ruff: eradicate commented out code

nxc/context.py

@@ -17,4 +17,3 @@ def __init__(self, db, logger, args):
         self.conf.read(os.path.expanduser("~/.nxc/nxc.conf"))
 
         self.log = logger
-        # self.log.debug = logging.debug

nxc/first_run.py

@@ -39,18 +39,5 @@ def first_run_setup(logger=nxc_logger):
         shutil.copy(default_path, NXC_PATH)
 
     # if not exists(CERT_PATH):
-    #     logger.display('Generating SSL certificate')
-    #     try:
-    #         check_output(['openssl', 'help'], stderr=PIPE)
     #         if os.name != 'nt':
-    #             os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US" > /dev/null 2>&1'.format(path=CERT_PATH))
-    #         else:
-    #             os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US"'.format(path=CERT_PATH))
-    #     except OSError as e:
     #         if e.errno == errno.ENOENT:
-    #             logger.error('OpenSSL command line utility is not installed, could not generate certificate, using default certificate')
-    #             default_path = path_join(DATA_PATH, 'default.pem')
-    #             shutil.copy(default_path, CERT_PATH)
-    #         else:
-    #             logger.error('Error while generating SSL certificate: {}'.format(e))
-    #             sys.exit(1)

nxc/loaders/moduleloader.py

@@ -44,9 +44,6 @@ def module_is_sane(self, module, module_path):
         elif not hasattr(module, "on_login") and not (module, "on_admin_login"):
             self.logger.fail(f"{module_path} missing the on_login/on_admin_login function(s)")
             module_error = True
-        # elif not hasattr(module, 'chain_support'):
-        #    self.logger.fail('{} missing the chain_support variable'.format(module_path))
-        #    module_error = True
 
         if module_error:
             return False

nxc/logger.py

@@ -33,7 +33,6 @@ def __init__(self, extra=None):
         logging.getLogger("pypykatz").disabled = True
         logging.getLogger("minidump").disabled = True
         logging.getLogger("lsassy").disabled = True
-        # logging.getLogger("impacket").disabled = True
 
     def format(self, msg, *args, **kwargs): # noqa: A003
         """Format msg for output

nxc/modules/IOXIDResolver.py

@@ -35,7 +35,6 @@ def on_login(self, context, connection):
 
         context.log.debug("[*] Retrieving network interface of " + connection.host)
 
-        # NetworkAddr = bindings[0]['aNetworkAddr']
         for binding in bindings:
             NetworkAddr = binding["aNetworkAddr"]
             try:

nxc/modules/dfscoerce.py

@@ -112,7 +112,6 @@ def connect(self, username, password, domain, lmhash, nthash, aesKey, target, do
         if doKerberos:
             rpctransport.set_kerberos(doKerberos, kdcHost=dcHost)
         # if target:
-        #    rpctransport.setRemoteHost(target)
 
         rpctransport.setRemoteHost(target)
         dce = rpctransport.get_dce_rpc()
@@ -139,7 +138,6 @@ def NetrDfsRemoveStdRoot(self, dce, listener):
             request["ApiFlags"] = 1
             if self.args.verbose:
                 nxc_logger.debug(request.dump())
-            # logger.debug(request.dump())
             dce.request(request)
 
         except Exception as e:

nxc/modules/empire_exec.py

@@ -105,7 +105,6 @@ def options(self, context, module_options):
             sys.exit(1)
 
         context.log.debug(f"Response Code: {stager_response.status_code}")
-        # context.log.debug(f"Response Content: {stager_response.text}")
 
         stager_create_data = stager_response.json()
         context.log.debug(f"Stager data: {stager_create_data}")
@@ -117,7 +116,6 @@ def options(self, context, module_options):
             verify=False,
         )
         context.log.debug(f"Response Code: {download_response.status_code}")
-        # context.log.debug(f"Response Content: {download_response.text}")
 
         self.empire_launcher = download_response.text
 

nxc/modules/groupmembership.py

@@ -89,7 +89,6 @@ def on_login(self, context, connection):
                 # and splitting it on the "=" character to get a list of the group name and its prefix (e.g., "CN")
                 group_name = group_parts[0].split("=")[1]
 
-                # print("Group name: %s" % group_name)
                 context.log.highlight(f"{group_name}")
             return None
         return None

nxc/modules/shadowcoerce.py

@@ -253,7 +253,6 @@ def IsPathShadowCopied(self, dce, listener):
             # only NETLOGON and SYSVOL were detected working here
             # setting the share to something else raises a 0x80042308 (FSRVP_E_OBJECT_NOT_FOUND) or 0x8004230c (FSRVP_E_NOT_SUPPORTED)
             request["ShareName"] = f"\\\\{listener}\\NETLOGON\x00"
-            # request.dump()
             dce.request(request)
         except Exception as e:
             nxc_logger.debug("Something went wrong, check error status => %s", str(e))

nxc/modules/teams_localdb.py

@@ -16,7 +16,6 @@ def options(self, context, module_options):
     def on_admin_login(self, context, connection):
         context.log.display("Killing all Teams process to open the cookie file")
         connection.execute("taskkill /F /T /IM teams.exe")
-        # sleep(3)
         found = 0
         paths = connection.spider("C$", folder="Users", regex=["[a-zA-Z0-9]*"], depth=0)
         with open("/tmp/teams_cookies2.txt", "wb") as f:

nxc/protocols/ftp/database.py

@@ -176,7 +176,6 @@ def add_credential(self, username, password):
         nxc_logger.debug(f"Adding credentials: {credentials}")
 
         self.sess.execute(q_users, credentials)  # .scalar()
-        # return cred_ids
 
         # hacky way to get cred_id since we can't use returning() yet
         if len(credentials) == 1:

nxc/protocols/ldap.py

@@ -151,7 +151,6 @@ def __init__(self, args, db, host):
         connection.__init__(self, args, db, host)
 
     def proto_logger(self):
-        # self.logger = nxc_logger
         self.logger = NXCAdapter(
             extra={
                 "protocol": "LDAP",
@@ -301,7 +300,6 @@ def print_host_info(self):
             self.logger.extra["protocol"] = "LDAP"
             self.logger.extra["port"] = "389"
             self.logger.display(f"Connecting to LDAP {self.hostname}")
-            # self.logger.display(self.endpoint)
         else:
             self.logger.extra["protocol"] = "SMB" if not self.no_ntlm else "LDAP"
             self.logger.extra["port"] = "445" if not self.no_ntlm else "389"
@@ -311,7 +309,6 @@ def print_host_info(self):
             smbv1 = colored(f"SMBv1:{self.smbv1}", host_info_colors[2], attrs=["bold"]) if self.smbv1 else colored(f"SMBv1:{self.smbv1}", host_info_colors[3], attrs=["bold"])
             self.logger.display(f"{self.server_os}{f' x{self.os_arch}' if self.os_arch else ''} (name:{self.hostname}) (domain:{self.domain}) ({signing}) ({smbv1})")
             self.logger.extra["protocol"] = "LDAP"
-            # self.logger.display(self.endpoint)
         return True
 
     def kerberos_login(
@@ -324,7 +321,6 @@ def kerberos_login(
         kdcHost="",
         useCache=False,
     ):
-        # nxc_logger.getLogger("impacket").disabled = True
         self.username = username
         self.password = password
         self.domain = domain
@@ -382,7 +378,6 @@ def kerberos_login(
             used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}"
             out = f"{domain}\\{self.username}{used_ccache} {self.mark_pwned()}"
 
-            # out = f"{domain}\\{self.username}{' from ccache' if useCache else ':%s' % (kerb_pass if not self.config.get('nxc', 'audit_mode') else self.config.get('nxc', 'audit_mode') * 8)} {highlight('({})'.format(self.config.get('nxc', 'pwn3d_label')) if self.admin_privs else '')}"
 
             self.logger.extra["protocol"] = "LDAP"
             self.logger.extra["port"] = "636" if (self.args.gmsa or self.args.port == 636) else "389"

nxc/protocols/ldap/bloodhound.py

@@ -44,7 +44,6 @@ def connect(self):
         # Create an object resolver
         self.ad.create_objectresolver(self.pdc)
 
-    #        self.pdc.ldap_connect(self.ad.auth.username, self.ad.auth.password, kdc)
 
     def run(
         self,

nxc/protocols/ldap/gmsa.py

@@ -12,7 +12,6 @@ class MSDS_MANAGEDPASSWORD_BLOB(Structure):
         ("UnchangedPasswordIntervalOffset", "<H"),
         ("CurrentPassword", ":"),
         ("PreviousPassword", ":"),
-        # ('AlignmentPadding',':'),
         ("QueryPasswordInterval", ":"),
         ("UnchangedPasswordInterval", ":"),
     )

nxc/protocols/ldap/laps.py

@@ -90,7 +90,6 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
                     )
                     self.logger.extra["protocol"] = "LDAPS"
                     self.logger.extra["port"] = "636"
-                    # self.logger.success(out)
                     return ldap_connection
                 except ldap_impacket.LDAPSessionError as e:
                     error_code = str(e).split()[-2][:-1]
@@ -141,7 +140,6 @@ def auth_login(self, domain, username, password, ntlm_hash):
             # Connect to LDAP
             self.logger.extra["protocol"] = "LDAP"
             self.logger.extra["port"] = "389"
-            # self.logger.success(out)
 
             return ldap_connection
 
@@ -153,7 +151,6 @@ def auth_login(self, domain, username, password, ntlm_hash):
                     ldap_connection.login(username, password, domain, lmhash, nthash)
                     self.logger.extra["protocol"] = "LDAPS"
                     self.logger.extra["port"] = "636"
-                    # self.logger.success(out)
                     return ldap_connection
                 except ldap_impacket.LDAPSessionError as e:
                     error_code = str(e).split()[-2][:-1]

nxc/protocols/mssql.py

@@ -108,11 +108,8 @@ def enum_host_info(self):
     def print_host_info(self):
         self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})")
         # if len(self.mssql_instances) > 0:
-        #     self.logger.display("MSSQL DB Instances: {}".format(len(self.mssql_instances)))
         #     for i, instance in enumerate(self.mssql_instances):
-        #         self.logger.debug("Instance {}".format(i))
         #         for key in instance.keys():
-        #             self.logger.debug(key + ":" + instance[key])
 
     def create_conn_obj(self):
         try:

nxc/protocols/mssql/database.py

@@ -56,7 +56,6 @@ def db_schema(db_conn):
             FOREIGN KEY(hostid) REFERENCES hosts(id)
             )"""
         )
-        # type = hash, plaintext
         db_conn.execute(
             """CREATE TABLE "users" (
             "id" integer PRIMARY KEY,
@@ -185,7 +184,6 @@ def add_credential(self, credtype, domain, username, password, pillaged_from=Non
                 if not user[3] and not user[4] and not user[5]:
                     q = update(self.UsersTable).values(credential_data)  # .returning(self.UsersTable.c.id)
                     results = self.conn.execute(q)  # .first()
-                    # user_rowid = results.id
 
         nxc_logger.debug(f"add_credential(credtype={credtype}, domain={domain}, username={username}, password={password}, pillaged_from={pillaged_from})")
         return user_rowid

nxc/protocols/mssql/mssqlexec.py

@@ -29,18 +29,12 @@ def execute(self, command, output=False):
             nxc_logger.debug("Output is enabled")
             for row in command_output:
                 nxc_logger.debug(row)
-            # self.mssql_conn.printReplies()
-            # self.mssql_conn.colMeta[0]["TypeData"] = 80 * 2
-            # self.mssql_conn.printRows()
-            # self.outputBuffer = self.mssql_conn._MSSQL__rowsPrinter.getMessage()
             # if len(self.outputBuffer):
-            #     self.outputBuffer = self.outputBuffer.split('\n', 2)[2]
         try:
             self.disable_xp_cmdshell()
         except Exception as e:
             nxc_logger.error(f"[OPSEC] Error when attempting to disable xp_cmdshell: {e}")
         return command_output
-        # return self.outputBuffer
 
     def enable_xp_cmdshell(self):
         self.mssql_conn.sql_query("exec master.dbo.sp_configure 'show advanced options',1;RECONFIGURE;exec master.dbo.sp_configure 'xp_cmdshell', 1;RECONFIGURE;")

nxc/protocols/rdp.py

@@ -85,13 +85,8 @@ def __init__(self, args, db, host):
 
     # def proto_flow(self):
     #     if self.create_conn_obj():
-    #         self.proto_logger()
-    #         self.print_host_info()
     #         if self.login() or (self.username == '' and self.password == ''):
     #             if hasattr(self.args, 'module') and self.args.module:
-    #                 self.call_modules()
-    #             else:
-    #                 self.call_cmd_args()
 
     def proto_logger(self):
         self.logger = NXCAdapter(

nxc/protocols/smb.py

@@ -1244,10 +1244,8 @@ def rid_brute(self, max_rid=None):
 
         # Want encryption? Uncomment next line
         # But make simultaneous variable <= 100
-        # dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
 
         # Want fragmentation? Uncomment next line
-        # dce.set_max_fragment_size(32)
 
         dce.bind(lsat.MSRPC_UUID_LSAT)
         try:
@@ -1693,9 +1691,7 @@ def add_ntds_hash(ntds_hash, host_id):
                 # if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0:
                 # We don't store the resume file if this error happened, since this error is related to lack
                 # of enough privileges to access DRSUAPI.
-                #    resumeFile = NTDS.getResumeSessionFile()
                 #    if resumeFile is not None:
-                #        os.unlink(resumeFile)
                 self.logger.fail(e)
 
         NTDS = NTDSHashes(
@@ -1727,9 +1723,7 @@ def add_ntds_hash(ntds_hash, host_id):
             # if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0:
             # We don't store the resume file if this error happened, since this error is related to lack
             # of enough privileges to access DRSUAPI.
-            #    resumeFile = NTDS.getResumeSessionFile()
             #    if resumeFile is not None:
-            #        os.unlink(resumeFile)
             self.logger.fail(e)
         try:
             self.remote_ops.finish()

nxc/protocols/smb/atexec.py

@@ -128,7 +128,6 @@ def execute_handler(self, command, fileless=False):
 
         dce.set_credentials(*self.__rpctransport.get_credentials())
         dce.connect()
-        # dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
 
         tmpName = gen_random_string(8)
 

nxc/protocols/smb/database.py

@@ -83,7 +83,6 @@ def db_schema(db_conn):
             """
         )
 
-        # type = hash, plaintext
         db_conn.execute(
             """CREATE TABLE "users" (
             "id" integer PRIMARY KEY,
@@ -353,7 +352,6 @@ def add_credential(self, credtype, domain, username, password, group_id=None, pi
             q_groups = Insert(self.GroupRelationsTable)
 
             self.conn.execute(q_groups, groups)
-        # return user_ids
 
     def remove_credentials(self, creds_id):
         """Removes a credential ID from the database"""
@@ -567,11 +565,7 @@ def add_group(self, domain, name, rid=None, member_count_ad=None):
 
         self.conn.execute(q, groups)
         # TODO: always return a list and fix code references to not expect a single integer
-        # inserted_result = res_inserted_result.first()
-        # gid = inserted_result.id
         #
-        # logger.debug(f"inserted_results: {inserted_result}\ntype: {type(inserted_result)}")
-        # logger.debug('add_group(domain={}, name={}) => {}'.format(domain, name, gid))
         if updated_ids:
             nxc_logger.debug(f"Updated groups with IDs: {updated_ids}")
         return updated_ids
@@ -668,7 +662,6 @@ def add_share(self, host_id, user_id, name, remark, read, write):
             Insert(self.SharesTable).on_conflict_do_nothing(),  # .returning(self.SharesTable.c.id),
             share_data,
         )  # .scalar_one()
-        # return share_id
 
     def get_shares(self, filter_term=None):
         if self.is_share_valid(filter_term):
@@ -719,7 +712,6 @@ def add_domain_backupkey(self, domain: str, pvk: bytes):
 
                 self.conn.execute(q, [backup_key])  # .scalar()
                 nxc_logger.debug(f"add_domain_backupkey(domain={domain}, pvk={pvk_encoded})")
-                # return inserted_id
             except Exception as e:
                 nxc_logger.debug(f"Issue while inserting DPAPI Backup Key: {e}")
 
@@ -772,8 +764,6 @@ def add_dpapi_secrets(
 
         self.conn.execute(q, [secret])  # .scalar()
 
-        # inserted_result = res_inserted_result.first()
-        # inserted_id = inserted_result.id
 
         nxc_logger.debug(f"add_dpapi_secrets(host={host}, dpapi_type={dpapi_type}, windows_user={windows_user}, username={username}, password={password}, url={url})")
 

nxc/protocols/smb/db_navigator.py

@@ -19,7 +19,6 @@ def display_creds(self, creds):
             username = cred[2]
             password = cred[3]
             credtype = cred[4]
-            # pillaged_from = cred[5]
 
             links = self.db.get_admin_relations(user_id=cred_id)
             data.append(

nxc/protocols/smb/proto_args.py

@@ -16,8 +16,6 @@ def proto_args(parser, std_parser, module_parser):
     cgroup.add_argument("--lsa", action="store_true", help="dump LSA secrets from target systems")
     cgroup.add_argument("--ntds", choices={"vss", "drsuapi"}, nargs="?", const="drsuapi", help="dump the NTDS.dit from target DCs using the specifed method\n(default: drsuapi)")
     cgroup.add_argument("--dpapi", choices={"cookies", "nosystem"}, nargs="*", help='dump DPAPI secrets from target systems, can dump cookies if you add "cookies", will not dump SYSTEM dpapi if you add nosystem\n')
-    # cgroup.add_argument("--ntds-history", action='store_true', help='Dump NTDS.dit password history')
-    # cgroup.add_argument("--ntds-pwdLastSet", action='store_true', help='Shows the pwdLastSet attribute for each NTDS.dit account')
 
     ngroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials")
     ngroup.add_argument("--mkfile", action="store", help="DPAPI option. File with masterkeys in form of {GUID}:SHA1")

nxc/protocols/smb/smbexec.py

@@ -29,7 +29,6 @@ def __init__(self, host, share_name, smbconnection, protocol, username="", passw
         self.__rpctransport = None
         self.__scmr = None
         self.__conn = None
-        # self.__mode  = mode
         self.__aesKey = aesKey
         self.__doKerberos = doKerberos
         self.__kdcHost = kdcHost
@@ -102,7 +101,6 @@ def execute_remote(self, data):
 
         self.logger.debug("Hosting batch file with command: " + command)
 
-        # command = self.__shell + '\\\\{}\\{}\\{}'.format(local_ip,self.__share_name, self.__batchFile)
         self.logger.debug("Command to execute: " + command)
 
         self.logger.debug(f"Remote service {self.__serviceName} created.")

nxc/protocols/ssh/database.py

@@ -223,7 +223,6 @@ def add_credential(self, credtype, username, password, key=None):
         nxc_logger.debug(f"Adding credentials: {credentials}")
 
         self.sess.execute(q_users, credentials)  # .scalar()
-        # return cred_ids
 
         # hacky way to get cred_id since we can't use returning() yet
         if len(credentials) == 1: