Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

NanoDump Bugfixes #578

Merged
merged 8 commits into from
Jun 18, 2022
Merged

NanoDump Bugfixes #578

merged 8 commits into from
Jun 18, 2022

Conversation

lesydimitri
Copy link
Contributor

Things changed:

  1. File name separator changed to "_" because this character is valid in Windows file names and invalid for hostnames.
  2. Changed the regex to allow more characters. The original regex caused problems with hostnames containing a dash "-", resulting in the module failing to execute. This one should cover most cases. Update nanodump.py #564 might be related to this, but from what I'm reading in that pull request, that one only seems to cover the unlikely case of a filename that is exactly the same.
  3. Added support for running the module on a Windows attacking system. In Windows nano_path is "%APPDATA%\CME". I also added quotes to some commands to make sure Windows Paths with spaces won't cause issues.
  4. Changed the default Unix nano_path to "/tmp/cme/" in order to be in line with the Windows addition
  5. Updated to NanoDump binary to the latest version from https://github.com/helpsystems/nanodump and added the 32 bit verison.
  6. Implemented some logic in order to detect the victim's windows architecture and select the corresponding version of NanoDump
  7. Some little typo and QoL fixes (includes bugfix: missing "self" in nanodump module #575)

I'm open to feedback ;-)

@lesydimitri
Copy link
Contributor Author

Scrolling through some issues I realised that my first fix would fail to get the dump file for hostnames containing unicode characters.

I rewrote this again to not rely on regex anymore. Instead, I now decided to go with a random 10 character string.
This also saves a bit of time because the "dir" in the temp directory is no longer required.

@mpgn mpgn mentioned this pull request Jun 17, 2022
cme/modules/nanodump.py Outdated Show resolved Hide resolved
cme/modules/nanodump.py Outdated Show resolved Hide resolved
@mpgn
Copy link
Contributor

mpgn commented Jun 18, 2022

Ok looks good, I will recompile the binaries myself to check if the base64 are equal :)

@mpgn mpgn merged commit edf5722 into byt3bl33d3r:master Jun 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants