE ServerHandle, OUT DWORD * EnumerationContext, OUT PSAMPR_RID_ENUMERATION* Buffer, IN DWORD PreferedMaximumLength, OUT DWORD * CountReturned);
extern NTSTATUS WINAPI SamLookupDomainInSamServer(IN SAMPR_HANDLE ServerHandle, IN PUNICODE_STRING Name, OUT PSID * DomainId);

Expand All @@ -51,6 +58,8 @@ extern NTSTATUS WINAPI SamQueryInformationUser(IN SAMPR_HANDLE UserHandle, IN US
extern NTSTATUS WINAPI SamGetGroupsForUser(IN SAMPR_HANDLE UserHandle, OUT PGROUP_MEMBERSHIP * Groups, OUT DWORD * CountReturned);
extern NTSTATUS WINAPI SamGetAliasMembership(IN SAMPR_HANDLE DomainHandle, IN DWORD Count, IN PSID * Sid, OUT DWORD * CountReturned, OUT PDWORD * RelativeIds);

extern NTSTATUS WINAPI SamGetMembersInGroup(IN SAMPR_HANDLE GroupHandle, OUT PSAMPR_GET_MEMBERS_BUFFER * Members);

extern NTSTATUS WINAPI SamEnumerateUsersInDomain(IN SAMPR_HANDLE DomainHandle, IN OUT PDWORD EnumerationContext, IN DWORD UserAccountControl, OUT PSAMPR_RID_ENUMERATION* Buffer, IN DWORD PreferedMaximumLength, OUT PDWORD CountReturned);
extern NTSTATUS WINAPI SamLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN DWORD Count, IN PUNICODE_STRING Names, OUT PDWORD * RelativeIds, OUT PDWORD * Use);
extern NTSTATUS WINAPI SamLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle, IN DWORD Count, IN PDWORD RelativeIds, OUT PUNICODE_STRING * Names, OUT PDWORD * Use);
Expand Down

0 comments on commit 5f12ced

Please sign in to comment.