Python impacket.nt_errors.STATUS_SUCCESS Examples
The following are 17
code examples of impacket.nt_errors.STATUS_SUCCESS().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.nt_errors
, or try the search function
.
.
Example #1
| Source File: httprelayserver.py From Exchange2domain with MIT License | 6 votes |
|
def do_ntlm_auth(self,token,authenticateMessage):
#For some attacks it is important to know the authenticated username, so we store it
if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'),
authenticateMessage['user_name'].decode('utf-16le'))).upper()
else:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'),
authenticateMessage['user_name'].decode('ascii'))).upper()
if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1':
clientResponse, errorCode = self.client.sendAuth(token)
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except
# when coming from localhost
errorCode = STATUS_ACCESS_DENIED
if errorCode == STATUS_SUCCESS:
config.set_suc(True)
return True
else:
config.set_fail(True)
return False
return False
Example #2
| Source File: smbrelayserver.py From PiBunny with MIT License | 6 votes |
|
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
#The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
token = respToken2['ResponseToken']
clientResponse = None
if self.target[0] == 'SMB':
clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage)
if self.target[0] == 'MSSQL':
#This client needs a proper response code
try:
result = client.sendAuth(token)
if result: #This contains a boolean
errorCode = STATUS_SUCCESS
else:
errorCode = STATUS_ACCESS_DENIED
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
errorCode = STATUS_ACCESS_DENIED
Example #3
| Source File: httprelayserver.py From CVE-2019-1040 with MIT License | 6 votes |
|
def do_ntlm_auth(self,token,authenticateMessage):
#For some attacks it is important to know the authenticated username, so we store it
if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'),
authenticateMessage['user_name'].decode('utf-16le'))).upper()
else:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'),
authenticateMessage['user_name'].decode('ascii'))).upper()
if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1':
clientResponse, errorCode = self.client.sendAuth(token)
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except
# when coming from localhost
errorCode = STATUS_ACCESS_DENIED
if errorCode == STATUS_SUCCESS:
return True
return False
Example #4
| Source File: httprelayserver.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def do_ntlm_auth(self,token,authenticateMessage):
#For some attacks it is important to know the authenticated username, so we store it
if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'),
authenticateMessage['user_name'].decode('utf-16le'))).upper()
else:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'),
authenticateMessage['user_name'].decode('ascii'))).upper()
if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1':
clientResponse, errorCode = self.client.sendAuth(token)
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except
# when coming from localhost
errorCode = STATUS_ACCESS_DENIED
if errorCode == STATUS_SUCCESS:
return True
return False
Example #5
| Source File: smbrelayserver.py From NtlmRelayToEWS with GNU General Public License v3.0 | 6 votes |
|
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
#The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
token = respToken2['ResponseToken']
clientResponse = None
if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS':
try:
result = client.sendAuth(token) #Result is a boolean
if result:
errorCode = STATUS_SUCCESS
else:
logging.error("HTTP NTLM auth against %s as %s FAILED" % (self.target[1],self.authUser))
errorCode = STATUS_ACCESS_DENIED
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
errorCode = STATUS_ACCESS_DENIED
Example #6
| Source File: httprelayserver.py From GhostPotato with MIT License | 6 votes |
|
def do_ntlm_auth(self,token,authenticateMessage):
#For some attacks it is important to know the authenticated username, so we store it
if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'),
authenticateMessage['user_name'].decode('utf-16le'))).upper()
else:
self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'),
authenticateMessage['user_name'].decode('ascii'))).upper()
if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1':
clientResponse, errorCode = self.client.sendAuth(token)
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except
# when coming from localhost
errorCode = STATUS_ACCESS_DENIED
if errorCode == STATUS_SUCCESS:
return True
return False
Example #7
| Source File: smbrelayserver.py From cracke-dit with MIT License | 6 votes |
|
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
#The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
token = respToken2['ResponseToken']
clientResponse = None
if self.target[0] == 'SMB':
clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage)
if self.target[0] == 'MSSQL':
#This client needs a proper response code
try:
result = client.sendAuth(token)
if result: #This contains a boolean
errorCode = STATUS_SUCCESS
else:
errorCode = STATUS_ACCESS_DENIED
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
errorCode = STATUS_ACCESS_DENIED
Example #8
| Source File: smbrelayserver.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage):
#The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB
respToken2 = SPNEGO_NegTokenResp(SPNEGO_token)
token = respToken2['ResponseToken']
clientResponse = None
if self.target[0] == 'SMB':
clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage)
if self.target[0] == 'MSSQL':
#This client needs a proper response code
try:
result = client.sendAuth(token)
if result: #This contains a boolean
errorCode = STATUS_SUCCESS
else:
errorCode = STATUS_ACCESS_DENIED
except Exception, e:
logging.error("NTLM Message type 3 against %s FAILED" % self.target[1])
logging.error(str(e))
errorCode = STATUS_ACCESS_DENIED
Example #9
| Source File: smbrelayclient.py From GhostPotato with MIT License | 4 votes |
|
def sendStandardSecurityAuth(self, sessionSetupData):
v1client = self.session.getSMBServer()
flags2 = v1client.get_flags()[1]
v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY))
if sessionSetupData['Account'] != '':
smb = NewSMBPacket()
smb['Flags1'] = 8
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Data()
sessionSetup['Parameters']['MaxBuffer'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VCNumber'] = os.getpid()
sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey']
sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd'])
sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd'])
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE
sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd']
sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd']
sessionSetup['Data']['Account'] = sessionSetupData['Account']
sessionSetup['Data']['PrimaryDomain'] = sessionSetupData['PrimaryDomain']
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
v1client.sendSMB(smb)
smb = v1client.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except:
return None, STATUS_LOGON_FAILURE
else:
v1client.set_uid(smb['Uid'])
return smb, STATUS_SUCCESS
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials
clientResponse = None
errorCode = STATUS_ACCESS_DENIED
return clientResponse, errorCode
Example #10
| Source File: smbrelayclient.py From Exchange2domain with MIT License | 4 votes |
|
def sendStandardSecurityAuth(self, sessionSetupData):
v1client = self.session.getSMBServer()
flags2 = v1client.get_flags()[1]
v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY))
if sessionSetupData['Account'] != '':
smb = NewSMBPacket()
smb['Flags1'] = 8
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Data()
sessionSetup['Parameters']['MaxBuffer'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VCNumber'] = os.getpid()
sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey']
sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd'])
sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd'])
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE
sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd']
sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd']
sessionSetup['Data']['Account'] = str(sessionSetupData['Account'])
sessionSetup['Data']['PrimaryDomain'] = str(sessionSetupData['PrimaryDomain'])
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
v1client.sendSMB(smb)
smb = v1client.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except:
return None, STATUS_LOGON_FAILURE
else:
v1client.set_uid(smb['Uid'])
return smb, STATUS_SUCCESS
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials
clientResponse = None
errorCode = STATUS_ACCESS_DENIED
return clientResponse, errorCode
Example #11
| Source File: smbrelayclient.py From CVE-2017-7494 with GNU General Public License v3.0 | 4 votes |
|
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
smb['Uid'] = self._uid
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob)
sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob)
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
errorCode = smb['ErrorCode'] << 16
errorCode += smb['_reserved'] << 8
errorCode += smb['ErrorClass']
if errorCode == STATUS_SUCCESS and self._SignatureRequired is True and self.domainIp is not None:
try:
errorCode = self.netlogonSessionKey(serverChallenge, authenticateMessageBlob)
except:
#import traceback
#print traceback.print_exc()
raise
return smb, errorCode
Example #12
| Source File: smbrelayclient.py From krbrelayx with MIT License | 4 votes |
|
def sendStandardSecurityAuth(self, sessionSetupData):
v1client = self.session.getSMBServer()
flags2 = v1client.get_flags()[1]
v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY))
if sessionSetupData['Account'] != '':
smb = NewSMBPacket()
smb['Flags1'] = 8
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Data()
sessionSetup['Parameters']['MaxBuffer'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VCNumber'] = os.getpid()
sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey']
sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd'])
sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd'])
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE
sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd']
sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd']
sessionSetup['Data']['Account'] = str(sessionSetupData['Account'])
sessionSetup['Data']['PrimaryDomain'] = str(sessionSetupData['PrimaryDomain'])
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
v1client.sendSMB(smb)
smb = v1client.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except:
return None, STATUS_LOGON_FAILURE
else:
v1client.set_uid(smb['Uid'])
return smb, STATUS_SUCCESS
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials
clientResponse = None
errorCode = STATUS_ACCESS_DENIED
return clientResponse, errorCode
Example #13
| Source File: sambaPipe.py From Slackor with GNU General Public License v3.0 | 4 votes |
|
def create(self, treeId, fileName, desiredAccess, shareMode, creationOptions, creationDisposition, fileAttributes,
impersonationLevel=SMB2_IL_IMPERSONATION, securityFlags=0, oplockLevel=SMB2_OPLOCK_LEVEL_NONE,
createContexts=None):
packet = self.__smbClient.getSMBServer().SMB_PACKET()
packet['Command'] = SMB2_CREATE
packet['TreeID'] = treeId
if self.__smbClient._SMBConnection._Session['TreeConnectTable'][treeId]['IsDfsShare'] is True:
packet['Flags'] = SMB2_FLAGS_DFS_OPERATIONS
smb2Create = SMB2Create()
smb2Create['SecurityFlags'] = 0
smb2Create['RequestedOplockLevel'] = oplockLevel
smb2Create['ImpersonationLevel'] = impersonationLevel
smb2Create['DesiredAccess'] = desiredAccess
smb2Create['FileAttributes'] = fileAttributes
smb2Create['ShareAccess'] = shareMode
smb2Create['CreateDisposition'] = creationDisposition
smb2Create['CreateOptions'] = creationOptions
smb2Create['NameLength'] = len(fileName) * 2
if fileName != '':
smb2Create['Buffer'] = fileName.encode('utf-16le')
else:
smb2Create['Buffer'] = b'\x00'
if createContexts is not None:
smb2Create['Buffer'] += createContexts
smb2Create['CreateContextsOffset'] = len(SMB2Packet()) + SMB2Create.SIZE + smb2Create['NameLength']
smb2Create['CreateContextsLength'] = len(createContexts)
else:
smb2Create['CreateContextsOffset'] = 0
smb2Create['CreateContextsLength'] = 0
packet['Data'] = smb2Create
packetID = self.__smbClient.getSMBServer().sendSMB(packet)
ans = self.__smbClient.getSMBServer().recvSMB(packetID)
if ans.isValidAnswer(STATUS_SUCCESS):
createResponse = SMB2Create_Response(ans['Data'])
# The client MUST generate a handle for the Open, and it MUST
# return success and the generated handle to the calling application.
# In our case, str(FileID)
return str(createResponse['FileID'])
Example #14
| Source File: smbrelayclient.py From Slackor with GNU General Public License v3.0 | 4 votes |
|
def sendStandardSecurityAuth(self, sessionSetupData):
v1client = self.session.getSMBServer()
flags2 = v1client.get_flags()[1]
v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY))
if sessionSetupData['Account'] != '':
smb = NewSMBPacket()
smb['Flags1'] = 8
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Data()
sessionSetup['Parameters']['MaxBuffer'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VCNumber'] = os.getpid()
sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey']
sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd'])
sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd'])
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE
sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd']
sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd']
sessionSetup['Data']['Account'] = sessionSetupData['Account']
sessionSetup['Data']['PrimaryDomain'] = sessionSetupData['PrimaryDomain']
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
v1client.sendSMB(smb)
smb = v1client.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except:
return None, STATUS_LOGON_FAILURE
else:
v1client.set_uid(smb['Uid'])
return smb, STATUS_SUCCESS
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials
clientResponse = None
errorCode = STATUS_ACCESS_DENIED
return clientResponse, errorCode
Example #15
| Source File: smbrelayclient.py From CVE-2019-1040 with MIT License | 4 votes |
|
def sendStandardSecurityAuth(self, sessionSetupData):
v1client = self.session.getSMBServer()
flags2 = v1client.get_flags()[1]
v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY))
if sessionSetupData['Account'] != '':
smb = NewSMBPacket()
smb['Flags1'] = 8
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Data()
sessionSetup['Parameters']['MaxBuffer'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VCNumber'] = os.getpid()
sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey']
sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd'])
sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd'])
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE
sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd']
sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd']
sessionSetup['Data']['Account'] = sessionSetupData['Account']
sessionSetup['Data']['PrimaryDomain'] = sessionSetupData['PrimaryDomain']
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
smb.addCommand(sessionSetup)
v1client.sendSMB(smb)
smb = v1client.recvSMB()
try:
smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX)
except:
return None, STATUS_LOGON_FAILURE
else:
v1client.set_uid(smb['Uid'])
return smb, STATUS_SUCCESS
else:
# Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials
clientResponse = None
errorCode = STATUS_ACCESS_DENIED
return clientResponse, errorCode
Example #16
| Source File: smbrelayclient.py From cracke-dit with MIT License | 4 votes |
|
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
smb['Uid'] = self._uid
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob)
sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob)
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
errorCode = smb['ErrorCode'] << 16
errorCode += smb['_reserved'] << 8
errorCode += smb['ErrorClass']
if errorCode == STATUS_SUCCESS and self._SignatureRequired is True and self.domainIp is not None:
try:
errorCode = self.netlogonSessionKey(serverChallenge, authenticateMessageBlob)
except:
#import traceback
#print traceback.print_exc()
raise
return smb, errorCode
Example #17
| Source File: smbrelayclient.py From PiBunny with MIT License | 4 votes |
|
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
smb = NewSMBPacket()
smb['Flags1'] = SMB.FLAGS1_PATHCASELESS
smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY
# Are we required to sign SMB? If so we do it, if not we skip it
if self._SignatureRequired:
smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
smb['Uid'] = self._uid
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters']['MaxBufferSize'] = 65535
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE
# Fake Data here, don't want to get us fingerprinted
sessionSetup['Data']['NativeOS'] = 'Unix'
sessionSetup['Data']['NativeLanMan'] = 'Samba'
sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob)
sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob)
smb.addCommand(sessionSetup)
self.sendSMB(smb)
smb = self.recvSMB()
errorCode = smb['ErrorCode'] << 16
errorCode += smb['_reserved'] << 8
errorCode += smb['ErrorClass']
if errorCode == STATUS_SUCCESS and self._SignatureRequired is True and self.domainIp is not None:
try:
errorCode = self.netlogonSessionKey(serverChallenge, authenticateMessageBlob)
except:
#import traceback
#print traceback.print_exc()
raise
return smb, errorCode
