def host_enum(target, args, lockout, config_obj, db_obj, loggers): try: # OS Enumeration try: con = login(args, loggers, target, db_obj, lockout) if con.admin: loggers['console'].success([con.host, con.ip, "ENUM", con.os + con.os_arch, "(Domain: {})".format(con.srvdomain), "(Signing: {})".format(str(con.signing)), "(SMBv1: {})".format(str(con.smbv1)), "({})".format(highlight(config_obj.PWN3D_MSG, 'yellow'))]) else: loggers['console'].info([con.host, con.ip, "ENUM", con.os + con.os_arch, "(Domain: {})".format(con.srvdomain),"(Signing: {})".format(str(con.signing)), "(SMBv1: {})".format(str(con.smbv1))]) except Exception as e: return [] # Sharefinder shares = [] if args.share: shares = args.share.split(",") for share in shares: loggers['console'].info([con.host, con.ip, "USER_SHARES", "\\\\{}\\{}".format(con.host, share)]) elif args.sharefinder or args.spider: shares = share_finder(con, args, loggers, target) # Secondary actions if args.gen_relay_list and not con.signing: loggers['relay_list'].info(con.host) if args.passpol: password_policy(con, args, db_obj, loggers) if args.sam: extract_sam(con, args, target, loggers) if args.ntds: extract_ntds(con, args, target, loggers) if args.loggedon: loggedon_users(con, args, target, loggers) if args.sessions: active_sessions(con, args, target, loggers) if args.list_processes: tasklist(con, args, loggers) if args.wmi_query: wmi_query(con, args, target, loggers) if args.execute: code_execution(con, args, target, loggers, config_obj) if args.ps_execute: ps_execution(con, args, target, loggers, config_obj) if args.module: execute_module(con, args, target, loggers, config_obj) # Close connections & return try: con.con.logoff() except: pass con.close() loggers['console'].debug("Shares returned for: {} {}".format(target, shares)) return shares except KeyboardInterrupt: try: con.close() except: pass _exit(0) except Exception as e: loggers['console'].debug(str(e))
def host_enum(target, args, lockout, config_obj, db_obj, loggers): # @TODO refactor try: try: if args.exec_method == 'ssh': con = ssh_login(args, loggers, target, db_obj, lockout, config_obj) else: con = smb_login(args, loggers, target, db_obj, lockout, config_obj) except Exception as e: loggers['console'].debug( [target, target, "ENUM", highlight(str(e), 'red')]) return [] shares = [] if args.exec_method == 'ssh' and con.auth: if args.execute: con.admin = True # Override admin to allow execution code_execution(con, args, target, loggers, config_obj, args.execute) return [] elif con.auth: # Sharefinder if args.share: shares = args.share.split(",") for share in shares: loggers['console'].info([ con.host, con.ip, "SHAREFINDER", "\\\\{}\\{}".format(con.host, share) ]) elif args.sharefinder or args.spider: shares = share_finder(con, args, loggers, target) # Secondary actions if args.passpol: password_policy(con, args, db_obj, loggers) if args.sam: extract_sam(con, args, target, loggers) if args.lsa: extract_lsa(con, args, target, loggers) if args.ntds: extract_ntds(con, args, target, loggers) if args.loggedon: loggedon_users(con, args, target, loggers) if args.sessions: active_sessions(con, args, target, loggers) if args.list_processes: tasklist(con, args, loggers) if args.list_services: list_services(con, args, loggers, target) if args.local_groups: get_netlocalgroups(con, args, target, loggers) if args.local_members: localgroup_members(con, args, target, loggers) if args.wmi_query: wmi_query(con, args, target, loggers) if args.execute: code_execution(con, args, target, loggers, config_obj, args.execute) if args.ps_execute: ps_execution(con, args, target, loggers, config_obj) if args.module: execute_module(con, args, target, loggers, config_obj) # Close connections & return try: con.con.logoff() except: pass con.close() loggers['console'].debug("Shares returned for: {} {}".format( target, shares)) return shares except KeyboardInterrupt: try: con.close() except: pass _exit(0) except Exception as e: loggers['console'].debug(str(e))