def session_add(domainid, session):
db = current_app.db
print(session)
cname = session['hostname']
if cname[-1] != '$':
cname = session['hostname'] + '$'
comp = db.session.query(Machine.id, Machine.sAMAccountName).filter_by(
ad_id=domainid).filter(Machine.sAMAccountName == cname).first()
if comp is None:
return 'Machine not found!', 404
uname = session['username']
user = db.session.query(ADUser.sAMAccountName).filter_by(
ad_id=domainid).filter(ADUser.sAMAccountName == uname).first()
if user is None:
return 'User not found!', 404
sess = NetSession()
sess.machine_id = comp.id
sess.source = comp.sAMAccountName
sess.username = user.sAMAccountName
try:
db.session.add(sess)
db.session.commit()
except:
db.session.rollback()
return 'Session created!', 200
async def scan_host(self, target):
try:
#spneg = AuthenticatorBuilder.to_spnego_cred(self.credential, target)
connection = self.smb_mgr.create_connection_newtarget(target)
async with connection:
await connection.login()
machine = SMBMachine(connection)
if 'all' in self.gather or 'shares' in self.gather:
async for smbshare, err in machine.list_shares():
if err is not None:
await self.out_q.coro_put((connection.target, None, 'Failed to list shares. Reason: %s' % format_exc(err)))
continue
share = NetShare()
share.ip = connection.target.get_ip()
share.netname = smbshare.name
share.type = smbshare.type
share.remark = smbshare.remark
await self.out_q.coro_put((connection.target, share, None))
if 'all' in self.gather or 'sessions' in self.gather:
async for session, err in machine.list_sessions():
if err is not None:
await self.out_q.coro_put((connection.target, None, 'Failed to get sessions. Reason: %s' % format_exc(err)))
continue
sess = NetSession()
sess.source = connection.target.get_ip()
sess.ip = session.ip_addr.replace('\\','').strip()
sess.username = session.username
await self.out_q.coro_put((connection.target, sess, None))
if 'all' in self.gather or 'localgroups' in self.gather:
for group_name in self.localgroups:
async for domain_name, user_name, sid, err in machine.list_group_members(domain_name, group_name):
if err is not None:
await self.out_q.coro_put((connection.target, None, 'Failed to connect to poll group memeberships. Reason: %s' % format_exc(err)))
continue
lg = LocalGroup()
lg.ip = connection.target.get_ip()
lg.hostname = connection.target.get_hostname()
lg.sid = sid
lg.groupname = group_name
lg.domain = domain_name
lg.username = user_name
await self.out_q.coro_put((connection.target, lg, None))
except Exception as e:
await self.out_q.coro_put((connection.target, None, 'Failed to connect to host. Reason: %s' % format_exc(e)))
return
finally:
await self.out_q.coro_put((connection.target, None, None)) #target finished
def lsass_upload(domainid, computername = None):
db = current_app.db
file_to_upload = connexion.request.files['file_to_upload']
#print(file_to_upload.read())
ctr = 0
fail = 0
ctr_plain = 0
fail_plain = 0
for cred, plaintext, sid in Credential.from_lsass_stream(file_to_upload.stream, domainid):
try:
db.session.add(cred)
db.session.commit()
ctr += 1
except IntegrityError:
db.session.rollback()
fail += 1
if plaintext is not None and len(plaintext) > 0:
he = HashEntry(plaintext, nt_hash = cred.nt_hash)
try:
db.session.add(he)
db.session.commit()
ctr_plain += 1
except IntegrityError:
db.session.rollback()
fail_plain += 1
if computername is not None:
cname = computername
if computername[-1] != '$':
cname = computername + '$'
comp = db.session.query(Machine).filter_by(ad_id = domainid).filter(Machine.sAMAccountName == cname).first()
#print('COMP %s' % comp)
if comp is None:
continue
user = db.session.query(ADUser.sAMAccountName).filter_by(ad_id = domainid).filter(ADUser.objectSid == sid).first()
#print('USER %s' % user)
#print('SID %s' % sid )
if user is None:
continue
sess = NetSession()
sess.machine_id = comp.id
sess.source = comp.sAMAccountName
sess.username = user.sAMAccountName
try:
db.session.add(sess)
db.session.commit()
except IntegrityError:
db.session.rollback()
return {'new' : ctr, 'duplicates' : fail, 'pwnew' : ctr_plain, 'pwduplicates' : fail_plain }
def aiosmb_upload(domainid, filetype):
db = current_app.db
file_to_upload = connexion.request.files['file_to_upload']
for line in file_to_upload.stream:
line = line.decode()
session = {}
session['username'] = None
session['hostname'] = None
session['ip'] = None
line = line.strip()
if line == '':
continue
if filetype == 'json':
data = json.loads(line)
session['username'] = data['username']
session['hostname'] = data['hostname']
session['ip'] = data['ip_addr']
elif filetype == 'tsv':
session['hostname'], uid, session['username'], session[
'ip'], err = line.split('\t')
cname = session['hostname']
comp = db.session.query(Machine.id, Machine.sAMAccountName).filter_by(
ad_id=domainid).filter(Machine.dNSHostName.ilike(cname)).first()
if comp is None:
if cname[-1] != '$':
cname = session['hostname'] + '$'
comp = db.session.query(
Machine.id,
Machine.sAMAccountName).filter_by(ad_id=domainid).filter(
Machine.sAMAccountName.ilike(cname)).first()
if comp is None:
print('Host err! %s' % cname)
continue
uname = session['username']
user = db.session.query(ADUser.sAMAccountName).filter_by(
ad_id=domainid).filter(ADUser.sAMAccountName.ilike(uname)).first()
if user is None:
print('user err! %s ' % uname)
continue
sess = NetSession()
sess.machine_id = comp.id
sess.source = comp.sAMAccountName
sess.username = user.sAMAccountName
sess.ip = session['ip']
try:
db.session.add(sess)
db.session.commit()
except:
db.session.rollback()
async def scan_host(self, atarget):
try:
tid, target = atarget
#spneg = AuthenticatorBuilder.to_spnego_cred(self.credential, target)
connection = self.smb_mgr.create_connection_newtarget(target)
async with connection:
await connection.login()
extra_info = connection.get_extra_info()
if extra_info is not None:
try:
f = SMBFinger.from_extra_info(tid, extra_info)
await self.out_q.put((tid, connection.target, f, None))
except:
traceback.print_exc()
machine = SMBMachine(connection)
if 'all' in self.gather or 'shares' in self.gather:
async for smbshare, err in machine.list_shares():
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to list shares. Reason: %s' %
format_exc(err)))
continue
share = NetShare()
share.machine_sid = tid
share.ip = connection.target.get_ip()
share.netname = smbshare.name
share.type = smbshare.type
r = None
try:
r = smbshare.remark.decode()
except:
r = smbshare.remark
share.remark = r
await self.out_q.put(
(tid, connection.target, share, None))
if 'all' in self.gather or 'sessions' in self.gather:
async for session, err in machine.list_sessions():
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get sessions. Reason: %s' %
format_exc(err)))
continue
sess = NetSession()
sess.machine_sid = tid
sess.source = connection.target.get_ip()
sess.ip = session.ip_addr.replace('\\', '').strip()
sess.username = session.username
await self.out_q.put(
(tid, connection.target, sess, None))
if 'all' in self.gather or 'localgroups' in self.gather:
for group_name in self.localgroups:
async for domain_name, user_name, sid, err in machine.list_group_members(
'Builtin', group_name):
if err is not None:
await self.out_q.put((
tid, connection.target, None,
'Failed to connect to poll group memeberships. Reason: %s'
% format_exc(err)))
continue
lg = LocalGroup()
lg.machine_sid = tid
lg.ip = connection.target.get_ip()
lg.hostname = connection.target.get_hostname()
lg.sid = sid
lg.groupname = group_name
lg.domain = domain_name
lg.username = user_name
await self.out_q.put(
(tid, connection.target, lg, None))
except asyncio.CancelledError:
return
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to connect to host. Reason: %s' % format_exc(e)))
return
finally:
await self.out_q.put(
(tid, connection.target, None, None)) #target finished
async def scan_host(self, atarget):
try:
tid, target = atarget
try:
if 'all' in self.gather or 'protocols' in self.gather:
for protocol in self.protocols:
connection = self.smb_mgr.create_connection_newtarget(
target)
res, _, _, _, err = await connection.protocol_test(
[protocol])
if err is not None:
raise err
if res is True:
pr = SMBProtocols()
pr.machine_sid = tid
pr.protocol = protocol.name if protocol != NegotiateDialects.WILDCARD else 'SMB1'
await self.out_q.put(
(tid, connection.target, pr, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to enumerate supported protocols. Reason: %s' %
format_exc(e)))
connection = self.smb_mgr.create_connection_newtarget(target)
async with connection:
_, err = await connection.login()
if err is not None:
raise err
try:
extra_info = connection.get_extra_info()
if extra_info is not None:
f = SMBFinger.from_extra_info(tid, extra_info)
await self.out_q.put((tid, connection.target, f, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get finger data. Reason: %s' %
format_exc(e)))
machine = SMBMachine(connection)
if 'all' in self.gather or 'shares' in self.gather:
async for smbshare, err in machine.list_shares():
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to list shares. Reason: %s' %
format_exc(err)))
break
else:
share = NetShare()
share.machine_sid = tid
share.ip = connection.target.get_ip()
share.netname = smbshare.name
share.type = smbshare.type
#share.remark = smbshare.remark
#if smbshare.remark is not None:
# r = None
# try:
# r = smbshare.remark.decode('utf-16-le')
# except:
# try:
# r = smbshare.remark.decode('latin-1')
# except:
# try:
# r = smbshare.remark.decode('utf-8')
# except:
# r = smbshare.remark
#
# if isinstance(r, str):
# r = r.replace('\x00','')
# share.remark = r
await self.out_q.put(
(tid, connection.target, share, None))
if 'all' in self.gather or 'sessions' in self.gather:
async for session, err in machine.list_sessions():
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get sessions. Reason: %s' %
format_exc(err)))
break
else:
try:
sess = NetSession()
sess.machine_sid = tid
sess.source = connection.target.get_ip()
sess.ip = session.ip_addr.replace('\\',
'').strip()
sess.username = session.username
await self.out_q.put(
(tid, connection.target, sess, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to format session. Reason: %s' %
format_exc(e)))
if 'all' in self.gather or 'localgroups' in self.gather:
for group_name in self.localgroups:
async for domain_name, user_name, sid, err in machine.list_group_members(
'Builtin', group_name):
if err is not None:
await self.out_q.put((
tid, connection.target, None,
'Failed to connect to poll group memeberships. Reason: %s'
% format_exc(err)))
break
else:
lg = LocalGroup()
lg.machine_sid = tid
lg.ip = connection.target.get_ip()
lg.hostname = connection.target.get_hostname()
lg.sid = sid
lg.groupname = group_name
lg.domain = domain_name
lg.username = user_name
await self.out_q.put(
(tid, connection.target, lg, None))
except asyncio.CancelledError:
return
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to connect to host. Reason: %s' % format_exc(e)))
return
finally:
await self.out_q.put(
(tid, connection.target, None, None)) #target finished
async def scan_host(self, atarget):
try:
tid, target = atarget
connection = self.smb_mgr.create_connection_newtarget(target)
async with connection:
_, err = await connection.login()
if err is not None:
raise err
machine = SMBMachine(connection)
if 'all' in self.gather or 'shares' in self.gather:
async for smbshare, err in machine.list_shares():
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to list shares. Reason: %s' %
format_exc(err)))
break
else:
share = NetShare()
share.machine_sid = tid
share.ip = connection.target.get_ip()
share.netname = smbshare.name
share.type = smbshare.type
await self.out_q.put(
(tid, connection.target, share, None))
if 'all' in self.gather or 'sessions' in self.gather:
async for session, err in machine.list_sessions():
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get sessions. Reason: %s' %
format_exc(err)))
break
else:
try:
sess = NetSession()
sess.machine_sid = tid
sess.source = connection.target.get_ip()
sess.ip = session.ip_addr.replace('\\',
'').strip()
sess.username = session.username
await self.out_q.put(
(tid, connection.target, sess, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to format session. Reason: %s' %
format_exc(e)))
if 'all' in self.gather or 'localgroups' in self.gather:
for group_name in self.localgroups:
async for domain_name, user_name, sid, err in machine.list_group_members(
'Builtin', group_name):
if err is not None:
await self.out_q.put((
tid, connection.target, None,
'Failed to poll group memeberships. Reason: %s'
% format_exc(err)))
break
else:
lg = LocalGroup()
lg.machine_sid = tid
lg.ip = connection.target.get_ip()
lg.hostname = connection.target.get_hostname()
lg.sid = sid
lg.groupname = group_name
lg.domain = domain_name
lg.username = user_name
await self.out_q.put(
(tid, connection.target, lg, None))
if 'all' in self.gather or 'regsessions' in self.gather:
users, err = await machine.reg_list_users()
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get sessions. Reason: %s' %
format_exc(err)))
else:
try:
for usersid in users:
if usersid in self.regusers_filter:
continue
if usersid.find('_') != -1:
continue
sess = RegSession()
sess.machine_sid = tid
sess.user_sid = usersid
await self.out_q.put(
(tid, connection.target, sess, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to format session. Reason: %s' %
format_exc(e)))
if 'all' in self.gather or 'interfaces' in self.gather:
interfaces, err = await machine.list_interfaces()
if err is not None:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get interfaces. Reason: %s' %
format_exc(err)))
else:
try:
for interface in interfaces:
iface = SMBInterface()
iface.machine_sid = tid
iface.address = interface['address']
await self.out_q.put(
(tid, connection.target, iface, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to format interface. Reason: %s' %
format_exc(e)))
if 'all' in self.gather or 'share_1' in self.gather:
ctr = self.share_max_files
maxerr = 10
async for obj, otype, err in machine.enum_all_recursively(
depth=1, fetch_share_sd=False, fetch_dir_sd=True):
otype = otype.lower()
ctr -= 1
if ctr == 0:
break
if err is not None:
await self.out_q.put((
tid, connection.target, None,
'Failed to perform first-level file enum. Reason: %s'
% format_exc(err)))
break
else:
try:
if otype == 'share':
continue
if otype in ['file', 'dir']:
sf = SMBFile()
sf.machine_sid = tid
sf.unc = obj.unc_path
sf.otype = otype
sf.creation_time = obj.creation_time
sf.last_access_time = obj.last_access_time
sf.last_write_time = obj.last_write_time
sf.change_time = obj.change_time
if obj.security_descriptor is not None and obj.security_descriptor != '':
sf.sddl = obj.security_descriptor.to_sddl(
)
if otype == 'file':
sf.size = obj.size
sf.size_ext = sizeof_fmt(sf.size)
await self.out_q.put(
(tid, connection.target, sf, None))
except Exception as e:
maxerr -= 1
await self.out_q.put(
(tid, connection.target, None,
'Failed to format file result. Reason: %s'
% format_exc(e)))
if maxerr == 0:
await self.out_q.put((
tid, connection.target, None,
'File Results too many errors. Reason: %s'
% format_exc(e)))
break
try:
if 'all' in self.gather or 'finger' in self.gather:
connection = self.smb_mgr.create_connection_newtarget(
target)
extra_info, err = await connection.fake_login()
if extra_info is not None:
f = SMBFinger.from_fake_login(tid,
extra_info.to_dict())
await self.out_q.put((tid, connection.target, f, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to get finger data. Reason: %s' % format_exc(e)))
try:
if 'all' in self.gather or 'protocols' in self.gather:
for protocol in self.protocols:
connection = self.smb_mgr.create_connection_newtarget(
target)
res, _, _, _, err = await connection.protocol_test(
[protocol])
if err is not None:
raise err
if res is True:
pr = SMBProtocols()
pr.machine_sid = tid
pr.protocol = protocol.name if protocol != NegotiateDialects.WILDCARD else 'SMB1'
await self.out_q.put(
(tid, connection.target, pr, None))
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to enumerate supported protocols. Reason: %s' %
format_exc(e)))
except asyncio.CancelledError:
return
except Exception as e:
await self.out_q.put(
(tid, connection.target, None,
'Failed to connect to host. Reason: %s' % format_exc(e)))
return
finally:
await self.out_q.put(
(tid, connection.target, None, None)) #target finished