MCPcopy
hub / github.com/Pennyw0rth/NetExec / _detect_installed_services

Method _detect_installed_services

nxc/modules/enum_av.py:44–73  ·  view source on GitHub ↗
(self, context, connection, target)

Source from the content-addressed store, hash-verified

42 return connection.host if not connection.kerberos else f"{connection.hostname}.{connection.domain}"
43
44 def _detect_installed_services(self, context, connection, target):
45 results = {}
46
47 try:
48 lsa = LsaLookupNames(
49 domain=connection.domain,
50 username=connection.username,
51 password=connection.password,
52 remote_name=target,
53 do_kerberos=connection.kerberos,
54 remoteHost=connection.host,
55 kdcHost=connection.kdcHost,
56 lmhash=connection.lmhash,
57 nthash=connection.nthash,
58 aesKey=connection.aesKey
59 )
60
61 dce, _ = lsa.connect()
62 policyHandle = lsa.open_policy(dce)
63 for product in conf["products"]:
64 for service in product["services"]:
65 try:
66 lsa.LsarLookupNames(dce, policyHandle, service["name"])
67 context.log.info(f"Detected installed service on {connection.host}: {product['name']} {service['description']}")
68 results.setdefault(product["name"], {"services": []})["services"].append(service)
69 except Exception:
70 pass
71 except Exception as e:
72 context.log.fail(str(e))
73 return results
74
75 def detect_running_processes(self, context, connection, results):
76 context.log.info(f"Detecting running processes on {connection.host} by enumerating pipes...")

Callers 1

on_loginMethod · 0.95

Calls 5

connectMethod · 0.95
open_policyMethod · 0.95
LsarLookupNamesMethod · 0.95
LsaLookupNamesClass · 0.85
failMethod · 0.80

Tested by

no test coverage detected