Python impacket.smbconnection.SMBConnection() Examples
The following are 30
code examples of impacket.smbconnection.SMBConnection().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.smbconnection
, or try the search function
.
Example #1
Source File: raiseChild.py From Slackor with GNU General Public License v3.0 | 6 votes |
def connectPipe(self): try: lock.acquire() global dialect self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials self.server.login(user, passwd, domain, lm, nt) lock.release() self.tid = self.server.connectTree('IPC$') self.server.waitNamedPipe(self.tid, self.pipe) self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80) self.server.setTimeout(1000000) except Exception: logging.critical("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #2
Source File: scan.py From cve-2019-1040-scanner with MIT License | 6 votes |
def check(self, remote_host): # Validate credentials first if not self.creds_validated: self.validate_creds(remote_host) self.creds_validated = True # Now start scanner try: smbClient = SMBConnection(remote_host, remote_host, sess_port=int(self.__port)) #, preferredDialect=SMB2_DIALECT_21 except: return ntlm.computeResponseNTLMv2 = mod_computeResponseNTLMv2 try: smbClient.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash) logging.info('Target %s is VULNERABLE to CVE-2019-1040 (authentication was accepted)', remote_host) except SessionError as exc: if 'STATUS_INVALID_PARAMETER' in str(exc): logging.info('Target %s is not vulnerable to CVE-2019-1040 (authentication was rejected)', remote_host) else: logging.warning('Unexpected Exception while authenticating to %s: %s', remote_host, exc) smbClient.close() # Process command-line arguments.
Example #3
Source File: raiseChild.py From PiBunny with MIT License | 6 votes |
def connectPipe(self): try: lock.acquire() global dialect self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials self.server.login(user, passwd, domain, lm, nt) lock.release() self.tid = self.server.connectTree('IPC$') self.server.waitNamedPipe(self.tid, self.pipe) self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80) self.server.setTimeout(1000000) except Exception, e: logging.critical("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #4
Source File: goldenPac.py From Slackor with GNU General Public License v3.0 | 6 votes |
def connectPipe(self): try: lock.acquire() global dialect self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials self.server.login(user, passwd, domain, lm, nt) lock.release() self.tid = self.server.connectTree('IPC$') self.server.waitNamedPipe(self.tid, self.pipe) self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80) self.server.setTimeout(1000000) except: logging.critical("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #5
Source File: psexec.py From Slackor with GNU General Public License v3.0 | 6 votes |
def connectPipe(self): try: lock.acquire() global dialect #self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT) self.server = SMBConnection(self.transport.get_smb_connection().getRemoteName(), self.transport.get_smb_connection().getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials if self.transport.get_kerberos() is True: self.server.kerberosLogin(user, passwd, domain, lm, nt, aesKey, kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS) else: self.server.login(user, passwd, domain, lm, nt) lock.release() self.tid = self.server.connectTree('IPC$') self.server.waitNamedPipe(self.tid, self.pipe) self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80) self.server.setTimeout(1000000) except: if logging.getLogger().level == logging.DEBUG: import traceback traceback.print_exc() logging.error("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #6
Source File: psexec.py From PiBunny with MIT License | 6 votes |
def connectPipe(self): try: lock.acquire() global dialect #self.server = SMBConnection('*SMBSERVER', self.transport.get_smb_connection().getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT) self.server = SMBConnection(self.transport.get_smb_connection().getRemoteName(), self.transport.get_smb_connection().getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials if self.transport.get_kerberos() is True: self.server.kerberosLogin(user, passwd, domain, lm, nt, aesKey, kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS) else: self.server.login(user, passwd, domain, lm, nt) lock.release() self.tid = self.server.connectTree('IPC$') self.server.waitNamedPipe(self.tid, self.pipe) self.fid = self.server.openFile(self.tid,self.pipe,self.permissions, creationOption = 0x40, fileAttributes = 0x80) self.server.setTimeout(1000000) except: import traceback traceback.print_exc() logging.error("Something wen't wrong connecting the pipes(%s), try again" % self.__class__)
Example #7
Source File: GetUserSPNs.py From Slackor with GNU General Public License v3.0 | 6 votes |
def getMachineName(self): if self.__kdcHost is not None and self.__targetDomain == self.__domain: s = SMBConnection(self.__kdcHost, self.__kdcHost) else: s = SMBConnection(self.__targetDomain, self.__targetDomain) try: s.login('', '') except Exception: if s.getServerName() == '': raise 'Error while anonymous logging into %s' else: try: s.logoff() except Exception: # We don't care about exceptions here as we already have the required # information. This also works around the current SMB3 bug pass return "%s.%s" % (s.getServerName(), s.getServerDNSDomainName())
Example #8
Source File: ntlmrelayx.py From PiBunny with MIT License | 6 votes |
def __init__(self, config, SMBClient, username): Thread.__init__(self) self.daemon = True if isinstance(SMBClient, smb.SMB) or isinstance(SMBClient, smb3.SMB3): self.__SMBConnection = SMBConnection(existingConnection = SMBClient) else: self.__SMBConnection = SMBClient self.config = config self.__answerTMP = '' if self.config.interactive: #Launch locally listening interactive shell self.tcpshell = TcpShell() else: self.tcpshell = None if self.config.exeFile is not None: self.installService = serviceinstall.ServiceInstall(SMBClient, self.config.exeFile)
Example #9
Source File: serviceinstall.py From PiBunny with MIT License | 5 votes |
def __init__(self, SMBObject, exeFile): self._rpctransport = 0 self.__service_name = ''.join([random.choice(string.letters) for i in range(4)]) self.__binary_service_name = ''.join([random.choice(string.letters) for i in range(8)]) + '.exe' self.__exeFile = exeFile # We might receive two different types of objects, always end up # with a SMBConnection one if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3): self.connection = SMBConnection(existingConnection = SMBObject) else: self.connection = SMBObject self.share = ''
Example #10
Source File: transport.py From PiBunny with MIT License | 5 votes |
def setup_smb_connection(self): if not self.__smb_connection: self.__smb_connection = SMBConnection(self.getRemoteName(), self.getRemoteHost(), sess_port=self.get_dport(), preferredDialect=self.__prefDialect)
Example #11
Source File: psexec.py From PiBunny with MIT License | 5 votes |
def connect_transferClient(self): #self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port = self.port, preferredDialect = SMB_DIALECT) self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials if self.transport.get_kerberos() is True: self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, kdcHost=self.transport.get_kdcHost(), TGT=TGT, TGS=TGS) else: self.transferClient.login(user, passwd, domain, lm, nt)
Example #12
Source File: reg.py From PiBunny with MIT License | 5 votes |
def connect(self, remoteName, remoteHost): self.__smbConnection = SMBConnection(remoteName, remoteHost, sess_port=int(self.__options.port)) if self.__doKerberos: self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, self.__kdcHost) else: self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
Example #13
Source File: smb.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
def smbv1_con(self): try: self.con = SMBConnection(self.client, self.ip, sess_port=self.port, preferredDialect=SMB_DIALECT, timeout=int(self.timeout)) self.smbv1=True self.con.setTimeout(self.timeout) self.logger.debug('SMBv1: Connected to: {}'.format(self.ip)) return True except Exception as e: self.logger.debug('SMBv1: Error creating connection to {}: {}'.format(self.host, e)) return False
Example #14
Source File: raiseChild.py From PiBunny with MIT License | 5 votes |
def exploit(self): # 1) Find out where the child domain controller is located and get its info (via [MS-NRPC]) childCreds = self.__creds childName, forestName = self.getChildInfo(self.__creds) logging.info('Raising child domain %s' % childName) # 2) Find out what the forest FQDN is (via [MS-NRPC]) logging.info('Forest FQDN is: %s' % forestName) # Let's raise up our child! adminCreds, parentTGT, parentTGS = self.raiseUp(childName, childCreds, forestName) # 7) If file was specified, save the golden ticket in ccache format if self.__writeTGT is not None: logging.info('Saving golden ticket into %s' % self.__writeTGT) from impacket.krb5.ccache import CCache ccache = CCache() ccache.fromTGT(parentTGT['KDC_REP'], parentTGT['oldSessionKey'], parentTGT['sessionKey']) ccache.saveFile(self.__writeTGT) # 8) If target was specified, a PSEXEC shell is launched if self.__target is not None: logging.info('Opening PSEXEC shell at %s' % self.__target) from impacket.smbconnection import SMBConnection s = SMBConnection('*SMBSERVER', self.__target) s.kerberosLogin(adminCreds['username'], '', adminCreds['domain'], adminCreds['lmhash'], adminCreds['nthash'], useCache=False) if self.__command != 'None': executer = PSEXEC(self.__command, adminCreds['username'], adminCreds['domain'], s, None, None) executer.run(self.__target)
Example #15
Source File: raiseChild.py From PiBunny with MIT License | 5 votes |
def getDNSMachineName(machineIP): s = SMBConnection(machineIP, machineIP) try: s.login('','') except Exception, e: logging.debug('Error while anonymous logging into %s' % machineIP)
Example #16
Source File: goldenPac.py From PiBunny with MIT License | 5 votes |
def connect_transferClient(self): self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)
Example #17
Source File: raiseChild.py From PiBunny with MIT License | 5 votes |
def connect_transferClient(self): self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)
Example #18
Source File: smbrelayclient.py From CVE-2019-1040 with MIT License | 5 votes |
def initConnection(self): self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, manualNegotiate=True) #,preferredDialect=SMB_DIALECT) if self.serverConfig.smb2support is True: data = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00' else: data = '\x02NT LM 0.12\x00' if self.extendedSecurity is True: flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES else: flags2 = SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES try: packet = self.session.negotiateSessionWildcard(None, self.targetHost, self.targetHost, self.targetPort, 60, self.extendedSecurity, flags1=SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS, flags2=flags2, data=data) except socketerror as e: if 'reset by peer' in str(e): if not self.serverConfig.smb2support: LOG.error('SMBCLient error: Connection was reset. Possibly the target has SMBv1 disabled. Try running ntlmrelayx with -smb2support') else: LOG.error('SMBCLient error: Connection was reset') else: LOG.error('SMBCLient error: %s' % str(e)) return False if packet[0:1] == b'\xfe': smbClient = MYSMB3(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet) else: # Answer is SMB packet, sticking to SMBv1 smbClient = MYSMB(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet) self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, existingConnection=smbClient, manualNegotiate=True) return True
Example #19
Source File: patator_ext.py From project-black with GNU General Public License v2.0 | 5 votes |
def connect(self, host, port): # if port == 445, impacket will use <host> instead of '*SMBSERVER' as the remote_name fp = SMBConnection('*SMBSERVER', host, sess_port=int(port)) return SMB_Connection(fp)
Example #20
Source File: test_smb.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_aliasconnection(self): smb = SMBConnection('*SMBSERVER', self.machine, preferredDialect=self.dialects, sess_port=self.sessPort) smb.login(self.username, self.password, self.domain) smb.listPath(self.share, '*') smb.logoff()
Example #21
Source File: test_smb.py From Slackor with GNU General Public License v3.0 | 5 votes |
def create_connection(self): if self.dialects == smb.SMB_DIALECT: # Only for SMB1 let's do manualNego s = SMBConnection(self.serverName, self.machine, preferredDialect = self.dialects, sess_port = self.sessPort, manualNegotiate=True) s.negotiateSession(self.dialects, flags2=self.flags2) else: s = SMBConnection(self.serverName, self.machine, preferredDialect = self.dialects, sess_port = self.sessPort) return s
Example #22
Source File: test_secretsdump.py From Slackor with GNU General Public License v3.0 | 5 votes |
def connect(self): self.__smbConnection = SMBConnection(self.__remoteName, self.__remoteHost) if self.__doKerberos: self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, self.__kdcHost) else: self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
Example #23
Source File: transport.py From Slackor with GNU General Public License v3.0 | 5 votes |
def setup_smb_connection(self): if not self.__smb_connection: self.__smb_connection = SMBConnection(self.getRemoteName(), self.getRemoteHost(), sess_port=self.get_dport(), preferredDialect=self.__prefDialect)
Example #24
Source File: serviceinstall.py From Slackor with GNU General Public License v3.0 | 5 votes |
def __init__(self, SMBObject, exeFile, serviceName=''): self._rpctransport = 0 self.__service_name = serviceName if len(serviceName) > 0 else ''.join([random.choice(string.ascii_letters) for i in range(4)]) self.__binary_service_name = ''.join([random.choice(string.ascii_letters) for i in range(8)]) + '.exe' self.__exeFile = exeFile # We might receive two different types of objects, always end up # with a SMBConnection one if isinstance(SMBObject, smb.SMB) or isinstance(SMBObject, smb3.SMB3): self.connection = SMBConnection(existingConnection = SMBObject) else: self.connection = SMBObject self.share = ''
Example #25
Source File: smbrelayclient.py From Slackor with GNU General Public License v3.0 | 5 votes |
def initConnection(self): self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, manualNegotiate=True) #,preferredDialect=SMB_DIALECT) if self.serverConfig.smb2support is True: data = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00' else: data = '\x02NT LM 0.12\x00' if self.extendedSecurity is True: flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES else: flags2 = SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES try: packet = self.session.negotiateSessionWildcard(None, self.targetHost, self.targetHost, self.targetPort, 60, self.extendedSecurity, flags1=SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS, flags2=flags2, data=data) except socketerror as e: if 'reset by peer' in str(e): if not self.serverConfig.smb2support: LOG.error('SMBCLient error: Connection was reset. Possibly the target has SMBv1 disabled. Try running ntlmrelayx with -smb2support') else: LOG.error('SMBCLient error: Connection was reset') else: LOG.error('SMBCLient error: %s' % str(e)) return False if packet[0:1] == b'\xfe': preferredDialect = None # Currently only works with SMB2_DIALECT_002 or SMB2_DIALECT_21 if self.serverConfig.remove_target: preferredDialect = SMB2_DIALECT_21 smbClient = MYSMB3(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet, preferredDialect=preferredDialect) else: # Answer is SMB packet, sticking to SMBv1 smbClient = MYSMB(self.targetHost, self.targetPort, self.extendedSecurity,nmbSession=self.session.getNMBServer(), negPacket=packet) self.session = SMBConnection(self.targetHost, self.targetHost, sess_port= self.targetPort, existingConnection=smbClient, manualNegotiate=True) return True
Example #26
Source File: GetADUsers.py From Slackor with GNU General Public License v3.0 | 5 votes |
def getMachineName(self): if self.__kdcHost is not None: s = SMBConnection(self.__kdcHost, self.__kdcHost) else: s = SMBConnection(self.__domain, self.__domain) try: s.login('', '') except Exception: if s.getServerName() == '': raise 'Error while anonymous logging into %s' else: s.logoff() return s.getServerName()
Example #27
Source File: goldenPac.py From Slackor with GNU General Public License v3.0 | 5 votes |
def connect_transferClient(self): self.transferClient = SMBConnection('*SMBSERVER', self.server.getRemoteHost(), sess_port=self.port, preferredDialect=dialect) user, passwd, domain, lm, nt, aesKey, TGT, TGS = self.credentials self.transferClient.kerberosLogin(user, passwd, domain, lm, nt, aesKey, TGS=self.TGS, useCache=False)
Example #28
Source File: reg.py From Slackor with GNU General Public License v3.0 | 5 votes |
def connect(self, remoteName, remoteHost): self.__smbConnection = SMBConnection(remoteName, remoteHost, sess_port=int(self.__options.port)) if self.__doKerberos: self.__smbConnection.kerberosLogin(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, self.__kdcHost) else: self.__smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
Example #29
Source File: raiseChild.py From Slackor with GNU General Public License v3.0 | 5 votes |
def exploit(self): # 1) Find out where the child domain controller is located and get its info (via [MS-NRPC]) childCreds = self.__creds childName, forestName = self.getChildInfo(self.__creds) logging.info('Raising child domain %s' % childName) # 2) Find out what the forest FQDN is (via [MS-NRPC]) logging.info('Forest FQDN is: %s' % forestName) # Let's raise up our child! adminCreds, parentTGT, parentTGS = self.raiseUp(childName, childCreds, forestName) # 7) If file was specified, save the golden ticket in ccache format if self.__writeTGT is not None: logging.info('Saving golden ticket into %s' % self.__writeTGT) from impacket.krb5.ccache import CCache ccache = CCache() ccache.fromTGT(parentTGT['KDC_REP'], parentTGT['oldSessionKey'], parentTGT['sessionKey']) ccache.saveFile(self.__writeTGT) # 8) If target was specified, a PSEXEC shell is launched if self.__target is not None: logging.info('Opening PSEXEC shell at %s' % self.__target) from impacket.smbconnection import SMBConnection s = SMBConnection('*SMBSERVER', self.__target) s.kerberosLogin(adminCreds['username'], '', adminCreds['domain'], adminCreds['lmhash'], adminCreds['nthash'], useCache=False) if self.__command != 'None': executer = PSEXEC(self.__command, adminCreds['username'], adminCreds['domain'], s, None, None) executer.run(self.__target)
Example #30
Source File: raiseChild.py From Slackor with GNU General Public License v3.0 | 5 votes |
def getDNSMachineName(machineIP): s = SMBConnection(machineIP, machineIP) try: s.login('','') except Exception: logging.debug('Error while anonymous logging into %s' % machineIP) else: s.logoff() return s.getServerName() + '.' + s.getServerDNSDomainName()