def execute(self, payload, get_output=False, method=None):
if self.args.mssql:
exec_method = MSSQLEXEC(self.conn)
elif not self.args.mssql:
if not method and not self.args.exec_method:
try:
exec_method = WMIEXEC(self.host, self.username,
self.password, self.domain,
self.conn, self.hash,
self.args.share)
except:
if self.args.verbose:
self.logger.debug(
'Error executing command via wmiexec, traceback:')
self.logger.debug(format_exc())
try:
exec_method = SMBEXEC(self.host, self.args.smb_port,
self.username, self.password,
self.domain, self.hash,
self.args.share)
except:
if self.args.verbose:
self.logger.debug(
'Error executing command via smbexec, traceback:'
)
self.logger.debug(format_exc())
try:
exec_method = TSCH_EXEC(
self.host, self.username, self.password,
self.domain, self.hash) #self.args.share)
except:
if self.args.verbose:
self.logger.debug(
'Error executing command via atexec, traceback:'
)
self.logger.debug(format_exc())
return
elif method or self.args.exec_method:
if not method:
method = self.args.exec_method
if method == 'wmiexec':
exec_method = WMIEXEC(self.host, self.username,
self.password, self.domain,
self.conn, self.hash,
self.args.share)
elif method == 'smbexec':
exec_method = SMBEXEC(self.host, self.args.smb_port,
self.username, self.password,
self.domain, self.hash,
self.args.share)
elif method == 'atexec':
exec_method = TSCH_EXEC(self.host, self.username,
self.password, self.domain,
self.hash) #self.args.share)
if self.cmeserver:
if hasattr(self.cmeserver.server.module, 'on_request') or hasattr(
self.cmeserver.server.module, 'on_response'):
self.cmeserver.server.hosts.append(self.host)
output = exec_method.execute(payload, get_output)
return u'{}'.format(output.strip().decode('utf-8'))
def execute(self, payload=None, get_output=False, methods=None):
default_methods = ['wmiexec', 'atexec', 'smbexec']
if not payload and self.args.execute:
payload = self.args.execute
if not self.args.no_output: get_output = True
if self.args.mssql:
exec_method = MSSQLEXEC(self.conn)
logging.debug('Executed command via mssqlexec')
elif not self.args.mssql:
if not methods and not self.args.exec_method:
methods = default_methods
elif methods or self.args.exec_method:
if not methods:
methods = [self.args.exec_method]
for method in methods:
if method == 'wmiexec':
try:
exec_method = WMIEXEC(self.host, self.username, self.password, self.domain, self.conn, self.hash, self.args.share)
logging.debug('Executed command via wmiexec')
break
except:
logging.debug('Error executing command via wmiexec, traceback:')
logging.debug(format_exc())
continue
elif method == 'atexec':
try:
exec_method = TSCH_EXEC(self.host, self.username, self.password, self.domain, self.hash) #self.args.share)
logging.debug('Executed command via atexec')
break
except:
logging.debug('Error executing command via atexec, traceback:')
logging.debug(format_exc())
continue
elif method == 'smbexec':
try:
exec_method = SMBEXEC(self.host, self.args.smb_port, self.username, self.password, self.domain, self.hash, self.args.share)
logging.debug('Executed command via smbexec')
break
except:
logging.debug('Error executing command via smbexec, traceback:')
logging.debug(format_exc())
continue
if self.cmeserver:
if hasattr(self.cmeserver.server.module, 'on_request') or hasattr(self.cmeserver.server.module, 'on_response'):
self.cmeserver.server.hosts.append(self.host)
output = u'{}'.format(exec_method.execute(payload, get_output).strip().decode('utf-8'))
if self.args.execute or self.args.ps_execute:
self.logger.success('Executed command {}'.format('via {}'.format(self.args.exec_method) if self.args.exec_method else ''))
buf = StringIO(output).readlines()
for line in buf:
self.logger.highlight(line.strip())
return output
def execute(self, payload, get_output=False, methods=None):
default_methods = ['wmiexec', 'atexec', 'smbexec']
if self.args.mssql:
exec_method = MSSQLEXEC(self.conn)
logging.debug('Executed command via mssqlexec')
elif not self.args.mssql:
if not methods and not self.args.exec_method:
methods = default_methods
elif methods or self.args.exec_method:
if not methods:
methods = [self.args.exec_method]
for method in methods:
if method == 'wmiexec':
try:
exec_method = WMIEXEC(self.host, self.username,
self.password, self.domain,
self.conn, self.hash,
self.args.share)
logging.debug('Executed command via wmiexec')
break
except:
logging.debug(
'Error executing command via wmiexec, traceback:')
logging.debug(format_exc())
continue
elif method == 'atexec':
try:
exec_method = TSCH_EXEC(self.host, self.username,
self.password, self.domain,
self.hash) #self.args.share)
logging.debug('Executed command via atexec')
break
except:
logging.debug(
'Error executing command via atexec, traceback:')
logging.debug(format_exc())
continue
elif method == 'smbexec':
try:
exec_method = SMBEXEC(self.host, self.args.smb_port,
self.username, self.password,
self.domain, self.hash,
self.args.share)
logging.debug('Executed command via smbexec')
break
except:
logging.debug(
'Error executing command via smbexec, traceback:')
logging.debug(format_exc())
continue
if self.cmeserver:
if hasattr(self.cmeserver.server.module, 'on_request') or hasattr(
self.cmeserver.server.module, 'on_response'):
self.cmeserver.server.hosts.append(self.host)
output = exec_method.execute(payload, get_output)
return u'{}'.format(output.strip().decode('utf-8'))