Beispiel #1
0
    def get_netshare(self):

        resp = srvs.hNetrShareEnum(self._rpc_connection, 1)

        results = list()
        for share in resp['InfoStruct']['ShareInfo']['Level1']['Buffer']:
            results.append(rpcobj.Share(share))

        return results
 def shares(self):
     shares = []
     rpctransport = transport.SMBTransport(
         self.smb.getRemoteHost(), self.smb.getRemoteHost(), filename=r"\srvsvc", smb_connection=self.smb
     )
     dce = rpctransport.get_dce_rpc()
     dce.connect()
     dce.bind(srvs.MSRPC_UUID_SRVS)
     res = srvs.hNetrShareEnum(dce, 1)
     resp = res["InfoStruct"]["ShareInfo"]["Level1"]["Buffer"]
     for i in range(len(resp)):
         shares += [resp[i]["shi1_netname"][:-1]]
     return shares
Beispiel #3
0
    def findSuitableShare(self):
        from impacket.dcerpc.v5 import transport, srvs
        rpctransport = transport.SMBTransport(self.__smbClient.getRemoteName(), self.__smbClient.getRemoteHost(),
                                              filename=r'\srvsvc', smb_connection=self.__smbClient)
        dce = rpctransport.get_dce_rpc()
        dce.connect()
        dce.bind(srvs.MSRPC_UUID_SRVS)
        resp = srvs.hNetrShareEnum(dce, 2)
        for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
            if self.isShareWritable(share['shi2_netname'][:-1]):
                sharePath = share['shi2_path'].split(':')[-1:][0][:-1]
                return share['shi2_netname'][:-1], sharePath

        raise Exception('No suitable share found, aborting!')
Beispiel #4
0
    def getShares(self):
        # Setup up a DCE SMBTransport with the connection already in place
        LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost()))
        try: 
            self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\srvsvc', smb_connection = self.connection)
            dce_srvs = self._rpctransport.get_dce_rpc()
            dce_srvs.connect()

            dce_srvs.bind(srvs.MSRPC_UUID_SRVS)
            resp = srvs.hNetrShareEnum(dce_srvs, 1)
            return resp['InfoStruct']['ShareInfo']['Level1']
        except:
            LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost()))
            raise
    def listShares(self):
        """
        get a list of available shares at the connected target

        :return: a list containing dict entries for each share, raises exception if error
        """
        # Get the shares through RPC
        from impacket.dcerpc.v5 import transport, srvs
        rpctransport = transport.SMBTransport(self.getRemoteHost(), self.getRemoteHost(), filename = r'\srvsvc', smb_connection = self)
        dce = rpctransport.get_dce_rpc()
        dce.connect()
        dce.bind(srvs.MSRPC_UUID_SRVS)
        resp = srvs.hNetrShareEnum(dce, 1)
        return resp['InfoStruct']['ShareInfo']['Level1']['Buffer']
Beispiel #6
0
    def listShares(self):
        """
        get a list of available shares at the connected target

        :return: a list containing dict entries for each share, raises exception if error
        """
        # Get the shares through RPC
        from impacket.dcerpc.v5 import transport, srvs
        rpctransport = transport.SMBTransport(self.getRemoteName(),
                                              self.getRemoteHost(),
                                              filename=r'\srvsvc',
                                              smb_connection=self)
        dce = rpctransport.get_dce_rpc()
        dce.connect()
        dce.bind(srvs.MSRPC_UUID_SRVS)
        resp = srvs.hNetrShareEnum(dce, 1)
        return resp['InfoStruct']['ShareInfo']['Level1']['Buffer']
Beispiel #7
0
def smb_share_information(
    target,
    port,
    user=None,
    password=None,
):
    """
    Vyhleda sdilene slozky pro zadaneho hosta

    :param target: IP hosta
    :param port:  Port hosta
    :param user: Uzivatelske jmeno
    :param password: Heslo
    :return: <list> s nazvy sdilenych slozek
    """

    try:
        conn = SMBConnection(target, target, sess_port=port)
    except socket.error as error:
        print "[-] Chyba spojeni", error.message
        return

    conn.login(user, password)
    if not conn.login(user, password):
        raise Exception(
            "[-] Chyba autentizace, neplatne uzivatelske jmeno nebo heslo")
    rpc_transport = transport.SMBTransport(conn.getRemoteName(),
                                           conn.getRemoteHost(),
                                           filename=r'\srvsvc',
                                           smb_connection=conn)
    dce = rpc_transport.get_dce_rpc()
    try:
        dce.connect()
    except SessionError as error:
        pass
    dce.bind(srvs.MSRPC_UUID_SRVS)
    resp = srvs.hNetrShareEnum(dce, 2)

    share_path = []
    ignore_shares = ["print$", "IPC$"]
    for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
        share_name = share['shi2_netname'][:-1]
        if share_name not in ignore_shares:
            share_path.append(share_name)
    return share_path
Beispiel #8
0
def get_remote_payload_path_set(lib_name, smb_connection_):
    rpctransport = transport.SMBTransport(smb_connection_.getRemoteName(),
                                          smb_connection_.getRemoteHost(),
                                          filename=r'\srvsvc',
                                          smb_connection=smb_connection_)
    dce = rpctransport.get_dce_rpc()
    dce.connect()
    dce.bind(srvs.MSRPC_UUID_SRVS)
    resp = srvs.hNetrShareEnum(dce, 2)

    directory_set = []
    ignore_shares = ["print$", "IPC$"]
    for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
        share_name = share['shi2_netname'][:-1]
        share_path = translate_smb_path(share['shi2_path'][:-1])
        directory_set.append([share_name, share_path])

    return directory_set
Beispiel #9
0
    def getShares(self):
        # Setup up a DCE SMBTransport with the connection already in place
        logging.info("Requesting shares on %s....." %
                     (self.smbConnection.getRemoteHost()))
        try:
            self._rpctransport = transport.SMBTransport(
                self.smbConnection.getRemoteHost(),
                self.smbConnection.getRemoteHost(),
                filename=r'\srvsvc',
                smb_connection=self.smbConnection)
            dce_srvs = self._rpctransport.get_dce_rpc()
            dce_srvs.connect()

            dce_srvs.bind(srvs.MSRPC_UUID_SRVS)
            resp = srvs.hNetrShareEnum(dce_srvs, 1)
            return resp['InfoStruct']['ShareInfo']['Level1']
        except:
            logging.critical("Error requesting shares on %s, aborting....." %
                             (self.smbConnection.getRemoteHost()))
            raise
Beispiel #10
0
  def copy_lib(self, lib_name):

    self.execName = os.path.basename(lib_name)
    self.execFile = open(lib_name, 'rb')
    self.login()
    rpctransport = transport.SMBTransport(rName, self.rhost, filename=r'\srvsvc', smb_connection=self.smb)
    dce = rpctransport.get_dce_rpc()
    dce.connect()

    dce.bind(srvs.MSRPC_UUID_SRVS)
    resp = srvs.hNetrShareEnum(dce, 2)
    for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
      sName = share['shi2_netname'][:-1]
      sPath = self.SMBpath(share['shi2_path'][:-1])
      k = str(sName) +":"+ str(sPath)
      sName, sPath = k.split(':')
#      module = sPath + "/" + lib_name
      j = sName.replace('IPC$', '')
      j = sName.replace('print$', '')
      j = str(j)
      shares = "".join([s for s in j.splitlines(True) if s.strip("\r\n")])
      if not self.cBin:
        lib_name = lib_name
        module = sPath + "/" + lib_name
      else:
        lib_name = self.cBin
        self.execName = os.path.basename(lib_name)
        self.execFile = open(lib_name, 'rb')
        module = sPath + "/" + lib_name
#          shares = os.linesep.join([s for s in j.splitlines() if s])
      for sharez in shares.splitlines():

#        print sharez
        print "[ + ] Using  %s [ + ]" % lib_name
        print "[ + ] Copying lib '%s' to share '%s' [ + ]" % (lib_name, sharez)

        self.smb.putFile(sharez, self.execName, self.execFile.read)
        return module
Beispiel #11
0
    def test_hNetrShareEnum(self):
        dce, rpctransport = self.connect()
        resp = srvs.hNetrShareEnum(dce, 0)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 1)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 2)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 501)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 502)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 503)
Beispiel #12
0
    def test_hNetrShareEnum(self):
        dce, rpctransport = self.connect()
        resp = srvs.hNetrShareEnum(dce, 0)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 1)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 2)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 501)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 502)
        #resp.dump()

        resp = srvs.hNetrShareEnum(dce, 503)