Skip to content

Commit

Permalink
correct issues with rbcd.py Pennyw0rth#2
Browse files Browse the repository at this point in the history
  • Loading branch information
@shivaaz-fr
shivaaz-fr committed Dec 8, 2024
1 parent 6cfa916 commit 7a1e2c6
Showing 1 changed file with 14 additions and 7 deletions.
21 changes: 14 additions & 7 deletions nxc/modules/rbcd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@

class NXCModule:
name = "rbcd"
description = "Module to check RBCD requierements : Is the Target vulnerable to any coerce vulns AND is webdav client enabled. Set LISTENER IP for coercion."
description = "Check RBCD requierements : vulnerable to any coerce methods AND webdav client enabled. Set LISTENER IP for coercion."
supported_protocols = ["smb"]
opsec_safe = True
multiple_hosts = True
Expand Down Expand Up @@ -53,7 +53,8 @@ def on_login(self, context, connection):
remote_file.open_file()
remote_file.close()

context.log.highlight(self.output.format(connection.conn.getRemotehost()))
#context.log.highlight("RBCD requierements OK !!! WebDAV +")
msgOutput = "RBCD requierements OK ! WebDAV +"

except SessionError as e:
if e.getErrorCode() == nt_errors.STATUS_OBJECT_NAME_NOT_FOUND:
Expand Down Expand Up @@ -85,7 +86,8 @@ def on_login(self, context, connection):

if dfscocerceconnect is not None:
context.log.debug("Target is vulnerable to DFSCoerce")
context.log.highlight("VULNERABLE, DFSCoerce")
#context.log.highlight("VULNERABLE, DFSCoerce")
msgOutput = msgOutput + " DFSCoerce"
if self.listener is not None: # exploit
dfscocerceclass.exploit(dfscocerceconnect, self.listener, self.always_continue, "netdfs")
dfscocerceconnect.disconnect()
Expand Down Expand Up @@ -116,7 +118,8 @@ def on_login(self, context, connection):

if shadowcocerceconnect is not None:
context.log.debug("Target is vulnerable to ShadowCoerce")
context.log.highlight("VULNERABLE, ShadowCoerce")
#context.log.highlight("VULNERABLE, ShadowCoerce")
msgOutput = msgOutput + " ShadowCoerce"
if self.listener is not None: # exploit
shadowcocerceclass.exploit(shadowcocerceconnect, self.listener, self.always_continue, "Fssagentrpc")
shadowcocerceconnect.disconnect()
Expand Down Expand Up @@ -152,7 +155,8 @@ def on_login(self, context, connection):
if petitpotamconnect is not None:
if reducelog:
context.log.debug("Target is vulnerable to PetitPotam")
context.log.highlight("VULNERABLE, PetitPotam")
msgOutput = msgOutput + " PetitPotam"
#context.log.highlight("VULNERABLE, PetitPotam")
reducelog = False
if self.listener is not None: # exploit TODO
exploit_status = petitpotamclass.exploit(petitpotamconnect, self.listener, self.always_continue, pipe)
Expand Down Expand Up @@ -186,7 +190,8 @@ def on_login(self, context, connection):

if printerbugconnect is not None:
context.log.debug("Target is vulnerable to PrinterBug")
context.log.highlight("VULNERABLE, PrinterBug")
msgOutput = msgOutput + " Printerbug"
#context.log.highlight("VULNERABLE, PrinterBug")
if self.listener is not None: # exploit
printerbugclass.exploit(printerbugconnect, self.listener, target, self.always_continue, "spoolss")
printerbugconnect.disconnect()
Expand Down Expand Up @@ -217,7 +222,8 @@ def on_login(self, context, connection):

if msevenconnect is not None:
context.log.debug("Target is vulnerable to MSEven")
context.log.highlight("VULNERABLE, MSEven")
msgOutput = msgOutput + " MSEven"
#context.log.highlight("VULNERABLE, MSEven")
if self.listener is not None: # exploit
msevenclass.exploit(msevenconnect, self.listener, self.always_continue, "eventlog")
msevenconnect.disconnect()
Expand All @@ -229,6 +235,7 @@ def on_login(self, context, connection):
if not runmethod:
context.log.error("Invalid method, please check the method name.")
return
context.log.highlight(msgOutput)


class ShadowCoerceTrigger:
Expand Down

0 comments on commit 7a1e2c6

Please sign in to comment.