[PATCH] Bug fixes and logging enhancements

Merge pull request #13 from MatrixEditor/dev/patch-errors

Author: MatrixEditor

README.md

@@ -56,4 +56,14 @@ Take a look at the [Documentation on GitHub-Pages](https://matrixeditor.github.i
 
 ## License
 
-Distributed under the MIT License. See LICENSE for more information.
+Distributed under the MIT License. See LICENSE for more information.
+
+## Disclaimer
+
+**Dementor** is intended only for lawful educational purposes: learning, testing
+in your own lab, or assessments on systems where you have explicit written
+authorization. You agree not to use this software to access,  damage, interfere
+with, or exfiltrate data from systems for which you do not have permission.
+We make no promises about safety, completeness, or fitness for any purpose. Use
+at your own risk. If you discover a vulnerability, please follow responsible
+disclosure by using the private disclosing feature offered by GitHub.

dementor/__init__.py

@@ -18,5 +18,5 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 # SOFTWARE.
 
-__version__ = "1.0.0.dev12"
+__version__ = "1.0.0.dev13"
 __author__ = "MatrixEditor"

dementor/database.py

@@ -207,7 +207,7 @@ def add_auth(
             username_text = "(blank)"
 
         full_name = (
-            f" for [b]{username_text}[/]/[b]{markup.escape(domain)}[/]"
+            f" for [b]{markup.escape(domain)}[/]/[b]{username_text}[/]"
             if domain
             else f" for [b]{username_text}[/]"
         )

dementor/log/hexdump.py

@@ -0,0 +1,24 @@
+# Copyright (c) 2025-Present MatrixEditor
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# just reusing impacket's hexdump
+from impacket.structure import hexdump
+
+__all__ = ["hexdump"]

dementor/log/logger.py

@@ -34,6 +34,7 @@
 from dementor.config.toml import TomlConfig, Attribute as A
 from dementor.log import dm_print, dm_console
 
+
 class LoggingConfig(TomlConfig):
     _section_ = "Log"
     _fields_ = [
@@ -234,11 +235,10 @@ def init_logfile(session) -> None:
         if not config.log_enable:
             return
 
-        workspace = pathlib.Path(session.workspace_path)
-        workspace /= config.log_dir or "logs"
-        workspace.mkdir(parents=True, exist_ok=True)
-        log_name = f"log_{util.now()}.log"
-        dm_logger.add_logfile(str(workspace / log_name))
+        log_dir: pathlib.Path = session.resolve_path(config.log_dir or "logs")
+        log_dir.mkdir(parents=True, exist_ok=True)
+        log_name = f"dm_log-{util.now()}.log"
+        dm_logger.add_logfile(str(log_dir / log_name))
 
 
 class ProtocolLoggerMixin:

dementor/protocols/http.py

@@ -328,7 +328,7 @@ def send_wpad_script(self):
         else:
             script = self.server.render_page("wpad.dat")
             if self.config.http_wpad_enabled and not script:
-                self.logger.error("WPAD enabled but script not configured")
+                self.logger.fail("WPAD enabled but script not configured")
                 return self.send_error(HTTPStatus.NOT_FOUND)
 
         self.logger.success("Serving WPAD script to client")
@@ -381,7 +381,7 @@ def auth_ntlm(self, token, logger, scheme=None):
             message = ntlm.NTLM_HTTP.get_instance(f"NTLM {token}")
         except Exception:
             # invalid value
-            logger.error(f"Invalid negotiate authentication: {token}")
+            logger.fail(f"Invalid negotiate authentication: {token}")
             self.send_error(HTTPStatus.INTERNAL_SERVER_ERROR, "Internal Server Error")
             return
 
@@ -414,7 +414,7 @@ def auth_ntlm(self, token, logger, scheme=None):
                 self.finish_request(logger)
 
             case _:
-                logger.error(f"Invalid negotiate authentication: {token}")
+                logger.fail(f"Invalid negotiate authentication: {token}")
                 self.send_error(
                     HTTPStatus.INTERNAL_SERVER_ERROR, "Internal Server Error"
                 )
@@ -437,7 +437,7 @@ def auth_basic(self, token, logger):
         try:
             username, password = base64.b64decode(token).decode().split(":", 1)
         except ValueError:
-            logger.error(f"Invalid basic authentication: {token}")
+            logger.fail(f"Invalid basic authentication: {token}")
             self.send_error(HTTPStatus.INTERNAL_SERVER_ERROR, "Internal Server Error")
             return
 
@@ -532,9 +532,12 @@ def server_bind(self):
         ThreadingHTTPServer.server_bind(self)
 
     def finish_request(self, request, client_address) -> None:
-        self.RequestHandlerClass(
-            self.config, self.server_config, request, client_address, self
-        )
+        try:
+            self.RequestHandlerClass(
+                self.config, self.server_config, request, client_address, self
+            )
+        except ConnectionResetError:
+            pass
 
     def render_error(
         self, code: int, message: str | None = None, explain: str | None = None

dementor/protocols/imap.py

@@ -220,7 +220,7 @@ def handle_data(self, data, transport) -> None:
                 tag, cmd, *args = shlex.split(line)
                 self.seq_id = tag
             except ValueError:
-                self.logger.debug(f"Unknown command: {line!r}")
+                self.logger.debug(f"Unknown command: {line.encode()!r}")
                 self.bad("Invalid command")
                 continue
 
@@ -231,7 +231,7 @@ def handle_data(self, data, transport) -> None:
                 except StopHandler:
                     break
             else:
-                self.logger.debug(f"Unknown command: {line!r}")
+                self.logger.debug(f"Unknown command: {line.encode()!r}")
                 #  7.1.5. BYE Response
                 self._push("BYE Unknown command", seq=False)
                 break
@@ -240,7 +240,7 @@ def recv_line(self, size: int) -> str | None:
         data = self.rfile.readline(size)
         if data:
             text = data.decode("utf-8", errors="replace").strip()
-            self.logger.debug(repr(text), is_client=True)
+            self.logger.debug(repr(data), is_client=True)
             return text
 
     # implementation

dementor/protocols/ipp.py

@@ -210,8 +210,9 @@ def setup_proto_logger(self):
         )
 
     def send_response(self, code: int, message=None, document=None) -> None:
+        path = getattr(self, "path", "<invalid>")
         self.logger.debug(
-            markup.escape(f"{self.command} {self.path} {code}"), is_server=True
+            markup.escape(f"{self.command} {path} {code}"), is_server=True
         )
         if not hasattr(self, "_headers_buffer"):
             self._headers_buffer = []
@@ -421,6 +422,9 @@ def server_bind(self) -> None:
         return super().server_bind()
 
     def finish_request(self, request, client_address) -> None:
-        self.RequestHandlerClass(
-            self.config, self.server_config, request, client_address, self
-        )
+        try:
+            self.RequestHandlerClass(
+                self.config, self.server_config, request, client_address, self
+            )
+        except ConnectionError:
+            pass

dementor/protocols/ldap.py

@@ -39,6 +39,7 @@
 from dementor.config.toml import TomlConfig, Attribute as A
 from dementor.config.session import SessionConfig
 from dementor.config.util import get_value
+from dementor.log import hexdump
 from dementor.log.logger import ProtocolLogger
 from dementor.servers import (
     ThreadingTCPServer,
@@ -245,7 +246,7 @@ def handle_sasl_GSS_SPNEGO(self, message, bind_auth):
         # we expect this to be a NTLM message
         data = bytes(bind_auth["credentials"])
         if not data.startswith(b"NTLMSSP"):
-            self.logger.debug(f"Unsupported SASL mechanism: {data.hex()}")
+            self.logger.debug(f"Unsupported SASL mechanism:\n{hexdump.hexdump(data)}")
             return False
 
         # negotiate message will have message type 0x01
@@ -346,7 +347,10 @@ def recv(self, size: int) -> LDAPMessage | None:
         try:
             message, _ = BERDecoder.decode(data, asn1Spec=LDAPMessage())
         except Exception as e:
-            self.logger.error(f"Failed to decode LDAP packet. Original data (hex): {data.hex()}")
+            self.logger.fail("Received invalid LDAP - terminating connection...")
+            self.logger.debug(
+                f"Invalid LDAP packet: {str(e.__class__)}\n{hexdump.hexdump(data)}"
+            )
             return
 
         return message

dementor/protocols/msrpc/rpc.py

@@ -166,7 +166,7 @@ def handle_data(self, data, transport) -> None:
             try:
                 header = rpcrt.MSRPCHeader(data)
             except struct.error:
-                self.logger.error(f"Could not parse MSRPC header. Received packet: {data.hex()}")
+                self.logger.fail("Data is not a valid MSRPC header, closing connection")
                 return
 
             match header["type"]: