swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[winrm] Ruff 

Signed-off-by: XiaoliChan <30458572+XiaoliChan@users.noreply.github.com>
main
XiaoliChan 2024-02-08 00:22:44 +08:00 committed by Alex
parent 217cf21cff
commit 19ee066542
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nxc/protocols/winrm.py
View File

@ -51,7 +51,7 @@ class winrm(connection):
)
def enum_host_info(self):
ntlm_info = parse_challenge(base64.b64decode(self.challenge_header.split(' ')[1].replace(',', '')))
ntlm_info = parse_challenge(base64.b64decode(self.challenge_header.split(" ")[1].replace(",", "")))
self.domain = ntlm_info["target_info"]["MsvAvDnsDomainName"]
self.hostname = ntlm_info["target_info"]["MsvAvNbComputerName"]
self.server_os = f'Windows NT {ntlm_info["version"]}'
@ -111,7 +111,7 @@ class winrm(connection):
res = requests.post(endpoints[protocol]["url"], headers=headers, verify=False, timeout=self.args.http_timeout)
self.logger.debug(f"Received response code: {res.status_code}")
self.challenge_header = res.headers["WWW-Authenticate"]
if (not self.challenge_header) or (not 'Negotiate' in self.challenge_header):
if (not self.challenge_header) or ("Negotiate" not in self.challenge_header):
self.logger.info('Failed to get NTLM challenge from target "/wsman" endpoint, maybe isn\'t winrm service.')
return False
self.endpoint = endpoints[protocol]["url"]

5
nxc/protocols/winrm/proto_args.py
View File

@ -1,6 +1,3 @@
from argparse import _StoreTrueAction
def proto_args(parser, std_parser, module_parser):
winrm_parser = parser.add_parser("winrm", help="own stuff using WINRM", parents=[std_parser, module_parser])
winrm_parser.add_argument("-H", "--hash", metavar="HASH", dest="hash", nargs="+", default=[], help="NTLM hash(es) or file(s) containing NTLM hashes")
@ -11,7 +8,7 @@ def proto_args(parser, std_parser, module_parser):
winrm_parser.add_argument("--http-timeout", dest="http_timeout", type=int, default=10, help="HTTP timeout for WinRM connections")
dgroup = winrm_parser.add_mutually_exclusive_group()
domain_arg = dgroup.add_argument("-d", metavar="DOMAIN", dest="domain", type=str, default=None, help="domain to authenticate to")
dgroup.add_argument("-d", metavar="DOMAIN", dest="domain", type=str, default=None, help="domain to authenticate to")
dgroup.add_argument("--local-auth", action="store_true", help="authenticate locally to each target")
cgroup = winrm_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")