async def setup(self): try: if self.no_work_dir is False: logger.debug('Setting up working directory') if self.work_dir is not None: if isinstance(self.work_dir, str): self.work_dir = pathlib.Path(self.work_dir) else: self.work_dir = pathlib.Path() self.work_dir.mkdir(parents=True, exist_ok=True) self.ldap_work_dir = self.work_dir.joinpath('ldap') self.ldap_work_dir.mkdir(parents=True, exist_ok=True) self.smb_work_dir = self.work_dir.joinpath('smb') self.smb_work_dir.mkdir(parents=True, exist_ok=True) logger.debug('Setting up connection objects') if self.dns_server is not None: self.rdns_resolver = RDNS(server=self.dns_server, protocol='TCP', cache=True, proxy=self.proxy) if self.ldap_url is not None: self.ldap_mgr = self.ldap_url if isinstance(self.ldap_url, str): self.ldap_mgr = MSLDAPURLDecoder(self.ldap_url) if self.proxy is not None: #overriding proxy! pu = SocksClientURL.from_urls(self.proxy) p = MSLDAPProxy(MSLDAPProxyType.SOCKS5, pu) self.ldap_mgr.proxy = p if self.smb_url is not None: self.smb_mgr = self.smb_url if isinstance(self.smb_url, str): self.smb_mgr = SMBConnectionURL(self.smb_url) if self.proxy is not None: #overriding proxy! pu = SocksClientURL.from_urls(self.proxy) p = SMBProxy() p.type = SMBProxyType.SOCKS5 p.target = pu self.smb_mgr.proxy = p logger.debug('Setting up database connection') if self.progress_queue is None and self.show_progress is True: self.progress_queue = asyncio.Queue() self.progress_task = asyncio.create_task(self.print_progress()) return True, None except Exception as e: return False, e
async def connect(self): """ """ #hiding the import, so you'll only need to install multiplexor when actually using it from multiplexor.operator import MultiplexorOperator #creating connection string if self.target.proxy.type == SMBProxyType.MULTIPLEXOR: con_str = 'ws://%s:%s' % (self.target.proxy.ip, self.target.proxy.port) else: con_str = 'wss://%s:%s' % (self.target.proxy.ip, self.target.proxy.port) #creating operator and connecting to multiplexor server self.operator = MultiplexorOperator(con_str) await self.operator.connect() #creating socks5 proxy server_info = await self.operator.start_socks5( self.target.proxy.agent_id) print(server_info) #copying the original target, then feeding it to socks5proxy object. it will hold the actual socks5 proxy server address we created before tp = SMBProxy() tp.ip = server_info['listen_ip'] tp.port = server_info['listen_port'] tp.timeout = self.target.proxy.timeout tp.type = SMBProxyType.SOCKS5 newtarget = copy.deepcopy(self.target) newtarget.proxy = tp return Socks5ProxyConnection(target=newtarget)
def parse(self): url_e = urlparse(self.connection_url) self.scheme_decoder(url_e.scheme) if url_e.username is not None: if url_e.username.find('\\') != -1: self.domain, self.username = url_e.username.split('\\') if self.domain == '.': self.domain = None else: self.domain = None self.username = url_e.username self.secret = url_e.password if self.secret_type == SMBCredentialsSecretType.PWPROMPT: self.secret_type = SMBCredentialsSecretType.PASSWORD self.secret = getpass() if self.secret_type == SMBCredentialsSecretType.PWHEX: self.secret_type = SMBCredentialsSecretType.PASSWORD self.secret = bytes.fromhex(self.secret).decode() if self.secret_type == SMBCredentialsSecretType.PWB64: self.secret_type = SMBCredentialsSecretType.PASSWORD self.secret = base64.b64decode(self.secret).decode() if self.secret is None and self.username is None: self.is_anonymous = True if self.authentication_protocol == SMBAuthProtocol.NTLM and self.secret_type is None: if self.is_anonymous == True: self.secret_type = SMBCredentialsSecretType.NONE else: if len(self.secret) == 32: try: bytes.fromhex(self.secret) except: self.secret_type = SMBCredentialsSecretType.NT else: self.secret_type = SMBCredentialsSecretType.PASSWORD elif self.authentication_protocol in [ SMBAuthProtocol.SSPI_KERBEROS, SMBAuthProtocol.SSPI_NTLM, SMBAuthProtocol.MULTIPLEXOR_NTLM, SMBAuthProtocol.MULTIPLEXOR_KERBEROS ]: if self.username is None: self.username = '******' if self.domain is None: self.domain = '<CURRENT>' if self.secret is None: self.secret = '<CURRENT>' self.ip = url_e.hostname if url_e.port: self.port = url_e.port elif self.protocol == SMBConnectionProtocol.TCP: self.port = 445 else: raise Exception('Port must be provided!') if url_e.path not in ['/', '', None]: self.path = url_e.path # recognized parameters : # dc -> domain controller IP # proxytype -> proxy protocol # proxyuser -> username for proxy auth # proxypass -> password for proxy auth # # proxy_present = False if url_e.query is not None: query = parse_qs(url_e.query) for k in query: if k.startswith('proxy') is True: proxy_present = True if k == 'dc': self.dc_ip = query[k][0] elif k == 'timeout': self.timeout = int(query[k][0]) elif k == 'serverip': self.server_ip = query[k][0] elif k == 'fragment': self.fragment = int(query[k][0]) elif k == 'dns': self.dns = query[ k] #multiple dns can be set, so not trimming here elif k.startswith('auth'): self.auth_settings[k[len('auth'):]] = query[k] elif k.startswith('same'): self.auth_settings[k[len('same'):]] = query[k] if proxy_present is True: self.proxy = SMBProxy.from_params(self.connection_url)
async def connect(self, is_kerberos=False): """ """ #hiding the import, so you'll only need to install multiplexor when actually using it from multiplexor.operator import MultiplexorOperator #creating connection string #if self.target.proxy.type == SMBProxyType.MULTIPLEXOR: # con_str = 'ws://%s:%s' % (self.target.proxy.ip, self.target.proxy.port) #else: # con_str = 'wss://%s:%s' % (self.target.proxy.ip, self.target.proxy.port) con_str = self.target.proxy.target.get_server_url() #creating operator and connecting to multiplexor server self.operator = MultiplexorOperator(con_str, logging_sink=logger) await self.operator.connect() #creating socks5 proxy server_info = await self.operator.start_socks5( self.target.proxy.target.agent_id) await self.operator.terminate() #print(server_info) if is_kerberos is False: #copying the original target, then feeding it to socks5proxy object. it will hold the actual socks5 proxy server address we created before tp = SMBProxy() tp.target = SocksTarget() tp.target.version = SocksServerVersion.SOCKS5 tp.target.server_ip = server_info['listen_ip'] tp.target.server_port = server_info['listen_port'] tp.target.is_bind = False tp.target.proto = SocksProtocol.TCP tp.target.timeout = 10 tp.target.buffer_size = 4096 tp.target.endpoint_ip = self.target.ip tp.target.endpoint_port = self.target.port tp.target.endpoint_timeout = self.target.timeout tp.type = SMBProxyType.SOCKS5 newtarget = copy.deepcopy(self.target) newtarget.proxy = tp return SocksProxyConnection(target=newtarget) else: kt = copy.deepcopy(self.target) kt.proxy = KerberosProxy() kt.proxy.target = SocksTarget() kt.proxy.target.version = SocksServerVersion.SOCKS5 kt.proxy.target.server_ip = server_info['listen_ip'] kt.proxy.target.server_port = server_info['listen_port'] kt.proxy.target.is_bind = False kt.proxy.target.proto = SocksProtocol.TCP kt.proxy.target.timeout = 10 kt.proxy.target.buffer_size = 4096 kt.proxy.target.endpoint_ip = self.target.ip kt.proxy.target.endpoint_port = self.target.port kt.proxy.creds = copy.deepcopy(self.target.proxy.auth) return kt