def get_netshare(self): resp = srvs.hNetrShareEnum(self._rpc_connection, 1) results = list() for share in resp['InfoStruct']['ShareInfo']['Level1']['Buffer']: results.append(rpcobj.Share(share)) return results
def shares(self): shares = [] rpctransport = transport.SMBTransport( self.smb.getRemoteHost(), self.smb.getRemoteHost(), filename=r"\srvsvc", smb_connection=self.smb ) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) res = srvs.hNetrShareEnum(dce, 1) resp = res["InfoStruct"]["ShareInfo"]["Level1"]["Buffer"] for i in range(len(resp)): shares += [resp[i]["shi1_netname"][:-1]] return shares
def findSuitableShare(self): from impacket.dcerpc.v5 import transport, srvs rpctransport = transport.SMBTransport(self.__smbClient.getRemoteName(), self.__smbClient.getRemoteHost(), filename=r'\srvsvc', smb_connection=self.__smbClient) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 2) for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']: if self.isShareWritable(share['shi2_netname'][:-1]): sharePath = share['shi2_path'].split(':')[-1:][0][:-1] return share['shi2_netname'][:-1], sharePath raise Exception('No suitable share found, aborting!')
def getShares(self): # Setup up a DCE SMBTransport with the connection already in place LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost())) try: self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\srvsvc', smb_connection = self.connection) dce_srvs = self._rpctransport.get_dce_rpc() dce_srvs.connect() dce_srvs.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce_srvs, 1) return resp['InfoStruct']['ShareInfo']['Level1'] except: LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost())) raise
def listShares(self): """ get a list of available shares at the connected target :return: a list containing dict entries for each share, raises exception if error """ # Get the shares through RPC from impacket.dcerpc.v5 import transport, srvs rpctransport = transport.SMBTransport(self.getRemoteHost(), self.getRemoteHost(), filename = r'\srvsvc', smb_connection = self) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 1) return resp['InfoStruct']['ShareInfo']['Level1']['Buffer']
def listShares(self): """ get a list of available shares at the connected target :return: a list containing dict entries for each share, raises exception if error """ # Get the shares through RPC from impacket.dcerpc.v5 import transport, srvs rpctransport = transport.SMBTransport(self.getRemoteName(), self.getRemoteHost(), filename=r'\srvsvc', smb_connection=self) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 1) return resp['InfoStruct']['ShareInfo']['Level1']['Buffer']
def smb_share_information( target, port, user=None, password=None, ): """ Vyhleda sdilene slozky pro zadaneho hosta :param target: IP hosta :param port: Port hosta :param user: Uzivatelske jmeno :param password: Heslo :return: <list> s nazvy sdilenych slozek """ try: conn = SMBConnection(target, target, sess_port=port) except socket.error as error: print "[-] Chyba spojeni", error.message return conn.login(user, password) if not conn.login(user, password): raise Exception( "[-] Chyba autentizace, neplatne uzivatelske jmeno nebo heslo") rpc_transport = transport.SMBTransport(conn.getRemoteName(), conn.getRemoteHost(), filename=r'\srvsvc', smb_connection=conn) dce = rpc_transport.get_dce_rpc() try: dce.connect() except SessionError as error: pass dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 2) share_path = [] ignore_shares = ["print$", "IPC$"] for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']: share_name = share['shi2_netname'][:-1] if share_name not in ignore_shares: share_path.append(share_name) return share_path
def get_remote_payload_path_set(lib_name, smb_connection_): rpctransport = transport.SMBTransport(smb_connection_.getRemoteName(), smb_connection_.getRemoteHost(), filename=r'\srvsvc', smb_connection=smb_connection_) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 2) directory_set = [] ignore_shares = ["print$", "IPC$"] for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']: share_name = share['shi2_netname'][:-1] share_path = translate_smb_path(share['shi2_path'][:-1]) directory_set.append([share_name, share_path]) return directory_set
def getShares(self): # Setup up a DCE SMBTransport with the connection already in place logging.info("Requesting shares on %s....." % (self.smbConnection.getRemoteHost())) try: self._rpctransport = transport.SMBTransport( self.smbConnection.getRemoteHost(), self.smbConnection.getRemoteHost(), filename=r'\srvsvc', smb_connection=self.smbConnection) dce_srvs = self._rpctransport.get_dce_rpc() dce_srvs.connect() dce_srvs.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce_srvs, 1) return resp['InfoStruct']['ShareInfo']['Level1'] except: logging.critical("Error requesting shares on %s, aborting....." % (self.smbConnection.getRemoteHost())) raise
def copy_lib(self, lib_name): self.execName = os.path.basename(lib_name) self.execFile = open(lib_name, 'rb') self.login() rpctransport = transport.SMBTransport(rName, self.rhost, filename=r'\srvsvc', smb_connection=self.smb) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 2) for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']: sName = share['shi2_netname'][:-1] sPath = self.SMBpath(share['shi2_path'][:-1]) k = str(sName) +":"+ str(sPath) sName, sPath = k.split(':') # module = sPath + "/" + lib_name j = sName.replace('IPC$', '') j = sName.replace('print$', '') j = str(j) shares = "".join([s for s in j.splitlines(True) if s.strip("\r\n")]) if not self.cBin: lib_name = lib_name module = sPath + "/" + lib_name else: lib_name = self.cBin self.execName = os.path.basename(lib_name) self.execFile = open(lib_name, 'rb') module = sPath + "/" + lib_name # shares = os.linesep.join([s for s in j.splitlines() if s]) for sharez in shares.splitlines(): # print sharez print "[ + ] Using %s [ + ]" % lib_name print "[ + ] Copying lib '%s' to share '%s' [ + ]" % (lib_name, sharez) self.smb.putFile(sharez, self.execName, self.execFile.read) return module
def test_hNetrShareEnum(self): dce, rpctransport = self.connect() resp = srvs.hNetrShareEnum(dce, 0) #resp.dump() resp = srvs.hNetrShareEnum(dce, 1) #resp.dump() resp = srvs.hNetrShareEnum(dce, 2) #resp.dump() resp = srvs.hNetrShareEnum(dce, 501) #resp.dump() resp = srvs.hNetrShareEnum(dce, 502) #resp.dump() resp = srvs.hNetrShareEnum(dce, 503)