Merge pull request Pennyw0rth#272 from Pennyw0rth/neff-fix-ssh

Marshall-Hallenbeck · web-flow · commit 0ffa19debfd9 · 2024-04-25T10:09:57.000-04:00
Fix ssh auth message
diff --git a/nxc/protocols/ssh.py b/nxc/protocols/ssh.py
@@ -19,7 +19,7 @@ def __init__(self, args, db, host):
         self.protocol = "SSH"
         self.remote_version = "Unknown SSH Version"
         self.server_os_platform = "Linux"
-        self.user_principal = "root"
+        self.uac = ""
         super().__init__(args, db, host)
 
     def proto_flow(self):
@@ -221,10 +221,15 @@ def plaintext_login(self, username, password, private_key=""):
             # Some IOT devices will not raise exception in self.conn._transport.auth_password / self.conn._transport.auth_publickey
             _, stdout, _ = self.conn.exec_command("id")
             stdout = stdout.read().decode(self.args.codec, errors="ignore")
+        except AuthenticationException:
+            self.logger.fail(f"{username}:{process_secret(password)}")
         except SSHException as e:
-            self.logger.fail(f"{username}:{process_secret(password)} Could not decrypt private key, error: {e}")
+            if "Invalid key" in str(e):
+                self.logger.fail(f"{username}:{process_secret(password)} Could not decrypt private key, error: {e}")
+            else:
+                self.logger.exception(e)
         except Exception as e:
-            self.logger.fail(f"{username}:{process_secret(password)} {e}")
+            self.logger.exception(e)
             self.conn.close()
             return False
         else:
@@ -235,15 +240,11 @@ def plaintext_login(self, username, password, private_key=""):
                 _, stdout, _ = self.conn.exec_command("whoami /priv")
                 stdout = stdout.read().decode(self.args.codec, errors="ignore")
                 self.server_os_platform = "Windows"
-                self.user_principal = "admin"
                 if "SeDebugPrivilege" in stdout:
                     self.admin_privs = True
                 elif "SeUndockPrivilege" in stdout:
                     self.admin_privs = True
-                    self.user_principal = "admin (UAC)"
-                else:
-                    # non admin (low priv)
-                    self.user_principal = "admin (low priv)"
+                    self.uac = "with UAC - "
 
             if not stdout:
                 self.logger.debug(f"User: {self.username} can't get a basic shell")
@@ -261,22 +262,12 @@ def plaintext_login(self, username, password, private_key=""):
                     if self.args.key_file:
                         self.db.add_admin_user("key", username, password, host_id=host_id, cred_id=cred_id)
                     else:
-                        self.db.add_admin_user(
-                            "plaintext",
-                            username,
-                            password,
-                            host_id=host_id,
-                            cred_id=cred_id,
-                        )
+                        self.db.add_admin_user("plaintext", username, password, host_id=host_id, cred_id=cred_id)
 
             if self.args.key_file:
                 password = f"{process_secret(password)} (keyfile: {self.args.key_file})"
 
-            display_shell_access = "{} {} {}".format(
-                f"({self.user_principal})" if self.admin_privs else f"(non {self.user_principal})",
-                self.server_os_platform,
-                "- Shell access!" if shell_access else ""
-            )
+            display_shell_access = f"{self.uac}{self.server_os_platform}{' - Shell access!' if shell_access else ''}"
             self.logger.success(f"{username}:{process_secret(password)} {self.mark_pwned()} {highlight(display_shell_access)}")
 
             return True
