Update TTPs/Persistence/rdp.py

2024-11-24 11:30:34 -05:00
parent 9c8a926f8d
commit aa19188a4a
1 changed files with 20 additions and 18 deletions
--- a/TTPs/Persistence/rdp.py
+++ b/TTPs/Persistence/rdp.py
@ -1,6 +1,6 @@
 from Modules.Imports.protocol_imports import *

-def rdp_submenu(target_ip, open_ports):
+def rdp_submenu():
    actions = {
        "1": {"description": "Source Event Logs", "function": source_event_logs},
        "2": {"description": "Destination Event Logs", "function": destination_event_logs},
@ -8,26 +8,28 @@ def rdp_submenu(target_ip, open_ports):
        "4": {"description": "Destination Registry", "function": destination_registry},
        "5": {"description": "Source Artifacts", "function": source_artifacts},
        "6": {"description": "Destination Artifacts", "function": destination_artifacts},
-        "7": {"description": "Extra", "function": extra_info},
-        "8": {"description": "All", "function": run_all_rdp_checks},
+        "7": {"description": "Extra", "function": extra_rdp_info},
+        "8": {"description": "All", "function": all_rdp_info},
    }
-    build_submenu("RDP Persistence", target_ip, actions, open_ports)
+    build_submenu("RDP Persistence", actions)

 # Individual submenu functions
-def source_event_logs(target_ip, open_ports):
-    title = "Source Event Logs"
-    content = (
-        f"- `security.evtx`\n"
-        f"  - 4648: Logon specifying alternate credentials (NLA enabled)\n"
-        f"    - Current logged-on User Name\n"
-        f"    - Alternate User Name\n"
-        f"    - Destination Host Name/IP\n"
-        f"    - Process Name\n"
-        f"- `Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx`\n"
-        f"  - 1024: Destination Host Name\n"
-        f"  - 1102: Destination IP Address"
-    )
-    run_command(title, content, target_ip, open_ports)
+def source_event_logs():
+    title = "RDP Source Event Logs"
+    content = """
+- `security.evtx`
+    - `4648` - Logon specifying alternate credentials - if NLA enabled on destination
+        - Current logged-on User Name
+        - Alternate User Name
+        - Destination Host Name/IP
+        - Process Name
+- `Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx`
+    - `1024`
+        - Destination Host Name
+    - `1102`
+        - Destination IP Address
+"""
+    print_info(title, content)

 def destination_event_logs(target_ip, open_ports):
    title = "Destination Event Logs"