Python impacket.smb.NewSMBPacket() Examples
The following are 28
code examples of impacket.smb.NewSMBPacket().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.smb
, or try the search function
.
Example #1
Source File: mysmb.py From MS17-010-Python with MIT License | 6 votes |
def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None): if mid is None: mid = self.next_mid() pkt = smb.NewSMBPacket() pkt.addCommand(smbReq) pkt['Tid'] = self._default_tid if tid is None else tid pkt['Uid'] = self._uid pkt['Pid'] = self._pid if pid is None else pid pkt['Mid'] = mid flags1, flags2 = self.get_flags() pkt['Flags1'] = flags1 pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2 if self._SignatureEnabled: pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse) req = str(pkt) return '\x00'*2 + pack('>H', len(req)) + req # assume length is <65536
Example #2
Source File: SMB_Core.py From SMBetray with GNU General Public License v3.0 | 6 votes |
def getServerSupportedDialects(self, ip, port = 445): '''Connects to the specified server on the provided port(445 default) and enumeratesSMBKey the supported dialects''' dialects = [SMB_DIALECT, SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30, SMB2_DIALECT_302 ]#, SMB2_DIALECT_311] # Check SMBv1 try: # Build a generic SMBv1 negotiate packet and only show support for SMBv1 smb = NewSMBPacket(data = unhexlify("ff534d4272000000001845680000000000000000000000000000ed4300000100000e00024e54204c4d20302e3132000200")) rawData = str(smb) netbios = struct.pack('>i', len(str(rawData))) rpkt = str(netbios) + str(rawData) # Connect through client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((ip, port)) client.sendall(rpkt) response = client.recv(999999) client.close() del(client) except Exception, e: # It's not supported, bummer dialects.remove(SMB_DIALECT)
Example #3
Source File: SMB_Core.py From SMBetray with GNU General Public License v3.0 | 6 votes |
def checkServerSupportSMB1(self, ip, port = 445): # Check SMBv1 try: # Build a generic SMBv1 negotiate packet and only show support for SMBv1 smb = NewSMBPacket(data = unhexlify("ff534d4272000000001845680000000000000000000000000000ed4300000100000e00024e54204c4d20302e3132000200")) rawData = str(smb) netbios = struct.pack('>i', len(str(rawData))) rpkt = str(netbios) + str(rawData) # Connect through client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((ip, port)) client.sendall(rpkt) response = client.recv(999999) client.close() del(client) except Exception, e: # It's not supported, bummer return False
Example #4
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None): if mid is None: mid = self.next_mid() pkt = smb.NewSMBPacket() pkt.addCommand(smbReq) pkt['Tid'] = self._default_tid if tid is None else tid pkt['Uid'] = self._uid pkt['Pid'] = self._pid if pid is None else pid pkt['Mid'] = mid flags1, flags2 = self.get_flags() pkt['Flags1'] = flags1 pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2 if self._SignatureEnabled: pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse) req = str(pkt) return '\x00'*2 + pack('>H', len(req)) + req # assume length is <65536
Example #5
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 6 votes |
def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None): if mid is None: mid = self.next_mid() pkt = smb.NewSMBPacket() pkt.addCommand(smbReq) pkt['Tid'] = self._default_tid if tid is None else tid pkt['Uid'] = self._uid pkt['Pid'] = self._pid if pid is None else pid pkt['Mid'] = mid flags1, flags2 = self.get_flags() pkt['Flags1'] = flags1 pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2 if self._SignatureEnabled: pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse) req = str(pkt) return '\x00'*2 + pack('>H', len(req)) + req # assume length is <65536
Example #6
Source File: eternalblue_exploit8.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def sendEcho(conn, tid, data): pkt = smb.NewSMBPacket() pkt['Tid'] = tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt) recvPkt = conn.recvSMB() if recvPkt.getNTStatus() == 0: print('got good ECHO response') else: print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus())) # override SMB.neg_session() to allow forcing ntlm authentication
Example #7
Source File: eternalblue_exploit10.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def sendEcho(conn, tid, data): pkt = smb.NewSMBPacket() pkt['Tid'] = tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt) recvPkt = conn.recvSMB() if recvPkt.getNTStatus() == 0: print('got good ECHO response') else: print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus())) # override SMB.neg_session() to allow forcing ntlm authentication
Example #8
Source File: eternalblue_exploit7.py From AutoBlue-MS17-010 with MIT License | 6 votes |
def sendEcho(conn, tid, data): pkt = smb.NewSMBPacket() pkt['Tid'] = tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt) recvPkt = conn.recvSMB() if recvPkt.getNTStatus() == 0: print('got good ECHO response') else: print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))
Example #9
Source File: eternalblue_exploit8.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def send_trans2_second(conn, tid, data, displacement): pkt = smb.NewSMBPacket() pkt['Tid'] = tid # assume no params transCommand = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY) transCommand['Parameters'] = SMBTransaction2Secondary_Parameters_Fixed() transCommand['Data'] = smb.SMBTransaction2Secondary_Data() transCommand['Parameters']['TotalParameterCount'] = 0 transCommand['Parameters']['TotalDataCount'] = len(data) fixedOffset = 32+3+18 transCommand['Data']['Pad1'] = '' transCommand['Parameters']['ParameterCount'] = 0 transCommand['Parameters']['ParameterOffset'] = 0 if len(data) > 0: pad2Len = (4 - fixedOffset % 4) % 4 transCommand['Data']['Pad2'] = '\xFF' * pad2Len else: transCommand['Data']['Pad2'] = '' pad2Len = 0 transCommand['Parameters']['DataCount'] = len(data) transCommand['Parameters']['DataOffset'] = fixedOffset + pad2Len transCommand['Parameters']['DataDisplacement'] = displacement transCommand['Data']['Trans_Parameters'] = '' transCommand['Data']['Trans_Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt)
Example #10
Source File: smbtorture.py From PiBunny with MIT License | 5 votes |
def process(data, packetNum): packet = smb.NewSMBPacket() if data.get_packet()[0] == '\x00': if data.get_packet()[4:8] == '\xffSMB': try: packet.fromString(data.get_packet()[4:]) except Exception, e: print "ERROR: %s" % e print "Command: SMBPacket" print "Packet: %d %r" % (packetNum, data.get_packet()) return True else: return False
Example #11
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def send_echo(self, data): pkt = smb.NewSMBPacket() pkt['Tid'] = self._default_tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) self.sendSMB(pkt) return self.recvSMB()
Example #12
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def _setup_login_packet_hook(maxBufferSize): # setup hook for next NewSMBPacket.addCommand if maxBufferSize is not None if maxBufferSize is not None: global login_MaxBufferSize login_MaxBufferSize = maxBufferSize setattr(smb.NewSMBPacket, "addCommand", NewSMBPacket_addCommand_hook_login)
Example #13
Source File: mysmb.py From MS17-010-Python with MIT License | 5 votes |
def NewSMBPacket_addCommand_hook_login(self, command): # restore NewSMBPacket.addCommand setattr(smb.NewSMBPacket, "addCommand", origin_NewSMBPacket_addCommand) if isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Extended_Parameters): command['Parameters']['MaxBufferSize'] = login_MaxBufferSize elif isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Parameters): command['Parameters']['MaxBuffer'] = login_MaxBufferSize # call original one origin_NewSMBPacket_addCommand(self, command)
Example #14
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def send_echo(self, data): pkt = smb.NewSMBPacket() pkt['Tid'] = self._default_tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) self.sendSMB(pkt) return self.recvSMB()
Example #15
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def _setup_login_packet_hook(maxBufferSize): # setup hook for next NewSMBPacket.addCommand if maxBufferSize is not None if maxBufferSize is not None: global login_MaxBufferSize login_MaxBufferSize = maxBufferSize setattr(smb.NewSMBPacket, "addCommand", NewSMBPacket_addCommand_hook_login)
Example #16
Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def NewSMBPacket_addCommand_hook_login(self, command): # restore NewSMBPacket.addCommand setattr(smb.NewSMBPacket, "addCommand", origin_NewSMBPacket_addCommand) if isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Extended_Parameters): command['Parameters']['MaxBufferSize'] = login_MaxBufferSize elif isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Parameters): command['Parameters']['MaxBuffer'] = login_MaxBufferSize # call original one origin_NewSMBPacket_addCommand(self, command)
Example #17
Source File: eternalblue_exploit10.py From AutoBlue-MS17-010 with MIT License | 5 votes |
def send_trans2_second(conn, tid, data, displacement): pkt = smb.NewSMBPacket() pkt['Tid'] = tid # assume no params transCommand = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY) transCommand['Parameters'] = SMBTransaction2Secondary_Parameters_Fixed() transCommand['Data'] = smb.SMBTransaction2Secondary_Data() transCommand['Parameters']['TotalParameterCount'] = 0 transCommand['Parameters']['TotalDataCount'] = len(data) fixedOffset = 32+3+18 transCommand['Data']['Pad1'] = '' transCommand['Parameters']['ParameterCount'] = 0 transCommand['Parameters']['ParameterOffset'] = 0 if len(data) > 0: pad2Len = (4 - fixedOffset % 4) % 4 transCommand['Data']['Pad2'] = '\xFF' * pad2Len else: transCommand['Data']['Pad2'] = '' pad2Len = 0 transCommand['Parameters']['DataCount'] = len(data) transCommand['Parameters']['DataOffset'] = fixedOffset + pad2Len transCommand['Parameters']['DataDisplacement'] = displacement transCommand['Data']['Trans_Parameters'] = '' transCommand['Data']['Trans_Data'] = data pkt.addCommand(transCommand) conn.sendSMB(pkt)
Example #18
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 5 votes |
def send_echo(self, data): pkt = smb.NewSMBPacket() pkt['Tid'] = self._default_tid transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO) transCommand['Parameters'] = smb.SMBEcho_Parameters() transCommand['Data'] = smb.SMBEcho_Data() transCommand['Parameters']['EchoCount'] = 1 transCommand['Data']['Data'] = data pkt.addCommand(transCommand) self.sendSMB(pkt) return self.recvSMB()
Example #19
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 5 votes |
def _setup_login_packet_hook(maxBufferSize): # setup hook for next NewSMBPacket.addCommand if maxBufferSize is not None if maxBufferSize is not None: global login_MaxBufferSize login_MaxBufferSize = maxBufferSize setattr(smb.NewSMBPacket, "addCommand", NewSMBPacket_addCommand_hook_login)
Example #20
Source File: 42315.py From exploitdb-bin-sploits with GNU General Public License v2.0 | 5 votes |
def NewSMBPacket_addCommand_hook_login(self, command): # restore NewSMBPacket.addCommand setattr(smb.NewSMBPacket, "addCommand", origin_NewSMBPacket_addCommand) if isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Extended_Parameters): command['Parameters']['MaxBufferSize'] = login_MaxBufferSize elif isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Parameters): command['Parameters']['MaxBuffer'] = login_MaxBufferSize # call original one origin_NewSMBPacket_addCommand(self, command)
Example #21
Source File: SMB_Core.py From SMBetray with GNU General Public License v3.0 | 5 votes |
def restackSMBChainedMessages(self, SMBPacketList): try: # Takes in a list of NewSMBPacket or SMB2Packets if SMBPacketList[0].__class__.__name__ == 'SMB2Packet': reStacked = "" for i in range(0, len(SMBPacketList)): if(i < len(SMBPacketList) - 1): SMBPacketList[i]['NextCommand'] = len(str(SMBPacketList[i])) + ((8 - (len(str(SMBPacketList[i])) % 8)) % 8) SMBPacketList[i]['Data'] = SMBPacketList[i]['Data'] + str('\x00' * ((8 - (len(str(SMBPacketList[i])) % 8)) % 8)) #Padding else: SMBPacketList[i]['NextCommand'] = 0 reStacked += str(SMBPacketList[i]) netbios = struct.pack('>i', len(str(reStacked))) # Return the ready-to-send packet return str(netbios) + str(reStacked) if SMBPacketList[0].__class__.__name__ == 'NewSMBPacket': # SMBv1 Uses ANDX to chain messages # TODO: fix this reStacked = "" for i in range(0, len(SMBPacketList)): reStacked += str(SMBPacketList[i]) netbios = struct.pack('>i', len(str(reStacked))) # Return the ready-to-send packet return str(netbios) + str(reStacked) except Exception, e: logging.error("[SMB_Core::restackSMBChainedMessages] " + str(traceback.format_exc())) return SMBPacketList # Returns a list of supported dialects as constants, # such as SMB_DIALECT and SMB2_DIALECT_302
Example #22
Source File: SMB_Core.py From SMBetray with GNU General Public License v3.0 | 5 votes |
def splitSMBChainedMessages(self, data): try: smbMessages = [] # SMB v1 if(data[4:8] == '\xff\x53\x4d\x42'): z = 4 nx = data.find('\xff\x53\x4d\x42', z + 1) while nx > -1: smbMessages.append(NewSMBPacket(data = data[z:nx])) z = nx nx = data.find('\xff\x53\x4d\x42', z + 1) # Required after the last iteration to get the remaining data smbMessages.append(NewSMBPacket(data = copy.deepcopy(data[z:]))) return smbMessages # SMB v2 elif(data[4:8] == '\xfe\x53\x4d\x42'): z = 4 nx = data.find('\xfe\x53\x4d\x42', z + 1) while nx > -1: smbMessages.append(SMB2Packet(data = copy.deepcopy(data[z:nx]))) z = nx nx = data.find('\xfe\x53\x4d\x42', z + 1) # Required after the last iteration to get the remaining data smbMessages.append(SMB2Packet(data = copy.deepcopy(data[z:]))) return smbMessages except Exception, e: logging.error("[SMB_Core::splitSMBChainedMessages] " + str(traceback.format_exc())) return data
Example #23
Source File: smbconnection.py From PiBunny with MIT License | 4 votes |
def _negotiateSession(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0, flags2=0, data=None): # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects # (including SMB1) is supported on the other end. if not myName: myName = socket.gethostname() i = string.find(myName, '.') if i > -1: myName = myName[:i] tries = 0 smbp = smb.NewSMBPacket() smbp['Flags1'] = flags1 # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE resp = None while tries < 2: self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port, timeout) negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE) if extended_security is True: smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY negSession['Data'] = data smbp.addCommand(negSession) self._nmbSession.send_packet(str(smbp)) try: resp = self._nmbSession.recv_packet(timeout) break except nmb.NetBIOSError: # OSX Yosemite asks for more Flags. Let's give it a try and see what happens smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE smbp['Data'] = [] tries += 1 if resp is None: # No luck, quitting raise return resp.get_trailer()
Example #24
Source File: loopchain.py From PiBunny with MIT License | 4 votes |
def loop_write_andx(self,tid,fid,data, offset = 0, wait_answer=1): pkt = smb.NewSMBPacket() pkt['Flags1'] = 0x18 pkt['Flags2'] = 0 pkt['Tid'] = tid writeAndX = smb.SMBCommand(self.SMB_COM_WRITE_ANDX) pkt.addCommand(writeAndX) writeAndX['Parameters'] = smb.SMBWriteAndX_Parameters() writeAndX['Parameters']['Fid'] = fid writeAndX['Parameters']['Offset'] = offset writeAndX['Parameters']['WriteMode'] = 0 writeAndX['Parameters']['Remaining'] = len(data) writeAndX['Parameters']['DataLength'] = len(data) writeAndX['Parameters']['DataOffset'] = len(pkt) writeAndX['Data'] = data+('A'*4000) saved_offset = len(pkt) writeAndX2 = smb.SMBCommand(self.SMB_COM_WRITE_ANDX) pkt.addCommand(writeAndX2) writeAndX2['Parameters'] = smb.SMBWriteAndX_Parameters() writeAndX2['Parameters']['Fid'] = fid writeAndX2['Parameters']['Offset'] = offset writeAndX2['Parameters']['WriteMode'] = 0 writeAndX2['Parameters']['Remaining'] = len(data) writeAndX2['Parameters']['DataLength'] = len(data) writeAndX2['Parameters']['DataOffset'] = len(pkt) writeAndX2['Data'] = '<pata>\n' writeAndX2['Parameters']['AndXCommand'] = self.SMB_COM_WRITE_ANDX writeAndX2['Parameters']['AndXOffset'] = saved_offset self.sendSMB(pkt) if wait_answer: pkt = self.recvSMB() if pkt.isValidAnswer(self.SMB_COM_WRITE_ANDX): return pkt return None # Init the example's logger theme
Example #25
Source File: smbconnection.py From CVE-2017-7494 with GNU General Public License v3.0 | 4 votes |
def _negotiateSession(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0, flags2=0, data=None): # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects # (including SMB1) is supported on the other end. if not myName: myName = socket.gethostname() i = string.find(myName, '.') if i > -1: myName = myName[:i] tries = 0 smbp = smb.NewSMBPacket() smbp['Flags1'] = flags1 # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE resp = None while tries < 2: self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port, timeout) negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE) if extended_security is True: smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY negSession['Data'] = data smbp.addCommand(negSession) self._nmbSession.send_packet(str(smbp)) try: resp = self._nmbSession.recv_packet(timeout) break except nmb.NetBIOSError: # OSX Yosemite asks for more Flags. Let's give it a try and see what happens smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE smbp['Data'] = [] tries += 1 if resp is None: # No luck, quitting raise return resp.get_trailer()
Example #26
Source File: smbconnection.py From Slackor with GNU General Public License v3.0 | 4 votes |
def negotiateSessionWildcard(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0, flags2=0, data=None): # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects # (including SMB1) is supported on the other end. if not myName: myName = socket.gethostname() i = myName.find('.') if i > -1: myName = myName[:i] tries = 0 smbp = smb.NewSMBPacket() smbp['Flags1'] = flags1 # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE resp = None while tries < 2: self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port, timeout) negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE) if extended_security is True: smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY negSession['Data'] = data smbp.addCommand(negSession) self._nmbSession.send_packet(smbp.getData()) try: resp = self._nmbSession.recv_packet(timeout) break except nmb.NetBIOSError: # OSX Yosemite asks for more Flags. Let's give it a try and see what happens smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE smbp['Data'] = [] tries += 1 if resp is None: # No luck, quitting raise Exception('No answer!') return resp.get_trailer()
Example #27
Source File: SMB_Core.py From SMBetray with GNU General Public License v3.0 | 4 votes |
def profileServer_SMB1(self, ip, port = 445): # Checkout SMB1 support & security requirements logging.debug("Inspecting SMBv1 support on " + self.MiTMModuleConfig['target_ip']) # Build a generic SMBv1 negotiate packet and only show support for SMBv1 smb = NewSMBPacket(data = unhexlify("ff534d4272000000001845680000000000000000000000000000ed4300000100000e00024e54204c4d20302e3132000200")) rawData = str(smb) netbios = struct.pack('>i', len(str(rawData))) rpkt = str(netbios) + str(rawData) # If the connection resets - they don't support it try: # Connect through client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((self.MiTMModuleConfig['target_ip'], self.MiTMModuleConfig['target_port'])) client.sendall(rpkt) response = client.recv(999999) client.close() del(client) except: # If they dropped the connection, SMB1 is disabled logging.debug(self.MiTMModuleConfig['target_ip'] + " does not support SMBv1 :(") # Remove it from the supported dialects list, if it was even there if SMB_DIALECT in self.SERVER_INFO.SUPPORTED_DIALECTS: self.SERVER_INFO.SUPPORTED_DIALECTS.remove(SMB_DIALECT) return else: # No way dude logging.debug(self.MiTMModuleConfig['target_ip'] + " supports SMBv1!") self.SERVER_INFO.SUPPORTED_DIALECTS.append(SMB_DIALECT) # Checkout the security resp = NewSMBPacket(data = response[4:]) respData = SMBCommand(resp['Data'][0]) dialectData = SMBNTLMDialect_Parameters(respData['Parameters']) authData = SPNEGO_NegTokenInit(respData['Data'][16:]) # Give it to me straight doc if dialectData['SecurityMode'] & SMB.SECURITY_SIGNATURES_ENABLED: logging.debug("Server supports SMB signing") self.SERVER_INFO.SERVER_SIGNATURES_ENABLED = True if dialectData['SecurityMode'] & SMB.SECURITY_SIGNATURES_REQUIRED: logging.debug("Server requires signatures :(") self.SERVER_INFO.SERVER_SIGNATURES_REQUIRED = True else: logging.debug("Server does not require signatures!") # Check if NTLM auth is supported if spnego.TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider'] in authData['MechTypes']: logging.debug("Server supports NTLM auth!") self.SERVER_INFO.SERVER_NTLM_SUPPORTED = True else: self.SERVER_INFO.SERVER_NTLM_SUPPORTED = False
Example #28
Source File: smbconnection.py From cracke-dit with MIT License | 4 votes |
def _negotiateSession(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0, flags2=0, data=None): # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects # (including SMB1) is supported on the other end. if not myName: myName = socket.gethostname() i = string.find(myName, '.') if i > -1: myName = myName[:i] tries = 0 smbp = smb.NewSMBPacket() smbp['Flags1'] = flags1 # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE resp = None while tries < 2: self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port, timeout) negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE) if extended_security is True: smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY negSession['Data'] = data smbp.addCommand(negSession) self._nmbSession.send_packet(str(smbp)) try: resp = self._nmbSession.recv_packet(timeout) break except nmb.NetBIOSError: # OSX Yosemite asks for more Flags. Let's give it a try and see what happens smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE smbp['Data'] = [] tries += 1 if resp is None: # No luck, quitting raise return resp.get_trailer()