async def setup(self): try: if self.no_work_dir is False: logger.debug('Setting up working directory') if self.work_dir is not None: if isinstance(self.work_dir, str): self.work_dir = pathlib.Path(self.work_dir) else: self.work_dir = pathlib.Path() self.work_dir.mkdir(parents=True, exist_ok=True) self.ldap_work_dir = self.work_dir.joinpath('ldap') self.ldap_work_dir.mkdir(parents=True, exist_ok=True) self.smb_work_dir = self.work_dir.joinpath('smb') self.smb_work_dir.mkdir(parents=True, exist_ok=True) logger.debug('Setting up connection objects') if self.dns_server is not None: self.rdns_resolver = RDNS(server=self.dns_server, protocol='TCP', cache=True, proxy=self.proxy) if self.ldap_url is not None: self.ldap_mgr = self.ldap_url if isinstance(self.ldap_url, str): self.ldap_mgr = MSLDAPURLDecoder(self.ldap_url) if self.proxy is not None: #overriding proxy! pu = SocksClientURL.from_urls(self.proxy) p = MSLDAPProxy(MSLDAPProxyType.SOCKS5, pu) self.ldap_mgr.proxy = p if self.smb_url is not None: self.smb_mgr = self.smb_url if isinstance(self.smb_url, str): self.smb_mgr = SMBConnectionURL(self.smb_url) if self.proxy is not None: #overriding proxy! pu = SocksClientURL.from_urls(self.proxy) p = SMBProxy() p.type = SMBProxyType.SOCKS5 p.target = pu self.smb_mgr.proxy = p logger.debug('Setting up database connection') if self.progress_queue is None and self.show_progress is True: self.progress_queue = asyncio.Queue() self.progress_task = asyncio.create_task(self.print_progress()) return True, None except Exception as e: return False, e
def from_params(url_str): """ Creates a proxy object from the parameters found in an LDAP URL string :param type: url_str :type type: str :return: The proxy object :rtype: :class:`MSLDAPProxy` """ proxy = MSLDAPProxy() url = urlparse(url_str) if url.query is None: return None query = parse_qs(url.query) if 'proxytype' not in query and 'sametype' not in query: return None proxy.type = MSLDAPProxyType(query['proxytype'][0].upper()) if proxy.type in [ MSLDAPProxyType.SOCKS4, MSLDAPProxyType.SOCKS4_SSL, MSLDAPProxyType.SOCKS5, MSLDAPProxyType.SOCKS5_SSL ]: cu = SocksClientURL.from_params(url_str) proxy.target = cu.get_target() proxy.auth = cu.get_creds() else: proxy.target = MSLDAPMultiplexorProxy.from_params(url_str) return proxy
def from_params(url_str): proxy = SMBProxy() url = urlparse(url_str) if url.query is None: return None query = parse_qs(url.query) if 'proxytype' not in query and 'sametype' not in query: return None proxy.type = SMBProxyType(query['proxytype'][0].upper()) if proxy.type in [ SMBProxyType.WSNET, SMBProxyType.WSNETWS, SMBProxyType.WSNETWSS, SMBProxyType.SOCKS4, SMBProxyType.SOCKS4_SSL, SMBProxyType.SOCKS5, SMBProxyType.SOCKS5_SSL ]: cu = SocksClientURL.from_params(url_str) cu[-1].endpoint_port = 445 proxy.target = cu else: proxy.target = SMBMultiplexorProxy.from_params(url_str) return proxy
async def __handle_router_in(self): while True: try: print(1) data = await self.ws.recv() print('DATA IN -> %s' % data) cmd = CMD.from_bytes(data) if cmd.type == CMDType.OK: continue if cmd.type == CMDType.AGENTINFO: agent_id = str(uuid.uuid4()) agent_type = 'wsnet' su = SocksClientURL() su.version = self.proxy_proto su.server_ip = self.proxy_host su.server_port = self.proxy_port su.timeout = 10 su.buffer_size = 4096 su.agentid = cmd.agentid.hex() username = cmd.username if cmd.username.find('\\') != -1: domain, username = cmd.username.split('\\', 1) agent = JackDawAgent( self.jd_server, agent_id, agent_type, 'windows', #agent_platform, self.db_session, self.work_dir, pid=0, username=username, domain=cmd.domain, logonserver=cmd.logonserver, cpuarch=cmd.cpuarch, hostname=cmd.hostname, usersid=cmd.usersid, internal_id=cmd.agentid.hex(), proxy=su, router_proto=self.router_proto, router_host=self.proxy_host, router_port=self.proxy_port) agent.connection_via.append(self.proxyid) await self.server_out_q.put( (self.proxyid, 'AGENT_IN', agent)) else: print('WSNET router got unknown message! %s' % cmd.type) except Exception as e: traceback.print_exc() #print('Reciever error %s' % e) return
def from_url(url_str): res = KerberosClientURL() url = urlparse(url_str) res.dc_ip = url.hostname schemes = url.scheme.upper().split('+') if schemes[0] not in ['KERBEROS', 'KERBEROS-TCP, KERBEROS-UDP']: raise Exception('Unknown protocol! %s' % schemes[0]) if schemes[0].endswith('UDP') is True: res.protocol = KerberosSocketType.UDP try: res.secret_type = KerberosSecretType(schemes[1]) except: raise Exception('Unknown secret type! %s' % schemes[0]) if url.username is not None: if url.username.find('\\') != -1: res.domain, res.username = url.username.split('\\') else: raise Exception('Domain missing from username!') else: raise Exception('Missing username!') res.secret = url.password if url.port is not None: res.port = int(url.port) query = parse_qs(url.query) proxy_present = False for k in query: if k.startswith('proxy') is True: proxy_present = True if k in kerberosclienturl_param2var: data = query[k][0] for c in kerberosclienturl_param2var[k][1]: data = c(data) setattr(res, kerberosclienturl_param2var[k][0], data) if proxy_present is True: cu = SocksClientURL.from_params(url_str) cu.endpoint_ip = res.dc_ip cu.endpoint_port = res.port res.proxy = KerberosProxy(cu.get_target(), cu.get_creds()) if res.username is None: raise Exception('Missing username!') if res.secret is None: raise Exception('Missing secret/password!') if res.secret_type is None: raise Exception('Missing secret_type!') if res.dc_ip is None: raise Exception('Missing target hostname!') return res
def main(): import argparse parser = argparse.ArgumentParser(description='Transparent TCP tunnel for SOCKS unaware clients.') parser.add_argument('proxy_connection_string', help='connection string decribing the socks5 proxy server connection properties') parser.add_argument('dst_ip', help='IP address of the desination server') parser.add_argument('dst_port', type = int, help='port number of the desination service') parser.add_argument('-l', '--listen-ip', default = '127.0.0.1', help='Listener IP address to bind to') parser.add_argument('-p', '--listen-port', type = int, default = 11111, help='Listener port number to bind to') parser.add_argument('-t', '--timeout', type = int, default = None, help='Endpoint timeout') parser.add_argument('-v', '--verbose', action='count', default=0) args = parser.parse_args() if args.verbose >=1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) comms = SocksLitenerComms(args.listen_ip, args.listen_port) url = SocksClientURL.from_url(args.proxy_connection_string) url.endpoint_ip = args.dst_ip url.endpoint_port = args.dst_port url.endpoint_timeout = args.timeout target = url.get_target() credentials = url.get_creds() if args.verbose >=1: print(str(target)) print(__banner__) layout = """Connection layout CLIENT --->| CLIENT --->|(LISTENER) %s:%s |--->| (%s) %s:%s |--->| (FINAL DST) %s:%s CLIENT --->| """ % (args.listen_ip, args.listen_port, target.version.name.upper() ,target.server_ip, target.server_port, args.dst_ip, args.dst_port) print(layout) client = SOCKSClient(comms, target, credentials) print('Waiting for incoming connections') asyncio.run(client.run())
async def setup(self): try: if self.proxy is None: # no need for additional setup return None, None self.in_q = asyncio.Queue() self.out_q = asyncio.Queue() comms = SocksQueueComms(self.in_q, self.out_q) proxies = SocksClientURL.from_urls(self.proxy, self.server, self.port) self.proxyobj = SOCKSClient(comms, proxies) self.proxy_task = asyncio.create_task(self.proxyobj.run()) return None, None except Exception as e: return None, e
async def setup(self): try: try: ipaddress.ip_address(self.server) return None, None except: pass self.in_q = asyncio.Queue() self.out_q = asyncio.Queue() su = SocksClientURL.from_params(self.server) comms = SocksQueueComms(self.in_q, self.out_q) self.proxy = SOCKSClient(comms, su) self.proxy_task = asyncio.create_task(self.proxy.run()) return None, None except Exception as e: return None, e
def from_params(url_str): proxy = MSLDAPProxy() url = urlparse(url_str) if url.query is None: return None query = parse_qs(url.query) if 'proxytype' not in query and 'sametype' not in query: return None proxy.type = MSLDAPProxyType(query['proxytype'][0].upper()) if proxy.type in [MSLDAPProxyType.SOCKS4, MSLDAPProxyType.SOCKS4_SSL, MSLDAPProxyType.SOCKS5, MSLDAPProxyType.SOCKS5_SSL]: cu = SocksClientURL.from_params(url_str) proxy.target = cu.get_target() proxy.auth = cu.get_creds() else: proxy.target = MSLDAPMultiplexorProxy.from_params(url_str) return proxy
def main(): import argparse parser = argparse.ArgumentParser( description='SOCKS5 proxy auth bruteforcer') parser.add_argument( 'proxy_connection_string', help= 'connection string decribing the socks5 proxy server connection properties' ) parser.add_argument( '-u', '--users', action='append', help='User or users file with one user per line. can be stacked') parser.add_argument( '-p', '--passwords', action='append', help= 'Password or password file with one password per line. can be stacked') parser.add_argument('-t', '--timeout', type=int, default=None, help='Brute retries sleep time') parser.add_argument('-w', '--worker-count', type=int, default=1, help='Parallelism') parser.add_argument('-v', '--verbose', action='count', default=0, help='Verbosity') parser.add_argument('-s', '--silent', action='store_true', help='dont print banner') parser.add_argument('-o', '--out-file', help='output file') parser.add_argument('--positive', action='store_true', help='only show sucsessful results') args = parser.parse_args() if args.silent is False: print(__banner__) logger.setLevel(100) if args.verbose >= 1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) url = SocksClientURL.from_url(args.proxy_connection_string) brute = SOCKSBrute(url) brute.timeout = args.timeout brute.worker_cnt = args.worker_count brute.output_file = args.out_file brute.only_positive = args.positive if args.users is None or args.passwords is None: print('Users "-u" and Passwords "-p" must be set! Exiting') return notfile = [] for target in args.users: try: f = open(target, 'r') f.close() brute.user_gens.append(FileStringGen(target)) except: notfile.append(target) if len(notfile) > 0: brute.user_gens.append(ListStringGen(notfile)) if len(brute.user_gens) == 0: print('[-] No suitable users were found!') return notfile = [] for target in args.passwords: try: f = open(target, 'r') f.close() brute.password_gens.append(FileStringGen(target)) except: notfile.append(target) if len(notfile) > 0: brute.password_gens.append(ListStringGen(notfile)) if len(brute.password_gens) == 0: print('[-] No suitable passwords were found!') return _, err = asyncio.run(brute.run()) if err is not None: print('Failed to perform bruting! Reason: %s' % err) return if args.silent is False: print('Done!')
def from_url(url_str): res = KerberosClientURL() url = urlparse(url_str) res.dc_ip = url.hostname schemes = url.scheme.upper().split('+') if schemes[0] not in [ 'KERBEROS', 'KERBEROS-TCP, KERBEROS-UDP', 'KRB5', 'KRB5-UDP', 'KRB5-TCP' ]: raise Exception('Unknown protocol! %s' % schemes[0]) if schemes[0].endswith('UDP') is True: res.protocol = KerberosSocketType.UDP ttype = schemes[1] if ttype.find('-') != -1 and ttype.upper().endswith('-PROMPT'): ttype = ttype.split('-')[0] res.secret = getpass.getpass() try: res.secret_type = KerberosSecretType(ttype) except: raise Exception('Unknown secret type! %s' % ttype) if url.username is not None: if url.username.find('\\') != -1: res.domain, res.username = url.username.split('\\') else: raise Exception('Domain missing from username!') else: raise Exception('Missing username!') if res.secret is None: res.secret = url.password if url.port is not None: res.port = int(url.port) query = parse_qs(url.query) proxy_type = None for k in query: if k == 'proxytype': proxy_type = query[k][0] if k in kerberosclienturl_param2var: data = query[k][0] for c in kerberosclienturl_param2var[k][1]: data = c(data) setattr(res, kerberosclienturl_param2var[k][0], data) if proxy_type is not None: cu = SocksClientURL.from_params(url_str) cu[-1].endpoint_ip = res.dc_ip cu[-1].endpoint_port = res.port res.proxy = KerberosProxy(cu, None, type='SOCKS') if res.username is None: raise Exception('Missing username!') if res.secret is None: raise Exception('Missing secret/password!') if res.secret_type is None: raise Exception('Missing secret_type!') if res.dc_ip is None: raise Exception('Missing target hostname!') return res
def main(): import argparse parser = argparse.ArgumentParser( description='SOCKS/HTTP proxy port scanner') parser.add_argument( 'proxy_connection_string', help= 'connection string decribing the socks5 proxy server connection properties' ) parser.add_argument( '-p', '--ports', action='append', help= 'port to scan / port range to scan / port range file. can be stacked') parser.add_argument('-t', '--timeout', type=int, default=None, help='Scan retries sleep time') parser.add_argument('-r', '--retries', type=int, default=0, help='Retries for testing the port') parser.add_argument('-w', '--worker-count', type=int, default=1, help='Parallelism') parser.add_argument('-v', '--verbose', action='count', default=0) parser.add_argument('targets', nargs='+', help='IP address / IP range (CDIR) / targets file') args = parser.parse_args() logger.setLevel(100) if args.verbose >= 1: logger.setLevel(logging.DEBUG) elif args.verbose > 2: logger.setLevel(1) url = SocksClientURL.from_url(args.proxy_connection_string) scanner = SOCKSPortscan(url) scanner.max_retries = args.retries scanner.retries_timeout = args.timeout scanner.worker_cnt = args.worker_count notfile = [] for target in args.targets: try: f = open(target, 'r') f.close() scanner.target_gens.append(FileTargetIPGen(target)) except: notfile.append(target) if len(notfile) > 0: scanner.target_gens.append(ListTargetIPGen(notfile)) if len(scanner.target_gens) == 0: print('[-] No suitable targets were found!') return notfile = [] for target in args.ports: try: f = open(target, 'r') f.close() scanner.port_gens.append(FileTargetPortGen(target)) except: notfile.append(target) if len(notfile) > 0: scanner.port_gens.append(ListTargetPortGen(notfile)) if len(scanner.port_gens) == 0: print('[-] No suitable ports were found!') return asyncio.run(scanner.run())
async def run(self): try: if self.progress_queue is not None: msg = GathererProgress() msg.type = GathererProgressType.KERBEROAST msg.msg_type = MSGTYPE.STARTED msg.adid = self.ad_id msg.domain_name = self.domain_name await self.progress_queue.put(msg) if self.domain_name is None: info = self.db_session.query(ADInfo).get(self.ad_id) self.domain_name = str(info.distinguishedName).replace( ',', '.').replace('DC=', '') _, err = await self.get_targets() if err is not None: raise err if len(self.targets_asreq) == 0 and len(self.targets_spn) == 0: logger.debug('No targets found!') return True, None if isinstance(self.kerb_url, KerberosClientURL): self.kerb_mgr = self.kerb_url if self.proxy is not None: pu = SocksClientURL.from_urls(self.proxy) p = KerberosProxy(pu, None, type='SOCKS') self.kerb_mgr.proxy = p elif isinstance(self.kerb_url, str): if self.kerb_url == 'auto': if platform.system() == 'Windows': _, err = await self.asreproast() if err is not None: raise err _, err = await self.kerberoast_sspi() if err is not None: raise err return True, None else: raise Exception( 'No kerberos URL was provided and not running on Windows!' ) elif self.kerb_url.startswith('kerberos'): self.kerb_mgr = KerberosClientURL.from_url(self.kerb_url) if self.proxy is not None: pu = SocksClientURL.from_urls(self.proxy) p = KerberosProxy(pu, None, type='SOCKS') self.kerb_mgr.proxy = p _, err = await self.asreproast() if err is not None: raise err _, err = await self.kerberoast() if err is not None: raise err elif self.kerb_url.startswith('ws'): if self.kerb_url.find('type=sspiproxy'): await self.kerberoast_sspiproxy() else: await self.kerberoast_multiplexor() return True, None except Exception as e: return None, e finally: if self.progress_queue is not None: msg = GathererProgress() msg.type = GathererProgressType.KERBEROAST msg.msg_type = MSGTYPE.FINISHED msg.adid = self.ad_id msg.domain_name = self.domain_name await self.progress_queue.put(msg)
def main(): url_1 = 'smb://10.10.10.2/?timeout=10&dc=10.10.10.2&proxytype=socks5&proxyserver=127.0.0.1&proxyuser=admin&proxypass=alma&dc=10.10.10.2&dns=8.8.8.8' cu = SocksClientURL.from_params(url_1) target = cu.get_target() print(repr(target))