diff --git a/README.md b/README.md index 278f41e..b5a79b5 100644 --- a/README.md +++ b/README.md @@ -26,11 +26,11 @@ Masky has been designed as a Python library. Moreover, a command line interface For both usages, you need first to retrieve the FQDN of a `CA server` and its `CA name` deployed via an ADCS. This information can be easily retrieved via the `certipy find` option or via the Microsoft built-in `certutil.exe` tool. Make sure that the default `User` template is enabled on the targeted CA. -Warning: Masky deploys an executable on each target via a modification of the existing `RasAuto` service. Despite the automated roll-back of its intial `ImagePath` value, an unexpected error during Masky runtime could skip the cleanup phase. Therefore, do not forget to manually reset the original value in case of such unwanted stop. +Warning: Masky deploys an executable on each target via a modification of the existing `RasAuto` service. Despite the automated roll-back of its initial `ImagePath` value, an unexpected error during Masky runtime could skip the cleanup phase. Therefore, do not forget to manually reset the original value in case of such unwanted stop. ### Command line -The following demo shows a basic usage of Masky by targeting 4 remote systems. Its execution allows to collect NT hashes, CCACHE and PFX of 3 distincts domain users from the sec.lab testing domain. +The following demo shows a basic usage of Masky by targeting 4 remote systems. Its execution allows to collect NT hashes, CCACHE and PFX of 3 distinct domain users from the sec.lab testing domain.
@@ -107,15 +107,15 @@ def dump_nt_hashes():
target = "192.168.23.130"
rslts = m.run(target)
- # Check if Masky succesfully hijacked at least a user session
- # or if an unexpected error occured
+ # Check if Masky successfully hijacked at least a user session
+ # or if an unexpected error occurred
if not rslts:
return False
- # Loop on MaskyResult object to display hijacked users and to retreive their NT hashes
+ # Loop on MaskyResult object to display hijacked users and to retrieve their NT hashes
print(f"Results from hostname: {rslts.hostname}")
for user in rslts.users:
- print(f"\t - {user.domain}\{user.name} - {user.nt_hash}")
+ print(f"\t - {user.domain}\\{user.name} - {user.nt_hash}")
return True
diff --git a/masky/core.py b/masky/core.py
index c8e9487..98a53d5 100644
--- a/masky/core.py
+++ b/masky/core.py
@@ -105,15 +105,15 @@ def run(self, target):
for user_data in rslt.users:
logger.debug(
- f"Start processing PFX of the user '{user_data.domain}\{user_data.name}'"
+ f"Start processing PFX of the user '{user_data.domain}\\{user_data.name}'"
)
if not self.__process_certificate(user_data):
logger.warn(
- f"Fail to process gathered certificate related to the user '{user_data.domain}\{user_data.name}'"
+ f"Fail to process gathered certificate related to the user '{user_data.domain}\\{user_data.name}'"
)
else:
logger.debug(
- f"End processing PFX of the user '{user_data.domain}\{user_data.name}'"
+ f"End processing PFX of the user '{user_data.domain}\\{user_data.name}'"
)
return rslt
diff --git a/masky/lib/cert/auth.py b/masky/lib/cert/auth.py
index 67b3aea..a7ebb0e 100644
--- a/masky/lib/cert/auth.py
+++ b/masky/lib/cert/auth.py
@@ -425,7 +425,7 @@ def kerberos_authentication(
if not is_key_credential:
logger.result(
- f"Gathered NT hash for the user '{domain}\{username}': {nt_hash}"
+ f"Gathered NT hash for the user '{domain}\\{username}': {nt_hash}"
)
self.user.lm_hash = lm_hash
self.user.nt_hash = nt_hash
diff --git a/masky/lib/smb.py b/masky/lib/smb.py
index 840f373..e4013dd 100644
--- a/masky/lib/smb.py
+++ b/masky/lib/smb.py
@@ -100,15 +100,15 @@ def exec_masky(self, target, ca, template):
self.__command = f'{self.__masky_remote_path} /ca:"{ca}" /template:"{template}" /output:"{self.__results_remote_path}" /debug:"{self.__errors_remote_path}"'
self.__upload_masky(target)
logger.debug(
- f"Masky agent was successfuly uploaded in: '{self.__masky_remote_path}'"
+ f"Masky agent was successfully uploaded in: '{self.__masky_remote_path}'"
)
except Exception as e:
err_msg = None
if "STATUS_ACCESS_DENIED" in str(e):
- err_msg = f"The user {self.__domain}\{self.__username} is not local administrator on this system"
+ err_msg = f"The user {self.__domain}\\{self.__username} is not local administrator on this system"
logger.warn(err_msg)
elif "STATUS_LOGON_FAILURE" in str(e):
- err_msg = f"The provided credentials for the user '{self.__domain}\{self.__username}' are invalids or the user does not exist"
+ err_msg = f"The provided credentials for the user '{self.__domain}\\{self.__username}' are invalids or the user does not exist"
logger.error(err_msg)
else:
err_msg = f"Fail to upload the agent ({str(e)})"
@@ -121,11 +121,11 @@ def exec_masky(self, target, ca, template):
if self.__stealth:
self.__edit_svc()
logger.debug(
- f"The service '{self.__svc_name}' was successfuly modified"
+ f"The service '{self.__svc_name}' was successfully modified"
)
else:
self.__create_svc()
- logger.debug(f"The service '{self.__svc_name}' was successfuly created")
+ logger.debug(f"The service '{self.__svc_name}' was successfully created")
except Exception as e:
err_msg = (
f"Fail to edit or create the '{self.__svc_name}' service via DCERPC"
@@ -418,7 +418,7 @@ def __clean(self, target_host):
except Exception as e:
self.__tracker.svc_cleaning_success = False
logger.warning(
- f"An unknown error occured while trying to revert or remove '{self.__svc_name}' ({str(e)})"
+ f"An unknown error occurred while trying to revert or remove '{self.__svc_name}' ({str(e)})"
)
try:
scmr.hRControlService(
diff --git a/masky/ui/main.py b/masky/ui/main.py
index a2488c0..024b422 100644
--- a/masky/ui/main.py
+++ b/masky/ui/main.py
@@ -10,12 +10,12 @@
def print_banner():
print(
- f"""
+ r"""
__ __ _
| \/ | __ _ ___| | ___ _
| |\/| |/ _` / __| |/ / | | |
| | | | (_| \__ \ <| |_| |
- |_| |_|\__,_|___/_|\_\\__, |
+ |_| |_|\__,_|___/_|\_\__, |"""f"""
v{VERSION} |___/
"""
)