Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable WDigest Windows Post Module #6023

Merged
merged 6 commits into from Mar 30, 2016
Merged

Enable WDigest Windows Post Module #6023

merged 6 commits into from Mar 30, 2016

Conversation

Meatballs1
Copy link
Contributor

Doing pull request for a colleague...

This module simply enables the WDigest Credential provider for later versions of Windows. This allows us to 'mimikatz' users who login after this change.

Verification

  • run creds_wdigest on and see no creds
  • Run this module then re-login
  • run creds_wdigest on and see creds

@zeroSteiner
Copy link
Contributor

I think this should also have the ability to disable wdigest and be renamed to imply that it can both enable and disable the setting. Also supporting both would make testing just slightly easier.

@zeroSteiner zeroSteiner self-assigned this Oct 24, 2015
@Meatballs1
Copy link
Contributor Author

Rebased on master with enable/disable functionality.

@zeroSteiner
Copy link
Contributor

Tested with a Windows 8.1 x64 system and it's working as intended.

meterpreter > run post/windows/manage/wdigest_caching 

[*] [2016.03.29-18:47:49] Running module against WINDOWS8VM
[*] [2016.03.29-18:47:49] Checking if the HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential DWORD exists...
[*] [2016.03.29-18:47:49] Creating UseLogonCredential DWORD value as 1...
[+] [2016.03.29-18:47:49] WDigest Security Provider enabled
meterpreter > run post/windows/manage/wdigest_caching 

[*] [2016.03.29-18:47:58] Running module against WINDOWS8VM
[*] [2016.03.29-18:47:58] Checking if the HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential DWORD exists...
[*] [2016.03.29-18:47:58] UseLogonCredential is set to 1
[+] [2016.03.29-18:47:58] Registry value is already set. WDigest Security Provider is enabled
meterpreter >

@OJ
Copy link
Contributor

OJ commented Mar 29, 2016

Wow, was this really PR'd in September?! Sheesh man, we gotta get through these PRs quicker :/

zeroSteiner
zeroSteiner reviewed Mar 29, 2016
View reviewed changes
modules/post/windows/manage/wdigest_caching.rb
include Msf::Post::Windows::Priv
include Msf::Post::Windows::Registry
include Msf::Post::Windows::Accounts
include Msf::Auxiliary::Report
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of all of these includes, it looks like only Msf::Post::Windows::Registry is required. Is there something that I'm missing? I don't see any references to functions provided by the other mixins.

@zeroSteiner
Copy link
Contributor

@OJ yes, I agree

@Meatballs1
Copy link
Contributor Author

Error is about MetasploitModule naming convention. Is this a thing? :)

@wchen-r7
Copy link
Contributor

@Meatballs1 yeah, instead of class Metasploit3, we are using class MetasploitModule now.

@zeroSteiner
Copy link
Contributor

Tested this one more time and everything looks good. Will land it in just a minute.

@zeroSteiner zeroSteiner merged commit 397d558 into rapid7:master Mar 30, 2016
zeroSteiner added a commit that referenced this pull request Mar 30, 2016
@zeroSteiner
Land #6023, Enable/Disable WDigest port module
7d6033f
@zeroSteiner zeroSteiner self-assigned this Mar 30, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@zeroSteiner zeroSteiner

Labels
feature module
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Meatballs1 @zeroSteiner @OJ @wchen-r7 @jvazquez-r7