Make exec fail messages more precise
parent
0e528ae8f0
commit
2400bc6c20
|
@ -203,7 +203,7 @@ class TSCH_EXEC:
|
||||||
break
|
break
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
if tries >= self.__tries:
|
if tries >= self.__tries:
|
||||||
self.logger.fail(f'ATEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
|
self.logger.fail(f'ATEXEC: Couldn\'t retrieve output file, maybe got detected by AV. Please increase the number of tries with the option "--get-output-tries". If it\'s still failing, try the wmi protocol or another exec method')
|
||||||
break
|
break
|
||||||
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
||||||
self.logger.fail(f'ATEXEC: Get ouput failed, target has blocked ADMIN$ access (maybe command executed!)')
|
self.logger.fail(f'ATEXEC: Get ouput failed, target has blocked ADMIN$ access (maybe command executed!)')
|
||||||
|
|
|
@ -252,7 +252,7 @@ class MMCEXEC:
|
||||||
break
|
break
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
if tries >= self.__tries:
|
if tries >= self.__tries:
|
||||||
self.logger.fail(f'MMCEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
|
self.logger.fail(f'MMCEXEC: Couldn\'t retrieve output file, maybe got detected by AV. Please increase the number of tries with the option "--get-output-tries". If it\'s still failing, try the wmi protocol or another exec method')
|
||||||
break
|
break
|
||||||
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
||||||
self.logger.fail(f'MMCEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')
|
self.logger.fail(f'MMCEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')
|
||||||
|
|
|
@ -91,7 +91,7 @@ def proto_args(parser, std_parser, module_parser):
|
||||||
help="force the PowerShell command to run in a 32-bit process")
|
help="force the PowerShell command to run in a 32-bit process")
|
||||||
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
|
cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
|
||||||
cegroup = cgroup.add_mutually_exclusive_group()
|
cegroup = cgroup.add_mutually_exclusive_group()
|
||||||
cegroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified command")
|
cegroup.add_argument("-x", metavar="COMMAND", dest="execute", help="execute the specified CMD command")
|
||||||
cegroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
|
cegroup.add_argument("-X", metavar="PS_COMMAND", dest="ps_execute", help="execute the specified PowerShell command")
|
||||||
psgroup = smb_parser.add_argument_group("Powershell Obfuscation", "Options for PowerShell script obfuscation")
|
psgroup = smb_parser.add_argument_group("Powershell Obfuscation", "Options for PowerShell script obfuscation")
|
||||||
psgroup.add_argument("--obfs", action="store_true", help="Obfuscate PowerShell scripts")
|
psgroup.add_argument("--obfs", action="store_true", help="Obfuscate PowerShell scripts")
|
||||||
|
|
|
@ -170,7 +170,7 @@ class SMBEXEC:
|
||||||
break
|
break
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
if tries >= self.__tries:
|
if tries >= self.__tries:
|
||||||
self.logger.fail(f'SMBEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
|
self.logger.fail(f'SMBEXEC: Couldn\'t retrieve output file, maybe got detected by AV. Please increase the number of tries with the option "--get-output-tries". If it\'s still failing, try the wmi protocol or another exec method')
|
||||||
break
|
break
|
||||||
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
||||||
self.logger.fail(f'SMBEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')
|
self.logger.fail(f'SMBEXEC: Get ouput failed, target has blocked {self.__share} access (maybe command executed!)')
|
||||||
|
|
|
@ -166,7 +166,7 @@ class WMIEXEC:
|
||||||
break
|
break
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
if tries >= self.__tries:
|
if tries >= self.__tries:
|
||||||
self.logger.fail(f'WMIEXEC: Get output file error, maybe got detected by AV software, please increase the number of tries with the option "--get-output-tries". If it\'s still failing maybe something is blocking the schedule job, try another exec method')
|
self.logger.fail(f'WMIEXEC: Couldn\'t retrieve output-file, maybe got detected by AV. Try the wmi protocol or another exec method')
|
||||||
break
|
break
|
||||||
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
if str(e).find("STATUS_BAD_NETWORK_NAME") >0 :
|
||||||
self.logger.fail(f'SMB connection: target has blocked {self.__share} access (maybe command executed!)')
|
self.logger.fail(f'SMB connection: target has blocked {self.__share} access (maybe command executed!)')
|
||||||
|
|
Loading…
Reference in New Issue