Python smb.SMB属性代码示例

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def reconnect(self):
        """
        reconnects the SMB object based on the original options and credentials used. Only exception is that
        manualNegotiate will not be honored.
        Not only the connection will be created but also a login attempt using the original credentials and
        method (Kerberos, PtH, etc)

        :return: True, raises a SessionError exception if error
        """
        userName, password, domain, lmhash, nthash, aesKey, TGT, TGS = self.getCredentials()
        self.negotiateSession(self._preferredDialect)
        if self._doKerberos is True:
            self.kerberosLogin(userName, password, domain, lmhash, nthash, aesKey, self._kdcHost, TGT, TGS, self._useCache)
        else:
            self.login(userName, password, domain, lmhash, nthash, self._ntlmFallback)

        return True 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def _put_trans_data(transCmd, parameters, data, noPad=False):
	# have to init offset before calling len()
	transCmd['Parameters']['ParameterOffset'] = 0
	transCmd['Parameters']['DataOffset'] = 0
	
	# SMB header: 32 bytes
	# WordCount: 1 bytes
	# ByteCount: 2 bytes
	# Note: Setup length is included when len(param) is called
	offset = 32 + 1 + len(transCmd['Parameters']) + 2
	
	transData = ''
	if len(parameters):
		padLen = 0 if noPad else (4 - offset % 4 ) % 4
		transCmd['Parameters']['ParameterOffset'] = offset + padLen
		transData = ('\x00' * padLen) + parameters
		offset += padLen + len(parameters)
	
	if len(data):
		padLen = 0 if noPad else (4 - offset % 4 ) % 4
		transCmd['Parameters']['DataOffset'] = offset + padLen
		transData += ('\x00' * padLen) + data
	
	transCmd['Data'] = transData 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False):
		if maxSetupCount is None:
			maxSetupCount = len(setup)
		if totalParameterCount is None:
			totalParameterCount = len(param)
		if totalDataCount is None:
			totalDataCount = len(data)
		if maxParameterCount is None:
			maxParameterCount = totalParameterCount
		if maxDataCount is None:
			maxDataCount = totalDataCount
		transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION)
		transCmd['Parameters'] = smb.SMBTransaction_Parameters()
		transCmd['Parameters']['TotalParameterCount'] = totalParameterCount
		transCmd['Parameters']['TotalDataCount'] = totalDataCount
		transCmd['Parameters']['MaxParameterCount'] = maxParameterCount
		transCmd['Parameters']['MaxDataCount'] = maxDataCount
		transCmd['Parameters']['MaxSetupCount'] = maxSetupCount
		transCmd['Parameters']['Flags'] = 0
		transCmd['Parameters']['Timeout'] = 0xffffffff
		transCmd['Parameters']['ParameterCount'] = len(param)
		transCmd['Parameters']['DataCount'] = len(data)
		transCmd['Parameters']['Setup'] = setup
		_put_trans_data(transCmd, param, data, noPad)
		return self.create_smb_packet(transCmd, mid, pid, tid) 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False):
		if maxSetupCount is None:
			maxSetupCount = len(setup)
		if totalParameterCount is None:
			totalParameterCount = len(param)
		if totalDataCount is None:
			totalDataCount = len(data)
		if maxParameterCount is None:
			maxParameterCount = totalParameterCount
		if maxDataCount is None:
			maxDataCount = totalDataCount
		transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2)
		transCmd['Parameters'] = smb.SMBTransaction2_Parameters()
		transCmd['Parameters']['TotalParameterCount'] = totalParameterCount
		transCmd['Parameters']['TotalDataCount'] = totalDataCount
		transCmd['Parameters']['MaxParameterCount'] = maxParameterCount
		transCmd['Parameters']['MaxDataCount'] = maxDataCount
		transCmd['Parameters']['MaxSetupCount'] = len(setup)
		transCmd['Parameters']['Flags'] = 0
		transCmd['Parameters']['Timeout'] = 0xffffffff
		transCmd['Parameters']['ParameterCount'] = len(param)
		transCmd['Parameters']['DataCount'] = len(data)
		transCmd['Parameters']['Setup'] = setup
		_put_trans_data(transCmd, param, data, noPad)
		return self.create_smb_packet(transCmd, mid, pid, tid) 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False):
		if maxSetupCount is None:
			maxSetupCount = len(setup)
		if totalParameterCount is None:
			totalParameterCount = len(param)
		if totalDataCount is None:
			totalDataCount = len(data)
		if maxParameterCount is None:
			maxParameterCount = totalParameterCount
		if maxDataCount is None:
			maxDataCount = totalDataCount
		transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT)
		transCmd['Parameters'] = smb.SMBNTTransaction_Parameters()
		transCmd['Parameters']['MaxSetupCount'] = maxSetupCount
		transCmd['Parameters']['TotalParameterCount'] = totalParameterCount
		transCmd['Parameters']['TotalDataCount'] = totalDataCount
		transCmd['Parameters']['MaxParameterCount'] = maxParameterCount
		transCmd['Parameters']['MaxDataCount'] = maxDataCount
		transCmd['Parameters']['ParameterCount'] = len(param)
		transCmd['Parameters']['DataCount'] = len(data)
		transCmd['Parameters']['Function'] = function
		transCmd['Parameters']['Setup'] = setup
		_put_trans_data(transCmd, param, data, noPad)
		return self.create_smb_packet(transCmd, mid, pid, tid) 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def sendEcho(conn, tid, data):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
	transCommand['Parameters'] = smb.SMBEcho_Parameters()
	transCommand['Data'] = smb.SMBEcho_Data()

	transCommand['Parameters']['EchoCount'] = 1
	transCommand['Data']['Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt)
	recvPkt = conn.recvSMB()
	if recvPkt.getNTStatus() == 0:
		print('got good ECHO response')
	else:
		print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))


# override SMB.neg_session() to allow forcing ntlm authentication 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def sendEcho(conn, tid, data):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
	transCommand['Parameters'] = smb.SMBEcho_Parameters()
	transCommand['Data'] = smb.SMBEcho_Data()

	transCommand['Parameters']['EchoCount'] = 1
	transCommand['Data']['Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt)
	recvPkt = conn.recvSMB()
	if recvPkt.getNTStatus() == 0:
		print('got good ECHO response')
	else:
		print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus())) 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def createConnectionWithBigSMBFirst80(target):
	# https://msdn.microsoft.com/en-us/library/cc246496.aspx
	# Above link is about SMB2, but the important here is first 4 bytes.
	# If using wireshark, you will see the StreamProtocolLength is NBSS length.
	# The first 4 bytes is same for all SMB version. It is used for determine the SMB message length.
	#
	# After received first 4 bytes, srvnet.sys allocate nonpaged pool for receving SMB message.
	# srvnet.sys forwards this buffer to SMB message handler after receiving all SMB message.
	# Note: For Windows 7 and Windows 2008, srvnet.sys also forwards the SMB message to its handler when connection lost too.
	sk = socket.create_connection((target, 445))
	# For this exploit, use size is 0x11000
	pkt = '\x00' + '\x00' + pack('>H', 0xfff7)
	# There is no need to be SMB2 because we got code execution by corrupted srvnet buffer.
	# Also this is invalid SMB2 message.
	# I believe NSA exploit use SMB2 for hiding alert from IDS
	#pkt += '\xfeSMB' # smb2
	# it can be anything even it is invalid
	pkt += 'BAAD' # can be any
	pkt += '\x00'*0x7c
	sk.send(pkt)
	return sk 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None):
		if mid is None:
			mid = self.next_mid()
		
		pkt = smb.NewSMBPacket()
		pkt.addCommand(smbReq)
		pkt['Tid'] = self._default_tid if tid is None else tid
		pkt['Uid'] = self._uid
		pkt['Pid'] = self._pid if pid is None else pid
		pkt['Mid'] = mid
		flags1, flags2 = self.get_flags()
		pkt['Flags1'] = flags1
		pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2
		
		if self._SignatureEnabled:
			pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE
			self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse)
			
		req = str(pkt)
		return '\x00'*2 + pack('>H', len(req)) + req  # assume length is <65536 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def __init__(self, remote_name, extended_security = True, sess_port = 445):
        self._extendedSecurity = extended_security
        self.domainIp = None
        self.machineAccount = None
        self.machineHashes = None

        smb.SMB.__init__(self,remote_name, remote_name, sess_port = sess_port) 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def neg_session(self):
        neg_sess = smb.SMB.neg_session(self, extended_security = self._extendedSecurity)
        return neg_sess 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def __init__(self, SMBObject, exeFile):
        self._rpctransport = 0
        self.__service_name = ''.join([random.choice(string.letters) for i in range(4)])
        self.__binary_service_name = ''.join([random.choice(string.letters) for i in range(8)]) + '.exe'
        self.__exeFile = exeFile

        # We might receive two different types of objects, always end up
        # with a SMBConnection one
        if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3):
            self.connection = SMBConnection(existingConnection = SMBObject)
        else:
            self.connection = SMBObject

        self.share = '' 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def getSMBServer(self):
        """
        returns the SMB/SMB3 instance being used. Useful for calling low level methods
        """
        return self._SMBConnection 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def __init__(self, SMBObject, exeFile, serviceName=''):
        self._rpctransport = 0
        self.__service_name = serviceName if len(serviceName) > 0  else  ''.join([random.choice(string.letters) for i in range(4)])
        self.__binary_service_name = ''.join([random.choice(string.letters) for i in range(8)]) + '.exe'
        self.__exeFile = exeFile

        # We might receive two different types of objects, always end up
        # with a SMBConnection one
        if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3):
            self.connection = SMBConnection(existingConnection = SMBObject)
        else:
            self.connection = SMBObject

        self.share = '' 

# 需要导入模块: from impacket import smb [as 别名]
# 或者: from impacket.smb import SMB [as 别名]
def weak_pass(password, ip, username):
    try:
        client = smb.SMB('*SMBSERVER', ip)
        client.login(username, password)
        logger.info(ColorConsole.green('[True ] %s %s:%s' % (ip, username, password)))
        found_password.append((ip, '%s:%s' % (username, password)))
        return True
    except Exception as e:
        logger.info('[False] %s %s:%s' % (ip, username, password))

    return False