From 82e5d78007e1d59bc96f847c967e0f326e6c9089 Mon Sep 17 00:00:00 2001 From: Marshall Hallenbeck Date: Sat, 14 Oct 2023 18:34:09 -0400 Subject: [PATCH] ruff: eradicate commented out code --- nxc/context.py | 1 - nxc/first_run.py | 13 ------------- nxc/loaders/moduleloader.py | 3 --- nxc/logger.py | 1 - nxc/modules/IOXIDResolver.py | 1 - nxc/modules/dfscoerce.py | 2 -- nxc/modules/empire_exec.py | 2 -- nxc/modules/groupmembership.py | 1 - nxc/modules/shadowcoerce.py | 1 - nxc/modules/teams_localdb.py | 1 - nxc/protocols/ftp/database.py | 1 - nxc/protocols/ldap.py | 5 ----- nxc/protocols/ldap/bloodhound.py | 1 - nxc/protocols/ldap/gmsa.py | 1 - nxc/protocols/ldap/laps.py | 3 --- nxc/protocols/mssql.py | 3 --- nxc/protocols/mssql/database.py | 2 -- nxc/protocols/mssql/mssqlexec.py | 6 ------ nxc/protocols/rdp.py | 5 ----- nxc/protocols/smb.py | 6 ------ nxc/protocols/smb/atexec.py | 1 - nxc/protocols/smb/database.py | 10 ---------- nxc/protocols/smb/db_navigator.py | 1 - nxc/protocols/smb/proto_args.py | 2 -- nxc/protocols/smb/smbexec.py | 2 -- nxc/protocols/ssh/database.py | 1 - nxc/protocols/ssh/db_navigator.py | 9 --------- nxc/protocols/winrm.py | 6 ------ nxc/protocols/winrm/database.py | 2 -- nxc/protocols/winrm/db_navigator.py | 2 -- nxc/protocols/wmi/wmiexec.py | 2 -- nxc/protocols/wmi/wmiexec_event.py | 1 - tests/test_smb_database.py | 1 - 33 files changed, 99 deletions(-) diff --git a/nxc/context.py b/nxc/context.py index efb27bf85..88ea455f4 100755 --- a/nxc/context.py +++ b/nxc/context.py @@ -17,4 +17,3 @@ def __init__(self, db, logger, args): self.conf.read(os.path.expanduser("~/.nxc/nxc.conf")) self.log = logger - # self.log.debug = logging.debug diff --git a/nxc/first_run.py b/nxc/first_run.py index 744b0c323..35498a510 100755 --- a/nxc/first_run.py +++ b/nxc/first_run.py @@ -39,18 +39,5 @@ def first_run_setup(logger=nxc_logger): shutil.copy(default_path, NXC_PATH) # if not exists(CERT_PATH): - # logger.display('Generating SSL certificate') - # try: - # check_output(['openssl', 'help'], stderr=PIPE) # if os.name != 'nt': - # os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US" > /dev/null 2>&1'.format(path=CERT_PATH)) - # else: - # os.system('openssl req -new -x509 -keyout {path} -out {path} -days 365 -nodes -subj "/C=US"'.format(path=CERT_PATH)) - # except OSError as e: # if e.errno == errno.ENOENT: - # logger.error('OpenSSL command line utility is not installed, could not generate certificate, using default certificate') - # default_path = path_join(DATA_PATH, 'default.pem') - # shutil.copy(default_path, CERT_PATH) - # else: - # logger.error('Error while generating SSL certificate: {}'.format(e)) - # sys.exit(1) diff --git a/nxc/loaders/moduleloader.py b/nxc/loaders/moduleloader.py index 8730c2a9e..8ba4f54c3 100755 --- a/nxc/loaders/moduleloader.py +++ b/nxc/loaders/moduleloader.py @@ -44,9 +44,6 @@ def module_is_sane(self, module, module_path): elif not hasattr(module, "on_login") and not (module, "on_admin_login"): self.logger.fail(f"{module_path} missing the on_login/on_admin_login function(s)") module_error = True - # elif not hasattr(module, 'chain_support'): - # self.logger.fail('{} missing the chain_support variable'.format(module_path)) - # module_error = True if module_error: return False diff --git a/nxc/logger.py b/nxc/logger.py index a81db4c15..0873d19e0 100755 --- a/nxc/logger.py +++ b/nxc/logger.py @@ -33,7 +33,6 @@ def __init__(self, extra=None): logging.getLogger("pypykatz").disabled = True logging.getLogger("minidump").disabled = True logging.getLogger("lsassy").disabled = True - # logging.getLogger("impacket").disabled = True def format(self, msg, *args, **kwargs): # noqa: A003 """Format msg for output diff --git a/nxc/modules/IOXIDResolver.py b/nxc/modules/IOXIDResolver.py index 2e76f794d..89d2c88d0 100644 --- a/nxc/modules/IOXIDResolver.py +++ b/nxc/modules/IOXIDResolver.py @@ -35,7 +35,6 @@ def on_login(self, context, connection): context.log.debug("[*] Retrieving network interface of " + connection.host) - # NetworkAddr = bindings[0]['aNetworkAddr'] for binding in bindings: NetworkAddr = binding["aNetworkAddr"] try: diff --git a/nxc/modules/dfscoerce.py b/nxc/modules/dfscoerce.py index 511cc8aaa..095b0711f 100644 --- a/nxc/modules/dfscoerce.py +++ b/nxc/modules/dfscoerce.py @@ -112,7 +112,6 @@ def connect(self, username, password, domain, lmhash, nthash, aesKey, target, do if doKerberos: rpctransport.set_kerberos(doKerberos, kdcHost=dcHost) # if target: - # rpctransport.setRemoteHost(target) rpctransport.setRemoteHost(target) dce = rpctransport.get_dce_rpc() @@ -139,7 +138,6 @@ def NetrDfsRemoveStdRoot(self, dce, listener): request["ApiFlags"] = 1 if self.args.verbose: nxc_logger.debug(request.dump()) - # logger.debug(request.dump()) dce.request(request) except Exception as e: diff --git a/nxc/modules/empire_exec.py b/nxc/modules/empire_exec.py index 34024fafe..6df932591 100644 --- a/nxc/modules/empire_exec.py +++ b/nxc/modules/empire_exec.py @@ -105,7 +105,6 @@ def options(self, context, module_options): sys.exit(1) context.log.debug(f"Response Code: {stager_response.status_code}") - # context.log.debug(f"Response Content: {stager_response.text}") stager_create_data = stager_response.json() context.log.debug(f"Stager data: {stager_create_data}") @@ -117,7 +116,6 @@ def options(self, context, module_options): verify=False, ) context.log.debug(f"Response Code: {download_response.status_code}") - # context.log.debug(f"Response Content: {download_response.text}") self.empire_launcher = download_response.text diff --git a/nxc/modules/groupmembership.py b/nxc/modules/groupmembership.py index 6dba55ac1..6af6af6b9 100644 --- a/nxc/modules/groupmembership.py +++ b/nxc/modules/groupmembership.py @@ -89,7 +89,6 @@ def on_login(self, context, connection): # and splitting it on the "=" character to get a list of the group name and its prefix (e.g., "CN") group_name = group_parts[0].split("=")[1] - # print("Group name: %s" % group_name) context.log.highlight(f"{group_name}") return None return None diff --git a/nxc/modules/shadowcoerce.py b/nxc/modules/shadowcoerce.py index b3b6c02f3..d55168b24 100644 --- a/nxc/modules/shadowcoerce.py +++ b/nxc/modules/shadowcoerce.py @@ -253,7 +253,6 @@ def IsPathShadowCopied(self, dce, listener): # only NETLOGON and SYSVOL were detected working here # setting the share to something else raises a 0x80042308 (FSRVP_E_OBJECT_NOT_FOUND) or 0x8004230c (FSRVP_E_NOT_SUPPORTED) request["ShareName"] = f"\\\\{listener}\\NETLOGON\x00" - # request.dump() dce.request(request) except Exception as e: nxc_logger.debug("Something went wrong, check error status => %s", str(e)) diff --git a/nxc/modules/teams_localdb.py b/nxc/modules/teams_localdb.py index b47b53a91..e2f91ecbb 100644 --- a/nxc/modules/teams_localdb.py +++ b/nxc/modules/teams_localdb.py @@ -16,7 +16,6 @@ def options(self, context, module_options): def on_admin_login(self, context, connection): context.log.display("Killing all Teams process to open the cookie file") connection.execute("taskkill /F /T /IM teams.exe") - # sleep(3) found = 0 paths = connection.spider("C$", folder="Users", regex=["[a-zA-Z0-9]*"], depth=0) with open("/tmp/teams_cookies2.txt", "wb") as f: diff --git a/nxc/protocols/ftp/database.py b/nxc/protocols/ftp/database.py index 7b5cb2a3d..45b7f6455 100644 --- a/nxc/protocols/ftp/database.py +++ b/nxc/protocols/ftp/database.py @@ -176,7 +176,6 @@ def add_credential(self, username, password): nxc_logger.debug(f"Adding credentials: {credentials}") self.sess.execute(q_users, credentials) # .scalar() - # return cred_ids # hacky way to get cred_id since we can't use returning() yet if len(credentials) == 1: diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py index 103124140..0eab1fa7b 100644 --- a/nxc/protocols/ldap.py +++ b/nxc/protocols/ldap.py @@ -151,7 +151,6 @@ def __init__(self, args, db, host): connection.__init__(self, args, db, host) def proto_logger(self): - # self.logger = nxc_logger self.logger = NXCAdapter( extra={ "protocol": "LDAP", @@ -301,7 +300,6 @@ def print_host_info(self): self.logger.extra["protocol"] = "LDAP" self.logger.extra["port"] = "389" self.logger.display(f"Connecting to LDAP {self.hostname}") - # self.logger.display(self.endpoint) else: self.logger.extra["protocol"] = "SMB" if not self.no_ntlm else "LDAP" self.logger.extra["port"] = "445" if not self.no_ntlm else "389" @@ -311,7 +309,6 @@ def print_host_info(self): smbv1 = colored(f"SMBv1:{self.smbv1}", host_info_colors[2], attrs=["bold"]) if self.smbv1 else colored(f"SMBv1:{self.smbv1}", host_info_colors[3], attrs=["bold"]) self.logger.display(f"{self.server_os}{f' x{self.os_arch}' if self.os_arch else ''} (name:{self.hostname}) (domain:{self.domain}) ({signing}) ({smbv1})") self.logger.extra["protocol"] = "LDAP" - # self.logger.display(self.endpoint) return True def kerberos_login( @@ -324,7 +321,6 @@ def kerberos_login( kdcHost="", useCache=False, ): - # nxc_logger.getLogger("impacket").disabled = True self.username = username self.password = password self.domain = domain @@ -382,7 +378,6 @@ def kerberos_login( used_ccache = " from ccache" if useCache else f":{process_secret(kerb_pass)}" out = f"{domain}\\{self.username}{used_ccache} {self.mark_pwned()}" - # out = f"{domain}\\{self.username}{' from ccache' if useCache else ':%s' % (kerb_pass if not self.config.get('nxc', 'audit_mode') else self.config.get('nxc', 'audit_mode') * 8)} {highlight('({})'.format(self.config.get('nxc', 'pwn3d_label')) if self.admin_privs else '')}" self.logger.extra["protocol"] = "LDAP" self.logger.extra["port"] = "636" if (self.args.gmsa or self.args.port == 636) else "389" diff --git a/nxc/protocols/ldap/bloodhound.py b/nxc/protocols/ldap/bloodhound.py index b7a6422f1..63ebbd949 100644 --- a/nxc/protocols/ldap/bloodhound.py +++ b/nxc/protocols/ldap/bloodhound.py @@ -44,7 +44,6 @@ def connect(self): # Create an object resolver self.ad.create_objectresolver(self.pdc) - # self.pdc.ldap_connect(self.ad.auth.username, self.ad.auth.password, kdc) def run( self, diff --git a/nxc/protocols/ldap/gmsa.py b/nxc/protocols/ldap/gmsa.py index 807444545..e7e9db7f0 100644 --- a/nxc/protocols/ldap/gmsa.py +++ b/nxc/protocols/ldap/gmsa.py @@ -12,7 +12,6 @@ class MSDS_MANAGEDPASSWORD_BLOB(Structure): ("UnchangedPasswordIntervalOffset", " 0: - # self.logger.display("MSSQL DB Instances: {}".format(len(self.mssql_instances))) # for i, instance in enumerate(self.mssql_instances): - # self.logger.debug("Instance {}".format(i)) # for key in instance.keys(): - # self.logger.debug(key + ":" + instance[key]) def create_conn_obj(self): try: diff --git a/nxc/protocols/mssql/database.py b/nxc/protocols/mssql/database.py index ed6a5b5dc..1702e82c2 100755 --- a/nxc/protocols/mssql/database.py +++ b/nxc/protocols/mssql/database.py @@ -56,7 +56,6 @@ def db_schema(db_conn): FOREIGN KEY(hostid) REFERENCES hosts(id) )""" ) - # type = hash, plaintext db_conn.execute( """CREATE TABLE "users" ( "id" integer PRIMARY KEY, @@ -185,7 +184,6 @@ def add_credential(self, credtype, domain, username, password, pillaged_from=Non if not user[3] and not user[4] and not user[5]: q = update(self.UsersTable).values(credential_data) # .returning(self.UsersTable.c.id) results = self.conn.execute(q) # .first() - # user_rowid = results.id nxc_logger.debug(f"add_credential(credtype={credtype}, domain={domain}, username={username}, password={password}, pillaged_from={pillaged_from})") return user_rowid diff --git a/nxc/protocols/mssql/mssqlexec.py b/nxc/protocols/mssql/mssqlexec.py index 2bd695c78..55167ddbb 100755 --- a/nxc/protocols/mssql/mssqlexec.py +++ b/nxc/protocols/mssql/mssqlexec.py @@ -29,18 +29,12 @@ def execute(self, command, output=False): nxc_logger.debug("Output is enabled") for row in command_output: nxc_logger.debug(row) - # self.mssql_conn.printReplies() - # self.mssql_conn.colMeta[0]["TypeData"] = 80 * 2 - # self.mssql_conn.printRows() - # self.outputBuffer = self.mssql_conn._MSSQL__rowsPrinter.getMessage() # if len(self.outputBuffer): - # self.outputBuffer = self.outputBuffer.split('\n', 2)[2] try: self.disable_xp_cmdshell() except Exception as e: nxc_logger.error(f"[OPSEC] Error when attempting to disable xp_cmdshell: {e}") return command_output - # return self.outputBuffer def enable_xp_cmdshell(self): self.mssql_conn.sql_query("exec master.dbo.sp_configure 'show advanced options',1;RECONFIGURE;exec master.dbo.sp_configure 'xp_cmdshell', 1;RECONFIGURE;") diff --git a/nxc/protocols/rdp.py b/nxc/protocols/rdp.py index 149e1923a..9b0c49975 100644 --- a/nxc/protocols/rdp.py +++ b/nxc/protocols/rdp.py @@ -85,13 +85,8 @@ def __init__(self, args, db, host): # def proto_flow(self): # if self.create_conn_obj(): - # self.proto_logger() - # self.print_host_info() # if self.login() or (self.username == '' and self.password == ''): # if hasattr(self.args, 'module') and self.args.module: - # self.call_modules() - # else: - # self.call_cmd_args() def proto_logger(self): self.logger = NXCAdapter( diff --git a/nxc/protocols/smb.py b/nxc/protocols/smb.py index 23fb1b5b1..ead0d247d 100755 --- a/nxc/protocols/smb.py +++ b/nxc/protocols/smb.py @@ -1244,10 +1244,8 @@ def rid_brute(self, max_rid=None): # Want encryption? Uncomment next line # But make simultaneous variable <= 100 - # dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) # Want fragmentation? Uncomment next line - # dce.set_max_fragment_size(32) dce.bind(lsat.MSRPC_UUID_LSAT) try: @@ -1693,9 +1691,7 @@ def add_ntds_hash(ntds_hash, host_id): # if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0: # We don't store the resume file if this error happened, since this error is related to lack # of enough privileges to access DRSUAPI. - # resumeFile = NTDS.getResumeSessionFile() # if resumeFile is not None: - # os.unlink(resumeFile) self.logger.fail(e) NTDS = NTDSHashes( @@ -1727,9 +1723,7 @@ def add_ntds_hash(ntds_hash, host_id): # if str(e).find('ERROR_DS_DRA_BAD_DN') >= 0: # We don't store the resume file if this error happened, since this error is related to lack # of enough privileges to access DRSUAPI. - # resumeFile = NTDS.getResumeSessionFile() # if resumeFile is not None: - # os.unlink(resumeFile) self.logger.fail(e) try: self.remote_ops.finish() diff --git a/nxc/protocols/smb/atexec.py b/nxc/protocols/smb/atexec.py index 01b9e1711..019e7cd76 100755 --- a/nxc/protocols/smb/atexec.py +++ b/nxc/protocols/smb/atexec.py @@ -128,7 +128,6 @@ def execute_handler(self, command, fileless=False): dce.set_credentials(*self.__rpctransport.get_credentials()) dce.connect() - # dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) tmpName = gen_random_string(8) diff --git a/nxc/protocols/smb/database.py b/nxc/protocols/smb/database.py index 329a977ad..b4b092cc5 100755 --- a/nxc/protocols/smb/database.py +++ b/nxc/protocols/smb/database.py @@ -83,7 +83,6 @@ def db_schema(db_conn): """ ) - # type = hash, plaintext db_conn.execute( """CREATE TABLE "users" ( "id" integer PRIMARY KEY, @@ -353,7 +352,6 @@ def add_credential(self, credtype, domain, username, password, group_id=None, pi q_groups = Insert(self.GroupRelationsTable) self.conn.execute(q_groups, groups) - # return user_ids def remove_credentials(self, creds_id): """Removes a credential ID from the database""" @@ -567,11 +565,7 @@ def add_group(self, domain, name, rid=None, member_count_ad=None): self.conn.execute(q, groups) # TODO: always return a list and fix code references to not expect a single integer - # inserted_result = res_inserted_result.first() - # gid = inserted_result.id # - # logger.debug(f"inserted_results: {inserted_result}\ntype: {type(inserted_result)}") - # logger.debug('add_group(domain={}, name={}) => {}'.format(domain, name, gid)) if updated_ids: nxc_logger.debug(f"Updated groups with IDs: {updated_ids}") return updated_ids @@ -668,7 +662,6 @@ def add_share(self, host_id, user_id, name, remark, read, write): Insert(self.SharesTable).on_conflict_do_nothing(), # .returning(self.SharesTable.c.id), share_data, ) # .scalar_one() - # return share_id def get_shares(self, filter_term=None): if self.is_share_valid(filter_term): @@ -719,7 +712,6 @@ def add_domain_backupkey(self, domain: str, pvk: bytes): self.conn.execute(q, [backup_key]) # .scalar() nxc_logger.debug(f"add_domain_backupkey(domain={domain}, pvk={pvk_encoded})") - # return inserted_id except Exception as e: nxc_logger.debug(f"Issue while inserting DPAPI Backup Key: {e}") @@ -772,8 +764,6 @@ def add_dpapi_secrets( self.conn.execute(q, [secret]) # .scalar() - # inserted_result = res_inserted_result.first() - # inserted_id = inserted_result.id nxc_logger.debug(f"add_dpapi_secrets(host={host}, dpapi_type={dpapi_type}, windows_user={windows_user}, username={username}, password={password}, url={url})") diff --git a/nxc/protocols/smb/db_navigator.py b/nxc/protocols/smb/db_navigator.py index 6a88ece3a..e3702f72d 100644 --- a/nxc/protocols/smb/db_navigator.py +++ b/nxc/protocols/smb/db_navigator.py @@ -19,7 +19,6 @@ def display_creds(self, creds): username = cred[2] password = cred[3] credtype = cred[4] - # pillaged_from = cred[5] links = self.db.get_admin_relations(user_id=cred_id) data.append( diff --git a/nxc/protocols/smb/proto_args.py b/nxc/protocols/smb/proto_args.py index 5772601bb..2e10ef82f 100644 --- a/nxc/protocols/smb/proto_args.py +++ b/nxc/protocols/smb/proto_args.py @@ -16,8 +16,6 @@ def proto_args(parser, std_parser, module_parser): cgroup.add_argument("--lsa", action="store_true", help="dump LSA secrets from target systems") cgroup.add_argument("--ntds", choices={"vss", "drsuapi"}, nargs="?", const="drsuapi", help="dump the NTDS.dit from target DCs using the specifed method\n(default: drsuapi)") cgroup.add_argument("--dpapi", choices={"cookies", "nosystem"}, nargs="*", help='dump DPAPI secrets from target systems, can dump cookies if you add "cookies", will not dump SYSTEM dpapi if you add nosystem\n') - # cgroup.add_argument("--ntds-history", action='store_true', help='Dump NTDS.dit password history') - # cgroup.add_argument("--ntds-pwdLastSet", action='store_true', help='Shows the pwdLastSet attribute for each NTDS.dit account') ngroup = smb_parser.add_argument_group("Credential Gathering", "Options for gathering credentials") ngroup.add_argument("--mkfile", action="store", help="DPAPI option. File with masterkeys in form of {GUID}:SHA1") diff --git a/nxc/protocols/smb/smbexec.py b/nxc/protocols/smb/smbexec.py index 85acbc35b..17999b641 100755 --- a/nxc/protocols/smb/smbexec.py +++ b/nxc/protocols/smb/smbexec.py @@ -29,7 +29,6 @@ def __init__(self, host, share_name, smbconnection, protocol, username="", passw self.__rpctransport = None self.__scmr = None self.__conn = None - # self.__mode = mode self.__aesKey = aesKey self.__doKerberos = doKerberos self.__kdcHost = kdcHost @@ -102,7 +101,6 @@ def execute_remote(self, data): self.logger.debug("Hosting batch file with command: " + command) - # command = self.__shell + '\\\\{}\\{}\\{}'.format(local_ip,self.__share_name, self.__batchFile) self.logger.debug("Command to execute: " + command) self.logger.debug(f"Remote service {self.__serviceName} created.") diff --git a/nxc/protocols/ssh/database.py b/nxc/protocols/ssh/database.py index d4b575bb3..7fac6878b 100644 --- a/nxc/protocols/ssh/database.py +++ b/nxc/protocols/ssh/database.py @@ -223,7 +223,6 @@ def add_credential(self, credtype, username, password, key=None): nxc_logger.debug(f"Adding credentials: {credentials}") self.sess.execute(q_users, credentials) # .scalar() - # return cred_ids # hacky way to get cred_id since we can't use returning() yet if len(credentials) == 1: diff --git a/nxc/protocols/ssh/db_navigator.py b/nxc/protocols/ssh/db_navigator.py index fcaa95d1b..a83b5ffe8 100644 --- a/nxc/protocols/ssh/db_navigator.py +++ b/nxc/protocols/ssh/db_navigator.py @@ -152,19 +152,10 @@ def do_creds(self, line): creds = self.db.get_credentials() self.display_creds(creds) # TODO - # elif filter_term.split()[0].lower() == "add": # # add format: "domain username password - # args = filter_term.split()[1:] # # if len(args) == 3: - # domain, username, password = args # if validate_ntlm(password): - # self.db.add_credential("hash", domain, username, password) - # else: - # self.db.add_credential("plaintext", domain, username, password) - # else: - # print("[!] Format is 'add username password") - # return elif filter_term.split()[0].lower() == "remove": args = filter_term.split()[1:] if len(args) != 1: diff --git a/nxc/protocols/winrm.py b/nxc/protocols/winrm.py index fc6158cbd..28f738b2b 100644 --- a/nxc/protocols/winrm.py +++ b/nxc/protocols/winrm.py @@ -47,7 +47,6 @@ def enum_host_info(self): if self.args.no_smb: self.domain = self.args.domain else: - # try: smb_conn = SMBConnection(self.host, self.host, None, timeout=5) no_ntlm = False try: @@ -213,7 +212,6 @@ def create_conn_obj(self): def plaintext_login(self, domain, username, password): try: - # log.addFilter(SuppressFilter()) if not self.args.laps: self.password = password self.username = username @@ -236,8 +234,6 @@ def plaintext_login(self, domain, username, password): self.logger.debug(f"Adding credential: {domain}/{self.username}:{self.password}") self.db.add_credential("plaintext", domain, self.username, self.password) # TODO: when we can easily get the host_id via RETURNING statements, readd this in - # host_id = self.db.get_hosts(self.host)[0].id - # self.db.add_loggedin_relation(user_id, host_id) if self.admin_privs: self.logger.debug("Inside admin privs") @@ -256,9 +252,7 @@ def plaintext_login(self, domain, username, password): def hash_login(self, domain, username, ntlm_hash): try: - # from urllib3.connectionpool import log - # log.addFilter(SuppressFilter()) lmhash = "00000000000000000000000000000000:" nthash = "" diff --git a/nxc/protocols/winrm/database.py b/nxc/protocols/winrm/database.py index b1207ec76..d983b859d 100644 --- a/nxc/protocols/winrm/database.py +++ b/nxc/protocols/winrm/database.py @@ -209,7 +209,6 @@ def add_credential(self, credtype, domain, username, password, pillaged_from=Non update_columns_users = {col.name: col for col in q_users.excluded if col.name not in "id"} q_users = q_users.on_conflict_do_update(index_elements=self.UsersTable.primary_key, set_=update_columns_users) self.conn.execute(q_users, credentials) # .scalar() - # return user_ids def remove_credentials(self, creds_id): """Removes a credential ID from the database""" @@ -371,7 +370,6 @@ def add_loggedin_relation(self, user_id, host_id): q = Insert(self.LoggedinRelationsTable) # .returning(self.LoggedinRelationsTable.c.id) self.conn.execute(q, [relation]) # .scalar() - # return inserted_ids except Exception as e: nxc_logger.debug(f"Error inserting LoggedinRelation: {e}") diff --git a/nxc/protocols/winrm/db_navigator.py b/nxc/protocols/winrm/db_navigator.py index d0fe94b85..973ab16ca 100644 --- a/nxc/protocols/winrm/db_navigator.py +++ b/nxc/protocols/winrm/db_navigator.py @@ -14,7 +14,6 @@ def display_creds(self, creds): username = cred[2] password = cred[3] credtype = cred[4] - # pillaged_from = cred[5] links = self.db.get_admin_relations(user_id=cred_id) data.append( @@ -103,7 +102,6 @@ def do_hosts(self, line): username = cred[2] password = cred[3] credtype = cred[4] - # pillaged_from = cred[5] data.append([cred_id, credtype, domain, username, password]) print_table(data, title="Credential(s) with Admin Access") diff --git a/nxc/protocols/wmi/wmiexec.py b/nxc/protocols/wmi/wmiexec.py index 706a2685f..1f92de5ce 100644 --- a/nxc/protocols/wmi/wmiexec.py +++ b/nxc/protocols/wmi/wmiexec.py @@ -51,8 +51,6 @@ def __init__(self, host, username, password, domain, lmhash, nthash, doKerberos, self.__retOutput = True self.__shell = "cmd.exe /Q /c " - # self.__pwsh = 'powershell.exe -NoP -NoL -sta -NonI -W Hidden -Exec Bypass -Enc ' - # self.__pwsh = 'powershell.exe -Enc ' self.__pwd = "C:\\" self.__codec = codec diff --git a/nxc/protocols/wmi/wmiexec_event.py b/nxc/protocols/wmi/wmiexec_event.py index aa8706fda..6eaf85804 100644 --- a/nxc/protocols/wmi/wmiexec_event.py +++ b/nxc/protocols/wmi/wmiexec_event.py @@ -148,7 +148,6 @@ def execute_vbs(self, vbs_content): wmi_timer = wmi_timer.SpawnInstance() wmi_timer.TimerId = self.__instanceID wmi_timer.IntervalBetweenEvents = 1000 - # wmiTimer.SkipIfPassed = False # Don't output verbose current = sys.stdout sys.stdout = StringIO() diff --git a/tests/test_smb_database.py b/tests/test_smb_database.py index 6d0877692..d8c95739e 100644 --- a/tests/test_smb_database.py +++ b/tests/test_smb_database.py @@ -24,7 +24,6 @@ def db_engine(): @pytest.fixture(scope="session") def db_setup(db_engine): proto = "smb" - # setup_logger() logger = NXCAdapter() first_run_setup(logger) p_loader = ProtocolLoader()