Merge branch 'Pennyw0rth:main' into main

Author: joaovarelas

nxc/modules/ioxidresolver.py

@@ -1,10 +1,11 @@
 # Credit to https://airbus-cyber-security.com/fr/the-oxid-resolver-part-1-remote-enumeration-of-network-interfaces-without-any-authentication/
 # Airbus CERT
 # module by @mpgn_x64
+# updated by @NeffIsBack
 
 from ipaddress import ip_address
 from impacket.dcerpc.v5 import transport
-from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_NONE
+from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_NONE, DCERPCException
 from impacket.dcerpc.v5.dcomrt import IObjectExporter
 
 
@@ -13,31 +14,31 @@ class NXCModule:
     description = "This module helps you to identify hosts that have additional active interfaces"
     supported_protocols = ["smb", "wmi"]
     opsec_safe = True
-    multiple_hosts = False
+    multiple_hosts = True
 
     def options(self, context, module_options):
-        """ """
+        """No module options"""
 
     def on_login(self, context, connection):
-        authLevel = RPC_C_AUTHN_LEVEL_NONE
-
-        stringBinding = r"ncacn_ip_tcp:%s" % connection.host
-        rpctransport = transport.DCERPCTransportFactory(stringBinding)
-        rpctransport.setRemoteHost(connection.host)
-
-        portmap = rpctransport.get_dce_rpc()
-        portmap.set_auth_level(authLevel)
-        portmap.connect()
-
-        objExporter = IObjectExporter(portmap)
-        bindings = objExporter.ServerAlive2()
-
-        context.log.debug("[*] Retrieving network interface of " + connection.host)
-
-        for binding in bindings:
-            NetworkAddr = binding["aNetworkAddr"]
-            try:
-                ip_address(NetworkAddr[:-1])
-                context.log.highlight("Address: " + NetworkAddr)
-            except Exception as e:
-                context.log.debug(e)
+        try:
+            rpctransport = transport.DCERPCTransportFactory(f"ncacn_ip_tcp:{connection.host}")
+            rpctransport.setRemoteHost(connection.host)
+
+            portmap = rpctransport.get_dce_rpc()
+            portmap.set_auth_level(RPC_C_AUTHN_LEVEL_NONE)
+            portmap.connect()
+
+            objExporter = IObjectExporter(portmap)
+            bindings = objExporter.ServerAlive2()
+
+            context.log.debug(f"Retrieving network interface of {connection.host}")
+
+            for binding in bindings:
+                NetworkAddr = binding["aNetworkAddr"]
+                try:
+                    ip_address(NetworkAddr[:-1])
+                    context.log.highlight(f"Address: {NetworkAddr}")
+                except Exception as e:
+                    context.log.debug(e)
+        except DCERPCException as e:
+            context.log.error(f"DCERPCException error: {e}")

nxc/protocols/rdp.py

@@ -109,7 +109,7 @@ def write(self, msg):
     def print_host_info(self):
         nla = colored(f"nla:{self.nla}", host_info_colors[3], attrs=["bold"]) if self.nla else colored(f"nla:{self.nla}", host_info_colors[2], attrs=["bold"])
         if self.domain is None:
-            self.logger.display("Probably old, doesn't not support HYBRID or HYBRID_EX ({nla})")
+            self.logger.display(f"Probably old, doesn't not support HYBRID or HYBRID_EX ({nla})")
         else:
             self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain}) ({nla})")
         return True
@@ -181,7 +181,7 @@ def check_nla(self):
                     credentials=self.auth,
                 )
                 asyncio.run(self.connect_rdp())
-                if str(proto) == "SUPP_PROTOCOLS.RDP" or str(proto) == "SUPP_PROTOCOLS.SSL" or str(proto) == "SUPP_PROTOCOLS.SSL|SUPP_PROTOCOLS.RDP":
+                if proto.value == SUPP_PROTOCOLS.RDP or proto.value == SUPP_PROTOCOLS.SSL or proto.value == SUPP_PROTOCOLS.SSL | SUPP_PROTOCOLS.RDP:
                     self.nla = False
                     return
             except Exception: