Skip to content

Commit

Permalink
[wmi] Revert new check_admin function
Browse files Browse the repository at this point in the history 
Signed-off-by: XiaoliChan <2209553467@qq.com>
  • Loading branch information
@XiaoliChan
XiaoliChan committed Sep 14, 2023
1 parent 823f9ca commit 20459ef
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 22 deletions.
6 changes: 1 addition & 5 deletions cme/connection.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ def _decorator(self, *args, **kwargs):

return wraps(func)(_decorator)

def dcom_FirewallChecker(iInterface, timeout=None):
def dcom_FirewallChecker(iInterface, timeout):
stringBindings = iInterface.get_cinstance().get_string_bindings()
for strBinding in stringBindings:
if strBinding['wTowerId'] == 7:
Expand All @@ -60,10 +60,6 @@ def dcom_FirewallChecker(iInterface, timeout=None):
stringBinding = 'ncacn_ip_tcp:%s%s' % (iInterface.get_target(), bindingPort)
if "stringBinding" not in locals():
return True, None

# if not timeout, which means not doing firewall check.
if not timeout:
return True, stringBinding
try:
rpctransport = transport.DCERPCTransportFactory(stringBinding)
rpctransport.set_connect_timeout(timeout)
Expand Down
41 changes: 24 additions & 17 deletions cme/protocols/wmi.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,29 +164,36 @@ def print_host_info(self):
def check_if_admin(self):
try:
dcom = DCOMConnection(self.conn.getRemoteName(), self.username, self.password, self.domain, self.lmhash, self.nthash, oxidResolver=True, doKerberos=self.doKerberos ,kdcHost=self.kdcHost, aesKey=self.aesKey)
dcom.set_connect_timeout(self.args.rpc_timeout)
iInterface = dcom.CoCreateInstanceEx(CLSID_WbemLevel1Login, IID_IWbemLevel1Login)
_, self.stringBinding = dcom_FirewallChecker(iInterface)
iWbemLevel1Login = IWbemLevel1Login(iInterface)
iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
flag, self.stringBinding = dcom_FirewallChecker(iInterface, self.args.rpc_timeout)
except Exception as e:
if "dcom" in locals():
dcom.disconnect()

error_msg = str(e).lower()

if error_msg.find("access_denied") > 0:
pass
else:
if error_msg.find("timed out") > 0 or error_msg.lower().find("connection refused") > 0:
error_msg = f'Check admin error: dcom initialization failed with stringbinding: "{self.stringBinding}", please try "--rpc-timeout" option. (probably is admin)'
elif not self.stringBinding:
if not str(e).lower().find("access_denied") >=0:
self.logger.fail(str(e))
else:
if not flag or not self.stringBinding:
dcom.disconnect()
error_msg = f'Check admin error: dcom initialization failed with stringbinding: "{self.stringBinding}", please try "--rpc-timeout" option. (probably is admin)'

if not self.stringBinding:
error_msg = "Check admin error: dcom initialization failed: can't get target stringbinding, maybe cause by IPv6 or any other issues, please check your target again"
self.logger.fail(error_msg)
else:
dcom.disconnect()
self.logger.extra['protocol'] = "WMI"
self.admin_privs = True

self.logger.fail(error_msg) if not flag else self.logger.debug(error_msg)
else:
try:
iWbemLevel1Login = IWbemLevel1Login(iInterface)
iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
except Exception as e:
dcom.disconnect()

if not str(e).lower().find("access_denied") >=0:
self.logger.fail(str(e))
else:
dcom.disconnect()
self.logger.extra['protocol'] = "WMI"
self.admin_privs = True
return

def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="", kdcHost="", useCache=False):
Expand Down

0 comments on commit 20459ef

Please sign in to comment.