async def amain():
import argparse
import sys
from aiosmb.commons.connection.params import SMBConnectionParams
epilog = """
Output legend:
[SHARE] C$ is accessible
[SRV] Remote Service Manager is accessible
[REG] Remote registry is accessible
[E] Error
[P] Progress (current/total)
"""
parser = argparse.ArgumentParser(description='SMB Share enumerator', formatter_class=argparse.RawDescriptionHelpFormatter, epilog=epilog)
SMBConnectionParams.extend_parser(parser)
parser.add_argument('-v', '--verbose', action='count', default=0)
parser.add_argument('-w', '--smb-worker-count', type=int, default=100, help='Parallell count')
parser.add_argument('-s', '--stdin', action='store_true', help='Read targets from stdin')
parser.add_argument('--url', help='Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"')
parser.add_argument('targets', nargs='*', help = 'Hostname or IP address or file with a list of targets')
args = parser.parse_args()
if args.verbose >=1:
logger.setLevel(logging.DEBUG)
if args.verbose > 2:
print('setting deepdebug')
logger.setLevel(1) #enabling deep debug
asyncio.get_event_loop().set_debug(True)
logging.basicConfig(level=logging.DEBUG)
smb_url = None
if args.url is not None:
smb_url = args.url
else:
try:
smb_url = SMBConnectionParams.parse_args(args)
except Exception as e:
print('Either URL or all connection parameters must be set! Error: %s' % str(e))
sys.exit(1)
enumerator = SMBAdminCheck(smb_url, worker_count = args.smb_worker_count)
notfile = []
if len(args.targets) == 0 and args.stdin is True:
enumerator.target_gens.append(ListTargetGen(sys.stdin))
else:
for target in args.targets:
try:
f = open(target, 'r')
f.close()
enumerator.target_gens.append(FileTargetGen(target))
except:
notfile.append(target)
if len(notfile) > 0:
enumerator.target_gens.append(ListTargetGen(notfile))
if len(enumerator.target_gens) == 0:
print('[-] No suitable targets were found!')
return
await enumerator.run()
async def amain():
import argparse
import sys
from aiosmb.commons.connection.params import SMBConnectionParams
parser = argparse.ArgumentParser(description='SMB Share enumerator')
SMBConnectionParams.extend_parser(parser)
parser.add_argument('-v', '--verbose', action='count', default=0)
parser.add_argument('-s',
'--stdin',
action='store_true',
help='Read targets from stdin')
parser.add_argument(
'-r',
'--recursive',
action='store_true',
help='Recirsively donwload all files from the remote folder')
parser.add_argument('--progress',
action='store_true',
help='Show progress')
parser.add_argument(
'--url',
help=
'Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"'
)
parser.add_argument(
'targets',
nargs='*',
help='UNC paths of file eg. \\\\HOST\\SHARE\\file_or_folder')
args = parser.parse_args()
if args.verbose >= 1:
logger.setLevel(logging.DEBUG)
if args.verbose > 2:
print('setting deepdebug')
logger.setLevel(1) #enabling deep debug
asyncio.get_event_loop().set_debug(True)
logging.basicConfig(level=logging.DEBUG)
smb_url = None
if args.url is not None:
smb_url = args.smb_url
else:
try:
smb_url = SMBConnectionParams.parse_args(args)
except Exception as e:
print(
'Either URL or all connection parameters must be set! Error: %s'
% str(e))
sys.exit(1)
smbget = SMBGET(smb_url, show_progress=args.progress)
notfile = []
if len(args.targets) == 0 and args.stdin is True:
smbget.target_gens.append(ListTargetGen(sys.stdin))
else:
for target in args.targets:
try:
f = open(target, 'r')
f.close()
smbget.target_gens.append(FileTargetGen(target))
except:
notfile.append(target)
if len(notfile) > 0:
smbget.target_gens.append(ListTargetGen(notfile))
if len(smbget.target_gens) == 0:
print('[-] No suitable targets were found!')
return
await smbget.run()
async def amain():
import argparse
import sys
from aiosmb.commons.connection.params import SMBConnectionParams
epilog = """
Output legend:
[S] Share
[D] Dictionary
[F] File
[E] Error
[M] Maxed (max items limit reached for directory)
[P] Progress (current/total)
"""
parser = argparse.ArgumentParser(description='SMB Printnightmare enumerator', formatter_class=argparse.RawDescriptionHelpFormatter, epilog=epilog)
SMBConnectionParams.extend_parser(parser)
parser.add_argument('-v', '--verbose', action='count', default=0)
parser.add_argument('-w', '--smb-worker-count', type=int, default=100, help='Parallell count')
parser.add_argument('-o', '--out-file', help='Output file path.')
parser.add_argument('-s', '--stdin', action='store_true', help='Read targets from stdin')
parser.add_argument('--url', help='Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"')
parser.add_argument('--progress', action='store_true', help='Show progress bar')
parser.add_argument('--json', action='store_true', help='Output in JSON format')
parser.add_argument('--tsv', action='store_true', help='Output in TSV format. (TAB Separated Values)')
parser.add_argument('targets', nargs='*', help = 'Hostname or IP address or file with a list of targets')
args = parser.parse_args()
if args.verbose >=1:
logger.setLevel(logging.DEBUG)
if args.verbose > 2:
print('setting deepdebug')
logger.setLevel(1) #enabling deep debug
asyncio.get_event_loop().set_debug(True)
logging.basicConfig(level=logging.DEBUG)
output_type = 'str'
if args.json is True:
output_type = 'json'
if args.tsv is True:
output_type = 'tsv'
smb_url = None
if args.url is not None:
smb_url = args.url
else:
try:
smb_url = SMBConnectionParams.parse_args(args)
except Exception as e:
print('Either URL or all connection parameters must be set! Error: %s' % str(e))
sys.exit(1)
enumerator = SMBPrintnightmareEnum(
smb_url,
worker_count = args.smb_worker_count,
out_file = args.out_file,
show_pbar = args.progress,
output_type = output_type,
)
notfile = []
if len(args.targets) == 0 and args.stdin is True:
enumerator.target_gens.append(ListTargetGen(sys.stdin))
else:
for target in args.targets:
try:
f = open(target, 'r')
f.close()
enumerator.target_gens.append(FileTargetGen(target))
except:
notfile.append(target)
if len(notfile) > 0:
enumerator.target_gens.append(ListTargetGen(notfile))
if len(enumerator.target_gens) == 0:
enumerator.enum_url = True
await enumerator.run()
async def amain():
import argparse
import sys
import logging
parser = argparse.ArgumentParser(
description='Registry manipulation via SMB')
SMBConnectionParams.extend_parser(parser)
parser.add_argument('-v', '--verbose', action='count', default=0)
parser.add_argument(
'url',
help=
'Connection URL base, target can be set to anything. Owerrides all parameter based connection settings! Example: "smb2+ntlm-password://TEST\\victim@test"'
)
parser.add_argument(
'commands',
nargs='*',
help=
'Commands in the following format: "r:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest:Negotiate"'
)
args = parser.parse_args()
if args.verbose >= 1:
logger.setLevel(logging.DEBUG)
if args.verbose > 2:
print('setting deepdebug')
logger.setLevel(1) #enabling deep debug
asyncio.get_event_loop().set_debug(True)
logging.basicConfig(level=logging.DEBUG)
commands = []
smb_url = None
if args.url is not None:
smb_url = args.url
else:
try:
smb_url = SMBConnectionParams.parse_args(args)
except Exception as e:
print(
'Either URL or all connection parameters must be set! Error: %s'
% str(e))
sys.exit(1)
#pre-parsing commands
for cmd in args.commands:
c, path = cmd.split(':', 1)
c = SMBREG_COMMAND(c.upper())
commands.append((c, path))
connection = SMBConnectionURL(smb_url).get_connection()
_, err = await connection.login()
if err is not None:
print('Login failed! Reason: %s' % str(err))
return
machine = SMBMachine(connection)
#async for srv, err in machine.list_services():
# if err is not None:
# print(err)
# return
# print(srv)
registry_srv_status, err = await machine.check_service_status(
"RemoteRegistry")
if err is not None:
print('Check service status error! %s' % err)
return
if registry_srv_status != SMBServiceStatus.RUNNING:
logger.info('RemoteRegistry is not running! Starting it now..')
res, err = await machine.enable_service("RemoteRegistry")
if err is not None:
print(err)
return
await asyncio.sleep(5) #waiting for service to start up
reg_api, err = await machine.get_regapi()
if err is not None:
print(err)
return
## do stuff
for cmd, target in commands:
if cmd == SMBREG_COMMAND.READ:
regpath, name = target.split(':', 1)
hkey, err = await reg_api.OpenRegPath(regpath)
if err is not None:
print(err)
continue
val_type, value, err = await reg_api.QueryValue(hkey, name)
if err is not None:
print(err)
continue
print(value)
elif cmd == SMBREG_COMMAND.ENUMVALUE:
hkey, err = await reg_api.OpenRegPath(target)
if err is not None:
print(err)
continue
i = 0
while True:
value_name, value_type, value_data, err = await reg_api.EnumValue(
hkey, i)
i += 1
if err is not None:
print(err)
break
print(value_name)
print(value_type)
print(value_data)
elif cmd == SMBREG_COMMAND.ENUMKEY:
hkey, err = await reg_api.OpenRegPath(target)
if err is not None:
print(err)
continue
i = 0
while True:
res, err = await reg_api.EnumKey(hkey, i)
i += 1
if err is not None:
print(err)
break
print(res)