Update enable_cmdshell.py

crosscutsaw · web-flow · commit e551d3e006d8 · 2025-03-09T22:07:51.000+03:00
Signed-off-by: crosscutsaw &lt;73831924+crosscutsaw@users.noreply.github.com&gt;
diff --git a/nxc/modules/enable_cmdshell.py b/nxc/modules/enable_cmdshell.py
@@ -2,7 +2,7 @@ class NXCModule:
     """Enables or disables xp_cmdshell in MSSQL Server."""
 
     name = "enable_cmdshell"
-    description = "Enables or disables xp_cmdshell in MSSQL Server"
+    description = "Enable or disable xp_cmdshell in MSSQL Server"
     supported_protocols = ["mssql"]
     opsec_safe = False
     multiple_hosts = True
@@ -11,6 +11,7 @@ def __init__(self):
         self.mssql_conn = None
         self.context = None
         self.action = None
+        self.advanced_options_backup = None  # Stores original value of 'show advanced options'
 
     def options(self, context, module_options):
         """
@@ -36,22 +37,35 @@ def on_login(self, context, connection):
         else:
             self.context.log.error("Invalid ACTION. Use 'enable' or 'disable'.")
 
+    def backup_show_advanced_options(self):
+        """Backs up the current state of 'show advanced options'."""
+        query = "SELECT CAST(value AS INT) AS value FROM sys.configurations WHERE name = 'show advanced options'"
+        res = self.mssql_conn.sql_query(query)
+        if res:
+            self.advanced_options_backup = int(res[0]["value"])  # Convert to integer
+
+    def restore_show_advanced_options(self):
+        """Restores the original state of 'show advanced options' if needed."""
+        if self.advanced_options_backup is not None and self.advanced_options_backup == 0:
+            self.mssql_conn.sql_query("EXEC sp_configure 'show advanced options', '0'; RECONFIGURE")
+
     def toggle_xp_cmdshell(self, enable: bool):
-        """Enables or disables xp_cmdshell."""
+        """Enables or disables xp_cmdshell while preserving 'show advanced options' state."""
         state = "1" if enable else "0"
-        commands = [
-            "EXEC sp_configure 'show advanced options', '1'",
-            "RECONFIGURE",
-            f"EXEC sp_configure 'xp_cmdshell', '{state}'",
-            "RECONFIGURE"
-        ]
-
-        for cmd in commands:
-            try:
-                self.mssql_conn.sql_query(cmd)
-            except Exception as e:
-                self.context.log.error(f"Failed to execute command: {e}")
-                return
-
-        action_text = "enabled" if enable else "disabled"
-        self.context.log.success(f"xp_cmdshell successfully {action_text}.")
+
+        # Backup 'show advanced options' state
+        self.backup_show_advanced_options()
+
+        # Enable 'show advanced options' if it was disabled
+        self.mssql_conn.sql_query("EXEC sp_configure 'show advanced options', '1'; RECONFIGURE")
+
+        try:
+            # Enable or disable xp_cmdshell
+            self.mssql_conn.sql_query(f"EXEC sp_configure 'xp_cmdshell', '{state}'; RECONFIGURE")
+            action_text = "enabled" if enable else "disabled"
+            self.context.log.success(f"xp_cmdshell successfully {action_text}.")
+        except Exception as e:
+            self.context.log.error(f"Failed to execute command: {e}")
+
+        # Restore 'show advanced options' to its original state if needed
+        self.restore_show_advanced_options()
