Fix "tries" logic due to merge and beautify code

Author: NeffIsBack

nxc/protocols/smb/atexec.py

@@ -194,9 +194,12 @@ def execute_handler(self, command, fileless=False):
                         if tries > self.__tries:
                             self.logger.fail("ATEXEC: Could not retrieve output file, it may have been detected by AV. Please increase the number of tries with the option '--get-output-tries'. If it is still failing, try the 'wmi' protocol or another exec method")
                             break
-                        if str(e).find("STATUS_BAD_NETWORK_NAME") > 0:
+                        if "STATUS_BAD_NETWORK_NAME" in str(e):
                             self.logger.fail(f"ATEXEC: Getting the output file failed - target has blocked access to the share: {self.__share} (but the command may have executed!)")
                             break
+                        elif "STATUS_VIRUS_INFECTED" in str(e):
+                            self.logger.fail("Command did not run because a virus was detected")
+                            break
                         # When executing powershell and the command is still running, we get a sharing violation
                         # We can use that information to wait longer than if the file is not found (probably av or something)
                         if "STATUS_SHARING_VIOLATION" in str(e):

nxc/protocols/smb/mmcexec.py

@@ -260,9 +260,12 @@ def get_output_remote(self):
                 if tries > self.__tries:
                     self.logger.fail("MMCEXEC: Could not retrieve output file, it may have been detected by AV. Please increase the number of tries with the option '--get-output-tries'. If it is still failing, try the 'wmi' protocol or another exec method")
                     break
-                if str(e).find("STATUS_BAD_NETWORK_NAME") > 0:
+                if "STATUS_BAD_NETWORK_NAME" in str(e):
                     self.logger.fail(f"MMCEXEC: Getting the output file failed - target has blocked access to the share: {self.__share} (but the command may have executed!)")
                     break
+                elif "STATUS_VIRUS_INFECTED" in str(e):
+                    self.logger.fail("Command did not run because a virus was detected")
+                    break
                 # When executing powershell and the command is still running, we get a sharing violation
                 # We can use that information to wait longer than if the file is not found (probably av or something)
                 if "STATUS_SHARING_VIOLATION" in str(e):

nxc/protocols/smb/smbexec.py

@@ -149,9 +149,12 @@ def get_output_remote(self):
                 if tries > self.__tries:
                     self.logger.fail("SMBEXEC: Could not retrieve output file, it may have been detected by AV. Please increase the number of tries with the option '--get-output-tries'. If it is still failing, try the 'wmi' protocol or another exec method")
                     break
-                if str(e).find("STATUS_BAD_NETWORK_NAME") > 0:
+                if "STATUS_BAD_NETWORK_NAME" in str(e):
                     self.logger.fail(f"SMBEXEC: Getting the output file failed - target has blocked access to the share: {self.__share} (but the command may have executed!)")
                     break
+                elif "STATUS_VIRUS_INFECTED" in str(e):
+                    self.logger.fail("Command did not run because a virus was detected")
+                    break
                 # When executing powershell and the command is still running, we get a sharing violation
                 # We can use that information to wait longer than if the file is not found (probably av or something)
                 if "STATUS_SHARING_VIOLATION" in str(e):

nxc/protocols/smb/wmiexec.py

@@ -152,24 +152,24 @@ def get_output_remote(self):
                 if tries > self.__tries:
                     self.logger.fail("wmiexec: Could not retrieve output file, it may have been detected by AV. If it is still failing, try the 'wmi' protocol or another exec method")
                     break
-                elif str(e).find("STATUS_BAD_NETWORK_NAME") > 0:
+                elif "STATUS_BAD_NETWORK_NAME" in str(e):
                     self.logger.fail(f"SMB connection: target has blocked {self.__share} access (maybe command executed!)")
                     break
-                elif str(e).find("STATUS_VIRUS_INFECTED") >= 0:
+                elif "STATUS_VIRUS_INFECTED" in str(e):
                     self.logger.fail("Command did not run because a virus was detected")
                     break
                 # When executing powershell and the command is still running, we get a sharing violation
                 # We can use that information to wait longer than if the file is not found (probably av or something)
                 elif "STATUS_SHARING_VIOLATION" in str(e):
                     self.logger.info(f"File {self.__share}\\{self.__output} is still in use with {self.__tries - tries} left, retrying...")
                     sleep(1)
+                    tries += 1
                 elif "STATUS_OBJECT_NAME_NOT_FOUND" in str(e):
                     self.logger.info(f"File {self.__share}\\{self.__output} not found with {self.__tries - tries} left, deducting 10 tries and retrying...")
                     tries += 10
                     sleep(1)
                 else:
                     self.logger.debug(f"Exception when trying to read output file: {e}")
-                tries += 1
 
         if self.__outputBuffer:
             self.logger.debug(f"Deleting file {self.__share}\\{self.__output}")