fix(webdav): handle transport errors and prevent session crash

azoxlpf · azoxlpf · commit d2f6a33587a7 · 2025-09-04T11:14:56.000+02:00
diff --git a/nxc/modules/webdav.py b/nxc/modules/webdav.py
@@ -3,6 +3,7 @@
 from impacket import nt_errors
 from impacket.smb3structs import FILE_READ_DATA
 from impacket.smbconnection import SessionError
+from impacket.nmb import NetBIOSError
 
 
 class NXCModule:
@@ -11,6 +12,7 @@ class NXCModule:
     DAV RPC Service pipe. This technique was first suggested by Lee Christensen (@tifkin_)
 
     Module by Tobias Neitzel (@qtc_de)
+    Modified by @azoxlpf to handle transport errors gracefully and avoid session crash
     """
 
     name = "webdav"
@@ -30,18 +32,36 @@ def on_login(self, context, connection):
         Check whether the 'DAV RPC Service' pipe exists within the 'IPC$' share. This indicates
         that the WebClient service is running on the target.
         """
+        remote_file = None
+
         try:
-            remote_file = RemoteFile(connection.conn, "DAV RPC Service", "IPC$", access=FILE_READ_DATA)
+            if not getattr(connection, "username", None) and not getattr(connection, "password", None):
+                context.log.debug("WebDAV skipped: unauthenticated/null session (IPC$ likely denied).")
+                return
 
+            remote_file = RemoteFile(connection.conn, "DAV RPC Service", "IPC$", access=FILE_READ_DATA)
             remote_file.open_file()
-            remote_file.close()
 
             context.log.highlight(self.output.format(connection.conn.getRemoteHost()))
 
         except SessionError as e:
             if e.getErrorCode() == nt_errors.STATUS_OBJECT_NAME_NOT_FOUND:
-                pass
-            elif e.getErrorCode() in nt_errors.ERROR_MESSAGES:
+                return
+
+            if e.getErrorCode() in nt_errors.ERROR_MESSAGES:
                 context.log.fail(f"Error enumerating WebDAV: {e.getErrorString()[0]}", color="magenta")
-            else:
-                raise e
+                return
+
+            context.log.debug(f"WebDAV SessionError (code={hex(e.getErrorCode())})")
+            return
+
+        except (BrokenPipeError, ConnectionResetError, NetBIOSError, OSError) as e:
+            context.log.debug(f"WebDAV check aborted due to transport error: {e.__class__.__name__}: {e}")
+            return
+
+        finally:
+            if remote_file is not None:
+                try:
+                    remote_file.close()
+                except Exception:
+                    pass
