swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[winrm] Add comment about dos attack 

Signed-off-by: Xiaoli Chan <2209553467@qq.com>
main
Xiaoli Chan 2023-11-07 12:23:52 +08:00
parent 3d2f3e1f8c
commit 67b6acb30a
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
nxc/protocols/winrm.py
View File

@ -34,7 +34,6 @@ class winrm(connection):
self.lmhash = ""
self.nthash = ""
self.ssl = False
self.local_auth = False
connection.__init__(self, args, db, host)
@ -347,6 +346,12 @@ class winrm(connection):
def ps_execute(self):
self.execute(payload=self.args.ps_execute, get_output=True, shell_type="powershell")
# Dos attack prevent:
# if someboby executed "reg save HKLM\sam C:\windows\temp\sam" before, but didn't remove "C:\windows\temp\sam" file,
# when user execute the same command next time, in tty shell, the prompt will ask "File C:\windows\temp\sam already exists. Overwrite (Yes/No)?"
# but in here, it isn't not a tty shell, pypsrp will do a crazy loop command execution when it didn't get any response (stuck in "Yes/No" prompt)
# and it will make target host OOM error just like dos attack.
# To prevent that, just make the store file name randomly.
def sam(self):
sam_storename = gen_random_string(6)
system_storename = gen_random_string(6)