t94j0/monitor.py

## monitor.py
from pypsrp.exceptions import AuthenticationError
from pypsrp.client import Client

HOST = '10.0.128.100'
MY_PASSWORD = 'abc123!!!'
client = None


def connect(username: str, password: str):
    global client
    client = Client(HOST, username=username, password=password, ssl=False)


def password_changed(username: str, old_password: str) -> bool:
    c = Client(HOST, username=username, password=old_password, ssl=False)
    try:
        c.execute_ps('echo "hello"')
        return False
    except AuthenticationError:
        return True


def file_exists(path: str) -> bool:
    out, err, rc = client.execute_ps(f'Test-Path "{path}"')
    return out == 'True'


# command injection through username parameter
def administrator_user(username: str) -> bool:
    out, err, rc = client.execute_ps('(Get-WmiObject win32_group -Filter \'Name = "Administrators"\').GetRelated("win32_useraccount") | ?{$_.Name -eq "%s"}' % username)
    print(err)
    print(rc)
    return len(out) > 0


def service_started(name: str) -> bool:
    out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
    return out == 'Running'


def service_stopped(name: str) -> bool:
    out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
    return out == 'Stopped'


if __name__ == '__main__':
    connect("Administrator", MY_PASSWORD)

    trues = [administrator_user("monitor"), service_started('WinRM'), service_stopped('WwanSvc'), password_changed("monitor", "abc123"), file_exists('C:\\Users\\monitor\\ntuser.ini')]
    falses = [administrator_user("O517JI2UJG"), service_started('WwanSvc'), service_stopped('WinRM'), password_changed("monitor", MY_PASSWORD), file_exists('C:\\Users\\monitor\\.mememobile')]

    print(trues, falses)
	from pypsrp.exceptions import AuthenticationError
	from pypsrp.client import Client

	HOST = '10.0.128.100'
	MY_PASSWORD = 'abc123!!!'
	client = None


	def connect(username: str, password: str):
	global client
	client = Client(HOST, username=username, password=password, ssl=False)


	def password_changed(username: str, old_password: str) -> bool:
	c = Client(HOST, username=username, password=old_password, ssl=False)
	try:
	c.execute_ps('echo "hello"')
	return False
	except AuthenticationError:
	return True


	def file_exists(path: str) -> bool:
	out, err, rc = client.execute_ps(f'Test-Path "{path}"')
	return out == 'True'


	# command injection through username parameter
	def administrator_user(username: str) -> bool:
	out, err, rc = client.execute_ps('(Get-WmiObject win32_group -Filter \'Name = "Administrators"\').GetRelated("win32_useraccount") \| ?{$_.Name -eq "%s"}' % username)
	print(err)
	print(rc)
	return len(out) > 0


	def service_started(name: str) -> bool:
	out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
	return out == 'Running'


	def service_stopped(name: str) -> bool:
	out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
	return out == 'Stopped'


	if __name__ == '__main__':
	connect("Administrator", MY_PASSWORD)

	trues = [administrator_user("monitor"), service_started('WinRM'), service_stopped('WwanSvc'), password_changed("monitor", "abc123"), file_exists('C:\\Users\\monitor\\ntuser.ini')]
	falses = [administrator_user("O517JI2UJG"), service_started('WwanSvc'), service_stopped('WinRM'), password_changed("monitor", MY_PASSWORD), file_exists('C:\\Users\\monitor\\.mememobile')]

	print(trues, falses)