Python impacket.smb.NewSMBPacket() Examples

def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None):
		if mid is None:
			mid = self.next_mid()
		
		pkt = smb.NewSMBPacket()
		pkt.addCommand(smbReq)
		pkt['Tid'] = self._default_tid if tid is None else tid
		pkt['Uid'] = self._uid
		pkt['Pid'] = self._pid if pid is None else pid
		pkt['Mid'] = mid
		flags1, flags2 = self.get_flags()
		pkt['Flags1'] = flags1
		pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2
		
		if self._SignatureEnabled:
			pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE
			self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse)
			
		req = str(pkt)
		return '\x00'*2 + pack('>H', len(req)) + req  # assume length is <65536 

def getServerSupportedDialects(self, ip, port = 445):
		'''Connects to the specified server on the provided port(445 default) and enumeratesSMBKey the supported dialects'''
		dialects = [SMB_DIALECT, SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30, SMB2_DIALECT_302 ]#, SMB2_DIALECT_311]
		
		# Check SMBv1
		try:
			# Build a generic SMBv1 negotiate packet and only show support for SMBv1
			smb 	= NewSMBPacket(data = unhexlify("ff534d4272000000001845680000000000000000000000000000ed4300000100000e00024e54204c4d20302e3132000200"))
			rawData = str(smb)
			netbios = struct.pack('>i', len(str(rawData)))
			rpkt 	= str(netbios) + str(rawData)
			# Connect through
			client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
			client.connect((ip, port))
			client.sendall(rpkt)
			response = client.recv(999999)
			client.close()
			del(client)
		except Exception, e:
			# It's not supported, bummer
			dialects.remove(SMB_DIALECT) 

def checkServerSupportSMB1(self, ip, port = 445):
		# Check SMBv1
		try:
			# Build a generic SMBv1 negotiate packet and only show support for SMBv1
			smb 	= NewSMBPacket(data = unhexlify("ff534d4272000000001845680000000000000000000000000000ed4300000100000e00024e54204c4d20302e3132000200"))
			rawData = str(smb)
			netbios = struct.pack('>i', len(str(rawData)))
			rpkt 	= str(netbios) + str(rawData)
			# Connect through
			client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
			client.connect((ip, port))
			client.sendall(rpkt)
			response = client.recv(999999)
			client.close()
			del(client)
		except Exception, e:
			# It's not supported, bummer
			return False 

def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None):
		if mid is None:
			mid = self.next_mid()
		
		pkt = smb.NewSMBPacket()
		pkt.addCommand(smbReq)
		pkt['Tid'] = self._default_tid if tid is None else tid
		pkt['Uid'] = self._uid
		pkt['Pid'] = self._pid if pid is None else pid
		pkt['Mid'] = mid
		flags1, flags2 = self.get_flags()
		pkt['Flags1'] = flags1
		pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2
		
		if self._SignatureEnabled:
			pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE
			self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse)
			
		req = str(pkt)
		return '\x00'*2 + pack('>H', len(req)) + req  # assume length is <65536 

def create_smb_packet(self, smbReq, mid=None, pid=None, tid=None):
		if mid is None:
			mid = self.next_mid()
		
		pkt = smb.NewSMBPacket()
		pkt.addCommand(smbReq)
		pkt['Tid'] = self._default_tid if tid is None else tid
		pkt['Uid'] = self._uid
		pkt['Pid'] = self._pid if pid is None else pid
		pkt['Mid'] = mid
		flags1, flags2 = self.get_flags()
		pkt['Flags1'] = flags1
		pkt['Flags2'] = self._pkt_flags2 if self._pkt_flags2 != 0 else flags2
		
		if self._SignatureEnabled:
			pkt['Flags2'] |= smb.SMB.FLAGS2_SMB_SECURITY_SIGNATURE
			self.signSMB(pkt, self._SigningSessionKey, self._SigningChallengeResponse)
			
		req = str(pkt)
		return '\x00'*2 + pack('>H', len(req)) + req  # assume length is <65536 

def sendEcho(conn, tid, data):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
	transCommand['Parameters'] = smb.SMBEcho_Parameters()
	transCommand['Data'] = smb.SMBEcho_Data()

	transCommand['Parameters']['EchoCount'] = 1
	transCommand['Data']['Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt)
	recvPkt = conn.recvSMB()
	if recvPkt.getNTStatus() == 0:
		print('got good ECHO response')
	else:
		print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))


# override SMB.neg_session() to allow forcing ntlm authentication 

def sendEcho(conn, tid, data):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
	transCommand['Parameters'] = smb.SMBEcho_Parameters()
	transCommand['Data'] = smb.SMBEcho_Data()

	transCommand['Parameters']['EchoCount'] = 1
	transCommand['Data']['Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt)
	recvPkt = conn.recvSMB()
	if recvPkt.getNTStatus() == 0:
		print('got good ECHO response')
	else:
		print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus()))


# override SMB.neg_session() to allow forcing ntlm authentication 

def sendEcho(conn, tid, data):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
	transCommand['Parameters'] = smb.SMBEcho_Parameters()
	transCommand['Data'] = smb.SMBEcho_Data()

	transCommand['Parameters']['EchoCount'] = 1
	transCommand['Data']['Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt)
	recvPkt = conn.recvSMB()
	if recvPkt.getNTStatus() == 0:
		print('got good ECHO response')
	else:
		print('got bad ECHO response: 0x{:x}'.format(recvPkt.getNTStatus())) 

def send_trans2_second(conn, tid, data, displacement):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	# assume no params

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY)
	transCommand['Parameters'] = SMBTransaction2Secondary_Parameters_Fixed()
	transCommand['Data'] = smb.SMBTransaction2Secondary_Data()

	transCommand['Parameters']['TotalParameterCount'] = 0
	transCommand['Parameters']['TotalDataCount'] = len(data)

	fixedOffset = 32+3+18
	transCommand['Data']['Pad1'] = ''

	transCommand['Parameters']['ParameterCount'] = 0
	transCommand['Parameters']['ParameterOffset'] = 0

	if len(data) > 0:
		pad2Len = (4 - fixedOffset % 4) % 4
		transCommand['Data']['Pad2'] = '\xFF' * pad2Len
	else:
		transCommand['Data']['Pad2'] = ''
		pad2Len = 0

	transCommand['Parameters']['DataCount'] = len(data)
	transCommand['Parameters']['DataOffset'] = fixedOffset + pad2Len
	transCommand['Parameters']['DataDisplacement'] = displacement

	transCommand['Data']['Trans_Parameters'] = ''
	transCommand['Data']['Trans_Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt) 

def process(data, packetNum):
    packet = smb.NewSMBPacket()
    if data.get_packet()[0] == '\x00':
       if data.get_packet()[4:8] == '\xffSMB':
           try:
               packet.fromString(data.get_packet()[4:])
           except Exception, e:
               print "ERROR: %s" % e
               print "Command: SMBPacket" 
               print "Packet: %d %r" % (packetNum, data.get_packet())
               return True
       else:
           return False 

def send_echo(self, data):
		pkt = smb.NewSMBPacket()
		pkt['Tid'] = self._default_tid
		
		transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
		transCommand['Parameters'] = smb.SMBEcho_Parameters()
		transCommand['Data'] = smb.SMBEcho_Data()

		transCommand['Parameters']['EchoCount'] = 1
		transCommand['Data']['Data'] = data
		pkt.addCommand(transCommand)

		self.sendSMB(pkt)
		return self.recvSMB() 

def _setup_login_packet_hook(maxBufferSize):
	# setup hook for next NewSMBPacket.addCommand if maxBufferSize is not None
	if maxBufferSize is not None:
		global login_MaxBufferSize
		login_MaxBufferSize = maxBufferSize
		setattr(smb.NewSMBPacket, "addCommand", NewSMBPacket_addCommand_hook_login) 

def NewSMBPacket_addCommand_hook_login(self, command):
	# restore NewSMBPacket.addCommand
	setattr(smb.NewSMBPacket, "addCommand", origin_NewSMBPacket_addCommand)
	
	if isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Extended_Parameters):
		command['Parameters']['MaxBufferSize'] = login_MaxBufferSize
	elif isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Parameters):
		command['Parameters']['MaxBuffer'] = login_MaxBufferSize
	
	# call original one
	origin_NewSMBPacket_addCommand(self, command) 

def send_echo(self, data):
		pkt = smb.NewSMBPacket()
		pkt['Tid'] = self._default_tid
		
		transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
		transCommand['Parameters'] = smb.SMBEcho_Parameters()
		transCommand['Data'] = smb.SMBEcho_Data()

		transCommand['Parameters']['EchoCount'] = 1
		transCommand['Data']['Data'] = data
		pkt.addCommand(transCommand)

		self.sendSMB(pkt)
		return self.recvSMB() 

def _setup_login_packet_hook(maxBufferSize):
	# setup hook for next NewSMBPacket.addCommand if maxBufferSize is not None
	if maxBufferSize is not None:
		global login_MaxBufferSize
		login_MaxBufferSize = maxBufferSize
		setattr(smb.NewSMBPacket, "addCommand", NewSMBPacket_addCommand_hook_login) 

def NewSMBPacket_addCommand_hook_login(self, command):
	# restore NewSMBPacket.addCommand
	setattr(smb.NewSMBPacket, "addCommand", origin_NewSMBPacket_addCommand)
	
	if isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Extended_Parameters):
		command['Parameters']['MaxBufferSize'] = login_MaxBufferSize
	elif isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Parameters):
		command['Parameters']['MaxBuffer'] = login_MaxBufferSize
	
	# call original one
	origin_NewSMBPacket_addCommand(self, command) 

def send_trans2_second(conn, tid, data, displacement):
	pkt = smb.NewSMBPacket()
	pkt['Tid'] = tid

	# assume no params

	transCommand = smb.SMBCommand(smb.SMB.SMB_COM_TRANSACTION2_SECONDARY)
	transCommand['Parameters'] = SMBTransaction2Secondary_Parameters_Fixed()
	transCommand['Data'] = smb.SMBTransaction2Secondary_Data()

	transCommand['Parameters']['TotalParameterCount'] = 0
	transCommand['Parameters']['TotalDataCount'] = len(data)

	fixedOffset = 32+3+18
	transCommand['Data']['Pad1'] = ''

	transCommand['Parameters']['ParameterCount'] = 0
	transCommand['Parameters']['ParameterOffset'] = 0

	if len(data) > 0:
		pad2Len = (4 - fixedOffset % 4) % 4
		transCommand['Data']['Pad2'] = '\xFF' * pad2Len
	else:
		transCommand['Data']['Pad2'] = ''
		pad2Len = 0

	transCommand['Parameters']['DataCount'] = len(data)
	transCommand['Parameters']['DataOffset'] = fixedOffset + pad2Len
	transCommand['Parameters']['DataDisplacement'] = displacement

	transCommand['Data']['Trans_Parameters'] = ''
	transCommand['Data']['Trans_Data'] = data
	pkt.addCommand(transCommand)

	conn.sendSMB(pkt) 

def send_echo(self, data):
		pkt = smb.NewSMBPacket()
		pkt['Tid'] = self._default_tid
		
		transCommand = smb.SMBCommand(smb.SMB.SMB_COM_ECHO)
		transCommand['Parameters'] = smb.SMBEcho_Parameters()
		transCommand['Data'] = smb.SMBEcho_Data()

		transCommand['Parameters']['EchoCount'] = 1
		transCommand['Data']['Data'] = data
		pkt.addCommand(transCommand)

		self.sendSMB(pkt)
		return self.recvSMB() 

def _setup_login_packet_hook(maxBufferSize):
	# setup hook for next NewSMBPacket.addCommand if maxBufferSize is not None
	if maxBufferSize is not None:
		global login_MaxBufferSize
		login_MaxBufferSize = maxBufferSize
		setattr(smb.NewSMBPacket, "addCommand", NewSMBPacket_addCommand_hook_login) 

def NewSMBPacket_addCommand_hook_login(self, command):
	# restore NewSMBPacket.addCommand
	setattr(smb.NewSMBPacket, "addCommand", origin_NewSMBPacket_addCommand)
	
	if isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Extended_Parameters):
		command['Parameters']['MaxBufferSize'] = login_MaxBufferSize
	elif isinstance(command['Parameters'], smb.SMBSessionSetupAndX_Parameters):
		command['Parameters']['MaxBuffer'] = login_MaxBufferSize
	
	# call original one
	origin_NewSMBPacket_addCommand(self, command) 

def restackSMBChainedMessages(self, SMBPacketList):
		try:
			# Takes in a list of NewSMBPacket or SMB2Packets	
			if SMBPacketList[0].__class__.__name__ == 'SMB2Packet':	
				reStacked = ""
				for i in range(0, len(SMBPacketList)):
					if(i < len(SMBPacketList) - 1):
						SMBPacketList[i]['NextCommand'] = len(str(SMBPacketList[i])) + ((8 - (len(str(SMBPacketList[i])) % 8)) % 8)
						SMBPacketList[i]['Data'] = SMBPacketList[i]['Data'] + str('\x00' * ((8 - (len(str(SMBPacketList[i])) % 8)) % 8)) #Padding
					else:
						SMBPacketList[i]['NextCommand'] = 0
					reStacked += str(SMBPacketList[i])
				netbios = struct.pack('>i', len(str(reStacked)))
				# Return the ready-to-send packet
				return str(netbios) + str(reStacked)

			if SMBPacketList[0].__class__.__name__ == 'NewSMBPacket':
				# SMBv1 Uses ANDX to chain messages

				# TODO: fix this
				reStacked = ""
				for i in range(0, len(SMBPacketList)):
					reStacked += str(SMBPacketList[i])
				netbios = struct.pack('>i', len(str(reStacked)))
				# Return the ready-to-send packet
				return str(netbios) + str(reStacked)

		except Exception, e:
			logging.error("[SMB_Core::restackSMBChainedMessages] " + str(traceback.format_exc()))
			return SMBPacketList

	# Returns a list of supported dialects as constants,
	# such as SMB_DIALECT and SMB2_DIALECT_302 

def splitSMBChainedMessages(self, data):
		try:
			smbMessages = []
			# SMB v1
			if(data[4:8] == '\xff\x53\x4d\x42'):
				z 		= 4
				nx 		= data.find('\xff\x53\x4d\x42', z + 1)
				while nx > -1:
					smbMessages.append(NewSMBPacket(data = data[z:nx]))
					z 		= nx
					nx 		= data.find('\xff\x53\x4d\x42', z + 1)
				# Required after the last iteration to get the remaining data 
				smbMessages.append(NewSMBPacket(data = copy.deepcopy(data[z:])))
				return smbMessages

			# SMB v2
			elif(data[4:8] == '\xfe\x53\x4d\x42'):
				z 		= 4
				nx 		= data.find('\xfe\x53\x4d\x42', z + 1)
				while nx > -1:
					smbMessages.append(SMB2Packet(data = copy.deepcopy(data[z:nx])))
					z 		= nx
					nx 		= data.find('\xfe\x53\x4d\x42', z + 1)
				# Required after the last iteration to get the remaining data
				smbMessages.append(SMB2Packet(data = copy.deepcopy(data[z:])))
				return smbMessages
		except Exception, e:
			logging.error("[SMB_Core::splitSMBChainedMessages] " + str(traceback.format_exc()))
			return data 

def _negotiateSession(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0,
                          flags2=0, data=None):
        # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects
        # (including SMB1) is supported on the other end.

        if not myName:
            myName = socket.gethostname()
            i = string.find(myName, '.')
            if i > -1:
                myName = myName[:i]

        tries = 0
        smbp = smb.NewSMBPacket()
        smbp['Flags1'] = flags1
        # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support
        smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE
        resp = None
        while tries < 2:
            self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port,
                                                     timeout)

            negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE)
            if extended_security is True:
                smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY
            negSession['Data'] = data
            smbp.addCommand(negSession)
            self._nmbSession.send_packet(str(smbp))

            try:
                resp = self._nmbSession.recv_packet(timeout)
                break
            except nmb.NetBIOSError:
                # OSX Yosemite asks for more Flags. Let's give it a try and see what happens
                smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE
                smbp['Data'] = []

            tries += 1

        if resp is None:
            # No luck, quitting
            raise

        return resp.get_trailer() 

def loop_write_andx(self,tid,fid,data, offset = 0, wait_answer=1):
        pkt = smb.NewSMBPacket()
        pkt['Flags1'] = 0x18
        pkt['Flags2'] = 0
        pkt['Tid']    = tid

        writeAndX = smb.SMBCommand(self.SMB_COM_WRITE_ANDX)
        pkt.addCommand(writeAndX)
        
        writeAndX['Parameters'] = smb.SMBWriteAndX_Parameters()
        writeAndX['Parameters']['Fid'] = fid
        writeAndX['Parameters']['Offset'] = offset
        writeAndX['Parameters']['WriteMode'] = 0
        writeAndX['Parameters']['Remaining'] = len(data)
        writeAndX['Parameters']['DataLength'] = len(data)
        writeAndX['Parameters']['DataOffset'] = len(pkt)
        writeAndX['Data'] = data+('A'*4000)

        saved_offset = len(pkt)

        writeAndX2 = smb.SMBCommand(self.SMB_COM_WRITE_ANDX)
        pkt.addCommand(writeAndX2)

        writeAndX2['Parameters'] = smb.SMBWriteAndX_Parameters()
        writeAndX2['Parameters']['Fid'] = fid
        writeAndX2['Parameters']['Offset'] = offset
        writeAndX2['Parameters']['WriteMode'] = 0
        writeAndX2['Parameters']['Remaining'] = len(data)
        writeAndX2['Parameters']['DataLength'] = len(data)
        writeAndX2['Parameters']['DataOffset'] = len(pkt)
        writeAndX2['Data'] = '<pata>\n'

        writeAndX2['Parameters']['AndXCommand'] = self.SMB_COM_WRITE_ANDX
        writeAndX2['Parameters']['AndXOffset'] = saved_offset

        self.sendSMB(pkt)

        if wait_answer:
            pkt = self.recvSMB()
            if pkt.isValidAnswer(self.SMB_COM_WRITE_ANDX):
                return pkt
        return None

# Init the example's logger theme 

def _negotiateSession(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0,
                          flags2=0, data=None):
        # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects
        # (including SMB1) is supported on the other end.

        if not myName:
            myName = socket.gethostname()
            i = string.find(myName, '.')
            if i > -1:
                myName = myName[:i]

        tries = 0
        smbp = smb.NewSMBPacket()
        smbp['Flags1'] = flags1
        # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support
        smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE
        resp = None
        while tries < 2:
            self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port,
                                                     timeout)

            negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE)
            if extended_security is True:
                smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY
            negSession['Data'] = data
            smbp.addCommand(negSession)
            self._nmbSession.send_packet(str(smbp))

            try:
                resp = self._nmbSession.recv_packet(timeout)
                break
            except nmb.NetBIOSError:
                # OSX Yosemite asks for more Flags. Let's give it a try and see what happens
                smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE
                smbp['Data'] = []

            tries += 1

        if resp is None:
            # No luck, quitting
            raise

        return resp.get_trailer() 

def negotiateSessionWildcard(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0,
                                 flags2=0, data=None):
        # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects
        # (including SMB1) is supported on the other end.

        if not myName:
            myName = socket.gethostname()
            i = myName.find('.')
            if i > -1:
                myName = myName[:i]

        tries = 0
        smbp = smb.NewSMBPacket()
        smbp['Flags1'] = flags1
        # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support
        smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE
        resp = None
        while tries < 2:
            self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port,
                                                     timeout)

            negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE)
            if extended_security is True:
                smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY
            negSession['Data'] = data
            smbp.addCommand(negSession)
            self._nmbSession.send_packet(smbp.getData())

            try:
                resp = self._nmbSession.recv_packet(timeout)
                break
            except nmb.NetBIOSError:
                # OSX Yosemite asks for more Flags. Let's give it a try and see what happens
                smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE
                smbp['Data'] = []

            tries += 1

        if resp is None:
            # No luck, quitting
            raise Exception('No answer!')

        return resp.get_trailer() 

def profileServer_SMB1(self, ip, port = 445):
		# Checkout SMB1 support & security requirements
		logging.debug("Inspecting SMBv1 support on " + self.MiTMModuleConfig['target_ip'])

		# Build a generic SMBv1 negotiate packet and only show support for SMBv1
		smb 	= NewSMBPacket(data = unhexlify("ff534d4272000000001845680000000000000000000000000000ed4300000100000e00024e54204c4d20302e3132000200"))
		rawData = str(smb)
		netbios = struct.pack('>i', len(str(rawData)))
		rpkt 	= str(netbios) + str(rawData)

		# If the connection resets - they don't support it
		try:
			# Connect through
			client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
			client.connect((self.MiTMModuleConfig['target_ip'], self.MiTMModuleConfig['target_port']))
			client.sendall(rpkt)
			response = client.recv(999999)
			client.close()
			del(client)
		except:
			# If they dropped the connection, SMB1 is disabled
			logging.debug(self.MiTMModuleConfig['target_ip'] + " does not support SMBv1 :(")
			# Remove it from the supported dialects list, if it was even there
			if SMB_DIALECT in self.SERVER_INFO.SUPPORTED_DIALECTS:
				self.SERVER_INFO.SUPPORTED_DIALECTS.remove(SMB_DIALECT)
				return
		else:
			# No way dude
			logging.debug(self.MiTMModuleConfig['target_ip'] + " supports SMBv1!")
			self.SERVER_INFO.SUPPORTED_DIALECTS.append(SMB_DIALECT)

		# Checkout the security
		resp 		= NewSMBPacket(data = response[4:])
		respData 	= SMBCommand(resp['Data'][0])
		dialectData = SMBNTLMDialect_Parameters(respData['Parameters'])
		authData 	= SPNEGO_NegTokenInit(respData['Data'][16:])

		# Give it to me straight doc
		if dialectData['SecurityMode'] & SMB.SECURITY_SIGNATURES_ENABLED:
			logging.debug("Server supports SMB signing")
			self.SERVER_INFO.SERVER_SIGNATURES_ENABLED = True
		if dialectData['SecurityMode'] & SMB.SECURITY_SIGNATURES_REQUIRED:
			logging.debug("Server requires signatures :(")
			self.SERVER_INFO.SERVER_SIGNATURES_REQUIRED = True
		else:
			logging.debug("Server does not require signatures!")


		# Check if NTLM auth is supported
		if spnego.TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider'] in authData['MechTypes']:
			logging.debug("Server supports NTLM auth!")
			self.SERVER_INFO.SERVER_NTLM_SUPPORTED = True
		else:
			self.SERVER_INFO.SERVER_NTLM_SUPPORTED = False 

def _negotiateSession(self, myName, remoteName, remoteHost, sess_port, timeout, extended_security=True, flags1=0,
                          flags2=0, data=None):
        # Here we follow [MS-SMB2] negotiation handshake trying to understand what dialects
        # (including SMB1) is supported on the other end.

        if not myName:
            myName = socket.gethostname()
            i = string.find(myName, '.')
            if i > -1:
                myName = myName[:i]

        tries = 0
        smbp = smb.NewSMBPacket()
        smbp['Flags1'] = flags1
        # FLAGS2_UNICODE is required by some stacks to continue, regardless of subsequent support
        smbp['Flags2'] = flags2 | smb.SMB.FLAGS2_UNICODE
        resp = None
        while tries < 2:
            self._nmbSession = nmb.NetBIOSTCPSession(myName, remoteName, remoteHost, nmb.TYPE_SERVER, sess_port,
                                                     timeout)

            negSession = smb.SMBCommand(smb.SMB.SMB_COM_NEGOTIATE)
            if extended_security is True:
                smbp['Flags2'] |= smb.SMB.FLAGS2_EXTENDED_SECURITY
            negSession['Data'] = data
            smbp.addCommand(negSession)
            self._nmbSession.send_packet(str(smbp))

            try:
                resp = self._nmbSession.recv_packet(timeout)
                break
            except nmb.NetBIOSError:
                # OSX Yosemite asks for more Flags. Let's give it a try and see what happens
                smbp['Flags2'] |= smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | smb.SMB.FLAGS2_UNICODE
                smbp['Data'] = []

            tries += 1

        if resp is None:
            # No luck, quitting
            raise

        return resp.get_trailer()