swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[winrm] Add e2e and improve tips 

Signed-off-by: Xiaoli Chan <2209553467@qq.com>
main
Xiaoli Chan 2023-11-07 12:32:18 +08:00
parent 20faa3c7f6
commit 17a032ff00
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nxc/protocols/winrm.py
View File

@ -364,7 +364,7 @@ class winrm(connection):
self.conn.execute_cmd(clean_command) if self.args.dump_method == "cmd" else self.conn.execute_ps(f"cmd /c '{clean_command}'")
except Exception as e:
if ("does not exist" in str(e)) or ("TransformFinalBlock" in str(e)):
self.logger.fail("Failed to dump SAM hashes, maybe got blocked by AV softwares or current user is not privileged user")
self.logger.fail("Failed to dump SAM hashes, it may have been detected by AV or current user is not privileged user")
elif hasattr(e, "code") and e.code == 5:
self.logger.fail(f"Dump SAM hashes with {self.args.dump_method} failed, please try '--dump-method'")
else:
@ -393,7 +393,7 @@ class winrm(connection):
self.conn.execute_cmd(clean_command) if self.args.dump_method == "cmd" else self.conn.execute_ps(f"cmd /c '{clean_command}'")
except Exception as e:
if ("does not exist" in str(e)) or ("TransformFinalBlock" in str(e)):
self.logger.fail("Failed to dump LSA secrets, maybe got blocked by AV softwares or current user is not privileged user")
self.logger.fail("Failed to dump LSA secrets, it may have been detected by AV or current user is not privileged user")
elif hasattr(e, "code") and e.code == 5:
self.logger.fail(f"Dump LSA secrets with {self.args.dump_method} failed, please try '--dump-method'")
else:

6
tests/e2e_commands.txt
View File

@ -186,6 +186,12 @@ netexec ldap TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M whoami
##### WINRM
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS # need an extra space after this command due to regex
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -X whoami
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --sam
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --sam --dump-method cmd
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --sam --dump-method powershell
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --lsa
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --lsa --dump-method cmd
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --lsa --dump-method powershell
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --laps
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --check-proto http
netexec winrm TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS --check-proto https