async def setup(self):
try:
if self.no_work_dir is False:
logger.debug('Setting up working directory')
if self.work_dir is not None:
if isinstance(self.work_dir, str):
self.work_dir = pathlib.Path(self.work_dir)
else:
self.work_dir = pathlib.Path()
self.work_dir.mkdir(parents=True, exist_ok=True)
self.ldap_work_dir = self.work_dir.joinpath('ldap')
self.ldap_work_dir.mkdir(parents=True, exist_ok=True)
self.smb_work_dir = self.work_dir.joinpath('smb')
self.smb_work_dir.mkdir(parents=True, exist_ok=True)
logger.debug('Setting up connection objects')
if self.dns_server is not None:
self.rdns_resolver = RDNS(server=self.dns_server,
protocol='TCP',
cache=True,
proxy=self.proxy)
if self.ldap_url is not None:
self.ldap_mgr = self.ldap_url
if isinstance(self.ldap_url, str):
self.ldap_mgr = MSLDAPURLDecoder(self.ldap_url)
if self.proxy is not None:
#overriding proxy!
pu = SocksClientURL.from_urls(self.proxy)
p = MSLDAPProxy(MSLDAPProxyType.SOCKS5, pu)
self.ldap_mgr.proxy = p
if self.smb_url is not None:
self.smb_mgr = self.smb_url
if isinstance(self.smb_url, str):
self.smb_mgr = SMBConnectionURL(self.smb_url)
if self.proxy is not None:
#overriding proxy!
pu = SocksClientURL.from_urls(self.proxy)
p = SMBProxy()
p.type = SMBProxyType.SOCKS5
p.target = pu
self.smb_mgr.proxy = p
logger.debug('Setting up database connection')
if self.progress_queue is None and self.show_progress is True:
self.progress_queue = asyncio.Queue()
self.progress_task = asyncio.create_task(self.print_progress())
return True, None
except Exception as e:
return False, e
async def connect(self):
"""
"""
#hiding the import, so you'll only need to install multiplexor when actually using it
from multiplexor.operator import MultiplexorOperator
#creating connection string
if self.target.proxy.type == SMBProxyType.MULTIPLEXOR:
con_str = 'ws://%s:%s' % (self.target.proxy.ip,
self.target.proxy.port)
else:
con_str = 'wss://%s:%s' % (self.target.proxy.ip,
self.target.proxy.port)
#creating operator and connecting to multiplexor server
self.operator = MultiplexorOperator(con_str)
await self.operator.connect()
#creating socks5 proxy
server_info = await self.operator.start_socks5(
self.target.proxy.agent_id)
print(server_info)
#copying the original target, then feeding it to socks5proxy object. it will hold the actual socks5 proxy server address we created before
tp = SMBProxy()
tp.ip = server_info['listen_ip']
tp.port = server_info['listen_port']
tp.timeout = self.target.proxy.timeout
tp.type = SMBProxyType.SOCKS5
newtarget = copy.deepcopy(self.target)
newtarget.proxy = tp
return Socks5ProxyConnection(target=newtarget)
def parse(self):
url_e = urlparse(self.connection_url)
self.scheme_decoder(url_e.scheme)
if url_e.username is not None:
if url_e.username.find('\\') != -1:
self.domain, self.username = url_e.username.split('\\')
if self.domain == '.':
self.domain = None
else:
self.domain = None
self.username = url_e.username
self.secret = url_e.password
if self.secret_type == SMBCredentialsSecretType.PWPROMPT:
self.secret_type = SMBCredentialsSecretType.PASSWORD
self.secret = getpass()
if self.secret_type == SMBCredentialsSecretType.PWHEX:
self.secret_type = SMBCredentialsSecretType.PASSWORD
self.secret = bytes.fromhex(self.secret).decode()
if self.secret_type == SMBCredentialsSecretType.PWB64:
self.secret_type = SMBCredentialsSecretType.PASSWORD
self.secret = base64.b64decode(self.secret).decode()
if self.secret is None and self.username is None:
self.is_anonymous = True
if self.authentication_protocol == SMBAuthProtocol.NTLM and self.secret_type is None:
if self.is_anonymous == True:
self.secret_type = SMBCredentialsSecretType.NONE
else:
if len(self.secret) == 32:
try:
bytes.fromhex(self.secret)
except:
self.secret_type = SMBCredentialsSecretType.NT
else:
self.secret_type = SMBCredentialsSecretType.PASSWORD
elif self.authentication_protocol in [
SMBAuthProtocol.SSPI_KERBEROS, SMBAuthProtocol.SSPI_NTLM,
SMBAuthProtocol.MULTIPLEXOR_NTLM,
SMBAuthProtocol.MULTIPLEXOR_KERBEROS
]:
if self.username is None:
self.username = '******'
if self.domain is None:
self.domain = '<CURRENT>'
if self.secret is None:
self.secret = '<CURRENT>'
self.ip = url_e.hostname
if url_e.port:
self.port = url_e.port
elif self.protocol == SMBConnectionProtocol.TCP:
self.port = 445
else:
raise Exception('Port must be provided!')
if url_e.path not in ['/', '', None]:
self.path = url_e.path
# recognized parameters :
# dc -> domain controller IP
# proxytype -> proxy protocol
# proxyuser -> username for proxy auth
# proxypass -> password for proxy auth
#
#
proxy_present = False
if url_e.query is not None:
query = parse_qs(url_e.query)
for k in query:
if k.startswith('proxy') is True:
proxy_present = True
if k == 'dc':
self.dc_ip = query[k][0]
elif k == 'timeout':
self.timeout = int(query[k][0])
elif k == 'serverip':
self.server_ip = query[k][0]
elif k == 'fragment':
self.fragment = int(query[k][0])
elif k == 'dns':
self.dns = query[
k] #multiple dns can be set, so not trimming here
elif k.startswith('auth'):
self.auth_settings[k[len('auth'):]] = query[k]
elif k.startswith('same'):
self.auth_settings[k[len('same'):]] = query[k]
if proxy_present is True:
self.proxy = SMBProxy.from_params(self.connection_url)
async def connect(self, is_kerberos=False):
"""
"""
#hiding the import, so you'll only need to install multiplexor when actually using it
from multiplexor.operator import MultiplexorOperator
#creating connection string
#if self.target.proxy.type == SMBProxyType.MULTIPLEXOR:
# con_str = 'ws://%s:%s' % (self.target.proxy.ip, self.target.proxy.port)
#else:
# con_str = 'wss://%s:%s' % (self.target.proxy.ip, self.target.proxy.port)
con_str = self.target.proxy.target.get_server_url()
#creating operator and connecting to multiplexor server
self.operator = MultiplexorOperator(con_str, logging_sink=logger)
await self.operator.connect()
#creating socks5 proxy
server_info = await self.operator.start_socks5(
self.target.proxy.target.agent_id)
await self.operator.terminate()
#print(server_info)
if is_kerberos is False:
#copying the original target, then feeding it to socks5proxy object. it will hold the actual socks5 proxy server address we created before
tp = SMBProxy()
tp.target = SocksTarget()
tp.target.version = SocksServerVersion.SOCKS5
tp.target.server_ip = server_info['listen_ip']
tp.target.server_port = server_info['listen_port']
tp.target.is_bind = False
tp.target.proto = SocksProtocol.TCP
tp.target.timeout = 10
tp.target.buffer_size = 4096
tp.target.endpoint_ip = self.target.ip
tp.target.endpoint_port = self.target.port
tp.target.endpoint_timeout = self.target.timeout
tp.type = SMBProxyType.SOCKS5
newtarget = copy.deepcopy(self.target)
newtarget.proxy = tp
return SocksProxyConnection(target=newtarget)
else:
kt = copy.deepcopy(self.target)
kt.proxy = KerberosProxy()
kt.proxy.target = SocksTarget()
kt.proxy.target.version = SocksServerVersion.SOCKS5
kt.proxy.target.server_ip = server_info['listen_ip']
kt.proxy.target.server_port = server_info['listen_port']
kt.proxy.target.is_bind = False
kt.proxy.target.proto = SocksProtocol.TCP
kt.proxy.target.timeout = 10
kt.proxy.target.buffer_size = 4096
kt.proxy.target.endpoint_ip = self.target.ip
kt.proxy.target.endpoint_port = self.target.port
kt.proxy.creds = copy.deepcopy(self.target.proxy.auth)
return kt