Python impacket.smb.SMBCommand() Examples
The following are 30
code examples of impacket.smb.SMBCommand().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.smb
, or try the search function
.
.
Example #1
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #2
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #3
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #4
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #5
| Source File: eternalblue_exploit7.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def sendEcho(conn, tid, data):
pkt = smb.NewSMBPacket()
pkt['Tid'] = tid
transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
transCommand['Parameters'] = smb.SMBEcho_Parameters()
transCommand['Data'] = smb.SMBEcho_Data()
transCommand['Parameters']['EchoCount'] = 1
transCommand['Data']['Data'] = data
pkt.addCommand(transCommand)
conn.sendSMB(pkt)
recvPkt = conn.recvSMB()
if recvPkt.getNTStatus() == 0:
print('got good ECHO response')
else:
print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
Example #6
| Source File: eternalblue_exploit10.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def sendEcho(conn, tid, data):
pkt = smb.NewSMBPacket()
pkt['Tid'] = tid
transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
transCommand['Parameters'] = smb.SMBEcho_Parameters()
transCommand['Data'] = smb.SMBEcho_Data()
transCommand['Parameters']['EchoCount'] = 1
transCommand['Data']['Data'] = data
pkt.addCommand(transCommand)
conn.sendSMB(pkt)
recvPkt = conn.recvSMB()
if recvPkt.getNTStatus() == 0:
print('got good ECHO response')
else:
print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
# override SMB.neg_session() to allow forcing ntlm authentication
Example #7
| Source File: eternalblue_exploit8.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def sendEcho(conn, tid, data):
pkt = smb.NewSMBPacket()
pkt['Tid'] = tid
transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
transCommand['Parameters'] = smb.SMBEcho_Parameters()
transCommand['Data'] = smb.SMBEcho_Data()
transCommand['Parameters']['EchoCount'] = 1
transCommand['Data']['Data'] = data
pkt.addCommand(transCommand)
conn.sendSMB(pkt)
recvPkt = conn.recvSMB()
if recvPkt.getNTStatus() == 0:
print('got good ECHO response')
else:
print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
# override SMB.neg_session() to allow forcing ntlm authentication
Example #8
| Source File: smbtrap2.py From SMBTrap with MIT License | 6 votes |
|
def smbCommandHook_SMB_COM_TREE_CONNECT_ANDX(connId, smbServer, SMBCommand, recvPacket):
treeConnectAndXParameters = smb.SMBTreeConnectAndX_Parameters(SMBCommand['Parameters'])
treeConnectAndXData = smb.SMBTreeConnectAndX_Data(flags=recvPacket['Flags2'])
treeConnectAndXData['_PasswordLength'] = treeConnectAndXParameters['PasswordLength']
treeConnectAndXData.fromString(SMBCommand['Data'])
path = smbserver.decodeSMBString(recvPacket['Flags2'], treeConnectAndXData['Path'])
local_path = ntpath.basename(path)
service = smbserver.decodeSMBString(recvPacket['Flags2'], treeConnectAndXData['Service'])
report_tree_connect_attempt(connId, {"Path": path, "local_path": local_path, "Service": service})
return smbserver.SMBCommands.smbComTreeConnectAndX(smbserver.SMBCommands(), connId, smbServer, SMBCommand, recvPacket)
# Overriding this allows us to claim we have no shares, so we still get ANDX data, but don't need to share anything
Example #9
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #10
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #11
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #12
| Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
|
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #13
| Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
|
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #14
| Source File: smb3.py From cracke-dit with MIT License | 6 votes |
|
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None):
if len(fileName) > 0 and fileName[0] == '\\':
fileName = fileName[1:]
if cmd is not None:
from impacket import smb
ntCreate = smb.SMBCommand(data = str(cmd))
params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters'])
return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'],
params['CreateOptions'], params['Disposition'], params['FileAttributes'],
params['Impersonation'], params['SecurityFlags'])
else:
return self.create(treeId, fileName,
FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA |
FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL,
FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #15
| Source File: smb3.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None):
if len(fileName) > 0 and fileName[0] == '\\':
fileName = fileName[1:]
if cmd is not None:
from impacket import smb
ntCreate = smb.SMBCommand(data = str(cmd))
params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters'])
return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'],
params['CreateOptions'], params['Disposition'], params['FileAttributes'],
params['Impersonation'], params['SecurityFlags'])
else:
return self.create(treeId, fileName,
FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA |
FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL,
FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #16
| Source File: smb3.py From PiBunny with MIT License | 6 votes |
|
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None):
if len(fileName) > 0 and fileName[0] == '\\':
fileName = fileName[1:]
if cmd is not None:
from impacket import smb
ntCreate = smb.SMBCommand(data = str(cmd))
params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters'])
return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'],
params['CreateOptions'], params['Disposition'], params['FileAttributes'],
params['Impersonation'], params['SecurityFlags'])
else:
return self.create(treeId, fileName,
FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA |
FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL,
FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #17
| Source File: smbtorture.py From PiBunny with MIT License | 6 votes |
|
def smbComTreeConnectAndX( packet, packetNum, SMBCommand, questions, replies):
# Test return code is always 0, otherwise leave before doing anything
if packet['ErrorCode'] != 0:
return False
print "SMB_COM_TREE_CONNECT_ANDX ",
try:
if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0:
# Query
treeConnectAndXParameters = smb.SMBTreeConnectAndX_Parameters(SMBCommand['Parameters'])
treeConnectAndXData = smb.SMBTreeConnectAndX_Data()
treeConnectAndXData['_PasswordLength'] = treeConnectAndXParameters['PasswordLength']
treeConnectAndXData.fromString(SMBCommand['Data'])
else:
# Response
treeConnectAndXParameters = smb.SMBTreeConnectAndXResponse_Parameters(SMBCommand['Parameters'])
#treeConnectAndXData = smb.SMBTreeConnectAndXResponse_Data(SMBCommand['Data'])
except Exception, e:
print "ERROR: %s" % e
print "Command: 0x%x" % packet['Command']
print "Packet: %d %r" % (packetNum, packet.getData())
return True
Example #18
| Source File: smbtorture.py From PiBunny with MIT License | 6 votes |
|
def smbComNtCreateAndX( packet, packetNum, SMBCommand, questions, replies):
# Test return code is always 0, otherwise leave before doing anything
if packet['ErrorCode'] != 0:
return False
print "SMB_COM_NT_CREATE_ANDX ",
try:
if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0:
# Query
ntCreateAndXParameters = smb.SMBNtCreateAndX_Parameters(SMBCommand['Parameters'])
ntCreateAndXData = smb.SMBNtCreateAndX_Data(SMBCommand['Data'])
else:
# Response
ntCreateResponse = SMBCommand
ntCreateParameters = smb.SMBNtCreateAndXResponse_Parameters(ntCreateResponse['Parameters'])
except Exception, e:
print "ERROR: %s" % e
print "Command: 0x%x" % packet['Command']
print "Packet: %d %r" % (packetNum, packet.getData())
return True
Example #19
| Source File: smbtorture.py From PiBunny with MIT License | 6 votes |
|
def smbComOpenAndX( packet, packetNum, SMBCommand, questions, replies):
# Test return code is always 0, otherwise leave before doing anything
if packet['ErrorCode'] != 0:
return True
print "SMB_COM_OPEN_ANDX ",
try:
if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0:
# Query
openAndXParameters = smb.SMBOpenAndX_Parameters(SMBCommand['Parameters'])
openAndXData = smb.SMBOpenAndX_Data(SMBCommand['Data'])
else:
# Response
openFileResponse = SMBCommand
openFileParameters = smb.SMBOpenAndXResponse_Parameters(openFileResponse['Parameters'])
except Exception, e:
print "ERROR: %s" % e
print "Command: 0x%x" % packet['Command']
print "Packet: %d %r" % (packetNum, packet.getData())
return True
Example #20
| Source File: smb3.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None):
if len(fileName) > 0 and fileName[0] == '\\':
fileName = fileName[1:]
if cmd is not None:
from impacket import smb
ntCreate = smb.SMBCommand(data = cmd.getData())
params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters'])
return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'],
params['CreateOptions'], params['Disposition'], params['FileAttributes'],
params['Impersonation'], params['SecurityFlags'])
else:
return self.create(treeId, fileName,
FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA |
FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL,
FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #21
| Source File: smbrelayserver.py From CVE-2019-1040 with MIT License | 5 votes |
|
def SmbComNegotiate(self, connId, smbServer, SMBCommand, recvPacket):
connData = smbServer.getConnectionData(connId, checkStatus = False)
if self.config.mode.upper() == 'REFLECTION':
self.targetprocessor = TargetsProcessor(singleTarget='SMB://%s:445/' % connData['ClientIP'])
#TODO: Check if a cache is better because there is no way to know which target was selected for this victim
# except for relying on the targetprocessor selecting the same target unless a relay was already done
self.target = self.targetprocessor.getTarget()
LOG.info("SMBD-%s: Received connection from %s, attacking target %s://%s" % (connId, connData['ClientIP'],
self.target.scheme, self.target.netloc))
try:
if recvPacket['Flags2'] & smb.SMB.FLAGS2_EXTENDED_SECURITY == 0:
extSec = False
else:
if self.config.mode.upper() == 'REFLECTION':
# Force standard security when doing reflection
LOG.debug("Downgrading to standard security")
extSec = False
recvPacket['Flags2'] += (~smb.SMB.FLAGS2_EXTENDED_SECURITY)
else:
extSec = True
#Init the correct client for our target
client = self.init_client(extSec)
except Exception as e:
LOG.error("Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e)))
self.targetprocessor.logTarget(self.target)
else:
connData['SMBClient'] = client
connData['EncryptionKey'] = client.getStandardSecurityChallenge()
smbServer.setConnectionData(connId, connData)
return self.origSmbComNegotiate(connId, smbServer, SMBCommand, recvPacket)
#############################################################
Example #22
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def create_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION_SECONDARY) transCmd['Parameters'] = SMBTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #23
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def do_write_andx_raw_pipe(self, fid, data, mid=None, pid=None, tid=None): writeAndX = smb.SMBCommand(smb.SMB.SMB_COM_WRITE_ANDX) writeAndX['Parameters'] = smb.SMBWriteAndX_Parameters_Short() writeAndX['Parameters']['Fid'] = fid writeAndX['Parameters']['Offset'] = 0 writeAndX['Parameters']['WriteMode'] = 4 # SMB_WMODE_WRITE_RAW_NAMED_PIPE writeAndX['Parameters']['Remaining'] = 12345 # can be any. raw named pipe does not use it writeAndX['Parameters']['DataLength'] = len(data) writeAndX['Parameters']['DataOffset'] = 32 + len(writeAndX['Parameters']) + 1 + 2 + 1 # WordCount(1), ByteCount(2), Padding(1) writeAndX['Data'] = '\x00' + data # pad 1 byte self.send_raw(self.create_smb_packet(writeAndX, mid, pid, tid)) return self.recvSMB()
Example #24
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def create_nt_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT_SECONDARY) transCmd['Parameters'] = SMBNTTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #25
| Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
|
def send_echo(self, data): pkt = smb.NewSMBPacket() pkt['Tid'] = self._default_tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) self.sendSMB(pkt) return self.recvSMB()
Example #26
| Source File: smbtorture.py From PiBunny with MIT License | 5 votes |
|
def smbComWriteAndX( packet, packetNum, SMBCommand, questions, replies):
# Test return code is always 0, otherwise leave before doing anything
if packet['ErrorCode'] != 0:
return False
print "SMB_COM_WRITE_ANDX ",
try:
if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0:
# Query
if SMBCommand['WordCount'] == 0x0C:
writeAndX = smb.SMBWriteAndX_Parameters2(SMBCommand['Parameters'])
else:
writeAndX = smb.SMBWriteAndX_Parameters(SMBCommand['Parameters'])
writeAndXData = smb.SMBWriteAndX_Data()
writeAndXData['DataLength'] = writeAndX['DataLength']
if writeAndX['DataLength'] > 0:
writeAndXData.fromString(SMBCommand['Data'])
else:
# Response
writeResponse = SMBCommand
writeResponseParameters = smb.SMBWriteAndXResponse_Parameters(writeResponse['Parameters'])
except Exception, e:
print "ERROR: %s" % e
print "Command: 0x%x" % packet['Command']
print "Packet: %d %r" % (packetNum, packet.getData())
return True
Example #27
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def recv_transaction_data(self, mid, minLen): data = '' while len(data) < minLen: recvPkt = self.recvSMB() if recvPkt['Mid'] != mid: continue resp = smb.SMBCommand(recvPkt['Data'][0]) data += resp['Data'][1:] # skip padding #print(len(data)) return data
Example #28
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def create_nt_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT_SECONDARY) transCmd['Parameters'] = SMBNTTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #29
| Source File: smbrelayserver.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def SmbComNegotiate(self, connId, smbServer, SMBCommand, recvPacket):
connData = smbServer.getConnectionData(connId, checkStatus = False)
if self.config.mode.upper() == 'REFLECTION':
self.targetprocessor = TargetsProcessor(singleTarget='SMB://%s:445/' % connData['ClientIP'])
#TODO: Check if a cache is better because there is no way to know which target was selected for this victim
# except for relying on the targetprocessor selecting the same target unless a relay was already done
self.target = self.targetprocessor.getTarget()
LOG.info("SMBD-%s: Received connection from %s, attacking target %s://%s" % (connId, connData['ClientIP'],
self.target.scheme, self.target.netloc))
try:
if recvPacket['Flags2'] & smb.SMB.FLAGS2_EXTENDED_SECURITY == 0:
extSec = False
else:
if self.config.mode.upper() == 'REFLECTION':
# Force standard security when doing reflection
LOG.debug("Downgrading to standard security")
extSec = False
recvPacket['Flags2'] += (~smb.SMB.FLAGS2_EXTENDED_SECURITY)
else:
extSec = True
#Init the correct client for our target
client = self.init_client(extSec)
except Exception as e:
LOG.error("Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e)))
self.targetprocessor.logTarget(self.target)
else:
connData['SMBClient'] = client
connData['EncryptionKey'] = client.getStandardSecurityChallenge()
smbServer.setConnectionData(connId, connData)
return self.origSmbComNegotiate(connId, smbServer, SMBCommand, recvPacket)
#############################################################
Example #30
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
|
def create_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION_SECONDARY) transCmd['Parameters'] = SMBTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
