Update atexec.py

Signed-off-by: Kahvi-0xFF <46513413+Kahvi-0@users.noreply.github.com>

Author: Kahvi-0

nxc/protocols/smb/atexec.py

@@ -1,6 +1,5 @@
 import os
 import random
-import re
 from textwrap import dedent
 from impacket.dcerpc.v5 import tsch, transport
 from impacket.dcerpc.v5.dtypes import NULL
@@ -112,15 +111,8 @@ def gen_xml(self, command):
         random.shuffle(idleSettings)
         randomized_idleSettings = "\n".join(idleSettings)
 
-        match = re.match(r'^(.+?\\[^\\ ]+)\s+(.*)', command)
-        if match:
-            cmd_path = match.group(1)
-            cmd_args = match.group(2)
-        else:
-            self.logger.display(f"Full Path not detected, defaulting to CMD")
-            self.__retOutput = True
-            cmd_path = f"C:\Windows\System32\cmd.exe"
-            cmd_args = f"/c {command}"
+        cmd_path = "C:\Windows\System32\cmd"
+        cmd_args = f"/c {command}"
 
         xml = f"""<?xml version="1.0" encoding="UTF-16"?>
         <Task version="1.3" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
@@ -153,10 +145,7 @@ def gen_xml(self, command):
                 self.__output_filename = os.path.join(file_location, gen_random_string(8))
             else:
                 self.__output_filename = os.path.join(file_location, self.output_filename)
-
-            cmd_output = f"&gt; {self.__output_filename} 2&gt;&amp;1"
-            argument_xml = f"      <Arguments>{cmd_args} {cmd_output}</Arguments>"
-                
+            argument_xml = f"      <Arguments>{cmd_args} &gt; {self.__output_filename} 2&gt;&amp;1</Arguments>"
 
         elif self.__retOutput is False:
             argument_xml = f"      <Arguments>{cmd_args}</Arguments>"
@@ -209,10 +198,8 @@ def execute_handler(self, command):
 
         self.logger.info(f"Deleting task \\{self.task_name}")
         tsch.hSchRpcDelete(dce, f"\\{self.task_name}")
-        
         if self.__retOutput:
             smbConnection = self.__rpctransport.get_smb_connection()
-
             tries = 1
             # Give the command a bit of time to execute before we try to read the output, 0.4 seconds was good in testing
             sleep(0.4)
@@ -226,8 +213,8 @@ def execute_handler(self, command):
                         self.logger.fail("ATEXEC: Could not retrieve output file, it may have been detected by AV. Please increase the number of tries with the option '--get-output-tries'. If it is still failing, try the 'wmi' protocol or another exec method")
                         break
                     if "STATUS_BAD_NETWORK_NAME" in str(e):
-                           self.logger.fail(f"ATEXEC: Getting the output file failed - target has blocked access to the share: {self.__share} (but the command may have executed!)")
-                           break
+                         self.logger.fail(f"ATEXEC: Getting the output file failed - target has blocked access to the share: {self.__share} (but the command may have executed!)")
+                         break
                     elif "STATUS_VIRUS_INFECTED" in str(e):
                         self.logger.fail("Command did not run because a virus was detected")
                         break
@@ -245,13 +232,10 @@ def execute_handler(self, command):
                         self.logger.debug(f"Exception when trying to read output file: {e!s}. {self.__tries - tries} tries left, retrying...")
                         tries += 1
                         sleep(1)
- 
             try:
                 self.logger.debug(f"Deleting file {self.__share}\\{self.__output_filename}")
                 smbConnection.deleteFile(self.__share, self.__output_filename)
             except Exception:
                 pass
 
-        else:
-          self.logger.display("No output file was saved to be retrived") 
         dce.disconnect()