MCPcopy
hub / github.com/Pennyw0rth/NetExec / options

Method options

nxc/modules/procdump.py:20–51  ·  view source on GitHub ↗

r""" TMP_DIR Path where process dump should be saved on target system (default: C:\\Windows\\Temp\\) PROCDUMP_PATH Path where procdump.exe is on your system (default: /tmp/), if changed embeded version will not be used PROCDUMP_EXE_NAME Name of the procdum

(self, context, module_options)

Source from the content-addressed store, hash-verified

18 category = CATEGORY.CREDENTIAL_DUMPING
19
20 def options(self, context, module_options):
21 r"""
22 TMP_DIR Path where process dump should be saved on target system (default: C:\\Windows\\Temp\\)
23 PROCDUMP_PATH Path where procdump.exe is on your system (default: /tmp/), if changed embeded version will not be used
24 PROCDUMP_EXE_NAME Name of the procdump executable (default: procdump.exe), if changed embeded version will not be used
25 DIR_RESULT Location where the dmp are stored (default: DIR_RESULT = PROCDUMP_PATH)
26 """
27 self.tmp_dir = "C:\\Windows\\Temp\\"
28 self.share = "C$"
29 self.tmp_share = self.tmp_dir.split(":")[1]
30 with open(join(DATA_PATH, "procdump/procdump.exe"), "rb") as f:
31 self.procdump_embeded = f.read()
32 self.procdump = "procdump.exe"
33 self.procdump_path = abspath(TMP_PATH)
34 self.dir_result = self.procdump_path
35 self.useembeded = True
36 # Add some random binary data to defeat AVs which check the file hash
37 self.procdump_embeded += datetime.now().strftime("%Y%m%d%H%M%S").encode()
38
39 if "PROCDUMP_PATH" in module_options:
40 self.procdump_path = module_options["PROCDUMP_PATH"]
41 self.useembeded = False
42
43 if "PROCDUMP_EXE_NAME" in module_options:
44 self.procdump = module_options["PROCDUMP_EXE_NAME"]
45 self.useembeded = False
46
47 if "TMP_DIR" in module_options:
48 self.tmp_dir = module_options["TMP_DIR"]
49
50 if "DIR_RESULT" in module_options:
51 self.dir_result = module_options["DIR_RESULT"]
52
53 def on_admin_login(self, context, connection):
54 if self.useembeded is True:

Callers

nothing calls this directly

Calls 1

readMethod · 0.45

Tested by

no test coverage detected