def test_connection_echo(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect() session = Session(connection, smb_real[0], smb_real[1]) session.connect() try: actual = connection.echo(sid=session.session_id, credit_request=2) assert actual == 2 finally: connection.disconnect(True)
def test_invalid_user(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect() try: session = Session(connection, "fakeuser", "fakepass") with pytest.raises(SMBAuthenticationError) as exc: session.connect() assert "Failed to authenticate with server: " in str(exc.value) finally: connection.disconnect(True)
def test_dialect_2_encrypted_share(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_2_1_0) session = Session(connection, smb_real[0], smb_real[1], False) tree = TreeConnect(session, smb_real[5]) try: session.connect() with pytest.raises(AccessDenied) as exc: tree.connect() finally: connection.disconnect(True)
def register_session(server, username=None, password=None, port=445, encrypt=None, connection_timeout=60, connection_cache=None): """ Creates an active connection and session to the server specified. This can be manually called to register the credentials of a specific server instead of defining it on the first function connecting to the server. The opened connection is registered in a pool and re-used if a connection is made to the same server with the same credentials. :param server: The server name to register. :param username: Optional username to connect with. Required if no session has been registered for the server and Kerberos auth is not being used. :param password: Optional password to connect with. :param port: The port to connect with. :param encrypt: Whether to force encryption or not, once this has been set to True the session cannot be changed back to False. :param connection_timeout: Override the timeout used for the initial connection. :param connection_cache: Connection cache to be used with :return: The Session that was registered or already existed in the pool. """ connection_key = "%s:%s" % (server.lower(), port) if connection_cache is None: connection_cache = _SMB_CONNECTIONS connection = connection_cache.get(connection_key, None) if not connection: connection = Connection(ClientConfig().client_guid, server, port) connection.connect(timeout=connection_timeout) connection_cache[connection_key] = connection # Find the first session in the connection session list that match the username specified, if not username then # just use the first session found or fall back to creating a new one with implicit auth/kerberos. session = next((s for s in connection.session_table.values() if username is None or s.username == username), None) if not session: session = Session(connection, username=username, password=password, require_encryption=(encrypt is True)) session.connect() elif encrypt is not None: # We cannot go from encryption to no encryption on an existing session but we can do the opposite. if session.encrypt_data and not encrypt: raise ValueError( "Cannot disable encryption on an already negotiated session.") elif not session.encrypt_data and encrypt: session.encrypt = True return session
def test_require_encryption_not_supported(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_2_1_0) try: session = Session(connection, smb_real[0], smb_real[1]) with pytest.raises(SMBException) as exc: session.connect() assert str(exc.value) == "SMB encryption is required but the " \ "connection does not support it" finally: connection.disconnect(True)
def __init__(self, server, username, password, port=445): connection_id = uuid.uuid4() addr = socket.gethostbyname(server) self.server = server connection = Connection(connection_id, addr, port, require_signing=True) self.session = Session(connection, username, password, require_encryption=False)
def __init__(self, server, username, password, port=445): connection_id = uuid.uuid4() addr = socket.getaddrinfo(server, None, 0, 0, socket.IPPROTO_TCP)[0][4][0] self.server = server connection = Connection(connection_id, addr, port, require_signing=True) self.session = Session(connection, username, password, require_encryption=False)
def test_send_invalid_tree_id(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() msg = SMB2IOCTLRequest() msg['file_id'] = b"\xff" * 16 with pytest.raises(SMBException) as exc: connection.send(msg, session.session_id, 10) assert str(exc.value) == "Cannot find Tree with the ID 10 in " \ "the session tree table" finally: connection.disconnect()
def test_secure_negotiation_verification_failed(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_3_0_2) session = Session(connection, smb_real[0], smb_real[1]) connection.dialect = Dialects.SMB_3_0_0 tree = TreeConnect(session, smb_real[4]) try: session.connect() with pytest.raises(SMBException) as exc: tree.connect() assert "Secure negotiate failed to verify server dialect, " \ "Actual: 770, Expected: 768" in str(exc.value) finally: connection.disconnect(True)
def test_dialect_2_encrypted_share(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_2_1_0) session = Session(connection, smb_real[0], smb_real[1], False) tree = TreeConnect(session, smb_real[5]) try: session.connect() with pytest.raises(SMBResponseException) as exc: tree.connect() assert str(exc.value) == "Received unexpected status from the " \ "server: (3221225506) " \ "STATUS_ACCESS_DENIED: 0xc0000022" finally: connection.disconnect(True)
def test_dialect_3_encrypted_share(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_3_1_1) session = Session(connection, smb_real[0], smb_real[1]) tree = TreeConnect(session, smb_real[5]) try: session.connect() tree.connect() assert tree.encrypt_data assert not tree.is_ca_share assert not tree.is_dfs_share assert not tree.is_scaleout_share assert isinstance(tree.tree_connect_id, int) finally: connection.disconnect(True)
def test_connect_fail(self, smb_real, monkeypatch, mocker): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect() try: monkeypatch.setattr( pyspnego, 'client', mocker.MagicMock( side_effect=pyspnego.exceptions.NoCredentialError())) session = Session(connection, smb_real[0], smb_real[1]) with pytest.raises(SMBAuthenticationError, match="Failed to authenticate with server"): session.connect() finally: connection.disconnect(True)
def test_parse_error_unknown(self): connection = Connection(uuid.uuid4(), "server", 445) session = Session(connection, "user", "password") api = SCMRApi(session) with pytest.raises(SCMRException) as exc: api._parse_error(999, "function_name") assert str(exc.value) == "Exception calling function_name. Code: 999" \ ", Msg: ERROR_UNKNOWN"
def test_marshal_string_none(self): connection = Connection(uuid.uuid4(), "server", 445) session = Session(connection, "user", "password") api = SCMRApi(session) expected = b"\x00\x00\x00\x00" actual = api._marshal_string(None) assert actual == expected
def test_decrypt_invalid_flag(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() # just get some random message header = connection.preauth_integrity_hash_value[-1] enc_header = connection._encrypt(header.pack(), session) assert isinstance(enc_header, SMB2TransformHeader) enc_header['flags'] = 5 with pytest.raises(SMBException) as exc: connection._decrypt(enc_header) assert str(exc.value) == "Expecting flag of 0x0001 but got 5 in " \ "the SMB Transform Header Response" finally: connection.disconnect(True)
def test_decrypt_invalid_session_id(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() # just get some random message header = connection.preauth_integrity_hash_value[-1] enc_header = connection._encrypt(header.pack(), session) assert isinstance(enc_header, SMB2TransformHeader) enc_header['session_id'] = 100 with pytest.raises(SMBException) as exc: connection._decrypt(enc_header) assert str(exc.value) == "Failed to find valid session 100 for " \ "message decryption" finally: connection.disconnect(True)
def test_secure_ignore_negotiation_verification_failed(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_3_0_2) session = Session(connection, smb_real[0], smb_real[1]) connection.dialect = Dialects.SMB_3_0_0 tree = TreeConnect(session, smb_real[4]) try: session.connect() tree.connect(False) assert not tree.encrypt_data assert not tree.is_ca_share assert not tree.is_dfs_share assert not tree.is_scaleout_share assert isinstance(tree.tree_connect_id, int) finally: connection.disconnect(True) tree.disconnect() # test that disconnect can be run mutliple times
def test_verify_mistmatch(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() header = connection.preauth_integrity_hash_value[-2] # just set some random values for verifiation failure header['flags'].set_flag(Smb2Flags.SMB2_FLAGS_SIGNED) header['signature'] = b"\xff" * 16 with pytest.raises(SMBException) as exc: connection._verify(header, header['session_id'].get_value(), verify_session=True) assert "Server message signature could not be verified:" in \ str(exc.value) finally: connection.disconnect(True)
def bule_screen(IP, username=None, password=None, port=445, encode=None, connectionTimeout=10): _SMB_CONNECTIONS = {} connection_key = "%s:%s" %(IP, port) connection = _SMB_CONNECTIONS.get(connection_key, None) if not connection: connection = Connection(uuid.uuid4(), IP, port) connection.connect(timeout=connectionTimeout) _SMB_CONNECTIONS[connection_key] = connection session = next((s for s in connection.session_table.values() if username is None or s.username == username), None) if not session: session = Session(connection, username=username, password=password, require_encryption=(encode is True)) session.connect() elif encode is not None: if session.encrypt_data and not encode: print("[\033[33m-\033[0m]Cannot disable encryption on an already negotiated session.") elif not session.encrypt_data and encode: session.encrypt = True return session
def test_parse_pdu_fine(self): connection = Connection(uuid.uuid4(), "server", 445) session = Session(connection, "user", "password") api = SCMRApi(session) response_pdu = ResponsePDU() response_pdu['packed_drep'] = DataRepresentationFormat() response_pdu['stub_data'] = b"\x01\x02\x03\x04" expected = b"\x01\x02\x03\x04" actual = api._parse_pdu(response_pdu.pack(), 10) assert actual == expected
def test_parse_pdu_failure(self): connection = Connection(uuid.uuid4(), "server", 445) session = Session(connection, "user", "password") api = SCMRApi(session) fault_pdu = FaultPDU() fault_pdu['packed_drep'] = DataRepresentationFormat() with pytest.raises(PDUException) as exc: api._parse_pdu(fault_pdu.pack(), 10) assert "Expecting ResponsePDU for opnum 10 response but got: " \ "FaultPDU" in str(exc.value)
def test_dialect_2_1_0(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_2_1_0) session = Session(connection, smb_real[0], smb_real[1], require_encryption=False) try: session.connect() assert len(session.application_key) == 16 assert session.decryption_key is None assert not session.encrypt_data assert session.encryption_key is None assert len(session.preauth_integrity_hash_value) == 5 assert not session.require_encryption assert session.session_id is not None assert session.session_key == session.application_key assert session.signing_key == session.signing_key assert session.signing_required finally: connection.disconnect(True)
def test_change_notify_cancel(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect() session = Session(connection, smb_real[0], smb_real[1], require_encryption=False) tree = TreeConnect(session, smb_real[4]) open = Open(tree, "directory-watch") try: session.connect() tree.connect() open.create( ImpersonationLevel.Impersonation, DirectoryAccessMask.MAXIMUM_ALLOWED, FileAttributes.FILE_ATTRIBUTE_DIRECTORY, ShareAccess.FILE_SHARE_READ | ShareAccess.FILE_SHARE_WRITE | ShareAccess.FILE_SHARE_DELETE, CreateDisposition.FILE_OPEN_IF, CreateOptions.FILE_DIRECTORY_FILE) watcher = FileSystemWatcher(open) watcher.start(CompletionFilter.FILE_NOTIFY_CHANGE_FILE_NAME) assert watcher.result is None assert watcher.response_event.is_set() is False # Makes sure that we cancel after the async response has been returned from the server. while watcher._request.async_id is None: pass assert watcher.result is None watcher.cancel() watcher.wait() assert watcher.cancelled is True assert watcher.result is None # Make sure it doesn't cause any weird errors when calling it again watcher.cancel() finally: connection.disconnect(True)
def session(self): server = os.environ.get('PYPSEXEC_SERVER', None) username = os.environ.get('PYPSEXEC_USERNAME', None) password = os.environ.get('PYPSEXEC_PASSWORD', None) if server: connection = Connection(uuid.uuid4(), server, 445) session = Session(connection, username, password) tree = TreeConnect(session, r"\\%s\ADMIN$" % server) paexec_file = Open(tree, "PAExec.exe") connection.connect() try: session.connect() tree.connect() paexec_file.create(ImpersonationLevel.Impersonation, FilePipePrinterAccessMask.FILE_WRITE_DATA, FileAttributes.FILE_ATTRIBUTE_NORMAL, ShareAccess.FILE_SHARE_READ, CreateDisposition.FILE_OVERWRITE_IF, CreateOptions.FILE_NON_DIRECTORY_FILE) paexec_file.write(pkgutil.get_data('pypsexec', 'paexec.exe'), 0) paexec_file.close(get_attributes=False) yield session finally: paexec_file.create(ImpersonationLevel.Impersonation, FilePipePrinterAccessMask.DELETE, FileAttributes.FILE_ATTRIBUTE_NORMAL, ShareAccess.FILE_SHARE_DELETE, CreateDisposition.FILE_OVERWRITE_IF, CreateOptions.FILE_DELETE_ON_CLOSE) paexec_file.close(get_attributes=False) connection.disconnect(True) else: pytest.skip("PYPSEXEC_SERVER, PYPSEXEC_USERNAME, PYPSEXEC_PASSWORD" " environment variables were not set. Integration " "tests will be skipped")
def test_verify_mistmatch(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3], True) session = Session(connection, smb_real[0], smb_real[1]) connection.connect() try: session.connect() b_header = connection.preauth_integrity_hash_value[-2] header = SMB2HeaderResponse() header.unpack(b_header) # just set some random values for verification failure header['flags'].set_flag(Smb2Flags.SMB2_FLAGS_SIGNED) header['signature'] = b"\xff" * 16 with pytest.raises(SMBException) as exc: connection.verify_signature( header, list(connection.session_table.keys())[0], force=True) assert "Server message signature could not be verified:" in str( exc.value) finally: connection.disconnect(True)
def __init__(self, server, username=None, password=None, port=445, encrypt=True, obscure=True, sharename="ADMIN$"): self.server = server self.port = port self.pid = os.getpid() self.current_host = socket.gethostname() self.connection = Connection(uuid.uuid4(), server, port) self.session = Session(self.connection, username, password, require_encryption=encrypt) self.service_name = "" #added if obscure: #added self.service_name = Client.obscure_service_name() #added else: #added self.service_name = "PAExec" # This doesn't need a new name everytime the service is created; makes a mess in the directories # OLD = "PAExec-%d-%s" % (self.pid, self.current_host) log.info("Creating PyPsexec Client with unique name: %s" % self.service_name) self._exe_file = "%s.exe" % self.service_name self._stdout_pipe_name = "PaExecOut%s%d" % (self.current_host, self.pid) self._stderr_pipe_name = "PaExecErr%s%d" % (self.current_host, self.pid) self._stdin_pipe_name = "PaExecIn%s%d" % (self.current_host, self.pid) self._unique_id = get_unique_id(self.pid, self.current_host) log.info("Generated unique ID for PyPsexec Client: %d" % self._unique_id) self._service = Service(self.service_name, self.session) self._share = sharename
def test_dialect_3_1_1(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect(Dialects.SMB_3_1_1) session = Session(connection, smb_real[0], smb_real[1]) try: session.connect() assert len(session.application_key) == 16 assert session.application_key != session.session_key assert len(session.decryption_key) == 16 assert session.decryption_key != session.session_key assert session.encrypt_data assert len(session.encryption_key) == 16 assert session.encryption_key != session.session_key assert len(session.connection.preauth_integrity_hash_value) == 2 assert len(session.preauth_integrity_hash_value) == 3 assert session.require_encryption assert session.session_id is not None assert len(session.session_key) == 16 assert len(session.signing_key) == 16 assert session.signing_key != session.session_key assert not session.signing_required finally: connection.disconnect(True) # test that disconnect can be run multiple times session.disconnect()
def __init__(self, server, username=None, password=None, port=445, encrypt=True, **kargs): if type(server) == socket.socket: self.server = server.getpeername()[0] self.port = server.getpeername()[1] self.connection = Connection_(uuid.uuid4(), server) else: self.server = server self.port = port self.connection = Connection(uuid.uuid4(), server, port) self.pid = os.getpid() self.current_host = socket.gethostname() self.session = Session(self.connection, username, password, require_encryption=encrypt) self.service_name = "PAExec-%d-%s" % (self.pid, self.current_host) log.info("Creating PyPsexec Client with unique name: %s" % self.service_name) self._exe_file = "%s.exe" % self.service_name self._stdout_pipe_name = "PaExecOut%s%d"\ % (self.current_host, self.pid) self._stderr_pipe_name = "PaExecErr%s%d"\ % (self.current_host, self.pid) self._stdin_pipe_name = "PaExecIn%s%d" % (self.current_host, self.pid) self._unique_id = get_unique_id(self.pid, self.current_host) log.info("Generated unique ID for PyPsexec Client: %d" % self._unique_id) self._service = Service(self.service_name, self.session) for attribute, value in kargs.items(): setattr(self, attribute, value)
def test_marshal_string_as_referent(self): connection = Connection(uuid.uuid4(), "server", 445) session = Session(connection, "user", "password") api = SCMRApi(session) expected = b"\x00\x00\x00\x01" \ b"\x03\x00\x00\x00" \ b"\x00\x00\x00\x00" \ b"\x03\x00\x00\x00" \ b"\x68\x00\x69\x00\x00\x00" \ b"\x00\x00" actual = api._marshal_string("hi", unique=True) assert actual == expected
def test_setup_session_with_ms_gss_token(self, smb_real): connection = Connection(uuid.uuid4(), smb_real[2], smb_real[3]) connection.connect() connection.gss_negotiate_token = b"\x60\x76\x06\x06\x2b\x06\x01\x05" \ b"\x05\x02\xa0\x6c\x30\x6a\xa0\x3c" \ b"\x30\x3a\x06\x0a\x2b\x06\x01\x04" \ b"\x01\x82\x37\x02\x02\x1e\x06\x09" \ b"\x2a\x86\x48\x82\xf7\x12\x01\x02" \ b"\x02\x06\x09\x2a\x86\x48\x86\xf7" \ b"\x12\x01\x02\x02\x06\x0a\x2a\x86" \ b"\x48\x86\xf7\x12\x01\x02\x02\x03" \ b"\x06\x0a\x2b\x06\x01\x04\x01\x82" \ b"\x37\x02\x02\x0a\xa3\x2a\x30\x28" \ b"\xa0\x26\x1b\x24\x6e\x6f\x74\x5f" \ b"\x64\x65\x66\x69\x6e\x65\x64\x5f" \ b"\x69\x6e\x5f\x52\x46\x43\x34\x31" \ b"\x37\x38\x40\x70\x6c\x65\x61\x73" \ b"\x65\x5f\x69\x67\x6e\x6f\x72\x65" session = Session(connection, smb_real[0], smb_real[1], False) try: session.connect() assert len(session.application_key) == 16 assert session.application_key != session.session_key assert len(session.decryption_key) == 16 assert session.decryption_key != session.session_key assert not session.encrypt_data assert len(session.encryption_key) == 16 assert session.encryption_key != session.session_key assert len(session.connection.preauth_integrity_hash_value) == 2 assert len(session.preauth_integrity_hash_value) == 3 assert not session.require_encryption assert session.session_id is not None assert len(session.session_key) == 16 assert len(session.signing_key) == 16 assert session.signing_key != session.session_key assert session.signing_required finally: connection.disconnect(True)