MCPcopy
hub / github.com/Pennyw0rth/NetExec / on_admin_login

Method on_admin_login

nxc/modules/ntlmv1.py:22–55  ·  view source on GitHub ↗
(self, context, connection)

Source from the content-addressed store, hash-verified

20 self.output = "NTLMv1 allowed on: {} - LmCompatibilityLevel = {}"
21
22 def on_admin_login(self, context, connection):
23 try:
24 remote_ops = RemoteOperations(connection.conn, False)
25 remote_ops.enableRegistry()
26
27 if remote_ops._RemoteOperations__rrp:
28 ans = rrp.hOpenLocalMachine(remote_ops._RemoteOperations__rrp)
29 reg_handle = ans["phKey"]
30 ans = rrp.hBaseRegOpenKey(
31 remote_ops._RemoteOperations__rrp,
32 reg_handle,
33 "SYSTEM\\CurrentControlSet\\Control\\Lsa",
34 )
35 key_handle = ans["phkResult"]
36 rtype = data = None
37 try:
38 rtype, data = rrp.hBaseRegQueryValue(
39 remote_ops._RemoteOperations__rrp,
40 key_handle,
41 "lmcompatibilitylevel\x00",
42 )
43
44 except rrp.DCERPCSessionError:
45 context.log.debug("Unable to reference lmcompatabilitylevel, which probably means ntlmv1 is not set")
46
47 # Changed by Defte
48 # Unless this keys is set to 3 or higher, NTLMv1 can be used
49 if data in [0, 1, 2]:
50 context.log.highlight(self.output.format(connection.conn.getRemoteHost(), data))
51
52 except DCERPCSessionError as e:
53 context.log.debug(f"Error connecting to RemoteRegistry: {e}")
54 finally:
55 remote_ops.finish()

Callers

nothing calls this directly

Calls 3

formatMethod · 0.80
finishMethod · 0.80
highlightMethod · 0.45

Tested by

no test coverage detected