Skip to content

Refactor the --database argument to comply with security checks#1259

Open
Dfte wants to merge 1 commit into
Pennyw0rth:mainfrom
Dfte:refactor_list_database
Open

Refactor the --database argument to comply with security checks#1259
Dfte wants to merge 1 commit into
Pennyw0rth:mainfrom
Dfte:refactor_list_database

Conversation

@Dfte

@Dfte Dfte commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Description

This PR modifies the --database option to comply with security checks such as checking if the self.conn.lastError value is set by tds.py at some point.

Type of change

Insert an "x" inside the brackets for relevant items (do not delete options)

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Deprecation of feature or functionality
  • This change requires a documentation update
  • This requires a third party update (such as Impacket, Dploot, lsassy, etc)
  • This PR was created with the assistance of AI (list what type of assistance, tool(s)/model(s) in the description)

Setup guide for the review

Screenshots (if appropriate):

Nothing changed:

image

Checklist:

Insert an "x" inside the brackets for completed and relevant items (do not delete options)

  • I have ran Ruff against my changes (poetry: poetry run ruff check ., use --fix to automatically fix what it can)
  • I have added or updated the tests/e2e_commands.txt file if necessary (new modules or features are required to be added to the e2e tests)
  • If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
  • I have linked relevant sources that describes the added technique (blog posts, documentation, etc)
  • I have performed a self-review of my own code (not an AI review)
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)

@NeffIsBack NeffIsBack added the enhancement New feature or request label Jun 2, 2026
@NeffIsBack

Copy link
Copy Markdown
Member

Nice one, thanks for the PR!

One day we should probably either do some stub function that does the error handling (similar to .search() in ldap) or implement exception raising/handling in tds.

@Dfte

Dfte commented Jun 3, 2026

Copy link
Copy Markdown
Contributor Author

Nice one, thanks for the PR!

One day we should probably either do some stub function that does the error handling (similar to .search() in ldap) or implement exception raising/handling in tds.

We already do, if any error occurs, the self.conn.lastError value is filled. We simply have to check that value every query

@NeffIsBack

Copy link
Copy Markdown
Member

Nice one, thanks for the PR!
One day we should probably either do some stub function that does the error handling (similar to .search() in ldap) or implement exception raising/handling in tds.

We already do, if any error occurs, the self.conn.lastError value is filled. We simply have to check that value every query

Yeah but I meant that we substitute the normal query and do this if lastError exists... automatically in NetExec's own query function, so we don't have to do this check in all places.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants