def decode(self, aBuffer): i = ImpactPacket.IP(aBuffer) self.set_decoded_protocol(i) off = i.get_header_size() end = i.get_ip_len() # If ip_len == 0 we might be facing TCP segmentation offload, let's calculate the right len if end == 0: LOG.warning( 'IP len reported as 0, most probably because of TCP segmentation offload. Attempting to fix its size' ) i.set_ip_len(len(aBuffer)) end = i.get_ip_len() if i.get_ip_p() == ImpactPacket.UDP.protocol: self.udp_decoder = UDPDecoder() packet = self.udp_decoder.decode(aBuffer[off:end]) elif i.get_ip_p() == ImpactPacket.TCP.protocol: self.tcp_decoder = TCPDecoder() packet = self.tcp_decoder.decode(aBuffer[off:end]) elif i.get_ip_p() == ImpactPacket.ICMP.protocol: self.icmp_decoder = ICMPDecoder() packet = self.icmp_decoder.decode(aBuffer[off:end]) elif i.get_ip_p() == ImpactPacket.IGMP.protocol: self.igmp_decoder = IGMPDecoder() packet = self.igmp_decoder.decode(aBuffer[off:end]) else: self.data_decoder = DataDecoder() packet = self.data_decoder.decode(aBuffer[off:end]) i.contains(packet) return i
def __init__(self, hive, isRemote=False): self.__hive = hive if isRemote is True: self.fd = self.__hive self.__hive.open() else: self.fd = open(hive, 'rb') data = self.fd.read(4096) self.__regf = REG_REGF(data) self.indent = '' self.rootKey = self.__findRootKey() if self.rootKey is None: LOG.error("Can't find root key!") elif self.__regf['MajorVersion'] != 1 and self.__regf[ 'MinorVersion'] > 5: LOG.warning( "Unsupported version (%d.%d) - things might not work!" % (self.__regf['MajorVersion'], self.__regf['MinorVersion']))
def sendNegotiate(self, negotiateMessage): # Remove the message signing flag # For LDAP this is required otherwise it triggers LDAP signing # Note that this code is commented out because changing flags breaks the signature # unless the client uses a non-standard implementation of NTLM negoMessage = NTLMAuthNegotiate() negoMessage.fromString(negotiateMessage) #negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN self.negotiateMessage = str(negoMessage) # Warn if the relayed target requests signing, which will break our attack if negoMessage['flags'] & NTLMSSP_NEGOTIATE_SIGN == NTLMSSP_NEGOTIATE_SIGN: LOG.warning('The client requested signing. Relaying to LDAP will not work! (This usually happens when relaying from SMB to LDAP)') with self.session.connection_lock: if not self.session.sasl_in_progress: self.session.sasl_in_progress = True request = bind.bind_operation(self.session.version, 'SICILY_PACKAGE_DISCOVERY') response = self.session.post_send_single_response(self.session.send('bindRequest', request, None)) result = response[0] try: sicily_packages = result['server_creds'].decode('ascii').split(';') except KeyError: raise LDAPRelayClientException('Could not discover authentication methods, server replied: %s' % result) if 'NTLM' in sicily_packages: # NTLM available on server request = bind.bind_operation(self.session.version, 'SICILY_NEGOTIATE_NTLM', self) response = self.session.post_send_single_response(self.session.send('bindRequest', request, None)) result = response[0] if result['result'] == RESULT_SUCCESS: challenge = NTLMAuthChallenge() challenge.fromString(result['server_creds']) return challenge else: raise LDAPRelayClientException('Server did not offer NTLM authentication!')
def set_destination_address(self, destination_address): LOG.warning('deprecated soon') self.set_ip_dst(destination_address)
def set_source_address(self, source_address): LOG.warning('deprecated soon') self.set_ip_src(source_address)
def set_protocol_version(self, version): LOG.warning('deprecated soon') self.set_ip_v(version)
def get_destination_address(self): LOG.warning('deprecated soon') return self.get_ip_dst()
def get_source_address(self): LOG.warning('deprecated soon') return self.get_ip_src()
def get_protocol_version(self): LOG.warning('deprecated soon') return self.get_ip_v()