From 37fdde3f69e983d81fe04af1d3e9c94868fa5c13 Mon Sep 17 00:00:00 2001 From: John Hammond Date: Sat, 5 Jun 2021 01:46:20 -0400 Subject: [PATCH] Added Windows services enumeration module --- .../windows/enumerate/system/clipboard.py | 57 +++++++++++++ .../windows/enumerate/system/services.py | 83 +++++++++++++++++++ 2 files changed, 140 insertions(+) create mode 100644 pwncat/modules/windows/enumerate/system/clipboard.py create mode 100644 pwncat/modules/windows/enumerate/system/services.py diff --git a/pwncat/modules/windows/enumerate/system/clipboard.py b/pwncat/modules/windows/enumerate/system/clipboard.py new file mode 100644 index 0000000..7d8cce3 --- /dev/null +++ b/pwncat/modules/windows/enumerate/system/clipboard.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 + +from typing import Any, Dict, List + +import pwncat +import rich.markup +from pwncat import util +from pwncat.db import Fact +from pwncat.modules import ModuleFailed +from pwncat.modules.enumerate import EnumerateModule, Schedule +from pwncat.platform import PlatformError +from pwncat.platform.windows import PowershellError, Windows + + +class ClipboardData(Fact): + def __init__(self, source, contents:str): + super().__init__(source=source, types=["system.clipboard"]) + + self.contents: bool = contents + + + def title(self, session): + return f"Current clipboard contents:" + def description(self, session): + return f"[yellow]{rich.markup.escape(self.contents)}[/yellow]" + + +class Module(EnumerateModule): + """Enumerate the current Windows Defender settings on the target""" + + PROVIDES = ["system.clipboard"] + PLATFORM = [Windows] + + def enumerate(self, session): + + + try: + result = session.platform.powershell( + f"Get-Clipboard" + ) + + if not result: + raise ModuleFailed( + f"failed to retrieve clipboard contents" + ) + + if isinstance(result[0],list): + contents = "\n".join(result[0]) + else: + contents = result[0] + + except PowershellError as exc: + raise ModuleFailed( + f"failed to retrieve clipboard contents" + ) from exc + + yield ClipboardData(self.name, contents) diff --git a/pwncat/modules/windows/enumerate/system/services.py b/pwncat/modules/windows/enumerate/system/services.py new file mode 100644 index 0000000..5e5d917 --- /dev/null +++ b/pwncat/modules/windows/enumerate/system/services.py @@ -0,0 +1,83 @@ +#!/usr/bin/env python3 + +from typing import Any, Dict, List + +import pwncat +import rich.markup +from pwncat import util +from pwncat.db import Fact +from pwncat.modules import ModuleFailed +from pwncat.modules.enumerate import EnumerateModule, Schedule +from pwncat.platform import PlatformError +from pwncat.platform.windows import PowershellError, Windows + + +class ServicesData(Fact): + def __init__( + self, + source, + name: str, + pid: int, + start_mode: str, + status: str, + ): + super().__init__(source=source, types=["system.services"]) + + self.name: str = name + + self.pid: int = pid + + self.start_mode: str = start_mode + + self.status: str = status + + def title(self, session): + out = f"[cyan]{rich.markup.escape(self.name)}[/cyan] (PID [blue]{self.pid}[/blue]) currently " + if self.status == "Running": + out += f"[bold green]{self.status}[/bold green] " + else: + out += f"[red]{self.status}[/red] " + if self.start_mode == "Auto": + out += f"([bold yellow]{self.start_mode}[/bold yellow] start)" + else: + out += f"([magenta]{self.start_mode}[/magenta] start)" + return out + + + +class Module(EnumerateModule): + """Enumerate the current Windows Defender settings on the target""" + + PROVIDES = ["system.services"] + PLATFORM = [Windows] + + def enumerate(self, session): + + proc = session.platform.Popen( + ["wmic.exe", "service", "get", "Caption,ProcessId,State,StartMode", "/format:csv"], + stderr=pwncat.subprocess.DEVNULL, + stdout=pwncat.subprocess.PIPE, + text=True, + ) + + # Process the standard output from the command + with proc.stdout as stream: + for line in stream: + line = line.strip() + + if ( + not line + or 'Node,Caption,ProcessId,StartMode,State' + in line + ): + continue + + _, name, pid, start_mode, status = (x.strip('"') for x in line.split(',')) + + pid = int(pid) + + yield ServicesData( + self.name, name, pid, start_mode, status + ) + + proc.wait()