Merge pull request #308 from Pennyw0rth/marshall-hash-spider-fix

Fix: hash_spider Lsassy Parser syntax
Pennyw0rth · May 17, 2024 · aa9b044 · aa9b044
2 parents e3baadb + 34c3c29
commit aa9b044
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 data/nxc.db
 hash_spider_default.sqlite3
+hash_spider_testing.sqlite3
 *.bak
 *.log
 .venv

diff --git a/nxc/modules/hash_spider.py b/nxc/modules/hash_spider.py
@@ -70,11 +70,7 @@ def create_db(local_admins, dbconnection, cursor):
 
 
 def process_creds(context, connection, credentials_data, dbconnection, cursor, driver):
-    if connection.args.local_auth:
-        context.log.extra["host"] = connection.conn.getServerDNSDomainName()
-    else:
-        context.log.extra["host"] = connection.domain
-    context.log.extra["hostname"] = connection.host.upper()
+    domain = connection.conn.getServerDNSDomainName() if connection.args.local_auth else connection.domain
     for result in credentials_data:
         username = result["username"].upper().split("@")[0]
         nthash = result["nthash"]
@@ -85,7 +81,7 @@ def process_creds(context, connection, credentials_data, dbconnection, cursor, d
                 "UPDATE admin_users SET password = ? WHERE username LIKE '" + username + "%'",
                 [password],
             )
-            username = f"{username.upper()}@{context.log.extra['host'].upper()}"
+            username = f"{username.upper()}@{domain.upper()}"
             dbconnection.commit()
             session = driver.session()
             session.run('MATCH (u) WHERE (u.name = "' + username + '") SET u.owned=True RETURN u,u.name,u.owned')
@@ -99,7 +95,7 @@ def process_creds(context, connection, credentials_data, dbconnection, cursor, d
                 [nthash],
             )
             dbconnection.commit()
-            username = f"{username.upper()}@{context.log.extra['host'].upper()}"
+            username = f"{username.upper()}@{domain.upper()}"
             session = driver.session()
             session.run('MATCH (u) WHERE (u.name = "' + username + '") SET u.owned=True RETURN u,u.name,u.owned')
             path_to_da = session.run("MATCH p=shortestPath((n)-[*1..]->(m)) WHERE n.owned=true AND m.name=~ '.*DOMAIN ADMINS.*' RETURN p")
@@ -202,7 +198,7 @@ def run_lsassy(self, context, connection, cursor):  # copied and pasted from lsa
         if file is None:
             context.log.fail("Unable to dump lsass")
             return False
-        credentials, tickets, masterkeys = Parser(file).parse()
+        credentials, tickets, masterkeys = Parser(host, file).parse()
         file.close()
         ImpacketFile.delete(session, file.get_file_path())
         if credentials is None: