login-securite
diff --git a/‎donpapi/database.py‎
Lines changed: 154 additions & 0 deletions b/‎donpapi/database.py‎
Lines changed: 154 additions & 0 deletions
diff --git a/‎donpapi/entry.py‎
Lines changed: 4 additions & 3 deletions b/‎donpapi/entry.py‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎donpapi/lib/google_refresh_token.py‎
Lines changed: 80 additions & 0 deletions b/‎donpapi/lib/google_refresh_token.py‎
Lines changed: 80 additions & 0 deletions
@@ -35,6 +35,30 @@ def get_credz(self, filterTerm=None, credz_type=None):
         results = cur.fetchall()
         return results
 
+    def get_token(self, filterTerm=None, credz_type=None):
+        """
+        Return credentials from the database.
+        """
+        if credz_type:
+            with self.conn:
+                cur = self.conn.cursor()
+                cur.execute(f"SELECT * FROM token WHERE type='{credz_type}'")
+
+        # if we're filtering by username
+        elif filterTerm and filterTerm != '':
+            with self.conn:
+                cur = self.conn.cursor()
+                cur.execute("SELECT * FROM users WHERE LOWER(username) LIKE LOWER(?)", ['%{}%'.format(filterTerm)])
+
+        # otherwise return all credentials
+        else:
+            with self.conn:
+                cur = self.conn.cursor()
+                cur.execute("SELECT * FROM token")
+
+        results = cur.fetchall()
+        return results
+
     @staticmethod
     def db_schema(db_conn):
         db_conn.execute('''CREATE TABLE "computers" (
@@ -89,6 +113,19 @@ def db_schema(db_conn):
 					FOREIGN KEY(pillaged_from_userid) REFERENCES users(id)
 					)''')
 
+        db_conn.execute('''CREATE TABLE "token" (
+        					"id" integer PRIMARY KEY,
+        					"file_path" text,
+        					"username" text,
+        					"password" text,
+        					"target" text,
+        					"type" text,
+        					"pillaged_from_computerid" integer,
+        					"pillaged_from_userid" integer,
+        					FOREIGN KEY(pillaged_from_computerid) REFERENCES computers(id),
+        					FOREIGN KEY(pillaged_from_userid) REFERENCES users(id)
+        					)''')
+
         db_conn.execute('''CREATE TABLE "certificates" (
 					"id" integer PRIMARY KEY,
 					"pfx_file_path" text,
@@ -788,6 +825,123 @@ def add_credz(self, credz_type, credz_username, credz_password, credz_target, cr
 
         return None
 
+    def add_token(self, credz_type, credz_username, credz_password, credz_target, credz_path, pillaged_from_computerid=None,
+                pillaged_from_userid=None, pillaged_from_computer_ip=None, pillaged_from_username=None):
+        """
+        Check if this credential has already been added to the database, if not add it in.
+        """
+        user_rowid = None
+        try:
+            credz_username = self.clear_input(credz_username)
+            credz_password = self.clear_input(credz_password)
+            credz_target = self.clear_input(credz_target)
+            credz_path = self.clear_input(credz_path)
+            self.logging.debug(f"{credz_username} - {binascii.hexlify(credz_username.encode('utf-8'))}")
+            self.logging.debug(f"{credz_password} - {binascii.hexlify(credz_password.encode('utf-8'))}")
+            self.logging.debug(f"{credz_target} - {binascii.hexlify(credz_target.encode('utf-8'))}")
+            self.logging.debug(f"{credz_path} - {binascii.hexlify(credz_path.encode('utf-8'))}")
+            self.logging.debug(
+                f"pillaged_from_computer_ip {pillaged_from_computer_ip} - {binascii.hexlify(pillaged_from_computer_ip.encode('utf-8'))}")
+            self.logging.debug(f"pillaged_from_username {pillaged_from_username}")
+
+            if pillaged_from_computer_ip != None:
+                with self.conn:
+                    cur = self.conn.cursor()
+                    cur.execute(f"SELECT * FROM computers WHERE LOWER(ip)=LOWER('{pillaged_from_computer_ip}')")
+                results = cur.fetchall()
+                if len(results) > 0:
+                    result = results[0]
+                    pillaged_from_computerid = result[0]
+                    self.logging.debug(f"[+] Resolved {pillaged_from_computer_ip} to id : {pillaged_from_computerid}")
+        except Exception as ex:
+            self.logging.error(f"Exception in add_token 1")
+            self.logging.debug(ex)
+
+        try:
+            if pillaged_from_username != None:
+                with self.conn:
+                    cur = self.conn.cursor()
+                    cur.execute(
+                        f"SELECT * FROM users WHERE LOWER(username)=LOWER('{pillaged_from_username}') AND pillaged_from_computerid={pillaged_from_computerid}")
+                results = cur.fetchall()
+                if len(results) > 0:
+                    result = results[0]
+                    pillaged_from_userid = result[0]
+                    self.logging.debug(
+                        f"[+] Resolved {pillaged_from_username} on machine {pillaged_from_computerid} to id : {pillaged_from_userid}")
+        except Exception as ex:
+            self.logging.error(f"Exception in add_token 2")
+            self.logging.debug(ex)
+            pass
+        if pillaged_from_computerid == None or pillaged_from_userid == None:
+            self.logging.debug(
+                f"[-] Missing computerId or UserId to register token {credz_username} {credz_password} - {credz_target}")
+        # return None
+        try:
+            if pillaged_from_userid == None:
+                query = "SELECT * FROM token WHERE LOWER(username)=LOWER(:credz_username) AND LOWER(password)=LOWER(:credz_password) AND LOWER(type)=LOWER(:credz_type) AND LOWER(target)=LOWER(:credz_target) AND pillaged_from_computerid=:pillaged_from_computerid"
+                parameters = {
+                    "credz_username": credz_username,
+                    "credz_password": credz_password,
+                    "credz_type": credz_type, "credz_target": credz_target,
+                    "pillaged_from_computerid": int(pillaged_from_computerid),
+                }
+            else:
+                query = "SELECT * FROM token WHERE LOWER(username)=LOWER(:credz_username) AND LOWER(password)=LOWER(:credz_password) AND LOWER(type)=LOWER(:credz_type) AND LOWER(target)=LOWER(:credz_target) AND pillaged_from_computerid=:pillaged_from_computerid AND pillaged_from_userid=:pillaged_from_userid"
+                parameters = {
+                    "credz_username": credz_username,
+                    "credz_password": credz_password,
+                    "credz_type": credz_type, "credz_target": credz_target,
+                    "pillaged_from_computerid": int(pillaged_from_computerid),
+                    "pillaged_from_userid": int(pillaged_from_userid)
+                }
+            self.logging.debug(query)
+            with self.conn:
+                cur = self.conn.cursor()
+                cur.execute(query, parameters)
+            results = cur.fetchall()
+        except Exception as ex:
+            self.logging.error(f"Exception in add_token 3")
+            self.logging.debug(ex)
+        try:
+            if not len(results):
+                if pillaged_from_userid == None:
+                    query = "   INSERT INTO token (username, password, target, type, pillaged_from_computerid, file_path) VALUES (:credz_username, :credz_password, :credz_target, :credz_type, :pillaged_from_computerid, :credz_path)"
+                    parameters = {
+                        "credz_username": credz_username,
+                        "credz_password": credz_password,
+                        "credz_target": credz_target,
+                        "credz_type": credz_type,
+                        "pillaged_from_computerid": int(pillaged_from_computerid),
+                        "credz_path": credz_path,
+                    }
+                else:
+                    query = "INSERT INTO token (username, password, target, type, pillaged_from_computerid,pillaged_from_userid, file_path) VALUES (:credz_username, :credz_password, :credz_target, :credz_type, :pillaged_from_computerid, :pillaged_from_userid, :credz_path)"
+                    parameters = {
+                        "credz_username": credz_username,
+                        "credz_password": credz_password,
+                        "credz_type": credz_type,
+                        "credz_target": credz_target,
+                        "pillaged_from_computerid": int(pillaged_from_computerid),
+                        "pillaged_from_userid": int(pillaged_from_userid),
+                        "credz_path": credz_path,
+                    }
+                self.logging.debug(query)
+                with self.conn:
+                    cur = self.conn.cursor()
+                    cur.execute(query, parameters)
+                user_rowid = cur.lastrowid
+                self.logging.debug(
+                    f'added_token(credtype={credz_type}, target={credz_target}, username={credz_username}, password={credz_password}) => {user_rowid}')
+            else:
+                self.logging.debug(
+                    f'added_token(credtype={credz_type}, target={credz_target}, username={credz_username}, password={credz_password}) => ALREADY IN DB')
+
+        except Exception as ex:
+            self.logging.error(f"Exception in add_token 4")
+            self.logging.debug(ex)
+
+        return None
 
     def add_cookies(self, credz_type, credz_name, credz_value, credz_expires_utc, credz_target, credz_path,
                     pillaged_from_computerid=None, pillaged_from_userid=None, pillaged_from_computer_ip=None,
 
@@ -89,7 +89,7 @@ def main():
     group.add_argument('-port', choices=['135', '139', '445'], nargs='?', default='445', metavar="destination port", help='Destination port to connect to SMB Server')
 
     group = parser.add_argument_group('Reporting')
-    group.add_argument('-R', '--report', action="store_true", help='Only Generate Report on the scope', default=False)
+    group.add_argument('-R', '--report', action="store_true", help='Only Generate Report on the scope', default=True)
     group.add_argument('--type', action="store", help='only report "type" password (wifi,credential-blob,browser-internet_explorer,LSA,SAM,taskscheduler,VNC,browser-chrome,browser-firefox')
     group.add_argument('-u','--user', action="store_true", help='only this username')
     group.add_argument('--target', action="store_true", help='only this target (url/IP...)')
@@ -216,11 +216,11 @@ def main():
                                       report_content=['credz', 'hash_reuse'],
                                       credz_content=['taskscheduler', 'LSA'])
             my_report.generate_report(report_name='most_important_credentials',
-                                      report_content=['credz'],
+                                      report_content=['credz','token'],
                                       credz_content=['wifi', 'taskscheduler', 'credential-blob',
                                                      'browser', 'sysadmin', 'LSA'])
             my_report.generate_report(report_name='cookies',
-                                      report_content=['cookies'],
+                                      report_content=['cookies','token'],
                                       credz_content=[''])
             # Main report
             my_report.generate_report(report_name='full_report')
@@ -229,6 +229,7 @@ def main():
             my_report.export_credz()
             my_report.export_sam()
             my_report.export_cookies()
+            my_report.export_lsa()
             if options.GetHashes:
                 my_report.export_mkf_hashes()
                 my_report.export_dcc2_hashes()
 
@@ -0,0 +1,80 @@
+'''
+// Call refreshToken which creates a new Access Token
+access_token = refreshToken(client_id, client_secret, refresh_token)
+
+// Pass the new Access Token to Credentials() to create new credentials
+credentials = google.oauth2.credentials.Credentials(access_token)
+
+// This function creates a new Access Token using the Refresh Token
+// and also refreshes the ID Token (see comment below).
+'''
+import argparse
+import sys
+import requests
+
+def refreshToken(client_id, client_secret, refresh_token):
+        params = {
+                "grant_type": "refresh_token",
+                "client_id": client_id,
+                "client_secret": client_secret,
+                "refresh_token": refresh_token
+        }
+
+        authorization_url = "https://oauth2.googleapis.com/token"
+
+        r = requests.post(authorization_url, data=params)
+
+        if r.ok:
+                return r.json()['access_token']
+        else:
+                return None
+
+def refreshToken2(client_id, client_secret, refresh_token):
+        params = {
+                "grant_type": "refresh_token",
+                "client_id": client_id,
+                "client_secret": client_secret,
+                "refresh_token": refresh_token
+        }
+
+        authorization_url = "https://www.googleapis.com/oauth2/v4/token"
+
+        r = requests.post(authorization_url, data=params)
+        print(r.content)
+        if r.ok:
+                print(f"access_token:{r.json()['access_token']}")
+                print(f"scope:{r.json()['scope']}")
+                print(f"id_token:{r.json()['id_token']}")
+                return r.json()['access_token']
+        else:
+                return None
+
+def get_decryption_key():
+        #https://devicepasswordescrowforwindows-pa.googleapis.com/v1/getprivatekey/<resource_id >
+        #Todo
+        #https://www.bitdefender.com/blog/businessinsights/the-chain-reaction-new-methods-for-extending-local-breaches-in-google-workspace/
+        return 1
+
+
+def main():
+
+    parser = argparse.ArgumentParser(add_help = True, description = "Get Google Service Token")
+
+    parser.add_argument('-d','--debug', action='store_true', help='Turn DEBUG output ON')
+    parser.add_argument('-t', '--token', help='token')
+
+    if len(sys.argv)==1:
+        parser.print_help()
+        sys.exit(1)
+
+    options = parser.parse_args()
+    client_id = '77185425430.apps.googleusercontent.com'
+    client_secret = 'OTJgUOQcT7lO7GsGZq2G4IlT'
+    refresh_token = options.token
+    rt=refreshToken2(client_id, client_secret, refresh_token)
+    print(f'{rt}')
+    return rt
+
+
+if __name__ == "__main__":
+        main()