swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(docs): replace single quote doc strings with double quote

main
Marshall Hallenbeck 2023-04-07 12:40:48 -04:00
parent a11dc0d3b3
commit a9b7529796
32 changed files with 97 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cme/helpers/msada_guids.py
View File

@ -1,4 +1,4 @@
'''
"""
Impacket - Collection of Python classes for working with network protocols.
SECUREAUTH LABS. Copyright (C) 2020 SecureAuth Corporation. All rights reserved.
@ -22,7 +22,7 @@ References:
This library is, for the moment, not present in the Impacket version used by CrackMapExec, so I add it manually in helpers.
'''
"""
SCHEMA_OBJECTS = {
'2a132580-9373-11d1-aebc-0000f80367c1': 'FRS-Partner-Auth-Level',

3
cme/logger.py
View File

@ -119,6 +119,7 @@ class CMEAdapter(logging.LoggerAdapter):
cme_console.print(text, *args, **kwargs)
def add_file_log(self, log_file=None):
logger = logging.getLogger("rich")
file_formatter = TermEscapeCodeFormatter("%(asctime)s - %(levelname)s - %(message)s")
output_file = self.init_log_file() if log_file is None else log_file
file_creation = False
@ -136,7 +137,7 @@ class CMEAdapter(logging.LoggerAdapter):
f.write("\n[%s]> %s\n\n" % (datetime.now().strftime('%d-%m-%Y %H:%M:%S'), " ".join(sys.argv)))
file_handler.setFormatter(file_formatter)
self.logger.addHandler(file_handler)
logger.addHandler(file_handler)
@staticmethod
def init_log_file():

4
cme/modules/IOXIDResolver.py
View File

@ -19,8 +19,8 @@ class CMEModule:
multiple_hosts = False
def options(self, context, module_options):
'''
'''
"""
"""
def on_login(self, context, connection):

4
cme/modules/MachineAccountQuota.py
View File

@ -2,7 +2,7 @@
# -*- coding: utf-8 -*-
class CMEModule:
'''
"""
Module by Shutdown and Podalirius
Initial module:
@ -11,7 +11,7 @@ class CMEModule:
Authors:
Shutdown: @_nwodtuhs
Podalirius: @podalirius_
'''
"""
def options(self, context, module_options):
pass

8
cme/modules/drop_searchConnector-ms.py
View File

@ -4,11 +4,11 @@
import ntpath
class CMEModule:
'''
"""
Technique discovered by @DTMSecurity and @domchell to remotely coerce an host to start WebClient service.
https://dtm.uk/exploring-search-connectors-and-library-files-on-windows/
Module by @zblurx
'''
"""
name = 'drop-sc'
description = 'Drop a searchConnector-ms file on each writable share'
@ -17,7 +17,7 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
Technique discovered by @DTMSecurity and @domchell to remotely coerce an host to start WebClient service.
https://dtm.uk/exploring-search-connectors-and-library-files-on-windows/
Module by @zblurx
@ -25,7 +25,7 @@ class CMEModule:
CLEANUP Cleanup (choices: True or False)
SHARE Specify a share to target
FILENAME Specify the filename used WITHOUT the extension searchConnector-ms (it's automatically added), default is "Documents"
'''
"""
self.cleanup = False
if 'CLEANUP' in module_options:
self.cleanup = bool(module_options['CLEANUP'])

8
cme/modules/empire_exec.py
View File

@ -10,10 +10,10 @@ from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class CMEModule:
'''
"""
Uses Empire's RESTful API to generate a launcher for the specified listener and executes it
Module by @byt3bl33d3r
'''
"""
name='empire_exec'
description = "Uses Empire's RESTful API to generate a launcher for the specified listener and executes it"
@ -22,9 +22,9 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
LISTENER Listener name to generate the launcher for
'''
"""
if not 'LISTENER' in module_options:
context.log.error('LISTENER option is required!')

8
cme/modules/get_netconnections.py
View File

@ -6,11 +6,11 @@ from cme.helpers.logger import write_log
import json
class CMEModule:
'''
"""
Uses WMI to extract network connections, used to find multi-homed hosts.
Module by @fang0654
'''
"""
name = 'get_netconnections'
description = 'Uses WMI to query network connections.'
@ -19,9 +19,9 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
No options
'''
"""
pass
def on_admin_login(self, context, connection):

8
cme/modules/gpp_autologin.py
View File

@ -5,10 +5,10 @@ import xml.etree.ElementTree as ET
from io import BytesIO
class CMEModule:
'''
"""
Reference: https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPAutologon.ps1
Module by @byt3bl33d3r
'''
"""
name = 'gpp_autologin'
description = 'Searches the domain controller for registry.xml to find autologon information and returns the username and password.'
@ -17,8 +17,8 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
'''
"""
"""
def on_login(self, context, connection):
shares = connection.shares()

8
cme/modules/gpp_password.py
View File

@ -8,10 +8,10 @@ from binascii import unhexlify
from io import BytesIO
class CMEModule:
'''
"""
Reference: https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1
Module by @byt3bl33d3r
'''
"""
name = 'gpp_password'
description = 'Retrieves the plaintext password and other information for accounts pushed through Group Policy Preferences.'
@ -20,8 +20,8 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
'''
"""
"""
def on_login(self, context, connection):
shares = connection.shares()

12
cme/modules/groupmembership.py
View File

@ -6,13 +6,13 @@ from impacket.ldap import ldap as ldap_impacket
class CMEModule:
'''
"""
Created as a contributtion from HackTheBox Academy team for CrackMapExec
Reference: https://academy.hackthebox.com/module/details/84
Module by @juliourena
Module by @juliourena
Based on: https://github.com/juliourena/CrackMapExec/blob/master/cme/modules/get_description.py
'''
"""
name = 'groupmembership'
description = "Query the groups to which a user belongs."
@ -21,9 +21,9 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
USER Choose a username to query group membership
'''
"""
self.user = ""
if 'USER' in module_options:
@ -36,7 +36,7 @@ class CMEModule:
exit(1)
def on_login(self, context, connection):
'''Concurrent. Required if on_admin_login is not present. This gets called on each authenticated connection'''
"""Concurrent. Required if on_admin_login is not present. This gets called on each authenticated connection"""
# Building the search filter
searchFilter = "(&(objectClass=user)(sAMAccountName={}))".format(self.user)

4
cme/modules/handlekatz.py
View File

@ -21,12 +21,12 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
TMP_DIR Path where process dump should be saved on target system (default: C:\\Windows\\Temp\\)
HANDLEKATZ_PATH Path where handlekatz.exe is on your system (default: /tmp/)
HANDLEKATZ_EXE_NAME Name of the handlekatz executable (default: handlekatz.exe)
DIR_RESULT Location where the dmp are stored (default: DIR_RESULT = HANDLEKATZ_PATH)
'''
"""
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"

4
cme/modules/laps.py
View File

@ -5,7 +5,7 @@ from impacket.ldap import ldapasn1 as ldapasn1_impacket
class CMEModule:
'''
"""
Module by technobro refactored by @mpgn (now compatible with LDAP protocol + filter by computer)
Initial module:
@ -14,7 +14,7 @@ class CMEModule:
Credit: @n00py1
Reference: https://www.n00py.io/2020/12/dumping-laps-passwords-from-linux/
https://github.com/n00py/LAPSDumper
'''
"""
name = 'laps'
description = 'Retrieves the LAPS passwords'

8
cme/modules/ldap-checker.py
View File

@ -13,12 +13,12 @@ from asyauth.common.credentials.ntlm import NTLMCredential
class CMEModule:
'''
"""
Checks whether LDAP signing and channelbinding are required.
Module by LuemmelSec (@theluemmel), updated by @zblurx
Original work thankfully taken from @zyn3rgy's Ldap Relay Scan project: https://github.com/zyn3rgy/LdapRelayScan
'''
"""
name = 'ldap-checker'
description = 'Checks whether LDAP signing and binding are required and / or enforced'
supported_protocols = ['ldap']
@ -26,9 +26,9 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
No options available.
'''
"""
pass
def on_login(self, context, connection):

8
cme/modules/met_inject.py
View File

@ -5,10 +5,10 @@ from sys import exit
class CMEModule:
'''
"""
Downloads the Meterpreter stager and injects it into memory using PowerSploit's Invoke-Shellcode.ps1 script
Module by @byt3bl33d3r
'''
"""
name = 'met_inject'
description = "Downloads the Meterpreter stager and injects it into memory"
supported_protocols = ['smb', 'mssql']
@ -16,12 +16,12 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
SRVHOST IP hosting of the stager server
SRVPORT Stager port
RAND Random string given by metasploit
SSL Stager server use https or http (default: https)
'''
"""
self.met_ssl = 'https'

4
cme/modules/ms17-010.py
View File

@ -17,8 +17,8 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
'''
"""
"""
def on_login(self, context, connection):
if check(connection.host):

4
cme/modules/mssql_priv.py
View File

@ -21,9 +21,9 @@ class User:
class CMEModule:
'''
"""
Enumerate MSSQL privileges and exploit them
'''
"""
name = 'mssql_priv'
description = "Enumerate and exploit MSSQL privileges"

8
cme/modules/ntdsutil.py
View File

@ -9,11 +9,11 @@ from cme.helpers.logger import highlight
from cme.helpers.misc import validate_ntlm
class CMEModule:
'''
"""
Dump NTDS with ntdsutil
Module by @zblurx
'''
"""
name = 'ntdsutil'
description = 'Dump NTDS with ntdsutil'
supported_protocols = ['smb']
@ -21,12 +21,12 @@ class CMEModule:
multiple_hosts = False
def options(self, context, module_options):
'''
"""
Dump NTDS with ntdsutil
Module by @zblurx
DIR_RESULT Local dir to write ntds dump. If specified, the local dump will not be deleted after parsing
'''
"""
self.share = "ADMIN$"
self.tmp_dir = "C:\\Windows\\Temp\\"
self.tmp_share = self.tmp_dir.split("C:\\Windows\\")[1]

4
cme/modules/procdump.py
View File

@ -18,12 +18,12 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
TMP_DIR Path where process dump should be saved on target system (default: C:\\Windows\\Temp\\)
PROCDUMP_PATH Path where procdump.exe is on your system (default: /tmp/), if changed embeded version will not be used
PROCDUMP_EXE_NAME Name of the procdump executable (default: procdump.exe), if changed embeded version will not be used
DIR_RESULT Location where the dmp are stored (default: DIR_RESULT = PROCDUMP_PATH)
'''
"""
self.tmp_dir = "C:\\Windows\\Temp\\"
self.share = "C$"

4
cme/modules/shadowcoerce.py
View File

@ -21,10 +21,10 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
IPSC Use IsPathShadowCopied (default: False). ex. IPSC=true
LISTENER Listener IP address (default: 127.0.0.1)
'''
"""
self.ipsc = False
self.listener = "127.0.0.1"
if 'LISTENER' in module_options:

4
cme/modules/spider_plus.py
View File

@ -287,10 +287,10 @@ class SMBSpiderPlus:
class CMEModule:
'''
"""
Spider plus module
Module by @vincd
'''
"""
name = 'spider_plus'
description = 'List files on the target server (excluding `DIR` directories and `EXT` extensions) and save them to the `OUTPUT` directory if they are smaller then `SIZE`'

4
cme/modules/subnets.py
View File

@ -12,12 +12,12 @@ def searchResEntry_to_dict(results):
return data
class CMEModule:
'''
"""
Retrieves the different Sites and Subnets of an Active Directory
Authors:
Podalirius: @podalirius_
'''
"""
def options(self, context, module_options):
"""

4
cme/modules/teams_localdb.py
View File

@ -15,8 +15,8 @@ class CMEModule:
multiple_hosts = False
def options(self, context, module_options):
'''
'''
"""
"""
def on_admin_login(self, context, connection):
context.log.display('Killing all Teams process to open the cookie file')

8
cme/modules/test_connection.py
View File

@ -5,10 +5,10 @@ from cme.helpers.powershell import create_ps_command
from sys import exit
class CMEModule:
'''
"""
Executes the Test-Connection PowerShell cmdlet
Module by @byt3bl33d3r
'''
"""
name = 'test_connection'
description = "Pings a host"
@ -17,9 +17,9 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
HOST Host to ping
'''
"""
self.host = None
if 'HOST' not in module_options:

8
cme/modules/veeam_dump.py
View File

@ -11,10 +11,10 @@ from base64 import b64encode
from cme.helpers.powershell import get_ps_script
class CMEModule:
'''
"""
Module by @NeffIsBack
'''
"""
name = 'veeam'
description = 'Extracts credentials from local Veeam SQL Database'
supported_protocols = ['smb']
@ -26,9 +26,9 @@ class CMEModule:
self.psScript = psFile.read()
def options(self, context, module_options):
'''
"""
No options
'''
"""
pass
def checkVeeamInstalled(self, context, connection):

4
cme/modules/wdigest.py
View File

@ -15,9 +15,9 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
ACTION Create/Delete the registry key (choices: enable, disable)
'''
"""
if not 'ACTION' in module_options:
context.log.error('ACTION option not specified!')

8
cme/modules/web_delivery.py
View File

@ -5,12 +5,12 @@ from cme.helpers.powershell import *
from sys import exit
class CMEModule:
'''
"""
Kicks off a Metasploit Payload using the exploit/multi/script/web_delivery module
Reference: https://github.com/EmpireProject/Empire/blob/2.0_beta/data/module_source/code_execution/Invoke-MetasploitPayload.ps1
Module by @byt3bl33d3r
'''
"""
name = 'web_delivery'
description = 'Kicks off a Metasploit Payload using the exploit/multi/script/web_delivery module'
@ -19,10 +19,10 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
URL URL for the download cradle
PAYLOAD Payload architecture (choices: 64 or 32) Default: 64
'''
"""
if not 'URL' in module_options:
context.log.error('URL option is required!')

12
cme/modules/webdav.py
View File

@ -7,12 +7,12 @@ from impacket.smb3structs import FILE_READ_DATA
from impacket.smbconnection import SessionError
class CMEModule:
'''
"""
Enumerate whether the WebClient service is running on the target by looking for the
DAV RPC Service pipe. This technique was first suggested by Lee Christensen (@tifkin_)
Module by Tobias Neitzel (@qtc_de)
'''
"""
name = 'webdav'
description = 'Checks whether the WebClient service is running on the target'
supported_protocols = ['smb']
@ -20,19 +20,19 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
"""
MSG Info message when the WebClient service is running. '{}' is replaced by the target.
'''
"""
self.output = 'WebClient Service enabled on: {}'
if 'MSG' in module_options:
self.output = module_options['MSG']
def on_login(self, context, connection):
'''
"""
Check whether the 'DAV RPC Service' pipe exists within the 'IPC$' share. This indicates
that the WebClient service is running on the target.
'''
"""
try:
remote_file = RemoteFile(connection.conn, 'DAV RPC Service', 'IPC$', access=FILE_READ_DATA)

10
cme/modules/whoami.py
View File

@ -1,10 +1,10 @@
from ldap3 import Server, Connection, NTLM, ALL
class CMEModule:
'''
Basic enumeration of provided user information and privileges
"""
Basic enumeration of provided user information and privileges
Module by spyr0 (@spyr0-sec)
'''
"""
name = 'whoami'
description = 'Get details of provided user'
supported_protocols = ['ldap']
@ -12,9 +12,9 @@ class CMEModule:
multiple_hosts = True # Does it make sense to run this module on multiple hosts at a time?
def options(self, context, module_options):
'''
"""
USER Enumerate information about a different SamAccountName
'''
"""
self.username = None
if 'USER' in module_options:
self.username = module_options['USER']

4
cme/modules/winscp_dump.py
View File

@ -18,9 +18,9 @@ import configparser
class CMEModule:
'''
"""
Module by @NeffIsBack
'''
"""
name = 'winscp'
description = 'Looks for WinSCP.ini files in the registry and default locations and tries to extract credentials.'
supported_protocols = ['smb']

4
cme/modules/wireless.py
View File

@ -18,8 +18,8 @@ class CMEModule:
multiple_hosts = True
def options(self, context, module_options):
'''
'''
"""
"""
def on_admin_login(self, context, connection):
host = connection.hostname + "." + connection.domain

4
cme/protocols/smb/firefox.py
View File

@ -22,11 +22,11 @@ class FirefoxData:
class FirefoxTriage:
'''
"""
Firefox by @zblurx
Inspired by firefox looting from DonPAPI
https://github.com/login-securite/DonPAPI
'''
"""
firefox_generic_path = 'Users\\{}\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles'
share = 'C$'
false_positive = ['.','..', 'desktop.ini','Public','Default','Default User','All Users']

4
cme/protocols/smb/smbspider.py
View File

@ -59,11 +59,11 @@ class SMBSpider:
return self.results
def _spider(self, subfolder, depth):
'''
"""
Abondon all hope ye who enter here.
You're now probably wondering if I was drunk and/or high when writing this.
Getting this to work took a toll on my sanity. So yes. a lot.
'''
"""
# The following is some funky shit that deals with the way impacket treats file paths