Make exec fail messages more precise

main
Alex 2023-09-09 19:20:46 +02:00
parent 0e528ae8f0
commit 2400bc6c20
5 changed files with 5 additions and 5 deletions

View File

@ -203,7 +203,7 @@ class TSCH_EXEC:
break break
except Exception as e: except Exception as e:
if tries >= self.__tries: if tries >= self.__tries:
self.logger.fail(f'ATEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method') self.logger.fail(f'ATEXEC: Couldn\'t retrieve output file, maybe got detected by AV. Please increase the number of tries with the option "--get-output-tries". If it\'s still failing, try the wmi protocol or another exec method')
break break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 : if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'ATEXEC: Get ouput failed, target has blocked ADMIN$ access (maybe command executed!)') self.logger.fail(f'ATEXEC: Get ouput failed, target has blocked ADMIN$ access (maybe command executed!)')

View File

@ -252,7 +252,7 @@ class MMCEXEC:
break break
except Exception as e: except Exception as e:
if tries >= self.__tries: if tries >= self.__tries:
self.logger.fail(f'MMCEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method') self.logger.fail(f'MMCEXEC: Couldn\'t retrieve output file, maybe got detected by AV. Please increase the number of tries with the option "--get-output-tries". If it\'s still failing, try the wmi protocol or another exec method')
break break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 : if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'MMCEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)') self.logger.fail(f'MMCEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')

View File

@ -91,7 +91,7 @@ def proto_args(parser, std_parser, module_parser):
help="force the PowerShell command to run in a 32-bit process") help="force the PowerShell command to run in a 32-bit process")
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output") cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
cegroup = cgroup.add_mutually_exclusive_group() cegroup = cgroup.add_mutually_exclusive_group()
cegroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified command") cegroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified CMD command")
cegroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command") cegroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
psgroup = smb_parser.add_argument_group("Powershell Obfuscation", "Options for PowerShell script obfuscation") psgroup = smb_parser.add_argument_group("Powershell Obfuscation", "Options for PowerShell script obfuscation")
psgroup.add_argument("--obfs", action="store_true", help="Obfuscate PowerShell scripts") psgroup.add_argument("--obfs", action="store_true", help="Obfuscate PowerShell scripts")

View File

@ -170,7 +170,7 @@ class SMBEXEC:
break break
except Exception as e: except Exception as e:
if tries >= self.__tries: if tries >= self.__tries:
self.logger.fail(f'SMBEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method') self.logger.fail(f'SMBEXEC: Couldn\'t retrieve output file, maybe got detected by AV. Please increase the number of tries with the option "--get-output-tries". If it\'s still failing, try the wmi protocol or another exec method')
break break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 : if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'SMBEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)') self.logger.fail(f'SMBEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')

View File

@ -166,7 +166,7 @@ class WMIEXEC:
break break
except Exception as e: except Exception as e:
if tries >= self.__tries: if tries >= self.__tries:
self.logger.fail(f'WMIEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method') self.logger.fail(f'WMIEXEC: Couldn\'t retrieve output-file, maybe got detected by AV. Try the wmi protocol or another exec method')
break break
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 : if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
self.logger.fail(f'SMB connection: target has blocked {self.__share} access (maybe command executed!)') self.logger.fail(f'SMB connection: target has blocked {self.__share} access (maybe command executed!)')