def login_standard(self, user, domain, ansiPwd, unicodePwd): smb = NewSMBPacket() smb['Flags1'] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Data() sessionSetup['Parameters']['MaxBuffer'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VCNumber'] = os.getpid() sessionSetup['Parameters']['SessionKey'] = self._dialects_parameters['SessionKey'] sessionSetup['Parameters']['AnsiPwdLength'] = len(ansiPwd) sessionSetup['Parameters']['UnicodePwdLength'] = len(unicodePwd) sessionSetup['Parameters']['Capabilities'] = SMB.CAP_RAW_MODE sessionSetup['Data']['AnsiPwd'] = ansiPwd sessionSetup['Data']['UnicodePwd'] = unicodePwd sessionSetup['Data']['Account'] = str(user) sessionSetup['Data']['PrimaryDomain'] = str(domain) sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: print "[!] Error login_standard" return None, STATUS_LOGON_FAILURE else: self._uid = smb['Uid'] return smb, STATUS_SUCCESS
def login_standard(self, user, domain, ansiPwd, unicodePwd): smb = NewSMBPacket() smb["Flags1"] = 8 sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup["Parameters"] = SMBSessionSetupAndX_Parameters() sessionSetup["Data"] = SMBSessionSetupAndX_Data() sessionSetup["Parameters"]["MaxBuffer"] = 65535 sessionSetup["Parameters"]["MaxMpxCount"] = 2 sessionSetup["Parameters"]["VCNumber"] = os.getpid() sessionSetup["Parameters"]["SessionKey"] = self._dialects_parameters["SessionKey"] sessionSetup["Parameters"]["AnsiPwdLength"] = len(ansiPwd) sessionSetup["Parameters"]["UnicodePwdLength"] = len(unicodePwd) sessionSetup["Parameters"]["Capabilities"] = SMB.CAP_RAW_MODE sessionSetup["Data"]["AnsiPwd"] = ansiPwd sessionSetup["Data"]["UnicodePwd"] = unicodePwd sessionSetup["Data"]["Account"] = str(user) sessionSetup["Data"]["PrimaryDomain"] = str(domain) sessionSetup["Data"]["NativeOS"] = "Unix" sessionSetup["Data"]["NativeLanMan"] = "Samba" smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: logging.error("Error login_standard") return None, STATUS_LOGON_FAILURE else: self._uid = smb["Uid"] return smb, STATUS_SUCCESS
def sendNegotiate(self, negotiateMessage): smb = NewSMBPacket() smb['Flags1'] = SMB.FLAGS1_PATHCASELESS smb['Flags2'] = SMB.FLAGS2_EXTENDED_SECURITY # Are we required to sign SMB? If so we do it, if not we skip it if self._SignatureRequired: smb['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX) sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters() sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data() sessionSetup['Parameters']['MaxBufferSize'] = 65535 sessionSetup['Parameters']['MaxMpxCount'] = 2 sessionSetup['Parameters']['VcNumber'] = 1 sessionSetup['Parameters']['SessionKey'] = 0 sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE # Let's build a NegTokenInit with the NTLMSSP # TODO: In the future we should be able to choose different providers blob = SPNEGO_NegTokenInit() # NTLMSSP blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']] blob['MechToken'] = str(negotiateMessage) sessionSetup['Parameters']['SecurityBlobLength'] = len(blob) sessionSetup['Parameters'].getData() sessionSetup['Data']['SecurityBlob'] = blob.getData() # Fake Data here, don't want to get us fingerprinted sessionSetup['Data']['NativeOS'] = 'Unix' sessionSetup['Data']['NativeLanMan'] = 'Samba' smb.addCommand(sessionSetup) self.sendSMB(smb) smb = self.recvSMB() try: smb.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX) except: print "[!] SessionSetup Error!" return None else: # We will need to use this uid field for all future requests/responses self._uid = smb['Uid'] # Now we have to extract the blob to continue the auth process sessionResponse = SMBCommand(smb['Data'][0]) sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters']) sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2']) sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength'] sessionData.fromString(sessionResponse['Data']) respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob']) return respToken['ResponseToken']