NetExec/nxc/modules/uac.py

45 lines
1.4 KiB
Python
Raw Normal View History

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import logging
2017-03-27 21:09:36 +00:00
from impacket.dcerpc.v5 import rrp
from impacket.examples.secretsdump import RemoteOperations
class NXCModule:
name = "uac"
2017-03-27 21:09:36 +00:00
description = "Checks UAC status"
supported_protocols = ["smb"]
2017-03-27 21:09:36 +00:00
opsec_safe = True
multiple_hosts = True
def __init__(self, context=None, module_options=None):
self.context = context
self.module_options = module_options
logging.debug("test")
2017-03-27 21:09:36 +00:00
def options(self, context, module_options):
2023-05-02 15:17:59 +00:00
""" """
2017-03-27 21:09:36 +00:00
def on_admin_login(self, context, connection):
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
2023-05-02 15:17:59 +00:00
regHandle = ans["phKey"]
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp,
regHandle,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
)
keyHandle = ans["phkResult"]
2023-05-08 18:39:36 +00:00
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, "EnableLUA")
2017-03-27 21:09:36 +00:00
if uac_value == 1:
2023-05-02 15:17:59 +00:00
context.log.highlight("UAC Status: 1 (UAC Enabled)")
2017-03-27 21:09:36 +00:00
elif uac_value == 0:
2023-05-02 15:17:59 +00:00
context.log.highlight("UAC Status: 0 (UAC Disabled)")
2017-03-27 21:09:36 +00:00
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()