fix and add more debug statements for winrm

Pennyw0rth · Oct 26, 2023 · dcdff05 · dcdff05
1 parent 0bdbdc7
commit dcdff05
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 16 deletions.
diff --git a/nxc/connection.py b/nxc/connection.py
@@ -397,12 +397,16 @@ def try_credentials(self, domain, username, owned, secret, cred_type, data=None)
         with sem:
             if cred_type == "plaintext":
                 if self.args.kerberos:
+                    self.logger.debug("Trying to authenticate using Kerberos")
                     return self.kerberos_login(domain, username, secret, "", "", self.kdcHost, False)
-                elif hasattr(self.args, "domain"):  # Some protocolls don't use domain for login
+                elif hasattr(self.args, "domain"):  # Some protocols don't use domain for login
+                    self.logger.debug("Trying to authenticate using plaintext with domain")
                     return self.plaintext_login(domain, username, secret)
                 elif self.args.protocol == "ssh":
+                    self.logger.debug("Trying to authenticate using plaintext over SSH")
                     return self.plaintext_login(username, secret, data)
                 else:
+                    self.logger.debug("Trying to authenticate using plaintext")
                     return self.plaintext_login(username, secret)
             elif cred_type == "hash":
                 if self.args.kerberos:
@@ -445,6 +449,7 @@ def login(self):
             data.extend(parsed_data)
 
         if self.args.use_kcache:
+            self.logger.debug("Trying to authenticate using Kerberos cache")
             with sem:
                 username = self.args.username[0] if len(self.args.username) else ""
                 password = self.args.password[0] if len(self.args.password) else ""

diff --git a/nxc/protocols/winrm.py b/nxc/protocols/winrm.py
@@ -191,8 +191,8 @@ def create_conn_obj(self):
         for url in endpoints:
             try:
                 self.logger.debug(f"Requesting URL: {url}")
-                res = requests.post(url, verify=False, timeout=self.args.http_timeout)  # noqa: F841
-                self.logger.debug("Received response code: {res.status_code}")
+                res = requests.post(url, verify=False, timeout=self.args.http_timeout) 
+                self.logger.debug(f"Received response code: {res.status_code}")
                 self.endpoint = url
                 if self.endpoint.startswith("https://"):
                     self.logger.extra["port"] = self.args.port if self.args.port else 5986
@@ -250,7 +250,6 @@ def plaintext_login(self, domain, username, password):
 
     def hash_login(self, domain, username, ntlm_hash):
         try:
-
             lmhash = "00000000000000000000000000000000:"
             nthash = ""
 
@@ -302,21 +301,26 @@ def hash_login(self, domain, username, ntlm_hash):
 
     def execute(self, payload=None, get_output=False):
         try:
+            self.logger.debug(f"Connection: {self.conn}, and type: {type(self.conn)}")
             r = self.conn.execute_cmd(self.args.execute, encoding=self.args.codec)
-        except Exception:
-            self.logger.info("Cannot execute command, probably because user is not local admin, but powershell command should be ok!")
-            r = self.conn.execute_ps(self.args.execute)
-        self.logger.success("Executed command")
-        buf = StringIO(r[0]).readlines()
-        for line in buf:
-            self.logger.highlight(line.strip())
+            self.logger.success("Executed command")
+            buf = StringIO(r[0]).readlines()
+            for line in buf:
+                self.logger.highlight(line.strip())
+        except Exception as e:
+            self.logger.debug(f"Error executing command: {e}")
+            self.logger.fail("Cannot execute command, probably because user is not local admin, but running via powershell (-X) may work")
 
     def ps_execute(self, payload=None, get_output=False):
-        r = self.conn.execute_ps(self.args.ps_execute)
-        self.logger.success("Executed command")
-        buf = StringIO(r[0]).readlines()
-        for line in buf:
-            self.logger.highlight(line.strip())
+        try:
+            r = self.conn.execute_ps(self.args.ps_execute)
+            self.logger.success("Executed command")
+            buf = StringIO(r[0]).readlines()
+            for line in buf:
+                self.logger.highlight(line.strip())
+        except Exception as e:
+            self.logger.debug(f"Error executing command: {e}")
+            self.logger.fail("Command execution failed")
 
     def sam(self):
         self.conn.execute_cmd("reg save HKLM\SAM C:\\windows\\temp\\SAM && reg save HKLM\SYSTEM C:\\windows\\temp\\SYSTEM")