NetExec/nxc/modules/webdav.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-

from nxc.protocols.smb.remotefile import RemoteFile
from impacket import nt_errors
from impacket.smb3structs import FILE_READ_DATA
from impacket.smbconnection import SessionError


class NXCModule:
    """
    Enumerate whether the WebClient service is running on the target by looking for the
    DAV RPC Service pipe. This technique was first suggested by Lee Christensen (@tifkin_)

    Module by Tobias Neitzel (@qtc_de)
    """

    name = "webdav"
    description = "Checks whether the WebClient service is running on the target"
    supported_protocols = ["smb"]
    opsec_safe = True
    multiple_hosts = True

    def options(self, context, module_options):
        """
        MSG     Info message when the WebClient service is running. '{}' is replaced by the target.
        """
        self.output = "WebClient Service enabled on: {}"

        if "MSG" in module_options:
            self.output = module_options["MSG"]

    def on_login(self, context, connection):
        """
        Check whether the 'DAV RPC Service' pipe exists within the 'IPC$' share. This indicates
        that the WebClient service is running on the target.
        """
        try:
            remote_file = RemoteFile(connection.conn, "DAV RPC Service", "IPC$", access=FILE_READ_DATA)

            remote_file.open()
            remote_file.close()

            context.log.highlight(self.output.format(connection.conn.getRemoteHost()))

        except SessionError as e:
            if e.getErrorCode() == nt_errors.STATUS_OBJECT_NAME_NOT_FOUND:
                pass

            else:
                raise e
Adding shebang and encoding utf-8 for all python files 2022-07-18 23:59:14 +00:00			`#!/usr/bin/env python3`
			`# -- coding: utf-8 --`

rename folders, files, functions, classes, etc to NetExec/nxc 2023-09-14 21:07:15 +00:00			`from nxc.protocols.smb.remotefile import RemoteFile`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00			`from impacket import nt_errors`
			`from impacket.smb3structs import FILE_READ_DATA`
			`from impacket.smbconnection import SessionError`

black formating 2023-05-02 15:17:59 +00:00
Rename Module Classname to match python convention 2023-09-17 20:20:40 +00:00			`class NXCModule:`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Fix typos Fixed some typos 2021-09-16 05:41:55 +00:00			`Enumerate whether the WebClient service is running on the target by looking for the`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00			`DAV RPC Service pipe. This technique was first suggested by Lee Christensen (@tifkin_)`

			`Module by Tobias Neitzel (@qtc_de)`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
black formating 2023-05-02 15:17:59 +00:00
			`name = "webdav"`
			`description = "Checks whether the WebClient service is running on the target"`
			`supported_protocols = ["smb"]`
			`opsec_safe = True`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00			`multiple_hosts = True`

			`def options(self, context, module_options):`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Fix typos Fixed some typos 2021-09-16 05:41:55 +00:00			`MSG Info message when the WebClient service is running. '{}' is replaced by the target.`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
black formating 2023-05-02 15:17:59 +00:00			`self.output = "WebClient Service enabled on: {}"`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00
black formating 2023-05-02 15:17:59 +00:00			`if "MSG" in module_options:`
			`self.output = module_options["MSG"]`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00
			`def on_login(self, context, connection):`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00			`Check whether the 'DAV RPC Service' pipe exists within the 'IPC$' share. This indicates`
Fix typos Fixed some typos 2021-09-16 05:41:55 +00:00			`that the WebClient service is running on the target.`
fix(docs): replace single quote doc strings with double quote 2023-04-07 16:40:48 +00:00			`"""`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00			`try:`
black v2 formating 2023-05-08 18:39:36 +00:00			`remote_file = RemoteFile(connection.conn, "DAV RPC Service", "IPC$", access=FILE_READ_DATA)`
Add webdav module Add the webdav module that allows to enumerate whether a target has the WebClient service running. 2021-09-16 05:31:31 +00:00
			`remote_file.open()`
			`remote_file.close()`

			`context.log.highlight(self.output.format(connection.conn.getRemoteHost()))`

			`except SessionError as e:`
			`if e.getErrorCode() == nt_errors.STATUS_OBJECT_NAME_NOT_FOUND:`
			`pass`

			`else:`
			`raise e`