Exemple #1
0
async def amain():
	import argparse
	import sys
	from aiosmb.commons.connection.params import SMBConnectionParams

	epilog = """
Output legend:
    [SHARE] C$ is accessible
    [SRV] Remote Service Manager is accessible
    [REG] Remote registry is accessible
    [E] Error
    [P] Progress (current/total)
"""

	parser = argparse.ArgumentParser(description='SMB Share enumerator', formatter_class=argparse.RawDescriptionHelpFormatter, epilog=epilog)
	SMBConnectionParams.extend_parser(parser)
	parser.add_argument('-v', '--verbose', action='count', default=0)
	parser.add_argument('-w', '--smb-worker-count', type=int, default=100, help='Parallell count')
	parser.add_argument('-s', '--stdin', action='store_true', help='Read targets from stdin')
	parser.add_argument('--url', help='Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"')
	parser.add_argument('targets', nargs='*', help = 'Hostname or IP address or file with a list of targets')
	args = parser.parse_args()

	if args.verbose >=1:
		logger.setLevel(logging.DEBUG)

	if args.verbose > 2:
		print('setting deepdebug')
		logger.setLevel(1) #enabling deep debug
		asyncio.get_event_loop().set_debug(True)
		logging.basicConfig(level=logging.DEBUG)

	smb_url = None
	if args.url is not None:
		smb_url = args.url
	else:
		try:
			smb_url = SMBConnectionParams.parse_args(args)
		except Exception as e:
			print('Either URL or all connection parameters must be set! Error: %s' % str(e))
			sys.exit(1)
	
	enumerator = SMBAdminCheck(smb_url, worker_count = args.smb_worker_count)
	
	notfile = []
	if len(args.targets) == 0 and args.stdin is True:
		enumerator.target_gens.append(ListTargetGen(sys.stdin))
	else:
		for target in args.targets:
			try:
				f = open(target, 'r')
				f.close()
				enumerator.target_gens.append(FileTargetGen(target))
			except:
				notfile.append(target)
	
	if len(notfile) > 0:
		enumerator.target_gens.append(ListTargetGen(notfile))

	if len(enumerator.target_gens) == 0:
		print('[-] No suitable targets were found!')
		return
		
	await enumerator.run()
Exemple #2
0
async def amain():
    import argparse
    import sys
    from aiosmb.commons.connection.params import SMBConnectionParams

    parser = argparse.ArgumentParser(description='SMB Share enumerator')
    SMBConnectionParams.extend_parser(parser)
    parser.add_argument('-v', '--verbose', action='count', default=0)
    parser.add_argument('-s',
                        '--stdin',
                        action='store_true',
                        help='Read targets from stdin')
    parser.add_argument(
        '-r',
        '--recursive',
        action='store_true',
        help='Recirsively donwload all files from the remote folder')
    parser.add_argument('--progress',
                        action='store_true',
                        help='Show progress')
    parser.add_argument(
        '--url',
        help=
        'Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"'
    )
    parser.add_argument(
        'targets',
        nargs='*',
        help='UNC paths of file eg. \\\\HOST\\SHARE\\file_or_folder')
    args = parser.parse_args()

    if args.verbose >= 1:
        logger.setLevel(logging.DEBUG)

    if args.verbose > 2:
        print('setting deepdebug')
        logger.setLevel(1)  #enabling deep debug
        asyncio.get_event_loop().set_debug(True)
        logging.basicConfig(level=logging.DEBUG)

    smb_url = None
    if args.url is not None:
        smb_url = args.smb_url
    else:
        try:
            smb_url = SMBConnectionParams.parse_args(args)
        except Exception as e:
            print(
                'Either URL or all connection parameters must be set! Error: %s'
                % str(e))
            sys.exit(1)

    smbget = SMBGET(smb_url, show_progress=args.progress)

    notfile = []
    if len(args.targets) == 0 and args.stdin is True:
        smbget.target_gens.append(ListTargetGen(sys.stdin))
    else:
        for target in args.targets:
            try:
                f = open(target, 'r')
                f.close()
                smbget.target_gens.append(FileTargetGen(target))
            except:
                notfile.append(target)

    if len(notfile) > 0:
        smbget.target_gens.append(ListTargetGen(notfile))

    if len(smbget.target_gens) == 0:
        print('[-] No suitable targets were found!')
        return

    await smbget.run()
Exemple #3
0
async def amain():
	import argparse
	import sys
	from aiosmb.commons.connection.params import SMBConnectionParams

	epilog = """
Output legend:
    [S] Share
    [D] Dictionary
    [F] File
    [E] Error
    [M] Maxed (max items limit reached for directory)
    [P] Progress (current/total)
"""

	parser = argparse.ArgumentParser(description='SMB Printnightmare enumerator', formatter_class=argparse.RawDescriptionHelpFormatter, epilog=epilog)
	SMBConnectionParams.extend_parser(parser)
	parser.add_argument('-v', '--verbose', action='count', default=0)
	parser.add_argument('-w', '--smb-worker-count', type=int, default=100, help='Parallell count')
	parser.add_argument('-o', '--out-file', help='Output file path.')
	parser.add_argument('-s', '--stdin', action='store_true', help='Read targets from stdin')
	parser.add_argument('--url', help='Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"')
	parser.add_argument('--progress', action='store_true', help='Show progress bar')
	parser.add_argument('--json', action='store_true', help='Output in JSON format')
	parser.add_argument('--tsv', action='store_true', help='Output in TSV format. (TAB Separated Values)')
	parser.add_argument('targets', nargs='*', help = 'Hostname or IP address or file with a list of targets')

	args = parser.parse_args()

	if args.verbose >=1:
		logger.setLevel(logging.DEBUG)

	if args.verbose > 2:
		print('setting deepdebug')
		logger.setLevel(1) #enabling deep debug
		asyncio.get_event_loop().set_debug(True)
		logging.basicConfig(level=logging.DEBUG)

	output_type = 'str'
	if args.json is True:
		output_type = 'json'
	if args.tsv is True:
		output_type = 'tsv'

	smb_url = None
	if args.url is not None:
		smb_url = args.url
	else:
		try:
			smb_url = SMBConnectionParams.parse_args(args)
		except Exception as e:
			print('Either URL or all connection parameters must be set! Error: %s' % str(e))
			sys.exit(1)
	

	enumerator = SMBPrintnightmareEnum(
		smb_url,
		worker_count = args.smb_worker_count,
		out_file = args.out_file,
		show_pbar = args.progress,
		output_type = output_type,
	)
	
	notfile = []
	if len(args.targets) == 0 and args.stdin is True:
		enumerator.target_gens.append(ListTargetGen(sys.stdin))
	else:
		for target in args.targets:
			try:
				f = open(target, 'r')
				f.close()
				enumerator.target_gens.append(FileTargetGen(target))
			except:
				notfile.append(target)
	
	if len(notfile) > 0:
		enumerator.target_gens.append(ListTargetGen(notfile))

	if len(enumerator.target_gens) == 0:
		enumerator.enum_url = True

	await enumerator.run()
Exemple #4
0
async def amain():
    import argparse
    import sys
    import logging

    parser = argparse.ArgumentParser(
        description='Registry manipulation via SMB')
    SMBConnectionParams.extend_parser(parser)
    parser.add_argument('-v', '--verbose', action='count', default=0)
    parser.add_argument(
        'url',
        help=
        'Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"'
    )
    parser.add_argument(
        'commands',
        nargs='*',
        help=
        'Commands in the following format: "r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest:Negotiate"'
    )

    args = parser.parse_args()

    if args.verbose >= 1:
        logger.setLevel(logging.DEBUG)

    if args.verbose > 2:
        print('setting deepdebug')
        logger.setLevel(1)  #enabling deep debug
        asyncio.get_event_loop().set_debug(True)
        logging.basicConfig(level=logging.DEBUG)

    commands = []
    smb_url = None
    if args.url is not None:
        smb_url = args.url
    else:
        try:
            smb_url = SMBConnectionParams.parse_args(args)
        except Exception as e:
            print(
                'Either URL or all connection parameters must be set! Error: %s'
                % str(e))
            sys.exit(1)

    #pre-parsing commands
    for cmd in args.commands:
        c, path = cmd.split(':', 1)
        c = SMBREG_COMMAND(c.upper())
        commands.append((c, path))

    connection = SMBConnectionURL(smb_url).get_connection()
    _, err = await connection.login()
    if err is not None:
        print('Login failed! Reason: %s' % str(err))
        return
    machine = SMBMachine(connection)
    #async for srv, err in machine.list_services():
    #	if err is not None:
    #		print(err)
    #		return
    #	print(srv)
    registry_srv_status, err = await machine.check_service_status(
        "RemoteRegistry")
    if err is not None:
        print('Check service status error! %s' % err)
        return

    if registry_srv_status != SMBServiceStatus.RUNNING:
        logger.info('RemoteRegistry is not running! Starting it now..')
        res, err = await machine.enable_service("RemoteRegistry")
        if err is not None:
            print(err)
            return
        await asyncio.sleep(5)  #waiting for service to start up

    reg_api, err = await machine.get_regapi()
    if err is not None:
        print(err)
        return

    ## do stuff
    for cmd, target in commands:
        if cmd == SMBREG_COMMAND.READ:
            regpath, name = target.split(':', 1)
            hkey, err = await reg_api.OpenRegPath(regpath)
            if err is not None:
                print(err)
                continue

            val_type, value, err = await reg_api.QueryValue(hkey, name)
            if err is not None:
                print(err)
                continue
            print(value)

        elif cmd == SMBREG_COMMAND.ENUMVALUE:
            hkey, err = await reg_api.OpenRegPath(target)
            if err is not None:
                print(err)
                continue

            i = 0
            while True:
                value_name, value_type, value_data, err = await reg_api.EnumValue(
                    hkey, i)
                i += 1
                if err is not None:
                    print(err)
                    break
                print(value_name)
                print(value_type)
                print(value_data)

        elif cmd == SMBREG_COMMAND.ENUMKEY:
            hkey, err = await reg_api.OpenRegPath(target)
            if err is not None:
                print(err)
                continue
            i = 0
            while True:
                res, err = await reg_api.EnumKey(hkey, i)
                i += 1
                if err is not None:
                    print(err)
                    break

                print(res)