def start_servers(options, threads): for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setRunSocks(options.socks, socksServer) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEnumLocalAdmins(options.enum_local_admins) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da, options.no_acl, options.no_validate_privs, options.escalate_user, options.add_computer, options.delegate_access, options.dump_laps, options.dump_gmsa, options.sid) c.setRPCOptions(options.rpc_mode, options.rpc_use_smb, options.auth_smb, options.hashes_smb, options.rpc_smb_port) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setSMBChallenge(options.ntlmchallenge) c.setInterfaceIp(options.interface_ip) c.setExploitOptions(options.remove_mic, options.remove_target) c.setWebDAVOptions(options.serve_image) c.setIsADCSAttack(options.adcs) c.setADCSOptions(options.template) if server is HTTPRelayServer: c.setListeningPort(options.http_port) c.setDomainAccount(options.machine_account, options.machine_hashes, options.domain) elif server is SMBRelayServer: c.setListeningPort(options.smb_port) elif server is WCFRelayServer: c.setListeningPort(options.wcf_port) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB if server is not SMBRelayServer and options.random: c.setRandomTargets(True) s = server(c) s.start() threads.add(s) return c
def start_servers(options, threads): for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setRunSocks(options.socks, socksServer) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEnumLocalAdmins(options.enum_local_admins) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da, options.no_acl, options.no_validate_privs, options.escalate_user, options.add_computer, options.delegate_access) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setGPotatoStartUp(options.gpotato_startup) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setInterfaceIp(options.interface_ip) c.setExploitOptions(options.remove_mic, options.remove_target) if server is HTTPRelayServer: c.setListeningPort(options.http_port) c.setDomainAccount(options.machine_account, options.machine_hashes, options.domain) elif server is SMBRelayServer: c.setListeningPort(options.smb_port) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB #SMB server at the moment does not properly store active targets so selecting them randomly will cause issues if server is not SMBRelayServer and options.random: c.setRandomTargets(True) s = server(c) s.start() threads.add(s) return c
def start_servers(options, threads): for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setRunSocks(options.socks, socksServer) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEnumLocalAdmins(options.enum_local_admins) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da, options.no_acl, options.no_validate_privs, options.escalate_user, options.add_computer, options.delegate_access) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setInterfaceIp(options.interface_ip) if server is HTTPRelayServer: c.setListeningPort(options.http_port) elif server is SMBRelayServer: c.setListeningPort(options.smb_port) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB #SMB server at the moment does not properly store active targets so selecting them randomly will cause issues if server is not SMBRelayServer and options.random: c.setRandomTargets(True) s = server(c) s.start() threads.add(s) return c
def start_servers(options, threads): for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setRunSocks(options.socks, socksServer) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setInterfaceIp(options.interface_ip) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB #SMB server at the moment does not properly store active targets so selecting them randomly will cause issues if server is not SMBRelayServer and options.random: c.setRandomTargets(True) s = server(c) s.start() threads.add(s) return c
watchthread.start() if options.socks is True: # Start a SOCKS proxy in the background s = SOCKS() socks_thread = Thread(target=s.serve_forever) socks_thread.daemon = True socks_thread.start() for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setRunSocks(options.socks) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEncoding(codec) c.setMode(mode) c.setAttacks(ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump,options.no_da) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setIMAPOptions(options.keyword,options.mailbox,options.all,options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setInterfaceIp(options.interface_ip) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None:
lootdir = options.lootdir else: lootdir = '.' #Temp #mode = 'TRANSPARENT' exeFile = options.e Command = options.c for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setTargets(targetSystem) c.setExeFile(exeFile) c.setCommand(Command) c.setMode(mode) c.setAttacks(ATTACKS) c.setLootdir(lootdir) c.setOutputFile(options.output_file) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) if options.machine_account is not None and options.machine_hashes is not None and options.domain is not None: c.setDomainAccount(options.machine_account, options.machine_hashes, options.domain) elif (options.machine_account is None and options.machine_hashes is None
lootdir = options.lootdir else: lootdir = '.' #Temp #mode = 'TRANSPARENT' exeFile = options.e Command = options.c for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setTargets(targetSystem) c.setExeFile(exeFile) c.setCommand(Command) c.setMode(mode) c.setAttacks(ATTACKS) c.setLootdir(lootdir) c.setOutputFile(options.output_file) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) if options.machine_account is not None and options.machine_hashes is not None and options.domain is not None: c.setDomainAccount( options.machine_account, options.machine_hashes, options.domain) elif (options.machine_account is None and options.machine_hashes is None and options.domain is None) is False: logging.error("You must specify machine-account/hashes/domain all together!") sys.exit(1)
targetSystem = None mode = "REFLECTION" if options.r is not None: logging.info("Running HTTP server in redirect mode") if targetSystem is not None and options.w: watchthread = TargetsFileWatcher(targetSystem) watchthread.start() for server in RELAY_SERVERS: # Set up config c = NTLMRelayxConfig() c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setMode(mode) c.setAttacks(ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) # If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode("REDIRECT") c.setRedirectHost(options.r) # Use target randomization if configured and the server is not SMB