From 8a6fb7c67a53c97498cc44827405bc7fd890c5b4 Mon Sep 17 00:00:00 2001
From: joaovarelas <joaomvarelas@gmail.com>
Date: Fri, 19 Jul 2024 16:25:39 +0100
Subject: [PATCH 1/4] add module hyperv-host.py

---
 nxc/modules/hyperv-host.py | 53 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 nxc/modules/hyperv-host.py

diff --git a/nxc/modules/hyperv-host.py b/nxc/modules/hyperv-host.py
new file mode 100644
index 000000000..a8adeed8d
--- /dev/null
+++ b/nxc/modules/hyperv-host.py
@@ -0,0 +1,53 @@
+from impacket.dcerpc.v5.rpcrt import DCERPCException
+from impacket.dcerpc.v5 import rrp
+from impacket.examples.secretsdump import RemoteOperations
+
+
+class NXCModule:
+    name = "hyperv-host"
+    description = "Performs a registry query on the VM to lookup its HyperV Host"
+    supported_protocols = ["smb"]
+    opsec_safe = True
+    multiple_hosts = True
+
+    def __init__(self, context=None, module_options=None):
+        self.context = context
+        self.module_options = module_options
+  
+
+    def options(self, context, module_options):
+        """"""
+  
+      
+    def on_admin_login(self, context, connection):
+        self.context = context
+      
+        path = "SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters"
+        key = "HostName"
+
+        remote_ops = RemoteOperations(connection.conn, False)
+        remote_ops.enableRegistry()
+
+        try:
+            ans = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
+            reg_handle = ans["phKey"]
+
+            ans = rrp.hBaseRegOpenKey(remote_ops._RemoteOperations__rrp, reg_handle, path)
+            key_handle = ans["phkResult"]
+
+            # Query
+            try:
+                data_type, reg_value = rrp.hBaseRegQueryValue(remote_ops._RemoteOperations__rrp, key_handle, key)
+                self.context.log.highlight(f"{key}: {reg_value}")
+            except Exception:
+                self.context.log.fail(f"Registry key {path}\\{key} does not exist")
+                return
+
+            rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
+        except DCERPCException as e:
+            self.context.log.fail(f"DCERPC Error while querying or modifying registry: {e}")
+        except Exception as e:
+            self.context.log.fail(f"Error while querying or modifying registry: {e}")
+        finally:
+            remote_ops.finish()
+

From f54deff68ebed0a67c280d446c22303895ee5c2c Mon Sep 17 00:00:00 2001
From: joaovarelas <joaomvarelas@gmail.com>
Date: Sat, 20 Jul 2024 14:29:04 +0100
Subject: [PATCH 2/4] edited reg query fail msgs

---
 nxc/modules/hyperv-host.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nxc/modules/hyperv-host.py b/nxc/modules/hyperv-host.py
index a8adeed8d..49eae25c2 100644
--- a/nxc/modules/hyperv-host.py
+++ b/nxc/modules/hyperv-host.py
@@ -45,9 +45,9 @@ def on_admin_login(self, context, connection):
 
             rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
         except DCERPCException as e:
-            self.context.log.fail(f"DCERPC Error while querying or modifying registry: {e}")
+            self.context.log.fail(f"DCERPC Error while querying registry: {e}")
         except Exception as e:
-            self.context.log.fail(f"Error while querying or modifying registry: {e}")
+            self.context.log.fail(f"Error while querying registry: {e}")
         finally:
             remote_ops.finish()
 

From b4612ea38c48de36e2d43f58f10c5fd6a5abe8d1 Mon Sep 17 00:00:00 2001
From: joaovarelas <joaomvarelas@gmail.com>
Date: Sat, 27 Jul 2024 19:05:59 +0100
Subject: [PATCH 3/4] trycatch and suppress errors mod hyperv-host.py

---
 nxc/modules/hyperv-host.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/nxc/modules/hyperv-host.py b/nxc/modules/hyperv-host.py
index 49eae25c2..815ab0cc4 100644
--- a/nxc/modules/hyperv-host.py
+++ b/nxc/modules/hyperv-host.py
@@ -4,6 +4,8 @@
 
 
 class NXCModule:
+    """Module by @joaovarelas"""
+
     name = "hyperv-host"
     description = "Performs a registry query on the VM to lookup its HyperV Host"
     supported_protocols = ["smb"]
@@ -25,25 +27,28 @@ def on_admin_login(self, context, connection):
         path = "SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters"
         key = "HostName"
 
-        remote_ops = RemoteOperations(connection.conn, False)
-        remote_ops.enableRegistry()
-
         try:
+            remote_ops = RemoteOperations(connection.conn, False)
+            remote_ops.enableRegistry()
+     
             ans = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
             reg_handle = ans["phKey"]
 
-            ans = rrp.hBaseRegOpenKey(remote_ops._RemoteOperations__rrp, reg_handle, path)
-            key_handle = ans["phkResult"]
-
             # Query
             try:
+                ans = rrp.hBaseRegOpenKey(remote_ops._RemoteOperations__rrp, reg_handle, path)
+                key_handle = ans["phkResult"]
+
                 data_type, reg_value = rrp.hBaseRegQueryValue(remote_ops._RemoteOperations__rrp, key_handle, key)
                 self.context.log.highlight(f"{key}: {reg_value}")
+
+                rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
+        
             except Exception:
-                self.context.log.fail(f"Registry key {path}\\{key} does not exist")
-                return
+                #self.context.log.fail(f"Registry key {path}\\{key} does not exist")  
+                pass # Muted
+
 
-            rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
         except DCERPCException as e:
             self.context.log.fail(f"DCERPC Error while querying registry: {e}")
         except Exception as e:

From b9d788b8d464946e81538a57ded4265a07d897d8 Mon Sep 17 00:00:00 2001
From: Alexander Neff <alex99.neff@gmx.de>
Date: Thu, 15 Aug 2024 13:36:50 -0400
Subject: [PATCH 4/4] Change Exception to DCERPCException and added debug log

---
 nxc/modules/hyperv-host.py | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/nxc/modules/hyperv-host.py b/nxc/modules/hyperv-host.py
index 815ab0cc4..cde252c54 100644
--- a/nxc/modules/hyperv-host.py
+++ b/nxc/modules/hyperv-host.py
@@ -15,22 +15,20 @@ class NXCModule:
     def __init__(self, context=None, module_options=None):
         self.context = context
         self.module_options = module_options
-  
 
     def options(self, context, module_options):
         """"""
-  
-      
+
     def on_admin_login(self, context, connection):
         self.context = context
-      
+
         path = "SOFTWARE\Microsoft\Virtual Machine\Guest\Parameters"
         key = "HostName"
 
         try:
             remote_ops = RemoteOperations(connection.conn, False)
             remote_ops.enableRegistry()
-     
+
             ans = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
             reg_handle = ans["phKey"]
 
@@ -43,11 +41,9 @@ def on_admin_login(self, context, connection):
                 self.context.log.highlight(f"{key}: {reg_value}")
 
                 rrp.hBaseRegCloseKey(remote_ops._RemoteOperations__rrp, key_handle)
-        
-            except Exception:
-                #self.context.log.fail(f"Registry key {path}\\{key} does not exist")  
-                pass # Muted
 
+            except DCERPCException as e:
+                self.context.log.debug(f"Registry key {path}\\{key} does not exist: {e}")
 
         except DCERPCException as e:
             self.context.log.fail(f"DCERPC Error while querying registry: {e}")
@@ -55,4 +51,3 @@ def on_admin_login(self, context, connection):
             self.context.log.fail(f"Error while querying registry: {e}")
         finally:
             remote_ops.finish()
-