From b14830f17a624157509af7c1cc4313d1ed2b726f Mon Sep 17 00:00:00 2001
From: Fox <mfox05@gmail.com>
Date: Tue, 25 Feb 2025 14:25:30 -0800
Subject: [PATCH 1/2] Refactored powershell_history module to fix case
 sensitivity

---
 nxc/modules/powershell_history.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/nxc/modules/powershell_history.py b/nxc/modules/powershell_history.py
index 3e531dc33..ce42b76ba 100644
--- a/nxc/modules/powershell_history.py
+++ b/nxc/modules/powershell_history.py
@@ -36,8 +36,10 @@ def on_admin_login(self, context, connection):
                             buf = BytesIO()
                             connection.conn.getFile("C$", file_path, buf.write)
                             buf.seek(0)
-                            file_content = buf.read().decode("utf-8", errors="ignore").lower()                
-                            keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword in file_content]
+                            file_content = buf.read().decode("utf-8", errors="ignore")
+                            # Use temporary lowercase version for searching
+                            file_content_lower = file_content.lower()
+                            keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword.lower() in file_content_lower]
                             if len(keywords):
                                 context.log.highlight(f"C:\\{file_path} [ {' '.join(keywords)} ]")
                             else:

From 6120249dd042423272ceacc90357fcf91066d34c Mon Sep 17 00:00:00 2001
From: Alexander Neff <alex99.neff@gmx.de>
Date: Wed, 26 Feb 2025 03:36:22 -0500
Subject: [PATCH 2/2] Simplify code

---
 nxc/modules/powershell_history.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/nxc/modules/powershell_history.py b/nxc/modules/powershell_history.py
index ce42b76ba..5e897cc8d 100644
--- a/nxc/modules/powershell_history.py
+++ b/nxc/modules/powershell_history.py
@@ -37,9 +37,7 @@ def on_admin_login(self, context, connection):
                             connection.conn.getFile("C$", file_path, buf.write)
                             buf.seek(0)
                             file_content = buf.read().decode("utf-8", errors="ignore")
-                            # Use temporary lowercase version for searching
-                            file_content_lower = file_content.lower()
-                            keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword.lower() in file_content_lower]
+                            keywords = [keyword.upper() for keyword in self.sensitive_keywords if keyword.lower() in file_content.lower()]
                             if len(keywords):
                                 context.log.highlight(f"C:\\{file_path} [ {' '.join(keywords)} ]")
                             else: