def smbcmdlist():
parse_list_file(conf.smbcmdlist)
targets_tuple = ()
for target in targets:
if len(target.getValidCredentials()) == 0:
continue
else:
first_credentials = target.getValidCredentials()[0]
logger.info('Executing SMB commands on %s with user %s' % (target.getIdentity(), first_credentials.getUser()))
shell = InteractiveShell(target, first_credentials, conf.name)
if len(commands) > 0:
logger.info('Executing SMB commands from provided file')
for command in commands:
print 'SMB command \'%s\' output:' % command
try:
shell.onecmd(command)
except SessionError, e:
#traceback.print_exc()
logger.error('SMB error: %s' % (e.getErrorString(), ))
except NetBIOSTimeout, e:
logger.error('SMB connection timed out')
except keimpxError, e:
logger.error(e)
except KeyboardInterrupt, _:
print
logger.info('User aborted')
shell.do_exit('')
def smbcmdlist():
parse_list_file(conf.smbcmdlist)
targets_tuple = ()
for target in targets:
if len(target.getValidCredentials()) == 0:
continue
else:
admin_credentials = get_admin_credentials(target)
if admin_credentials is False:
admin_credentials = target.getValidCredentials()[0]
logger.warn("No admin user identified for target %s, some commands will not work" % target.getIdentity())
logger.info("Executing SMB commands on %s with user %s" % (target.getIdentity(), admin_credentials.getUser()))
shell = InteractiveShell(target, admin_credentials, conf.name)
if len(commands) > 0:
logger.info("Executing SMB commands from provided file")
for command in commands:
print "SMB command '%s' output:" % command
try:
shell.onecmd(command)
except SessionError, e:
# traceback.print_exc()
logger.error("SMB error: %s" % (e.getErrorString(),))
except NetBIOSTimeout, e:
logger.error("SMB connection timed out")
except keimpxError, e:
logger.error(e)
except KeyboardInterrupt, _:
print
logger.info("User aborted")
shell.do_exit("")
def smb_cmd_list(targets):
commands = parse_list_file(conf.smbcmdlist)
targets_tuple = ()
for target in targets:
if len(target.get_valid_credentials()) == 0:
continue
else:
admin_credentials = get_admin_credentials(target)
if admin_credentials is False:
admin_credentials = target.get_valid_credentials()[0]
logger.warn(
'No admin user identified for target %s, some commands will not work'
% target.get_identity())
logger.info('Executing SMB commands on %s with user %s' %
(target.get_identity(), admin_credentials.getUser()))
shell = InteractiveShell(target, admin_credentials, conf.name)
if len(commands) > 0:
logger.info('Executing SMB commands from provided file')
for command in commands:
print('SMB command \'%s\' output:' % command)
try:
shell.onecmd(command)
except SessionError as e:
# traceback.print_exc()
logger.error('SMB error: %s' % (e.getErrorString(), ))
except NetBIOSTimeout as e:
logger.error('SMB connection timed out')
except keimpxError as e:
logger.error(e)
except KeyboardInterrupt as _:
print()
logger.info('User aborted')
shell.do_exit('')
except Exception as e:
# traceback.print_exc()
logger.error(str(e))
print('----------8<----------')
def main():
global conf
global credentials
global domains
global have_readline
global pool_thread
banner()
conf = cmdline_parser()
check_conf()
pool_thread = threading.BoundedSemaphore(conf.threads)
try:
for target in targets:
pool_thread.acquire()
current = test_login(target)
current.daemon = True
current.start()
while threading.activeCount() > 1:
a = 'Caughtit'
pass
except KeyboardInterrupt:
print
try:
logger.warn('Test interrupted')
a = 'Caughtit'
stop_threads[0] = True
except KeyboardInterrupt:
print
logger.info('User aborted')
exit(1)
if successes == 0:
print '\nNo credentials worked on any target\n'
exit(0)
print '\nThe credentials worked in total %d times\n' % successes
print 'TARGET SORTED RESULTS:\n'
for target in targets:
valid_credentials = target.get_valid_credentials()
if len(valid_credentials) > 0:
print target.get_identity()
for valid_credential in valid_credentials:
print ' %s' % valid_credential.get_identity()
print
print '\nUSER SORTED RESULTS:\n'
for credential in credentials:
valid_credentials = credential.get_valid_targets()
if len(valid_credentials) > 0:
print credential.get_identity()
for valid_credential in valid_credentials:
print ' %s' % valid_credential.get_identity()
print
if conf.smbcmdlist is not None:
smb_cmd_list()
if conf.oscmdlist is not None:
os_cmd_list()
if conf.batch or conf.smbcmdlist or conf.oscmdlist:
return
while True:
msg = 'Do you want to establish a SMB shell from any of the targets? [Y/n] '
choice = raw_input(msg)
if choice and choice[0].lower() != 'y':
return
counter = 0
targets_dict = {}
msg = 'Which target do you want to connect to?'
for target in targets:
valid_credentials = target.get_valid_credentials()
if len(valid_credentials) > 0:
counter += 1
msg += '\n[%d] %s%s' % (counter, target.get_identity(), ' (default)' if counter == 1 else '')
targets_dict[counter] = (target, valid_credentials)
msg += '\n> '
choice = read_input(msg, counter)
user_target, valid_credentials = targets_dict[int(choice)]
counter = 0
credentials_dict = {}
msg = 'Which credentials do you want to use to connect?'
for credential in valid_credentials:
counter += 1
msg += '\n[%d] %s%s' % (counter, credential.get_identity(), ' (default)' if counter == 1 else '')
credentials_dict[counter] = credential
msg += '\n> '
choice = read_input(msg, counter)
user_credentials = credentials_dict[int(choice)]
if sys.platform.lower() == 'win32' and have_readline:
try:
_outputfile = readline.GetOutputFile()
except AttributeError:
logger.debug('Failed GetOutputFile when using platform\'s readline library')
have_readline = False
uses_libedit = False
if sys.platform.lower() == 'darwin' and have_readline:
import commands
(status, result) = commands.getstatusoutput('otool -L %s | grep libedit' % readline.__file__)
if status == 0 and len(result) > 0:
readline.parse_and_bind('bind ^I rl_complete')
debugMsg = 'Leopard libedit detected when using platform\'s '
debugMsg += 'readline library'
logger.debug(debugMsg)
uses_libedit = True
try:
shell = InteractiveShell(user_target, user_credentials, conf.name)
shell.cmdloop()
except RuntimeError, e:
logger.error('Runtime error: %s' % str(e))
except Exception, _:
# traceback.print_exc()
pass
def main():
global conf
global credentials
global domains
global have_readline
global pool_thread
banner()
conf = cmdline_parser()
check_conf()
pool_thread = threading.BoundedSemaphore(conf.threads)
try:
for target in targets:
pool_thread.acquire()
current = test_login(target)
current.start()
while (threading.activeCount() > 1):
a = 'Caughtit'
pass
except KeyboardInterrupt:
print
try:
logger.warn('Test interrupted, waiting for threads to finish')
while (threading.activeCount() > 1):
a = 'Caughtit'
pass
except KeyboardInterrupt:
print
logger.info('User aborted')
sys.exit(1)
if successes == 0:
print '\nNo credentials worked on any target\n'
sys.exit(1)
print '\nThe credentials worked in total %d times\n' % successes
print 'TARGET SORTED RESULTS:\n'
for target in targets:
valid_credentials = target.getValidCredentials()
if len(valid_credentials) > 0:
print target.getIdentity()
for valid_credential in valid_credentials:
print ' %s' % valid_credential.getIdentity()
print
print '\nUSER SORTED RESULTS:\n'
for credential in credentials:
valid_credentials = credential.getValidTargets()
if len(valid_credentials) > 0:
print credential.getIdentity()
for valid_credential in valid_credentials:
print ' %s' % valid_credential.getIdentity()
print
if conf.smbcmdlist is not None:
smbcmdlist()
if conf.oscmdlist is not None:
oscmdlist()
if conf.batch or conf.smbcmdlist or conf.oscmdlist:
return
msg = 'Do you want to establish a SMB shell from any of the targets? [Y/n] '
choice = raw_input(msg)
if choice and choice[0].lower() != 'y':
return
counter = 0
targets_dict = {}
msg = 'Which target do you want to connect to?'
for target in targets:
valid_credentials = target.getValidCredentials()
if len(valid_credentials) > 0:
counter += 1
msg += '\n[%d] %s%s' % (counter, target.getIdentity(), ' (default)' if counter == 1 else '')
targets_dict[counter] = (target, valid_credentials)
msg += '\n> '
choice = read_input(msg, counter)
user_target, valid_credentials = targets_dict[int(choice)]
counter = 0
credentials_dict = {}
msg = 'Which credentials do you want to use to connect?'
for credential in valid_credentials:
counter += 1
msg += '\n[%d] %s%s' % (counter, credential.getIdentity(), ' (default)' if counter == 1 else '')
credentials_dict[counter] = credential
msg += '\n> '
choice = read_input(msg, counter)
user_credentials = credentials_dict[int(choice)]
if mswindows is True and have_readline:
try:
_outputfile = readline.GetOutputFile()
except AttributeError:
logger.debug('Failed GetOutputFile when using platform\'s readline library')
have_readline = False
uses_libedit = False
if sys.platform.lower() == 'darwin' and have_readline:
import commands
(status, result) = commands.getstatusoutput('otool -L %s | grep libedit' % readline.__file__)
if status == 0 and len(result) > 0:
readline.parse_and_bind('bind ^I rl_complete')
debugMsg = 'Leopard libedit detected when using platform\'s '
debugMsg += 'readline library'
logger.debug(debugMsg)
uses_libedit = True
try:
shell = InteractiveShell(user_target, user_credentials, conf.name)
shell.cmdloop()
except RuntimeError:
sys.exit(255)
def main():
global conf
global credentials
global domains
global have_readline
global pool_thread
banner()
conf = cmdline_parser()
check_conf()
pool_thread = threading.BoundedSemaphore(conf.threads)
try:
for target in targets:
pool_thread.acquire()
current = test_login(target)
current.daemon = True
current.start()
while threading.activeCount() > 1:
a = "Caughtit"
pass
except KeyboardInterrupt:
print
try:
logger.warn("Test interrupted")
a = "Caughtit"
stop_threads[0] = True
except KeyboardInterrupt:
print
logger.info("User aborted")
os._exit(1)
if successes == 0:
print "\nNo credentials worked on any target\n"
os._exit(0)
print "\nThe credentials worked in total %d times\n" % successes
print "TARGET SORTED RESULTS:\n"
for target in targets:
valid_credentials = target.getValidCredentials()
if len(valid_credentials) > 0:
print target.getIdentity()
for valid_credential in valid_credentials:
print " %s" % valid_credential.getIdentity()
print
print "\nUSER SORTED RESULTS:\n"
for credential in credentials:
valid_credentials = credential.getValidTargets()
if len(valid_credentials) > 0:
print credential.getIdentity()
for valid_credential in valid_credentials:
print " %s" % valid_credential.getIdentity()
print
if conf.smbcmdlist is not None:
smbcmdlist()
if conf.oscmdlist is not None:
oscmdlist()
if conf.batch or conf.smbcmdlist or conf.oscmdlist:
return
while True:
msg = "Do you want to establish a SMB shell from any of the targets? [Y/n] "
choice = raw_input(msg)
if choice and choice[0].lower() != "y":
return
counter = 0
targets_dict = {}
msg = "Which target do you want to connect to?"
for target in targets:
valid_credentials = target.getValidCredentials()
if len(valid_credentials) > 0:
counter += 1
msg += "\n[%d] %s%s" % (counter, target.getIdentity(), " (default)" if counter == 1 else "")
targets_dict[counter] = (target, valid_credentials)
msg += "\n> "
choice = read_input(msg, counter)
user_target, valid_credentials = targets_dict[int(choice)]
counter = 0
credentials_dict = {}
msg = "Which credentials do you want to use to connect?"
for credential in valid_credentials:
counter += 1
msg += "\n[%d] %s%s" % (counter, credential.getIdentity(), " (default)" if counter == 1 else "")
credentials_dict[counter] = credential
msg += "\n> "
choice = read_input(msg, counter)
user_credentials = credentials_dict[int(choice)]
if mswindows is True and have_readline:
try:
_outputfile = readline.GetOutputFile()
except AttributeError:
logger.debug("Failed GetOutputFile when using platform's readline library")
have_readline = False
uses_libedit = False
if sys.platform.lower() == "darwin" and have_readline:
import commands
(status, result) = commands.getstatusoutput("otool -L %s | grep libedit" % readline.__file__)
if status == 0 and len(result) > 0:
readline.parse_and_bind("bind ^I rl_complete")
debugMsg = "Leopard libedit detected when using platform's "
debugMsg += "readline library"
logger.debug(debugMsg)
uses_libedit = True
try:
shell = InteractiveShell(user_target, user_credentials, conf.name)
shell.cmdloop()
except RuntimeError, e:
logger.error("Runtime error: %s" % str(e))
except Exception, _:
# traceback.print_exc()
pass
