Merge pull request Pennyw0rth#782 from Dfte/tasklist_grep

NeffIsBack · web-flow · commit 638c10145a1f · 2025-07-06T21:31:52.000+02:00
Add process filtering in --tasklist
diff --git a/nxc/protocols/smb.py b/nxc/protocols/smb.py
@@ -1086,6 +1086,16 @@ def qwinsta(self):
 
     @requires_admin
     def tasklist(self):
+        # Formats a row to be printed on screen
+        def format_row(procInfo):
+            return template.format(
+                procInfo["ImageName"],
+                procInfo["UniqueProcessId"],
+                procInfo["SessionId"],
+                procInfo["pSid"],
+                f"{procInfo['WorkingSetSize'] // 1000:,} K",
+            )
+        
         try:
             with TSTS.LegacyAPI(self.conn, self.host, self.kerberos) as legacy:
                 try:
@@ -1100,18 +1110,27 @@ def tasklist(self):
                 self.logger.success("Enumerated processes")
                 maxImageNameLen = max(len(i["ImageName"]) for i in res)
                 maxSidLen = max(len(i["pSid"]) for i in res)
-                template = "{: <%d} {: <8} {: <11} {: <%d} {: >12}" % (maxImageNameLen, maxSidLen)  # noqa: UP031
+                template = f"{{: <{maxImageNameLen}}} {{: <8}} {{: <11}} {{: <{maxSidLen}}} {{: >12}}"
                 self.logger.highlight(template.format("Image Name", "PID", "Session#", "SID", "Mem Usage"))
                 self.logger.highlight(template.replace(": ", ":=").format("", "", "", "", ""))
+                found_task = False
+
+                # For each process on the remote host
                 for procInfo in res:
-                    row = template.format(
-                        procInfo["ImageName"],
-                        procInfo["UniqueProcessId"],
-                        procInfo["SessionId"],
-                        procInfo["pSid"],
-                        "{:,} K".format(procInfo["WorkingSetSize"] // 1000),
-                    )
-                    self.logger.highlight(row)
+                    # If args.tasklist is not True then a process name was supplied
+                    if self.args.tasklist is not True:
+                        # So we look for it and print its information if found
+                        if self.args.tasklist.lower() in procInfo["ImageName"].lower():
+                            found_task = True
+                            self.logger.highlight(format_row(procInfo))
+                    # Else, no process was supplied, we print the entire list of remote processes
+                    else:
+                        self.logger.highlight(format_row(procInfo))
+
+                # If a process was suppliad to args.tasklist and it was not found, we print a fail message
+                if self.args.tasklist is not True and not found_task:
+                    self.logger.fail(f"Didn't find process {self.args.tasklist}")
+            
         except SessionError:
             self.logger.fail("Cannot list remote tasks, RDP is probably disabled.")
 
diff --git a/nxc/protocols/smb/proto_args.py b/nxc/protocols/smb/proto_args.py
@@ -54,7 +54,7 @@ def proto_args(parser, parents):
     mapping_enum_group.add_argument("--pass-pol", action="store_true", help="dump password policy")
     mapping_enum_group.add_argument("--rid-brute", nargs="?", type=int, const=4000, metavar="MAX_RID", help="Enumerate users by bruteforcing RIDs")
     mapping_enum_group.add_argument("--qwinsta", action="store_true", help="Enumerate RDP connections")
-    mapping_enum_group.add_argument("--tasklist", action="store_true", help="Enumerate running processes")
+    mapping_enum_group.add_argument("--tasklist", type=str, nargs="?", const=True, help="Enumerate running processes and filter for the specified one if specified")
     mapping_enum_group.add_argument("--taskkill", type=str, help="Kills a specific PID or a proces name's PID's")
     
     wmi_group = smb_parser.add_argument_group("WMI", "Options for WMI Queries")
