1
0
mirror of https://github.com/calebstewart/pwncat.git synced 2024-11-30 20:34:15 +01:00

Added hotfixes and mounted drives enuemration modules

This commit is contained in:
John Hammond 2021-06-04 22:50:37 -04:00
parent 3f360149e6
commit 500138569c
3 changed files with 129 additions and 0 deletions

View File

@ -0,0 +1,64 @@
#!/usr/bin/env python3
from typing import Any, Dict, List
import pwncat
import rich.markup
from pwncat import util
from pwncat.db import Fact
from pwncat.modules import ModuleFailed
from pwncat.modules.enumerate import EnumerateModule, Schedule
from pwncat.platform import PlatformError
from pwncat.platform.windows import PowershellError, Windows
class MountedDrive(Fact):
def __init__(
self, source, drive_letter: str, tag: str, drive_name: str, system_name: str
):
super().__init__(source=source, types=["system.drives"])
self.drive_letter: str = drive_letter
self.tag: str = tag
self.drive_name: str = drive_name
self.system_name: str = system_name
def title(self, session):
return f"{rich.markup.escape(self.drive_letter)}:\\ '{rich.markup.escape(self.drive_name)}' mounted from [cyan]{rich.markup.escape(self.system_name)}[/cyan] ([blue]{rich.markup.escape(self.tag)}[/blue])"
class Module(EnumerateModule):
"""Enumerate the current Windows Defender settings on the target"""
PROVIDES = ["system.drives"]
PLATFORM = [Windows]
def enumerate(self, session):
proc = session.platform.Popen(
[
"wmic",
"logicaldisk",
"get",
"caption,description,volumename,systemname",
"/format:csv",
],
stderr=pwncat.subprocess.DEVNULL,
stdout=pwncat.subprocess.PIPE,
text=True,
)
# Process the standard output from the command
with proc.stdout as stream:
for line in stream:
line = line.strip()
if not line or "Caption,Description,SystemName,VolumeName" in line:
continue
_, drive_letter, tag, system_name, drive_name = line.split(",")
yield MountedDrive(
self.name, drive_letter[0], tag, drive_name, system_name
)
proc.wait()

View File

@ -0,0 +1,65 @@
#!/usr/bin/env python3
from typing import Any, Dict, List
import pwncat
import rich.markup
from pwncat import util
from pwncat.db import Fact
from pwncat.modules import ModuleFailed
from pwncat.modules.enumerate import EnumerateModule, Schedule
from pwncat.platform import PlatformError
from pwncat.platform.windows import PowershellError, Windows
class HotfixData(Fact):
def __init__(
self, source, caption: str, hotfixid: str, tag: str, installed_on: str
):
super().__init__(source=source, types=["system.hotfixes"])
self.hotfixid: str = hotfixid
self.tag: str = tag
self.caption: str = caption
self.installed_on: str = installed_on
def title(self, session):
return f"[cyan]{rich.markup.escape(self.hotfixid)}[/cyan] {rich.markup.escape(self.tag)} installed on [blue]{rich.markup.escape(self.installed_on)}[/blue] ([blue]{rich.markup.escape(self.caption)}[/blue])"
class Module(EnumerateModule):
"""Enumerate the current Windows Defender settings on the target"""
PROVIDES = ["system.hotfixes"]
PLATFORM = [Windows]
def enumerate(self, session):
proc = session.platform.Popen(
[
"wmic",
"qfe",
"get",
"Caption,HotFixID,Description,InstalledOn",
"/format:csv",
],
stderr=pwncat.subprocess.DEVNULL,
stdout=pwncat.subprocess.PIPE,
text=True,
)
# Process the standard output from the command
with proc.stdout as stream:
for line in stream:
line = line.strip()
if not line or "Caption,Description,HotFixID,InstalledOn" in line:
continue
_, caption, tag, hotfixid, installed_on = line.split(",")
yield HotfixData(self.name, caption, hotfixid, tag, installed_on)
proc.wait()