Python impacket.smb.SMBCommand() Examples
The following are 30
code examples of impacket.smb.SMBCommand().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.smb
, or try the search function
.
Example #1
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #2
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #3
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #4
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #5
Source File: eternalblue_exploit7.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def sendEcho(conn, tid, data): pkt = smb.NewSMBPacket() pkt['Tid'] = tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt) recvPkt = conn.recvSMB() if recvPkt.getNTStatus() == 0: print('got good ECHO response') else: print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
Example #6
Source File: eternalblue_exploit10.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def sendEcho(conn, tid, data): pkt = smb.NewSMBPacket() pkt['Tid'] = tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt) recvPkt = conn.recvSMB() if recvPkt.getNTStatus() == 0: print('got good ECHO response') else: print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus())) # override SMB.neg_session() to allow forcing ntlm authentication
Example #7
Source File: eternalblue_exploit8.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def sendEcho(conn, tid, data): pkt = smb.NewSMBPacket() pkt['Tid'] = tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt) recvPkt = conn.recvSMB() if recvPkt.getNTStatus() == 0: print('got good ECHO response') else: print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus())) # override SMB.neg_session() to allow forcing ntlm authentication
Example #8
Source File: smbtrap2.py From SMBTrap with MIT License | 6 votes |
def smbCommandHook_SMB_COM_TREE_CONNECT_ANDX(connId, smbServer, SMBCommand, recvPacket): treeConnectAndXParameters = smb.SMBTreeConnectAndX_Parameters(SMBCommand['Parameters']) treeConnectAndXData = smb.SMBTreeConnectAndX_Data(flags=recvPacket['Flags2']) treeConnectAndXData['_PasswordLength'] = treeConnectAndXParameters['PasswordLength'] treeConnectAndXData.fromString(SMBCommand['Data']) path = smbserver.decodeSMBString(recvPacket['Flags2'], treeConnectAndXData['Path']) local_path = ntpath.basename(path) service = smbserver.decodeSMBString(recvPacket['Flags2'], treeConnectAndXData['Service']) report_tree_connect_attempt(connId, {"Path": path, "local_path": local_path, "Service": service}) return smbserver.SMBCommands.smbComTreeConnectAndX(smbserver.SMBCommands(), connId, smbServer, SMBCommand, recvPacket) # Overriding this allows us to claim we have no shares, so we still get ANDX data, but don't need to share anything
Example #9
Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #10
Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
def create_trans2_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2) transCmd['Parameters'] = smb.SMBTransaction2_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = len(setup) transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #11
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #12
Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
def create_nt_trans_packet(self, function, setup='', param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) transCmd['Parameters'] = smb.SMBNTTransaction_Parameters() transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Function'] = function transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #13
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
def create_trans_packet(self, setup, param='', data='', mid=None, maxSetupCount=None, totalParameterCount=None, totalDataCount=None, maxParameterCount=None, maxDataCount=None, pid=None, tid=None, noPad=False): if maxSetupCount is None: maxSetupCount = len(setup) if totalParameterCount is None: totalParameterCount = len(param) if totalDataCount is None: totalDataCount = len(data) if maxParameterCount is None: maxParameterCount = totalParameterCount if maxDataCount is None: maxDataCount = totalDataCount transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION) transCmd['Parameters'] = smb.SMBTransaction_Parameters() transCmd['Parameters']['TotalParameterCount'] = totalParameterCount transCmd['Parameters']['TotalDataCount'] = totalDataCount transCmd['Parameters']['MaxParameterCount'] = maxParameterCount transCmd['Parameters']['MaxDataCount'] = maxDataCount transCmd['Parameters']['MaxSetupCount'] = maxSetupCount transCmd['Parameters']['Flags'] = 0 transCmd['Parameters']['Timeout'] = 0xffffffff transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['Setup'] = setup _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #14
Source File: smb3.py From cracke-dit with MIT License | 6 votes |
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None): if len(fileName) > 0 and fileName[0] == '\\': fileName = fileName[1:] if cmd is not None: from impacket import smb ntCreate = smb.SMBCommand(data = str(cmd)) params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters']) return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'], params['CreateOptions'], params['Disposition'], params['FileAttributes'], params['Impersonation'], params['SecurityFlags']) else: return self.create(treeId, fileName, FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #15
Source File: smb3.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None): if len(fileName) > 0 and fileName[0] == '\\': fileName = fileName[1:] if cmd is not None: from impacket import smb ntCreate = smb.SMBCommand(data = str(cmd)) params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters']) return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'], params['CreateOptions'], params['Disposition'], params['FileAttributes'], params['Impersonation'], params['SecurityFlags']) else: return self.create(treeId, fileName, FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #16
Source File: smb3.py From PiBunny with MIT License | 6 votes |
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None): if len(fileName) > 0 and fileName[0] == '\\': fileName = fileName[1:] if cmd is not None: from impacket import smb ntCreate = smb.SMBCommand(data = str(cmd)) params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters']) return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'], params['CreateOptions'], params['Disposition'], params['FileAttributes'], params['Impersonation'], params['SecurityFlags']) else: return self.create(treeId, fileName, FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #17
Source File: smbtorture.py From PiBunny with MIT License | 6 votes |
def smbComTreeConnectAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_TREE_CONNECT_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query treeConnectAndXParameters = smb.SMBTreeConnectAndX_Parameters(SMBCommand['Parameters']) treeConnectAndXData = smb.SMBTreeConnectAndX_Data() treeConnectAndXData['_PasswordLength'] = treeConnectAndXParameters['PasswordLength'] treeConnectAndXData.fromString(SMBCommand['Data']) else: # Response treeConnectAndXParameters = smb.SMBTreeConnectAndXResponse_Parameters(SMBCommand['Parameters']) #treeConnectAndXData = smb.SMBTreeConnectAndXResponse_Data(SMBCommand['Data']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True
Example #18
Source File: smbtorture.py From PiBunny with MIT License | 6 votes |
def smbComNtCreateAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_NT_CREATE_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query ntCreateAndXParameters = smb.SMBNtCreateAndX_Parameters(SMBCommand['Parameters']) ntCreateAndXData = smb.SMBNtCreateAndX_Data(SMBCommand['Data']) else: # Response ntCreateResponse = SMBCommand ntCreateParameters = smb.SMBNtCreateAndXResponse_Parameters(ntCreateResponse['Parameters']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True
Example #19
Source File: smbtorture.py From PiBunny with MIT License | 6 votes |
def smbComOpenAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return True print "SMB_COM_OPEN_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query openAndXParameters = smb.SMBOpenAndX_Parameters(SMBCommand['Parameters']) openAndXData = smb.SMBOpenAndX_Data(SMBCommand['Data']) else: # Response openFileResponse = SMBCommand openFileParameters = smb.SMBOpenAndXResponse_Parameters(openFileResponse['Parameters']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True
Example #20
Source File: smb3.py From Slackor with GNU General Public License v3.0 | 6 votes |
def nt_create_andx(self, treeId, fileName, smb_packet=None, cmd = None): if len(fileName) > 0 and fileName[0] == '\\': fileName = fileName[1:] if cmd is not None: from impacket import smb ntCreate = smb.SMBCommand(data = cmd.getData()) params = smb.SMBNtCreateAndX_Parameters(ntCreate['Parameters']) return self.create(treeId, fileName, params['AccessMask'], params['ShareAccess'], params['CreateOptions'], params['Disposition'], params['FileAttributes'], params['Impersonation'], params['SecurityFlags']) else: return self.create(treeId, fileName, FILE_READ_DATA | FILE_WRITE_DATA | FILE_APPEND_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_WRITE_ATTRIBUTES | FILE_READ_ATTRIBUTES | READ_CONTROL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_NON_DIRECTORY_FILE, FILE_OPEN, 0 )
Example #21
Source File: smbrelayserver.py From CVE-2019-1040 with MIT License | 5 votes |
def SmbComNegotiate(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId, checkStatus = False) if self.config.mode.upper() == 'REFLECTION': self.targetprocessor = TargetsProcessor(singleTarget='SMB://%s:445/' % connData['ClientIP']) #TODO: Check if a cache is better because there is no way to know which target was selected for this victim # except for relying on the targetprocessor selecting the same target unless a relay was already done self.target = self.targetprocessor.getTarget() LOG.info("SMBD-%s: Received connection from %s, attacking target %s://%s" % (connId, connData['ClientIP'], self.target.scheme, self.target.netloc)) try: if recvPacket['Flags2'] & smb.SMB.FLAGS2_EXTENDED_SECURITY == 0: extSec = False else: if self.config.mode.upper() == 'REFLECTION': # Force standard security when doing reflection LOG.debug("Downgrading to standard security") extSec = False recvPacket['Flags2'] += (~smb.SMB.FLAGS2_EXTENDED_SECURITY) else: extSec = True #Init the correct client for our target client = self.init_client(extSec) except Exception as e: LOG.error("Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e))) self.targetprocessor.logTarget(self.target) else: connData['SMBClient'] = client connData['EncryptionKey'] = client.getStandardSecurityChallenge() smbServer.setConnectionData(connId, connData) return self.origSmbComNegotiate(connId, smbServer, SMBCommand, recvPacket) #############################################################
Example #22
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def create_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION_SECONDARY) transCmd['Parameters'] = SMBTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #23
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def do_write_andx_raw_pipe(self, fid, data, mid=None, pid=None, tid=None): writeAndX = smb.SMBCommand(smb.SMB.SMB_COM_WRITE_ANDX) writeAndX['Parameters'] = smb.SMBWriteAndX_Parameters_Short() writeAndX['Parameters']['Fid'] = fid writeAndX['Parameters']['Offset'] = 0 writeAndX['Parameters']['WriteMode'] = 4 # SMB_WMODE_WRITE_RAW_NAMED_PIPE writeAndX['Parameters']['Remaining'] = 12345 # can be any. raw named pipe does not use it writeAndX['Parameters']['DataLength'] = len(data) writeAndX['Parameters']['DataOffset'] = 32 + len(writeAndX['Parameters']) + 1 + 2 + 1 # WordCount(1), ByteCount(2), Padding(1) writeAndX['Data'] = '\x00' + data # pad 1 byte self.send_raw(self.create_smb_packet(writeAndX, mid, pid, tid)) return self.recvSMB()
Example #24
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def create_nt_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT_SECONDARY) transCmd['Parameters'] = SMBNTTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #25
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def send_echo(self, data): pkt = smb.NewSMBPacket() pkt['Tid'] = self._default_tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) self.sendSMB(pkt) return self.recvSMB()
Example #26
Source File: smbtorture.py From PiBunny with MIT License | 5 votes |
def smbComWriteAndX( packet, packetNum, SMBCommand, questions, replies): # Test return code is always 0, otherwise leave before doing anything if packet['ErrorCode'] != 0: return False print "SMB_COM_WRITE_ANDX ", try: if (packet['Flags1'] & smb.SMB.FLAGS1_REPLY) == 0: # Query if SMBCommand['WordCount'] == 0x0C: writeAndX = smb.SMBWriteAndX_Parameters2(SMBCommand['Parameters']) else: writeAndX = smb.SMBWriteAndX_Parameters(SMBCommand['Parameters']) writeAndXData = smb.SMBWriteAndX_Data() writeAndXData['DataLength'] = writeAndX['DataLength'] if writeAndX['DataLength'] > 0: writeAndXData.fromString(SMBCommand['Data']) else: # Response writeResponse = SMBCommand writeResponseParameters = smb.SMBWriteAndXResponse_Parameters(writeResponse['Parameters']) except Exception, e: print "ERROR: %s" % e print "Command: 0x%x" % packet['Command'] print "Packet: %d %r" % (packetNum, packet.getData()) return True
Example #27
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def recv_transaction_data(self, mid, minLen): data = '' while len(data) < minLen: recvPkt = self.recvSMB() if recvPkt['Mid'] != mid: continue resp = smb.SMBCommand(recvPkt['Data'][0]) data += resp['Data'][1:] # skip padding #print(len(data)) return data
Example #28
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def create_nt_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT_SECONDARY) transCmd['Parameters'] = SMBNTTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)
Example #29
Source File: smbrelayserver.py From Slackor with GNU General Public License v3.0 | 5 votes |
def SmbComNegotiate(self, connId, smbServer, SMBCommand, recvPacket): connData = smbServer.getConnectionData(connId, checkStatus = False) if self.config.mode.upper() == 'REFLECTION': self.targetprocessor = TargetsProcessor(singleTarget='SMB://%s:445/' % connData['ClientIP']) #TODO: Check if a cache is better because there is no way to know which target was selected for this victim # except for relying on the targetprocessor selecting the same target unless a relay was already done self.target = self.targetprocessor.getTarget() LOG.info("SMBD-%s: Received connection from %s, attacking target %s://%s" % (connId, connData['ClientIP'], self.target.scheme, self.target.netloc)) try: if recvPacket['Flags2'] & smb.SMB.FLAGS2_EXTENDED_SECURITY == 0: extSec = False else: if self.config.mode.upper() == 'REFLECTION': # Force standard security when doing reflection LOG.debug("Downgrading to standard security") extSec = False recvPacket['Flags2'] += (~smb.SMB.FLAGS2_EXTENDED_SECURITY) else: extSec = True #Init the correct client for our target client = self.init_client(extSec) except Exception as e: LOG.error("Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e))) self.targetprocessor.logTarget(self.target) else: connData['SMBClient'] = client connData['EncryptionKey'] = client.getStandardSecurityChallenge() smbServer.setConnectionData(connId, connData) return self.origSmbComNegotiate(connId, smbServer, SMBCommand, recvPacket) #############################################################
Example #30
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def create_trans_secondary_packet(self, mid, param='', paramDisplacement=0, data='', dataDisplacement=0, pid=None, tid=None, noPad=False): transCmd = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION_SECONDARY) transCmd['Parameters'] = SMBTransactionSecondary_Parameters() transCmd['Parameters']['TotalParameterCount'] = len(param) transCmd['Parameters']['TotalDataCount'] = len(data) transCmd['Parameters']['ParameterCount'] = len(param) transCmd['Parameters']['ParameterDisplacement'] = paramDisplacement transCmd['Parameters']['DataCount'] = len(data) transCmd['Parameters']['DataDisplacement'] = dataDisplacement _put_trans_data(transCmd, param, data, noPad) return self.create_smb_packet(transCmd, mid, pid, tid)