added is_xp_cmdshell_enabled() function to check mssql if xp_cmdshell is already enabled, to avoid altering its state

Author: 0xQRx

nxc/protocols/mssql/mssqlexec.py

@@ -8,11 +8,19 @@ def __init__(self, connection, logger):
 
     def execute(self, command):
         result = None
+        xp_cmdshell_was_enabled = False
+
         try:
-            self.logger.debug("Attempting to enable xp cmd shell")
-            self.enable_xp_cmdshell()
+            xp_cmdshell_was_enabled = self.is_xp_cmdshell_enabled()
+            if not xp_cmdshell_was_enabled:
+                self.logger.debug("xp_cmdshell is disabled, attempting to enable it.")
+                self.enable_xp_cmdshell()
+            else:
+                self.logger.debug("xp_cmdshell is already enabled.")
+
         except Exception as e:
-            self.logger.error(f"Error when attempting to enable x_cmdshell: {e}")
+            self.logger.error(f"Error when checking/enabling xp_cmdshell: {e}")
+
         try:
             cmd = f"exec master..xp_cmdshell '{command}'"
             self.logger.debug(f"Attempting to execute query: {cmd}")
@@ -21,19 +29,32 @@ def execute(self, command):
             if result:
                 result = "\n".join(line["output"] for line in result if line["output"] != "NULL")
                 self.logger.debug(f"Concatenated result together for easier parsing: {result}")
-                # if you prepend SilentlyContinue it will still output the error, but it will still continue on (so it's not silent...)
                 if "Preparing modules for first use" in result and "Completed" not in result:
                     self.logger.error("Error when executing PowerShell (received 'preparing modules for first use'), try prepending $ProgressPreference = 'SilentlyContinue'; to your command")
         except Exception as e:
             self.logger.error(f"Error when attempting to execute command via xp_cmdshell: {e}")
 
         try:
-            self.logger.debug("Attempting to disable xp cmd shell")
-            self.disable_xp_cmdshell()
+            if not xp_cmdshell_was_enabled:
+                self.logger.debug("xp_cmdshell was not enabled originally, attempting to disable it.")
+                self.disable_xp_cmdshell()
+            else:
+                self.logger.debug("xp_cmdshell was originally enabled, leaving it enabled.")
         except Exception as e:
             self.logger.error(f"[OPSEC] Error when attempting to disable xp_cmdshell: {e}")
+        
         return result
 
+    def is_xp_cmdshell_enabled(self):
+        query = "EXEC sp_configure 'xp_cmdshell';"
+        self.logger.debug(f"Checking if xp_cmdshell is enabled: {query}")
+        result = self.mssql_conn.sql_query(query)
+        # Assuming the query returns a list of dictionaries with 'config_value' as the key
+        self.logger.debug(f"xp_cmdshell check result: {result}")
+        if result and result[0]["config_value"] == 1:
+            return True
+        return False
+
     def enable_xp_cmdshell(self):
         query = "exec master.dbo.sp_configure 'show advanced options',1;RECONFIGURE;exec master.dbo.sp_configure 'xp_cmdshell', 1;RECONFIGURE;"
         self.logger.debug(f"Executing query: {query}")