NetExec/nxc/modules/webdav.py

53 lines
1.8 KiB
Python

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from nxc.protocols.smb.remotefile import RemoteFile
from impacket import nt_errors
from impacket.smb3structs import FILE_READ_DATA
from impacket.smbconnection import SessionError
class NXCModule:
"""
Enumerate whether the WebClient service is running on the target by looking for the
DAV RPC Service pipe. This technique was first suggested by Lee Christensen (@tifkin_)
Module by Tobias Neitzel (@qtc_de)
"""
name = "webdav"
description = "Checks whether the WebClient service is running on the target"
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
def options(self, context, module_options):
"""
MSG Info message when the WebClient service is running. '{}' is replaced by the target.
"""
self.output = "WebClient Service enabled on: {}"
if "MSG" in module_options:
self.output = module_options["MSG"]
def on_login(self, context, connection):
"""
Check whether the 'DAV RPC Service' pipe exists within the 'IPC$' share. This indicates
that the WebClient service is running on the target.
"""
try:
remote_file = RemoteFile(connection.conn, "DAV RPC Service", "IPC$", access=FILE_READ_DATA)
remote_file.open()
remote_file.close()
context.log.highlight(self.output.format(connection.conn.getRemoteHost()))
except SessionError as e:
if e.getErrorCode() == nt_errors.STATUS_OBJECT_NAME_NOT_FOUND:
pass
elif e.getErrorCode() in nt_errors.ERROR_MESSAGES:
context.log.fail(f"Error enumerating WebDAV: {e.getErrorString()[0]}", color="magenta")
else:
raise e