MCPcopy Index your code
hub / github.com/Pennyw0rth/NetExec / options

Method options

nxc/modules/pi.py:20–44  ·  view source on GitHub ↗

r""" PID // Process ID for Target User, PID=pid EXEC // Command to exec, EXEC='command' Single quote is better to use This module reads the executed command output under the name C:\windows\temp\output.txt and deletes it. In case of a possible error, it may need

(self, context, module_options)

Source from the content-addressed store, hash-verified

18 category = CATEGORY.PRIVILEGE_ESCALATION
19
20 def options(self, context, module_options):
21 r"""
22 PID // Process ID for Target User, PID=pid
23 EXEC // Command to exec, EXEC='command' Single quote is better to use
24
25 This module reads the executed command output under the name C:\windows\temp\output.txt and deletes it. In case of a possible error, it may need to be deleted manually.
26 """
27 self.tmp_dir = "C:\\Windows\\Temp\\"
28 self.share = "C$"
29 self.tmp_share = self.tmp_dir.split(":")[1]
30 self.pi = "pi.exe"
31 self.useembeded = True
32 self.pid = self.cmd = ""
33
34 with open(join(DATA_PATH, ("pi_module/pi.bs64"))) as pi_file:
35 self.pi_embedded = b64decode(pi_file.read())
36
37 # Add some random binary data to defeat AVs which check the file hash
38 self.pi_embedded += datetime.now().strftime("%Y%m%d%H%M%S").encode()
39
40 if "EXEC" in module_options:
41 self.cmd = module_options["EXEC"]
42
43 if "PID" in module_options:
44 self.pid = module_options["PID"]
45
46 def on_admin_login(self, context, connection):
47 if self.useembeded:

Callers 2

config.pyFile · 0.45
init_moduleMethod · 0.45

Calls 1

readMethod · 0.45

Tested by

no test coverage detected