Merge pull request #114 from XiaoliChan/winrm-better-output

[winrm] better output
Pennyw0rth · Dec 10, 2023 · 4846464 · 4846464
2 parents 046b1f9 + afd568c
commit 4846464
Showing 1 changed file with 16 additions and 5 deletions.
diff --git a/nxc/protocols/winrm.py b/nxc/protocols/winrm.py
@@ -35,17 +35,20 @@ def __init__(self, args, db, host):
         self.lmhash = ""
         self.nthash = ""
         self.ssl = False
+        self.auth_type = None
 
         connection.__init__(self, args, db, host)
 
     def proto_logger(self):
+        # Reason why default is SMB/445, because default is enumerate over SMB.
+        # For more details, please check the function "print_host_info" 
         logging.getLogger("pypsrp").disabled = True
         logging.getLogger("pypsrp.wsman").disabled = True
         self.logger = NXCAdapter(
             extra={
-                "protocol": "WINRM",
+                "protocol": "SMB",
                 "host": self.host,
-                "port": "5985",
+                "port": "445",
                 "hostname": self.hostname,
             }
         )
@@ -180,9 +183,16 @@ def laps_search(self, username, password, ntlm_hash, domain):
         return True
 
     def print_host_info(self):
-        self.logger.extra["protocol"] = "WINRM-SSL" if self.ssl else "WINRM"
-        self.logger.extra["port"] = self.port
-        self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})")
+        if self.args.no_smb:
+            self.logger.extra["protocol"] = "WINRM-SSL" if self.ssl else "WINRM"
+            self.logger.extra["port"] = self.port
+            self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})")
+        else:
+            self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain})")
+            self.logger.extra["protocol"] = "WINRM-SSL" if self.ssl else "WINRM"
+            self.logger.extra["port"] = self.port
+
+        self.logger.info(f"Connection information: {self.endpoint} (auth type:{self.auth_type}) (domain:{self.domain if self.args.domain else ''})")
 
         if self.args.laps:
             return self.laps_search(self.args.username, self.args.password, self.args.hash, self.domain)
@@ -211,6 +221,7 @@ def create_conn_obj(self):
                 self.logger.debug(f"Requesting URL: {endpoints[protocol]['url']}")
                 res = requests.post(endpoints[protocol]["url"], verify=False, timeout=self.args.http_timeout) 
                 self.logger.debug(f"Received response code: {res.status_code}")
+                self.auth_type = res.headers["WWW-Authenticate"] if "WWW-Authenticate" in res.headers else "NOAUTH"
                 self.endpoint = endpoints[protocol]["url"]
                 self.ssl = endpoints[protocol]["ssl"]
                 return True