uid-brute removed. Added get-file and put-file

termanix · web-flow · commit 79ecfa8a4da8 · 2024-09-30T22:52:24.000+03:00
Signed-off-by: termanix &lt;50464194+termanix@users.noreply.github.com&gt;
diff --git a/nxc/protocols/nfs.py b/nxc/protocols/nfs.py
@@ -245,18 +245,6 @@ def enum_shares(self):
         finally:
             self.nfs3.disconnect()
 
-    def uid_brute(self):
-        nfs_port = self.portmap.getport(NFS_PROGRAM, NFS_V3)
-        self.nfs3 = NFSv3(self.host, nfs_port, self.args.nfs_timeout, self.auth)
-        self.nfs3.connect()
-
-        # Mounting NFS Shares
-        output_export = str(self.mount.export())
-        reg = re.compile(r"ex_dir=b'([^']*)'")
-        shares = list(reg.findall(output_export))
-
-        self.list_exported_shares(self.args.uid_brute, shares)
-
     def list_exported_shares(self, max_uid, shares):
         self.logger.display(f"Enumerating NFS Shares up to UID {max_uid}")
         white_list = []
@@ -279,6 +267,92 @@ def list_exported_shares(self, max_uid, shares):
                         continue
                     self.logger.exception(f"{share} - {e}")
 
+    def get_file_single(self, remote_file, local_file):
+        local_file_path = local_file
+        remote_file_path = remote_file
+        self.logger.display(f"Downloading {local_file_path} to {remote_file_path}")
+        try:
+            # Connect to NFS
+            nfs_port = self.portmap.getport(NFS_PROGRAM, NFS_V3)
+            self.nfs3 = NFSv3(self.host, nfs_port, self.args.nfs_timeout, self.auth)
+            self.nfs3.connect()
+            
+            # Mount the NFS share
+            mnt_info = self.mount.mnt(remote_file_path, self.auth)
+            file_handle = mnt_info["mountinfo"]["fhandle"]
+            file_data = self.nfs3.read(file_handle, auth=self.auth)
+
+            if "resfail" in file_data:
+                raise Exception("Insufficient Permissions")
+            else:
+                entries = file_data["resok"]["data"]
+            
+            # Write the data to the local file
+            with open(local_file_path, "wb+") as local_file:
+                local_file.write(entries)
+
+            self.logger.highlight(f"File successfully downloaded to {local_file_path} from {remote_file_path}")
+
+            # Unmount the share
+            self.mount.umnt(self.auth)
+    
+        except Exception as e:
+            self.logger.fail(f'Error writing file "{remote_file_path}" from share "{local_file_path}": {e}')
+            if os.path.getsize(local_file_path) == 0:
+                os.remove(local_file_path)
+            
+    def get_file(self):
+        self.get_file_single(self.args.get_file[0], self.args.get_file[1])
+        
+    def put_file_single(self, local_file, remote_file):
+        local_file_path = local_file
+        remote_file_path = remote_file
+        if not remote_file_path.endswith("/"):
+            remote_file_path += "/"
+        self.logger.display(f"Uploading {local_file_path} to {remote_file_path}")
+        try:
+            # Connect to NFS
+            nfs_port = self.portmap.getport(NFS_PROGRAM, NFS_V3)
+            self.nfs3 = NFSv3(self.host, nfs_port, self.args.nfs_timeout, self.auth)
+            self.nfs3.connect()
+            
+            try:
+                # Mount the NFS share for create file
+                mnt_info = self.mount.mnt(remote_file_path, self.auth)
+                dir_handle = mnt_info["mountinfo"]["fhandle"]
+                attrs = self.nfs3.getattr(dir_handle, auth=self.auth)
+                self.auth["uid"] = attrs["attributes"]["uid"]
+                self.logger.display(f"Trying to create {remote_file_path}{local_file_path}")
+                self.nfs3.create(dir_handle, local_file_path, 1, auth=self.auth)
+                self.logger.success(f"{local_file_path} successfully created.")
+            except Exception as e:
+                self.logger.fail(f"{local_file_path} was not created.")
+                self.logger.debug(f"Error while creating remote file: {e}")
+            
+            try:
+                # Mount the NFS share for mount created file
+                mnt_info = self.mount.mnt(remote_file_path + local_file, self.auth)
+                file_handle = mnt_info["mountinfo"]["fhandle"]
+                attrs = self.nfs3.getattr(file_handle, auth=self.auth)
+                self.auth["uid"] = attrs["attributes"]["uid"]
+                with open(local_file_path, "rb") as file:
+                    file_data = file.read().decode()
+                
+                self.logger.display(f"Trying to write data from {local_file_path}")
+                self.nfs3.write(file_handle, 0, len(file_data), file_data, 1, auth=self.auth)
+
+                self.logger.highlight(f"File {local_file_path} successfully uploaded on {remote_file_path}")
+            except Exception as e:
+                self.logger.fail(f"{local_file_path} was not writed.")
+                self.logger.debug(f"Error while creating remote file: {e}")
+            
+            # Unmount the share
+            self.mount.umnt(self.auth)
+        except Exception as e:
+            self.logger.fail(f"Error writing file to share {remote_file_path}: {e}")
+
+    def put_file(self):
+        self.put_file_single(self.args.put_file[0], self.args.put_file[1])
 
 def convert_size(size_bytes):
     if size_bytes == 0:
