t94j0 · May 28, 2019 19:00
diff --git a/monitor.py b/monitor.py
 from pypsrp.exceptions import AuthenticationError
 from pypsrp.client import Client

 HOST = '10.0.128.100'
 MY_PASSWORD = 'abc123!!!'
 client = None


 def connect(username: str, password: str):
    global client
    client = Client(HOST, username=username, password=password, ssl=False)


 def password_changed(username: str, old_password: str) -> bool:
    c = Client(HOST, username=username, password=old_password, ssl=False)
    try:
        c.execute_ps('echo "hello"')
        return False
    except AuthenticationError:
        return True


 def file_exists(path: str) -> bool:
    out, err, rc = client.execute_ps(f'Test-Path "{path}"')
    return out == 'True'


 # command injection through username parameter
 def administrator_user(username: str) -> bool:
    out, err, rc = client.execute_ps('(Get-WmiObject win32_group -Filter \'Name = "Administrators"\').GetRelated("win32_useraccount") | ?{$_.Name -eq "%s"}' % username)
    print(err)
    print(rc)
    return len(out) > 0


 def service_started(name: str) -> bool:
    out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
    return out == 'Running'


 def service_stopped(name: str) -> bool:
    out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
    return out == 'Stopped'


 if __name__ == '__main__':
    connect("Administrator", MY_PASSWORD)

    trues = [administrator_user("monitor"), service_started('WinRM'), service_stopped('WwanSvc'), password_changed("monitor", "abc123"), file_exists('C:\\Users\\monitor\\ntuser.ini')]
    falses = [administrator_user("O517JI2UJG"), service_started('WwanSvc'), service_stopped('WinRM'), password_changed("monitor", MY_PASSWORD), file_exists('C:\\Users\\monitor\\.mememobile')]

    print(trues, falses)
	from pypsrp.exceptions import AuthenticationError
	from pypsrp.client import Client

	HOST = '10.0.128.100'
	MY_PASSWORD = 'abc123!!!'
	client = None


	def connect(username: str, password: str):
	global client
	client = Client(HOST, username=username, password=password, ssl=False)


	def password_changed(username: str, old_password: str) -> bool:
	c = Client(HOST, username=username, password=old_password, ssl=False)
	try:
	c.execute_ps('echo "hello"')
	return False
	except AuthenticationError:
	return True


	def file_exists(path: str) -> bool:
	out, err, rc = client.execute_ps(f'Test-Path "{path}"')
	return out == 'True'


	# command injection through username parameter
	def administrator_user(username: str) -> bool:
	out, err, rc = client.execute_ps('(Get-WmiObject win32_group -Filter \'Name = "Administrators"\').GetRelated("win32_useraccount") \| ?{$_.Name -eq "%s"}' % username)
	print(err)
	print(rc)
	return len(out) > 0


	def service_started(name: str) -> bool:
	out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
	return out == 'Running'


	def service_stopped(name: str) -> bool:
	out, err, rc = client.execute_ps(f'(Get-Service {name}).Status')
	return out == 'Stopped'


	if __name__ == '__main__':
	connect("Administrator", MY_PASSWORD)

	trues = [administrator_user("monitor"), service_started('WinRM'), service_stopped('WwanSvc'), password_changed("monitor", "abc123"), file_exists('C:\\Users\\monitor\\ntuser.ini')]
	falses = [administrator_user("O517JI2UJG"), service_started('WwanSvc'), service_stopped('WinRM'), password_changed("monitor", MY_PASSWORD), file_exists('C:\\Users\\monitor\\.mememobile')]

	print(trues, falses)