Esempio n. 1
0
    def get_smb_connection(self, cmd):
        try:
            hostname, ip = self.get_target_address(cmd.target)
            res, domain, username, password = self.get_stored_cred(cmd.creds)
            if res is False:
                raise Exception('Could not find user creds!')

            target = SMBTarget(ip=ip,
                               hostname=hostname,
                               timeout=1,
                               dc_ip=domain,
                               protocol=SMBConnectionProtocol.TCP)
            target.preferred_dialects = SMB2_NEGOTIATE_DIALTECTS_2

            auth_type = SMBAuthProtocol.NTLM
            secret_type = SMBCredentialsSecretType.PASSWORD

            credential = SMBCredential(username=username,
                                       domain=domain,
                                       secret=password,
                                       secret_type=secret_type,
                                       authentication_type=auth_type,
                                       settings=None,
                                       target=target)
            print(target)
            print(credential)

            gssapi = AuthenticatorBuilder.to_spnego_cred(credential, target)
            connection = SMBConnection(gssapi, target)

            return connection, None
        except Exception as e:
            traceback.print_exc()
            return None, e
Esempio n. 2
0
async def domain_test(connection_string, domain_name, out_file = None, json_out = False):
	target = SMBTarget.from_connection_string(connection_string)
	credential = SMBCredential.from_connection_string(connection_string)
	spneg = AuthenticatorBuilder.to_spnego_cred(credential, target)
	
	async with SMBConnection(spneg, target) as connection: 
		await connection.login()
		
		async with SMBDomain(domain_name, connection=connection) as domain:
			logging.debug('Connecting to SAMR')
			try:
				await domain.open(access_level = samr.DOMAIN_ALL_ACCESS)
			except Exception as e:
				logging.exception('Failed to create domain object')
				
			info = await domain.get_info()
			
			async for user_name, user_sid in domain.list_users():
				print(user_name, user_sid)
				try:
					user_handle = await domain.open_user(user_sid, access_level = samr.USER_ALL_ACCESS)
					#x = await domain.get_security_info(user_handle)
					user_info = await domain.get_user_info(user_handle)
					
					#async for group_sid in domain.get_user_group_memberships(user_handle):
					#	print(group_sid)
				except Exception as e:
					print(e)
					continue
					
			#async for name, sid in domain.list_groups():
			#	print(name, sid)

	print('Done!')
Esempio n. 3
0
 def get_target(self):
     return SMBTarget(ip=self.ip,
                      port=self.port,
                      hostname=self.hostname,
                      timeout=self.timeout,
                      dc_ip=self.dc_ip,
                      domain=self.domain,
                      proxy=self.get_proxy())
Esempio n. 4
0
    def get_target(self):
        if self.ip is not None and self.hostname is None:
            try:
                ipaddress.ip_address(self.ip)
            except:
                self.hostname = self.ip
        if self.server_ip is not None:
            self.ip = self.server_ip

        t = SMBTarget(ip=self.ip,
                      port=self.port,
                      hostname=self.hostname,
                      timeout=self.timeout,
                      dc_ip=self.dc_ip,
                      domain=self.domain,
                      proxy=self.get_proxy())
        t.update_dialect(self.dialect)
        if self.fragment is not None:
            fs = 0x100000
            if self.fragment == 5:
                fs = 5 * 1024
            elif self.fragment == 4:
                fs = 7 * 1024
            elif self.fragment == 3:
                fs = 10 * 1024
            elif self.fragment == 2:
                fs = 500 * 1024
            elif self.fragment == 1:
                fs = 5000 * 1024

            t.MaxTransactSize = fs
            t.MaxReadSize = fs
            t.MaxWriteSize = fs

        return t
Esempio n. 5
0
    def get_target(self):
        if self.ip is not None and self.hostname is None:
            try:
                ipaddress.ip_address(self.ip)
            except:
                self.hostname = self.ip
        if self.server_ip is not None:
            self.ip = self.server_ip

        t = SMBTarget(ip=self.ip,
                      port=self.port,
                      hostname=self.hostname,
                      timeout=self.timeout,
                      dc_ip=self.dc_ip,
                      domain=self.domain,
                      proxy=self.get_proxy())
        t.update_dialect(self.dialect)
        return t
Esempio n. 6
0
 def get_smb_target(self, domain=None, proxy=None, dc_ip=None, timeout=1):
     ip = None
     hostname = self.hostname
     try:
         ipaddress.ip_address(hostname)
         ip = hostname
         hostname = None
     except:
         pass
     print('get_smb_target: domain: %s , ip: %s, hostname: %s' %
           (domain, ip, hostname))
     return SMBTarget(ip=ip,
                      hostname=hostname,
                      timeout=timeout,
                      dc_ip=dc_ip,
                      domain=domain,
                      proxy=proxy,
                      protocol=SMBConnectionProtocol.TCP,
                      path=None)