Python impacket.smbconnection.SMBConnection() Examples
The following are 30
code examples of impacket.smbconnection.SMBConnection().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.smbconnection
, or try the search function
.
.
Example #1
| Source File: raiseChild.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def connectPipe(self):
try:
lock.acquire()
global dialect
self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(),
sess_port=self.port, preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
self.server.login(user, passwd, domain, lm, nt)
lock.release()
self.tid = self.server.connectTree('IPC$')
self.server.waitNamedPipe(self.tid, self.pipe)
self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)
self.server.setTimeout(1000000)
except Exception:
logging.critical("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #2
| Source File: scan.py From cve-2019-1040-scanner with MIT License | 6 votes |
|
def check(self, remote_host):
# Validate credentials first
if not self.creds_validated:
self.validate_creds(remote_host)
self.creds_validated = True
# Now start scanner
try:
smbClient = SMBConnection(remote_host, remote_host, sess_port=int(self.__port)) #, preferredDialect=SMB2_DIALECT_21
except:
return
ntlm.computeResponseNTLMv2 = mod_computeResponseNTLMv2
try:
smbClient.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
logging.info('Target %s is VULNERABLE to CVE-2019-1040 (authentication was accepted)', remote_host)
except SessionError as exc:
if 'STATUS_INVALID_PARAMETER' in str(exc):
logging.info('Target %s is not vulnerable to CVE-2019-1040 (authentication was rejected)', remote_host)
else:
logging.warning('Unexpected Exception while authenticating to %s: %s', remote_host, exc)
smbClient.close()
# Process command-line arguments.
Example #3
| Source File: raiseChild.py From PiBunny with MIT License | 6 votes |
|
def connectPipe(self):
try:
lock.acquire()
global dialect
self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(),
sess_port=self.port, preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
self.server.login(user, passwd, domain, lm, nt)
lock.release()
self.tid = self.server.connectTree('IPC$')
self.server.waitNamedPipe(self.tid, self.pipe)
self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)
self.server.setTimeout(1000000)
except Exception, e:
logging.critical("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #4
| Source File: goldenPac.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def connectPipe(self):
try:
lock.acquire()
global dialect
self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(),
sess_port=self.port, preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
self.server.login(user, passwd, domain, lm, nt)
lock.release()
self.tid = self.server.connectTree('IPC$')
self.server.waitNamedPipe(self.tid, self.pipe)
self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)
self.server.setTimeout(1000000)
except:
logging.critical("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #5
| Source File: psexec.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def connectPipe(self):
try:
lock.acquire()
global dialect
#self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT)
self.server = SMBConnection(self.transport.get_smb_connection().getRemoteName(), self.transport.get_smb_connection().getRemoteHost(),
sess_port=self.port, preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
if self.transport.get_kerberos() is True:
self.server.kerberosLogin(user, passwd, domain, lm, nt, aesKey, kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS)
else:
self.server.login(user, passwd, domain, lm, nt)
lock.release()
self.tid = self.server.connectTree('IPC$')
self.server.waitNamedPipe(self.tid, self.pipe)
self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)
self.server.setTimeout(1000000)
except:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #6
| Source File: psexec.py From PiBunny with MIT License | 6 votes |
|
def connectPipe(self):
try:
lock.acquire()
global dialect
#self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT)
self.server = SMBConnection(self.transport.get_smb_connection().getRemoteName(), self.transport.get_smb_connection().getRemoteHost(),
sess_port=self.port, preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
if self.transport.get_kerberos() is True:
self.server.kerberosLogin(user, passwd, domain, lm, nt, aesKey, kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS)
else:
self.server.login(user, passwd, domain, lm, nt)
lock.release()
self.tid = self.server.connectTree('IPC$')
self.server.waitNamedPipe(self.tid, self.pipe)
self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80)
self.server.setTimeout(1000000)
except:
import traceback
traceback.print_exc()
logging.error("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #7
| Source File: GetUserSPNs.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def getMachineName(self):
if self.__kdcHost is not None and self.__targetDomain == self.__domain:
s = SMBConnection(self.__kdcHost, self.__kdcHost)
else:
s = SMBConnection(self.__targetDomain, self.__targetDomain)
try:
s.login('', '')
except Exception:
if s.getServerName() == '':
raise 'Error while anonymous logging into %s'
else:
try:
s.logoff()
except Exception:
# We don't care about exceptions here as we already have the required
# information. This also works around the current SMB3 bug
pass
return "%s.%s" % (s.getServerName(), s.getServerDNSDomainName())
Example #8
| Source File: ntlmrelayx.py From PiBunny with MIT License | 6 votes |
|
def __init__(self, config, SMBClient, username):
Thread.__init__(self)
self.daemon = True
if isinstance(SMBClient, smb.SMB) or isinstance(SMBClient, smb3.SMB3):
self.__SMBConnection = SMBConnection(existingConnection = SMBClient)
else:
self.__SMBConnection = SMBClient
self.config = config
self.__answerTMP = ''
if self.config.interactive:
#Launch locally listening interactive shell
self.tcpshell = TcpShell()
else:
self.tcpshell = None
if self.config.exeFile is not None:
self.installService = serviceinstall.ServiceInstall(SMBClient, self.config.exeFile)
Example #9
| Source File: serviceinstall.py From PiBunny with MIT License | 5 votes |
|
def __init__(self, SMBObject, exeFile):
self._rpctransport = 0
self.__service_name = ''.join([random.choice(string.letters) for i in range(4)])
self.__binary_service_name = ''.join([random.choice(string.letters) for i in range(8)]) + '.exe'
self.__exeFile = exeFile
# We might receive two different types of objects, always end up
# with a SMBConnection one
if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3):
self.connection = SMBConnection(existingConnection = SMBObject)
else:
self.connection = SMBObject
self.share = ''
Example #10
| Source File: transport.py From PiBunny with MIT License | 5 votes |
|
def setup_smb_connection(self):
if not self.__smb_connection:
self.__smb_connection = SMBConnection(self.getRemoteName(), self.getRemoteHost(), sess_port=self.get_dport(),
preferredDialect=self.__prefDialect)
Example #11
| Source File: psexec.py From PiBunny with MIT License | 5 votes |
|
def connect_transferClient(self):
#self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT)
self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port,
preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
if self.transport.get_kerberos() is True:
self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey,
kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS)
else:
self.transferClient.login(user, passwd, domain, lm, nt)
Example #12
| Source File: reg.py From PiBunny with MIT License | 5 votes |
|
def connect(self, remoteName, remoteHost):
self.__smbConnection = SMBConnection(remoteName, remoteHost, sess_port=int(self.__options.port))
if self.__doKerberos:
self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey, self.__kdcHost)
else:
self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
Example #13
| Source File: smb.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
|
def smbv1_con(self):
try:
self.con = SMBConnection(self.client, self.ip, sess_port=self.port, preferredDialect=SMB_DIALECT, timeout=int(self.timeout))
self.smbv1=True
self.con.setTimeout(self.timeout)
self.logger.debug('SMBv1: Connected to: {}'.format(self.ip))
return True
except Exception as e:
self.logger.debug('SMBv1: Error creating connection to {}: {}'.format(self.host, e))
return False
Example #14
| Source File: raiseChild.py From PiBunny with MIT License | 5 votes |
|
def exploit(self):
# 1) Find out where the child domain controller is located and get its info (via [MS-NRPC])
childCreds = self.__creds
childName, forestName = self.getChildInfo(self.__creds)
logging.info('Raising child domain %s' % childName)
# 2) Find out what the forest FQDN is (via [MS-NRPC])
logging.info('Forest FQDN is: %s' % forestName)
# Let's raise up our child!
adminCreds, parentTGT, parentTGS = self.raiseUp(childName, childCreds, forestName)
# 7) If file was specified, save the golden ticket in ccache format
if self.__writeTGT is not None:
logging.info('Saving golden ticket into %s' % self.__writeTGT)
from impacket.krb5.ccache import CCache
ccache = CCache()
ccache.fromTGT(parentTGT['KDC_REP'], parentTGT['oldSessionKey'], parentTGT['sessionKey'])
ccache.saveFile(self.__writeTGT)
# 8) If target was specified, a PSEXEC shell is launched
if self.__target is not None:
logging.info('Opening PSEXEC shell at %s' % self.__target)
from impacket.smbconnection import SMBConnection
s = SMBConnection('*SMBSERVER', self.__target)
s.kerberosLogin(adminCreds['username'], '', adminCreds['domain'], adminCreds['lmhash'],
adminCreds['nthash'], useCache=False)
if self.__command != 'None':
executer = PSEXEC(self.__command, adminCreds['username'], adminCreds['domain'], s, None, None)
executer.run(self.__target)
Example #15
| Source File: raiseChild.py From PiBunny with MIT License | 5 votes |
|
def getDNSMachineName(machineIP):
s = SMBConnection(machineIP, machineIP)
try:
s.login('','')
except Exception, e:
logging.debug('Error while anonymous logging into %s' % machineIP)
Example #16
| Source File: goldenPac.py From PiBunny with MIT License | 5 votes |
|
def connect_transferClient(self):
self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port,
preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)
Example #17
| Source File: raiseChild.py From PiBunny with MIT License | 5 votes |
|
def connect_transferClient(self):
self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port,
preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)
Example #18
| Source File: smbrelayclient.py From CVE-2019-1040 with MIT License | 5 votes |
|
def initConnection(self):
self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, manualNegotiate=True)
#,preferredDialect=SMB_DIALECT)
if self.serverConfig.smb2support is True:
data = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00'
else:
data = '\x02NT LM 0.12\x00'
if self.extendedSecurity is True:
flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
else:
flags2 = SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
try:
packet = self.session.negotiateSessionWildcard(None, self.targetHost, self.targetHost, self.targetPort, 60, self.extendedSecurity,
flags1=SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS,
flags2=flags2, data=data)
except socketerror as e:
if 'reset by peer' in str(e):
if not self.serverConfig.smb2support:
LOG.error('SMBCLient error: Connection was reset. Possibly the target has SMBv1 disabled. Try running ntlmrelayx with -smb2support')
else:
LOG.error('SMBCLient error: Connection was reset')
else:
LOG.error('SMBCLient error: %s' % str(e))
return False
if packet[0:1] == b'\xfe':
smbClient = MYSMB3(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet)
else:
# Answer is SMB packet, sticking to SMBv1
smbClient = MYSMB(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet)
self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort,
existingConnection=smbClient, manualNegotiate=True)
return True
Example #19
| Source File: patator_ext.py From project-black with GNU General Public License v2.0 | 5 votes |
|
def connect(self, host, port):
# if port == 445, impacket will use <host> instead of '*SMBSERVER' as the remote_name
fp = SMBConnection('*SMBSERVER', host, sess_port=int(port))
return SMB_Connection(fp)
Example #20
| Source File: test_smb.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_aliasconnection(self):
smb = SMBConnection('*SMBSERVER', self.machine, preferredDialect=self.dialects, sess_port=self.sessPort)
smb.login(self.username, self.password, self.domain)
smb.listPath(self.share, '*')
smb.logoff()
Example #21
| Source File: test_smb.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def create_connection(self):
if self.dialects == smb.SMB_DIALECT:
# Only for SMB1 let's do manualNego
s = SMBConnection(self.serverName, self.machine, preferredDialect = self.dialects, sess_port = self.sessPort, manualNegotiate=True)
s.negotiateSession(self.dialects, flags2=self.flags2)
else:
s = SMBConnection(self.serverName, self.machine, preferredDialect = self.dialects, sess_port = self.sessPort)
return s
Example #22
| Source File: test_secretsdump.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def connect(self):
self.__smbConnection = SMBConnection(self.__remoteName, self.__remoteHost)
if self.__doKerberos:
self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey, self.__kdcHost)
else:
self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
Example #23
| Source File: transport.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def setup_smb_connection(self):
if not self.__smb_connection:
self.__smb_connection = SMBConnection(self.getRemoteName(), self.getRemoteHost(), sess_port=self.get_dport(),
preferredDialect=self.__prefDialect)
Example #24
| Source File: serviceinstall.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def __init__(self, SMBObject, exeFile, serviceName=''):
self._rpctransport = 0
self.__service_name = serviceName if len(serviceName) > 0 else ''.join([random.choice(string.ascii_letters) for i in range(4)])
self.__binary_service_name = ''.join([random.choice(string.ascii_letters) for i in range(8)]) + '.exe'
self.__exeFile = exeFile
# We might receive two different types of objects, always end up
# with a SMBConnection one
if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3):
self.connection = SMBConnection(existingConnection = SMBObject)
else:
self.connection = SMBObject
self.share = ''
Example #25
| Source File: smbrelayclient.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def initConnection(self):
self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, manualNegotiate=True)
#,preferredDialect=SMB_DIALECT)
if self.serverConfig.smb2support is True:
data = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00'
else:
data = '\x02NT LM 0.12\x00'
if self.extendedSecurity is True:
flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
else:
flags2 = SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
try:
packet = self.session.negotiateSessionWildcard(None, self.targetHost, self.targetHost, self.targetPort, 60, self.extendedSecurity,
flags1=SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS,
flags2=flags2, data=data)
except socketerror as e:
if 'reset by peer' in str(e):
if not self.serverConfig.smb2support:
LOG.error('SMBCLient error: Connection was reset. Possibly the target has SMBv1 disabled. Try running ntlmrelayx with -smb2support')
else:
LOG.error('SMBCLient error: Connection was reset')
else:
LOG.error('SMBCLient error: %s' % str(e))
return False
if packet[0:1] == b'\xfe':
preferredDialect = None
# Currently only works with SMB2_DIALECT_002 or SMB2_DIALECT_21
if self.serverConfig.remove_target:
preferredDialect = SMB2_DIALECT_21
smbClient = MYSMB3(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet, preferredDialect=preferredDialect)
else:
# Answer is SMB packet, sticking to SMBv1
smbClient = MYSMB(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet)
self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort,
existingConnection=smbClient, manualNegotiate=True)
return True
Example #26
| Source File: GetADUsers.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def getMachineName(self):
if self.__kdcHost is not None:
s = SMBConnection(self.__kdcHost, self.__kdcHost)
else:
s = SMBConnection(self.__domain, self.__domain)
try:
s.login('', '')
except Exception:
if s.getServerName() == '':
raise 'Error while anonymous logging into %s'
else:
s.logoff()
return s.getServerName()
Example #27
| Source File: goldenPac.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def connect_transferClient(self):
self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port,
preferredDialect=dialect)
user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials
self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)
Example #28
| Source File: reg.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def connect(self, remoteName, remoteHost):
self.__smbConnection = SMBConnection(remoteName, remoteHost, sess_port=int(self.__options.port))
if self.__doKerberos:
self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey, self.__kdcHost)
else:
self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
Example #29
| Source File: raiseChild.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def exploit(self):
# 1) Find out where the child domain controller is located and get its info (via [MS-NRPC])
childCreds = self.__creds
childName, forestName = self.getChildInfo(self.__creds)
logging.info('Raising child domain %s' % childName)
# 2) Find out what the forest FQDN is (via [MS-NRPC])
logging.info('Forest FQDN is: %s' % forestName)
# Let's raise up our child!
adminCreds, parentTGT, parentTGS = self.raiseUp(childName, childCreds, forestName)
# 7) If file was specified, save the golden ticket in ccache format
if self.__writeTGT is not None:
logging.info('Saving golden ticket into %s' % self.__writeTGT)
from impacket.krb5.ccache import CCache
ccache = CCache()
ccache.fromTGT(parentTGT['KDC_REP'], parentTGT['oldSessionKey'], parentTGT['sessionKey'])
ccache.saveFile(self.__writeTGT)
# 8) If target was specified, a PSEXEC shell is launched
if self.__target is not None:
logging.info('Opening PSEXEC shell at %s' % self.__target)
from impacket.smbconnection import SMBConnection
s = SMBConnection('*SMBSERVER', self.__target)
s.kerberosLogin(adminCreds['username'], '', adminCreds['domain'], adminCreds['lmhash'],
adminCreds['nthash'], useCache=False)
if self.__command != 'None':
executer = PSEXEC(self.__command, adminCreds['username'], adminCreds['domain'], s, None, None)
executer.run(self.__target)
Example #30
| Source File: raiseChild.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def getDNSMachineName(machineIP):
s = SMBConnection(machineIP, machineIP)
try:
s.login('','')
except Exception:
logging.debug('Error while anonymous logging into %s' % machineIP)
else:
s.logoff()
return s.getServerName() + '.' + s.getServerDNSDomainName()
