def __init__(self):
# dictionary indexed by uid, points to login tuple (hostname,
# domain\name) (string)
self.uidname = {}
self.tidmap = {} # dictionary indexed by tid, points to tree path
# dictionary of smb file objects, indexed by conn+fid (use
# sessIndexFromFID function)
self.smbfileobjs = {}
SMBDecoder.__init__(self,
name='smbfiles',
description='List files accessed via smb',
filter='tcp and (port 445 or port 139)',
filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445
or t[0][1] == 139 or t[1][1] == 139,
author='amm',
optiondict={
'nopsexec': {
'action': 'store_true',
'help':
'supress psexecsvc streams from output'
},
'activeonly': {
'action':
'store_true',
'help':
'only output files with reads or writes'
}
})
def __init__(self):
# dictionary indexed by uid, points to login domain\name (string)
self.uidname = {}
self.fidhandles = {} # dictionary to map fid handles to psexec objects
# dictionary of psexec objects, indexed by conn+PID (use sessIndex
# function)
self.psexecobjs = {}
# FID won't work as an index because each stream has its own
SMBDecoder.__init__(
self,
name='psexec',
description=
'Extract command/response information from psexec over smb',
filter='tcp and (port 445 or port 139)',
filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][
1] == 139 or t[1][1] == 139,
author='amm',
optiondict={
'alertsonly': {
'action': 'store_true',
'help': 'only dump alerts, not content'
},
'htmlalert': {
'action': 'store_true',
'help': 'include html as named value in alerts'
},
'time': {
'action': 'store_true',
'help': 'display command/response timestamps'
}
})
self.legacy = True
# self.out=colorout.ColorOutput(title='psexec')
self.out = colorout.ColorOutput()
def __init__(self):
self.fidhandles = {} # dictionary to map fid handles to filenames
# dictionary to map fid handles to local filedescriptors
# (ie. fd = open(fname,'wb'))
self.fds = {}
self.outdir = None
SMBDecoder.__init__(self,
name='rip-smb-uploads',
description='Extract files uploaded via SMB',
filter='tcp and port 445',
filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445,
author='bg',
optiondict={
"outdir": {"help": "Directory to place files (default: ./smb_out)", "default": "./smb_out", "metavar": "DIRECTORY"},
}
)
self.legacy = True
def __init__(self):
# dictionary indexed by uid, points to login tuple (hostname,
# domain\name) (string)
self.uidname = {}
self.tidmap = {} # dictionary indexed by tid, points to tree path
# dictionary of smb file objects, indexed by conn+fid (use
# sessIndexFromFID function)
self.smbfileobjs = {}
SMBDecoder.__init__(self,
name='smbfiles',
description='List files accessed via smb',
filter='tcp and (port 445 or port 139)',
filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][1] == 139 or t[1][1] == 139,
author='amm',
optiondict={
'nopsexec': {'action': 'store_true', 'help': 'supress psexecsvc streams from output'},
'activeonly': {'action': 'store_true', 'help': 'only output files with reads or writes'}
}
)
def __init__(self):
# dictionary indexed by uid, points to login domain\name (string)
self.uidname = {}
self.fidhandles = {} # dictionary to map fid handles to psexec objects
# dictionary of psexec objects, indexed by conn+PID (use sessIndex
# function)
self.psexecobjs = {}
# FID won't work as an index because each stream has its own
SMBDecoder.__init__(self,
name='psexec',
description='Extract command/response information from psexec over smb',
filter='tcp and (port 445 or port 139)',
filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][1] == 139 or t[1][1] == 139,
author='amm',
optiondict={
'alertsonly': {'action': 'store_true', 'help': 'only dump alerts, not content'},
'htmlalert': {'action': 'store_true', 'help': 'include html as named value in alerts'},
'time': {'action': 'store_true', 'help': 'display command/response timestamps'}
}
)
self.legacy = True
# self.out=colorout.ColorOutput(title='psexec')
self.out = colorout.ColorOutput()
def connectionHandler(self, conn):
SMBDecoder.connectionHandler(self, conn)
for k in self.smbfileobjs.keys():
del self.smbfileobjs[k]
def connectionHandler(self, conn):
SMBDecoder.connectionHandler(self, conn)
for k in self.smbfileobjs.keys():
del self.smbfileobjs[k]
