def get_smb_connection(self, cmd): try: hostname, ip = self.get_target_address(cmd.target) res, domain, username, password = self.get_stored_cred(cmd.creds) if res is False: raise Exception('Could not find user creds!') target = SMBTarget(ip=ip, hostname=hostname, timeout=1, dc_ip=domain, protocol=SMBConnectionProtocol.TCP) target.preferred_dialects = SMB2_NEGOTIATE_DIALTECTS_2 auth_type = SMBAuthProtocol.NTLM secret_type = SMBCredentialsSecretType.PASSWORD credential = SMBCredential(username=username, domain=domain, secret=password, secret_type=secret_type, authentication_type=auth_type, settings=None, target=target) print(target) print(credential) gssapi = AuthenticatorBuilder.to_spnego_cred(credential, target) connection = SMBConnection(gssapi, target) return connection, None except Exception as e: traceback.print_exc() return None, e
async def domain_test(connection_string, domain_name, out_file = None, json_out = False): target = SMBTarget.from_connection_string(connection_string) credential = SMBCredential.from_connection_string(connection_string) spneg = AuthenticatorBuilder.to_spnego_cred(credential, target) async with SMBConnection(spneg, target) as connection: await connection.login() async with SMBDomain(domain_name, connection=connection) as domain: logging.debug('Connecting to SAMR') try: await domain.open(access_level = samr.DOMAIN_ALL_ACCESS) except Exception as e: logging.exception('Failed to create domain object') info = await domain.get_info() async for user_name, user_sid in domain.list_users(): print(user_name, user_sid) try: user_handle = await domain.open_user(user_sid, access_level = samr.USER_ALL_ACCESS) #x = await domain.get_security_info(user_handle) user_info = await domain.get_user_info(user_handle) #async for group_sid in domain.get_user_group_memberships(user_handle): # print(group_sid) except Exception as e: print(e) continue #async for name, sid in domain.list_groups(): # print(name, sid) print('Done!')
def get_target(self): return SMBTarget(ip=self.ip, port=self.port, hostname=self.hostname, timeout=self.timeout, dc_ip=self.dc_ip, domain=self.domain, proxy=self.get_proxy())
def get_target(self): if self.ip is not None and self.hostname is None: try: ipaddress.ip_address(self.ip) except: self.hostname = self.ip if self.server_ip is not None: self.ip = self.server_ip t = SMBTarget(ip=self.ip, port=self.port, hostname=self.hostname, timeout=self.timeout, dc_ip=self.dc_ip, domain=self.domain, proxy=self.get_proxy()) t.update_dialect(self.dialect) if self.fragment is not None: fs = 0x100000 if self.fragment == 5: fs = 5 * 1024 elif self.fragment == 4: fs = 7 * 1024 elif self.fragment == 3: fs = 10 * 1024 elif self.fragment == 2: fs = 500 * 1024 elif self.fragment == 1: fs = 5000 * 1024 t.MaxTransactSize = fs t.MaxReadSize = fs t.MaxWriteSize = fs return t
def get_target(self): if self.ip is not None and self.hostname is None: try: ipaddress.ip_address(self.ip) except: self.hostname = self.ip if self.server_ip is not None: self.ip = self.server_ip t = SMBTarget(ip=self.ip, port=self.port, hostname=self.hostname, timeout=self.timeout, dc_ip=self.dc_ip, domain=self.domain, proxy=self.get_proxy()) t.update_dialect(self.dialect) return t
def get_smb_target(self, domain=None, proxy=None, dc_ip=None, timeout=1): ip = None hostname = self.hostname try: ipaddress.ip_address(hostname) ip = hostname hostname = None except: pass print('get_smb_target: domain: %s , ip: %s, hostname: %s' % (domain, ip, hostname)) return SMBTarget(ip=ip, hostname=hostname, timeout=timeout, dc_ip=dc_ip, domain=domain, proxy=proxy, protocol=SMBConnectionProtocol.TCP, path=None)