Python impacket.nt_errors.STATUS_SUCCESS Examples
The following are 17
code examples of impacket.nt_errors.STATUS_SUCCESS().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.nt_errors
, or try the search function
.
Example #1
Source File: httprelayserver.py From Exchange2domain with MIT License | 6 votes |
def do_ntlm_auth(self,token,authenticateMessage): #For some attacks it is important to know the authenticated username, so we store it if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'))).upper() else: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'))).upper() if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1': clientResponse, errorCode = self.client.sendAuth(token) else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except # when coming from localhost errorCode = STATUS_ACCESS_DENIED if errorCode == STATUS_SUCCESS: config.set_suc(True) return True else: config.set_fail(True) return False return False
Example #2
Source File: smbrelayserver.py From PiBunny with MIT License | 6 votes |
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage): #The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB respToken2 = SPNEGO_NegTokenResp(SPNEGO_token) token = respToken2['ResponseToken'] clientResponse = None if self.target[0] == 'SMB': clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage) if self.target[0] == 'MSSQL': #This client needs a proper response code try: result = client.sendAuth(token) if result: #This contains a boolean errorCode = STATUS_SUCCESS else: errorCode = STATUS_ACCESS_DENIED except Exception, e: logging.error("NTLM Message type 3 against %s FAILED" % self.target[1]) logging.error(str(e)) errorCode = STATUS_ACCESS_DENIED
Example #3
Source File: httprelayserver.py From CVE-2019-1040 with MIT License | 6 votes |
def do_ntlm_auth(self,token,authenticateMessage): #For some attacks it is important to know the authenticated username, so we store it if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'))).upper() else: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'))).upper() if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1': clientResponse, errorCode = self.client.sendAuth(token) else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except # when coming from localhost errorCode = STATUS_ACCESS_DENIED if errorCode == STATUS_SUCCESS: return True return False
Example #4
Source File: httprelayserver.py From Slackor with GNU General Public License v3.0 | 6 votes |
def do_ntlm_auth(self,token,authenticateMessage): #For some attacks it is important to know the authenticated username, so we store it if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'))).upper() else: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'))).upper() if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1': clientResponse, errorCode = self.client.sendAuth(token) else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except # when coming from localhost errorCode = STATUS_ACCESS_DENIED if errorCode == STATUS_SUCCESS: return True return False
Example #5
Source File: smbrelayserver.py From NtlmRelayToEWS with GNU General Public License v3.0 | 6 votes |
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage): #The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB respToken2 = SPNEGO_NegTokenResp(SPNEGO_token) token = respToken2['ResponseToken'] clientResponse = None if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS': try: result = client.sendAuth(token) #Result is a boolean if result: errorCode = STATUS_SUCCESS else: logging.error("HTTP NTLM auth against %s as %s FAILED" % (self.target[1],self.authUser)) errorCode = STATUS_ACCESS_DENIED except Exception, e: logging.error("NTLM Message type 3 against %s FAILED" % self.target[1]) logging.error(str(e)) errorCode = STATUS_ACCESS_DENIED
Example #6
Source File: httprelayserver.py From GhostPotato with MIT License | 6 votes |
def do_ntlm_auth(self,token,authenticateMessage): #For some attacks it is important to know the authenticated username, so we store it if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'))).upper() else: self.authUser = ('%s/%s' % (authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'))).upper() if authenticateMessage['user_name'] != '' or self.target.hostname == '127.0.0.1': clientResponse, errorCode = self.client.sendAuth(token) else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials, except # when coming from localhost errorCode = STATUS_ACCESS_DENIED if errorCode == STATUS_SUCCESS: return True return False
Example #7
Source File: smbrelayserver.py From cracke-dit with MIT License | 6 votes |
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage): #The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB respToken2 = SPNEGO_NegTokenResp(SPNEGO_token) token = respToken2['ResponseToken'] clientResponse = None if self.target[0] == 'SMB': clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage) if self.target[0] == 'MSSQL': #This client needs a proper response code try: result = client.sendAuth(token) if result: #This contains a boolean errorCode = STATUS_SUCCESS else: errorCode = STATUS_ACCESS_DENIED except Exception, e: logging.error("NTLM Message type 3 against %s FAILED" % self.target[1]) logging.error(str(e)) errorCode = STATUS_ACCESS_DENIED
Example #8
Source File: smbrelayserver.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
def do_ntlm_auth(self,client,SPNEGO_token,authenticateMessage): #The NTLM blob is packed in a SPNEGO packet, extract it for methods other than SMB respToken2 = SPNEGO_NegTokenResp(SPNEGO_token) token = respToken2['ResponseToken'] clientResponse = None if self.target[0] == 'SMB': clientResponse, errorCode = client.sendAuth(SPNEGO_token,authenticateMessage) if self.target[0] == 'MSSQL': #This client needs a proper response code try: result = client.sendAuth(token) if result: #This contains a boolean errorCode = STATUS_SUCCESS else: errorCode = STATUS_ACCESS_DENIED except Exception, e: logging.error("NTLM Message type 3 against %s FAILED" % self.target[1]) logging.error(str(e)) errorCode = STATUS_ACCESS_DENIED
Example #9
Source File: smbrelayclient.py From GhostPotato with MIT License | 4 votes |
def sendStandardSecurityAuth(self, sessionSetupData): v1client = self.session.getSMBServer() flags2 = v1client.get_flags()[1] v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY)) if sessionSetupData['Account'] != '': smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd']) sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd']) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd'] sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd'] sessionSetup['Data']['Account'] = sessionSetupData['Account'] sessionSetup['Data']['PrimaryDomain'] = sessionSetupData['PrimaryDomain'] sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) v1client.sendSMB(smb) smb = v1client.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: return None, STATUS_LOGON_FAILURE else: v1client.set_uid(smb['Uid']) return smb, STATUS_SUCCESS else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials clientResponse = None errorCode = STATUS_ACCESS_DENIED return clientResponse, errorCode
Example #10
Source File: smbrelayclient.py From Exchange2domain with MIT License | 4 votes |
def sendStandardSecurityAuth(self, sessionSetupData): v1client = self.session.getSMBServer() flags2 = v1client.get_flags()[1] v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY)) if sessionSetupData['Account'] != '': smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd']) sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd']) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd'] sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd'] sessionSetup['Data']['Account'] = str(sessionSetupData['Account']) sessionSetup['Data']['PrimaryDomain'] = str(sessionSetupData['PrimaryDomain']) sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) v1client.sendSMB(smb) smb = v1client.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: return None, STATUS_LOGON_FAILURE else: v1client.set_uid(smb['Uid']) return smb, STATUS_SUCCESS else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials clientResponse = None errorCode = STATUS_ACCESS_DENIED return clientResponse, errorCode
Example #11
Source File: smbrelayclient.py From CVE-2017-7494 with GNU General Public License v3.0 | 4 votes |
def sendAuth(self, authenticateMessageBlob, serverChallenge=None): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE smb['Uid'] = self._uid sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() sessionSetup['Parameters']['MaxBufferSize'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VcNumber'] = 1 sessionSetup['Parameters']['SessionKey'] = 0 sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE # Fake Data here, don't want to get us fingerprinted sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob) sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob) smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() errorCode = smb['ErrorCode'] << 16 errorCode += smb['_reserved'] << 8 errorCode += smb['ErrorClass'] if errorCode == STATUS_SUCCESS and self._SignatureRequired is True and self.domainIp is not None: try: errorCode = self.netlogonSessionKey(serverChallenge, authenticateMessageBlob) except: #import traceback #print traceback.print_exc() raise return smb, errorCode
Example #12
Source File: smbrelayclient.py From krbrelayx with MIT License | 4 votes |
def sendStandardSecurityAuth(self, sessionSetupData): v1client = self.session.getSMBServer() flags2 = v1client.get_flags()[1] v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY)) if sessionSetupData['Account'] != '': smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd']) sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd']) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd'] sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd'] sessionSetup['Data']['Account'] = str(sessionSetupData['Account']) sessionSetup['Data']['PrimaryDomain'] = str(sessionSetupData['PrimaryDomain']) sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) v1client.sendSMB(smb) smb = v1client.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: return None, STATUS_LOGON_FAILURE else: v1client.set_uid(smb['Uid']) return smb, STATUS_SUCCESS else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials clientResponse = None errorCode = STATUS_ACCESS_DENIED return clientResponse, errorCode
Example #13
Source File: sambaPipe.py From Slackor with GNU General Public License v3.0 | 4 votes |
def create(self, treeId, fileName, desiredAccess, shareMode, creationOptions, creationDisposition, fileAttributes, impersonationLevel=SMB2_IL_IMPERSONATION, securityFlags=0, oplockLevel=SMB2_OPLOCK_LEVEL_NONE, createContexts=None): packet = self.__smbClient.getSMBServer().SMB_PACKET() packet['Command'] = SMB2_CREATE packet['TreeID'] = treeId if self.__smbClient._SMBConnection._Session['TreeConnectTable'][treeId]['IsDfsShare'] is True: packet['Flags'] = SMB2_FLAGS_DFS_OPERATIONS smb2Create = SMB2Create() smb2Create['SecurityFlags'] = 0 smb2Create['RequestedOplockLevel'] = oplockLevel smb2Create['ImpersonationLevel'] = impersonationLevel smb2Create['DesiredAccess'] = desiredAccess smb2Create['FileAttributes'] = fileAttributes smb2Create['ShareAccess'] = shareMode smb2Create['CreateDisposition'] = creationDisposition smb2Create['CreateOptions'] = creationOptions smb2Create['NameLength'] = len(fileName) * 2 if fileName != '': smb2Create['Buffer'] = fileName.encode('utf-16le') else: smb2Create['Buffer'] = b'\x00' if createContexts is not None: smb2Create['Buffer'] += createContexts smb2Create['CreateContextsOffset'] = len(SMB2Packet()) + SMB2Create.SIZE + smb2Create['NameLength'] smb2Create['CreateContextsLength'] = len(createContexts) else: smb2Create['CreateContextsOffset'] = 0 smb2Create['CreateContextsLength'] = 0 packet['Data'] = smb2Create packetID = self.__smbClient.getSMBServer().sendSMB(packet) ans = self.__smbClient.getSMBServer().recvSMB(packetID) if ans.isValidAnswer(STATUS_SUCCESS): createResponse = SMB2Create_Response(ans['Data']) # The client MUST generate a handle for the Open, and it MUST # return success and the generated handle to the calling application. # In our case, str(FileID) return str(createResponse['FileID'])
Example #14
Source File: smbrelayclient.py From Slackor with GNU General Public License v3.0 | 4 votes |
def sendStandardSecurityAuth(self, sessionSetupData): v1client = self.session.getSMBServer() flags2 = v1client.get_flags()[1] v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY)) if sessionSetupData['Account'] != '': smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd']) sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd']) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd'] sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd'] sessionSetup['Data']['Account'] = sessionSetupData['Account'] sessionSetup['Data']['PrimaryDomain'] = sessionSetupData['PrimaryDomain'] sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) v1client.sendSMB(smb) smb = v1client.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: return None, STATUS_LOGON_FAILURE else: v1client.set_uid(smb['Uid']) return smb, STATUS_SUCCESS else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials clientResponse = None errorCode = STATUS_ACCESS_DENIED return clientResponse, errorCode
Example #15
Source File: smbrelayclient.py From CVE-2019-1040 with MIT License | 4 votes |
def sendStandardSecurityAuth(self, sessionSetupData): v1client = self.session.getSMBServer() flags2 = v1client.get_flags()[1] v1client.set_flags(flags2=flags2 & (~SMB.FLAGS2_EXTENDED_SECURITY)) if sessionSetupData['Account'] != '': smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = v1client._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(sessionSetupData['AnsiPwd']) sessionSetup['Parameters']['UnicodePwdLength'] = len(sessionSetupData['UnicodePwd']) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = sessionSetupData['AnsiPwd'] sessionSetup['Data']['UnicodePwd'] = sessionSetupData['UnicodePwd'] sessionSetup['Data']['Account'] = sessionSetupData['Account'] sessionSetup['Data']['PrimaryDomain'] = sessionSetupData['PrimaryDomain'] sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) v1client.sendSMB(smb) smb = v1client.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: return None, STATUS_LOGON_FAILURE else: v1client.set_uid(smb['Uid']) return smb, STATUS_SUCCESS else: # Anonymous login, send STATUS_ACCESS_DENIED so we force the client to send his credentials clientResponse = None errorCode = STATUS_ACCESS_DENIED return clientResponse, errorCode
Example #16
Source File: smbrelayclient.py From cracke-dit with MIT License | 4 votes |
def sendAuth(self, authenticateMessageBlob, serverChallenge=None): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE smb['Uid'] = self._uid sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() sessionSetup['Parameters']['MaxBufferSize'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VcNumber'] = 1 sessionSetup['Parameters']['SessionKey'] = 0 sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE # Fake Data here, don't want to get us fingerprinted sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob) sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob) smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() errorCode = smb['ErrorCode'] << 16 errorCode += smb['_reserved'] << 8 errorCode += smb['ErrorClass'] if errorCode == STATUS_SUCCESS and self._SignatureRequired is True and self.domainIp is not None: try: errorCode = self.netlogonSessionKey(serverChallenge, authenticateMessageBlob) except: #import traceback #print traceback.print_exc() raise return smb, errorCode
Example #17
Source File: smbrelayclient.py From PiBunny with MIT License | 4 votes |
def sendAuth(self, authenticateMessageBlob, serverChallenge=None): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE smb['Uid'] = self._uid sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() sessionSetup['Parameters']['MaxBufferSize'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VcNumber'] = 1 sessionSetup['Parameters']['SessionKey'] = 0 sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE # Fake Data here, don't want to get us fingerprinted sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' sessionSetup['Parameters']['SecurityBlobLength'] = len(authenticateMessageBlob) sessionSetup['Data']['SecurityBlob'] = str(authenticateMessageBlob) smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() errorCode = smb['ErrorCode'] << 16 errorCode += smb['_reserved'] << 8 errorCode += smb['ErrorClass'] if errorCode == STATUS_SUCCESS and self._SignatureRequired is True and self.domainIp is not None: try: errorCode = self.netlogonSessionKey(serverChallenge, authenticateMessageBlob) except: #import traceback #print traceback.print_exc() raise return smb, errorCode