From 2f69af131def9a09cf4b2cc6b33bda9402e1b0d9 Mon Sep 17 00:00:00 2001 From: mpgn Date: Mon, 24 Jul 2023 14:40:36 -0400 Subject: [PATCH 1/2] add --no-smb arg for mssql --- cme/protocols/mssql.py | 2 +- cme/protocols/mssql/proto_args.py | 9 ++++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/cme/protocols/mssql.py b/cme/protocols/mssql.py index 1335ceb1..0d6f6635 100755 --- a/cme/protocols/mssql.py +++ b/cme/protocols/mssql.py @@ -67,7 +67,7 @@ class mssql(connection): except: pass - if self.args.domain: + if self.args.no_smb: self.domain = self.args.domain else: try: diff --git a/cme/protocols/mssql/proto_args.py b/cme/protocols/mssql/proto_args.py index 77ced9c2..bb0a6ada 100644 --- a/cme/protocols/mssql/proto_args.py +++ b/cme/protocols/mssql/proto_args.py @@ -1,11 +1,14 @@ def proto_args(parser, std_parser, module_parser): mssql_parser = parser.add_parser('mssql', help="own stuff using MSSQL", parents=[std_parser, module_parser]) - dgroup = mssql_parser.add_mutually_exclusive_group() - dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, help="domain name") - dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target') mssql_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes') mssql_parser.add_argument("--port", default=1433, type=int, metavar='PORT', help='MSSQL port (default: 1433)') mssql_parser.add_argument("-q", "--query", dest='mssql_query', metavar='QUERY', type=str, help='execute the specified query against the MSSQL DB') + no_smb_arg = mssql_parser.add_argument("--no-smb", action=get_conditional_action(_StoreTrueAction), make_required=[], help='No smb connection') + + dgroup = mssql_parser.add_mutually_exclusive_group() + dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, help="domain name") + dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target') + no_smb_arg.make_required = [domain_arg] cgroup = mssql_parser.add_argument_group("Command Execution", "options for executing commands") cgroup.add_argument('--force-ps32', action='store_true', help='force the PowerShell command to run in a 32-bit process') From eafee24f665c884bf8f73aa3f634de13776e8a30 Mon Sep 17 00:00:00 2001 From: mpgn Date: Mon, 24 Jul 2023 14:45:15 -0400 Subject: [PATCH 2/2] fix missing function --- cme/protocols/mssql/proto_args.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/cme/protocols/mssql/proto_args.py b/cme/protocols/mssql/proto_args.py index bb0a6ada..5d28c0a3 100644 --- a/cme/protocols/mssql/proto_args.py +++ b/cme/protocols/mssql/proto_args.py @@ -1,3 +1,5 @@ +from argparse import _StoreTrueAction + def proto_args(parser, std_parser, module_parser): mssql_parser = parser.add_parser('mssql', help="own stuff using MSSQL", parents=[std_parser, module_parser]) mssql_parser.add_argument("-H", '--hash', metavar="HASH", dest='hash', nargs='+', default=[], help='NTLM hash(es) or file(s) containing NTLM hashes') @@ -6,7 +8,7 @@ def proto_args(parser, std_parser, module_parser): no_smb_arg = mssql_parser.add_argument("--no-smb", action=get_conditional_action(_StoreTrueAction), make_required=[], help='No smb connection') dgroup = mssql_parser.add_mutually_exclusive_group() - dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, help="domain name") + domain_arg = dgroup.add_argument("-d", metavar="DOMAIN", dest='domain', type=str, help="domain name") dgroup.add_argument("--local-auth", action='store_true', help='authenticate locally to each target') no_smb_arg.make_required = [domain_arg] @@ -25,4 +27,18 @@ def proto_args(parser, std_parser, module_parser): tgroup.add_argument("--put-file", nargs=2, metavar="FILE", help='Put a local file into remote target, ex: whoami.txt C:\\Windows\\Temp\\whoami.txt') tgroup.add_argument("--get-file", nargs=2, metavar="FILE", help='Get a remote file, ex: C:\\Windows\\Temp\\whoami.txt whoami.txt') - return parser \ No newline at end of file + return parser + +def get_conditional_action(baseAction): + class ConditionalAction(baseAction): + def __init__(self, option_strings, dest, **kwargs): + x = kwargs.pop('make_required', []) + super(ConditionalAction, self).__init__(option_strings, dest, **kwargs) + self.make_required = x + + def __call__(self, parser, namespace, values, option_string=None): + for x in self.make_required: + x.required = True + super(ConditionalAction, self).__call__(parser, namespace, values, option_string) + + return ConditionalAction \ No newline at end of file