Fix exec method with kerberos

2023-02-05 08:00:46 -05:00 · 2023-02-05 08:00:46 -05:00 · 5696026ba0
parent eaf421b714
commit 5696026ba0
2 changed files with 5 additions and 6 deletions
--- a/cme/protocols/smb.py
+++ b/cme/protocols/smb.py
@ -627,7 +627,7 @@ class smb(connection):

            if method == 'wmiexec':
                try:
-                    exec_method = WMIEXEC(self.host, self.smb_share_name, self.username, self.password, self.domain, self.conn, self.kerberos, self.aesKey, self.kdcHost, self.hash, self.args.share)
+                    exec_method = WMIEXEC(self.host if (not self.args.kerberos and not self.args.use_kcache) else self.hostname + '.' + self.domain, self.smb_share_name, self.username, self.password, self.domain, self.conn, self.kerberos, self.aesKey, self.kdcHost, self.hash, self.args.share)
                    logging.debug('Executed command via wmiexec')
                    break
                except:
@ -637,7 +637,7 @@ class smb(connection):

            elif method == 'mmcexec':
                try:
-                    exec_method = MMCEXEC(self.host, self.smb_share_name, self.username, self.password, self.domain, self.conn, self.hash)
+                    exec_method = MMCEXEC(self.host if (not self.args.kerberos and not self.args.use_kcache) else self.hostname + '.' + self.domain, self.smb_share_name, self.username, self.password, self.domain, self.conn, self.hash)
                    logging.debug('Executed command via mmcexec')
                    break
                except:
@ -647,7 +647,7 @@ class smb(connection):

            elif method == 'atexec':
                try:
-                    exec_method = TSCH_EXEC(self.host, self.smb_share_name, self.username, self.password, self.domain, self.kerberos, self.aesKey, self.kdcHost, self.hash) #self.args.share)
+                    exec_method = TSCH_EXEC(self.host if (not self.args.kerberos and not self.args.use_kcache) else self.hostname + '.' + self.domain, self.smb_share_name, self.username, self.password, self.domain, self.kerberos, self.aesKey, self.kdcHost, self.hash) #self.args.share)
                    logging.debug('Executed command via atexec')
                    break
                except:
@ -657,7 +657,7 @@ class smb(connection):

            elif method == 'smbexec':
                try:
-                    exec_method = SMBEXEC(self.host, self.smb_share_name, self.conn, self.args.port, self.username, self.password, self.domain, self.kerberos, self.aesKey, self.kdcHost, self.hash, self.args.share)
+                    exec_method = SMBEXEC(self.host if (not self.args.kerberos and not self.args.use_kcache) else self.hostname + '.' + self.domain, self.smb_share_name, self.conn, self.args.port, self.username, self.password, self.domain, self.kerberos, self.aesKey, self.kdcHost, self.hash, self.args.share)
                    logging.debug('Executed command via smbexec')
                    break
                except:
--- a/cme/protocols/smb/wmiexec.py
+++ b/cme/protocols/smb/wmiexec.py
@ -63,7 +63,6 @@ class WMIEXEC:
    def cd(self, s):
        self.execute_remote('cd ' + s)
        if len(self.__outputBuffer.strip('\r\n')) > 0:
-            print(self.__outputBuffer)
            self.__outputBuffer = b''
        else:
            self.__pwd = ntpath.normpath(ntpath.join(self.__pwd, s))
@ -90,7 +89,7 @@ class WMIEXEC:

        command = self.__shell + data
        if self.__retOutput:
-            command += ' 1> ' + '\\\\127.0.0.1\\%s' % self.__share + self.__output  + ' 2>&1'
+            command += ' 1> ' + '%s' % self.__output  + ' 2>&1'

        logging.debug('Executing command: ' + command)
        self.__win32Process.Create(command, self.__pwd, None)