ssh: allow for putting and getting files

jdholtz · jdholtz · commit dc39e0e6a998 · 2024-12-27T01:33:50.000-06:00
diff --git a/nxc/protocols/ssh.py b/nxc/protocols/ssh.py
@@ -1,4 +1,5 @@
 import paramiko
+import os
 import re
 import uuid
 import logging
@@ -280,6 +281,36 @@ def plaintext_login(self, username, password, private_key=""):
 
             return True
 
+    def put_file_single(self, sftp_conn, src, dst):
+        self.logger.display(f'Copying "{src}" to "{dst}"')
+        try:
+            sftp_conn.put(src, dst)
+            self.logger.success(f'Created file "{src}" on "{dst}"')
+        except Exception as e:
+            self.logger.fail(f'Error writing file to "{dst}": {e}')
+
+    def put_file(self):
+        sftp_conn = self.conn.open_sftp()
+        for src, dest in self.args.put_file:
+            self.put_file_single(sftp_conn, src, dest)
+        sftp_conn.close()
+
+    def get_file_single(self, sftp_conn, remote_path, download_path):
+        self.logger.display(f'Copying "{remote_path}" to "{download_path}"')
+        try:
+            sftp_conn.get(remote_path, download_path)
+            self.logger.success(f'File "{remote_path}" was downloaded to "{download_path}"')
+        except Exception as e:
+            self.logger.fail(f'Error getting file "{remote_path}": {e}')
+            if os.path.getsize(download_path) == 0:
+                os.remove(download_path)
+
+    def get_file(self):
+        sftp_conn = self.conn.open_sftp()
+        for src, dest in self.args.get_file:
+            self.get_file_single(sftp_conn, src, dest)
+        sftp_conn.close()
+
     def execute(self, payload=None, get_output=False):
         if not payload and self.args.execute:
             payload = self.args.execute
diff --git a/nxc/protocols/ssh/proto_args.py b/nxc/protocols/ssh/proto_args.py
@@ -12,6 +12,10 @@ def proto_args(parser, parents):
     ssh_parser.add_argument("--get-output-tries", type=int, default=5, help="Number of times with sudo command tries to get results")
     sudo_check_method_arg.make_required.append(sudo_check_arg)
 
+    files_group = ssh_parser.add_argument_group("Files", "Options for remote file interaction")
+    files_group.add_argument("--put-file", action="append", nargs=2, metavar="FILE", help="Put a local file into remote target, ex: whoami.txt /tmp/whoami.txt")
+    files_group.add_argument("--get-file", action="append", nargs=2, metavar="FILE", help="Get a remote file, ex: /tmp/whoami.txt whoami.txt")
+
     cgroup = ssh_parser.add_argument_group("Command Execution", "Options for executing commands")
     cgroup.add_argument("--codec", default="utf-8", help="Set encoding used (codec) from the target's output. If errors are detected, run chcp.com at the target, map the result with https://docs.python.org/3/library/codecs.html#standard-encodings and then execute again with --codec and the corresponding codec")
     cgroup.add_argument("--no-output", action="store_true", help="do not retrieve command output")
diff --git a/tests/e2e_commands.txt b/tests/e2e_commands.txt
@@ -256,6 +256,8 @@ netexec ssh TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --sudo-check --sudo-
 netexec ssh TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --sudo-check --sudo-check-method sudo-stdin --get-output-tries 10
 netexec ssh TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --sudo-check --sudo-check-method mkfifo
 netexec ssh TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --sudo-check --sudo-check-method mkfifo --get-output-tries 10
+netexec ssh TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --put-file TEST_NORMAL_FILE /tmp/test_file.txt --put-file TEST_NORMAL_FILE /tmp/test_file2.txt
+netexec ssh TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --get-file /tmp/test_file.txt /tmp/test_file.txt --get-file /tmp/test_file.txt /tmp/test_file2.txt
 ##### FTP- Default test passwords and random key; switch these out if you want correct authentication
 netexec ftp TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD
 netexec ftp TARGET_HOST -u LOGIN_USERNAME -p LOGIN_PASSWORD --ls
