async def connect(self, is_kerberos = False): """ """ #hiding the import, so you'll only need to install multiplexor only when actually using it from multiplexor.operator import MultiplexorOperator con_str = self.target.proxy.target.get_server_url() #creating operator and connecting to multiplexor server self.operator = MultiplexorOperator(con_str, logging_sink = logger) await self.operator.connect() #creating socks5 proxy server_info = await self.operator.start_socks5(self.target.proxy.target.agent_id) await self.operator.terminate() #print(server_info) if is_kerberos is False: #copying the original target, then feeding it to socks5proxy object. it will hold the actual socks5 proxy server address we created before tp = MSLDAPProxy() tp.target = SocksTarget() tp.target.version = SocksServerVersion.SOCKS5 tp.target.server_ip = server_info['listen_ip'] tp.target.server_port = server_info['listen_port'] tp.target.is_bind = False tp.target.proto = SocksProtocol.TCP tp.target.timeout = self.target.timeout tp.target.buffer_size = 4096 tp.target.endpoint_ip = self.target.host tp.target.endpoint_port = self.target.port tp.target.endpoint_timeout = None # TODO: maybe implement endpoint timeout in the msldap target? tp.type = MSLDAPProxyType.SOCKS5 newtarget = copy.deepcopy(self.target) newtarget.proxy = tp return SocksProxyConnection(target = newtarget) else: kt = copy.deepcopy(self.target) kt.proxy = KerberosProxy() kt.proxy.target = SocksTarget() kt.proxy.target.version = SocksServerVersion.SOCKS5 kt.proxy.target.server_ip = server_info['listen_ip'] kt.proxy.target.server_port = server_info['listen_port'] kt.proxy.target.is_bind = False kt.proxy.target.proto = SocksProtocol.TCP kt.proxy.target.timeout = 10 kt.proxy.target.buffer_size = 4096 kt.proxy.target.endpoint_ip = self.target.ip kt.proxy.target.endpoint_port = self.target.port #kt.proxy.creds = copy.deepcopy(self.target.proxy.auth) return kt
async def setup(self):
try:
if self.no_work_dir is False:
logger.debug('Setting up working directory')
if self.work_dir is not None:
if isinstance(self.work_dir, str):
self.work_dir = pathlib.Path(self.work_dir)
else:
self.work_dir = pathlib.Path()
self.work_dir.mkdir(parents=True, exist_ok=True)
self.ldap_work_dir = self.work_dir.joinpath('ldap')
self.ldap_work_dir.mkdir(parents=True, exist_ok=True)
self.smb_work_dir = self.work_dir.joinpath('smb')
self.smb_work_dir.mkdir(parents=True, exist_ok=True)
logger.debug('Setting up connection objects')
if self.dns_server is not None:
self.rdns_resolver = RDNS(server=self.dns_server,
protocol='TCP',
cache=True,
proxy=self.proxy)
if self.ldap_url is not None:
self.ldap_mgr = self.ldap_url
if isinstance(self.ldap_url, str):
self.ldap_mgr = MSLDAPURLDecoder(self.ldap_url)
if self.proxy is not None:
#overriding proxy!
pu = SocksClientURL.from_urls(self.proxy)
p = MSLDAPProxy(MSLDAPProxyType.SOCKS5, pu)
self.ldap_mgr.proxy = p
if self.smb_url is not None:
self.smb_mgr = self.smb_url
if isinstance(self.smb_url, str):
self.smb_mgr = SMBConnectionURL(self.smb_url)
if self.proxy is not None:
#overriding proxy!
pu = SocksClientURL.from_urls(self.proxy)
p = SMBProxy()
p.type = SMBProxyType.SOCKS5
p.target = pu
self.smb_mgr.proxy = p
logger.debug('Setting up database connection')
if self.progress_queue is None and self.show_progress is True:
self.progress_queue = asyncio.Queue()
self.progress_task = asyncio.create_task(self.print_progress())
return True, None
except Exception as e:
return False, e
def get_target(self):
target = MSLDAPTarget(self.ldap_host,
port=self.ldap_port,
proto=self.ldap_proto.lower(),
tree=self.ldap_tree,
timeout=self.target_timeout)
if self.proxy_scheme is not None:
proxy = MSLDAPProxy()
proxy.ip = self.proxy_ip
proxy.port = self.proxy_port
proxy.timeout = 10
proxy.proxy_type = self.proxy_scheme
proxy.username = self.proxy_username
proxy.domain = self.proxy_domain
proxy.settings = self.proxy_settings
proxy.timeout = self.proxy_timeout
target.proxy = proxy
return target
def parse(self):
url_e = urlparse(self.url)
self.scheme_decoder(url_e.scheme)
self.password = url_e.password
if self.__pwpreprocess is not None:
if self.__pwpreprocess == 'PROMPT':
self.password = getpass.getpass()
elif self.__pwpreprocess == 'HEX':
self.password = bytes.fromhex(self.password).decode()
elif self.__pwpreprocess == 'B64':
self.password = base64.b64decode(self.password).decode()
else:
raise Exception('Unknown password preprocess directive %s' % self.__pwpreprocess)
if url_e.username is not None:
if url_e.username.find('\\') != -1:
self.domain , self.username = url_e.username.split('\\')
else:
self.domain = None
self.username = url_e.username
#defaulting schemes...
if self.auth_scheme is None:
if self.username is not None and self.domain is not None and self.password is not None:
#tricky parsing to make user feel confortable...
if len(self.password) == 32:
try:
bytes.fromhex(self.password)
self.auth_scheme = LDAPAuthProtocol.NTLM_NT
except:
self.auth_scheme = LDAPAuthProtocol.NTLM_PASSWORD
else:
self.auth_scheme = LDAPAuthProtocol.NTLM_PASSWORD
else:
self.auth_scheme = LDAPAuthProtocol.SIMPLE
self.ldap_host = url_e.hostname
if url_e.port is not None:
self.ldap_port = int(url_e.port)
if url_e.path is not None:
tree = url_e.path.replace('/','')
if tree != '':
self.ldap_tree = tree
proxy_present = False
if url_e.query is not None:
query = parse_qs(url_e.query)
if 'etype' in query:
self.etypes = []
for k in query:
if k.startswith('proxy') is True:
proxy_present = True
if k == 'dc':
self.dc_ip = query[k][0]
elif k == 'timeout':
self.timeout = int(query[k][0])
elif k == 'serverip':
self.serverip = query[k][0]
elif k == 'dns':
self.dns = query[k] #multiple dns can be set, so not trimming here
elif k == 'encrypt':
self.encrypt = bool(int(query[k][0]))
elif k == 'etype':
self.etypes = [int(x) for x in query[k]]
elif k.startswith('auth'):
self.auth_settings[k[len('auth'):]] = query[k]
elif k == 'rate':
self.target_ratelimit = float(query[k][0])
elif k == 'pagesize':
self.target_pagesize = int(query[k][0])
elif k == 'altname':
self.altname = query[k][0]
elif k == 'altdomain':
self.altdomain = query[k][0]
#elif k.startswith('same'):
# self.auth_settings[k[len('same'):]] = query[k]
if proxy_present is True:
self.proxy = MSLDAPProxy.from_params(self.url)
if self.auth_scheme in [LDAPAuthProtocol.SSPI_NTLM, LDAPAuthProtocol.SSPI_KERBEROS]:
if platform.system().upper() != 'WINDOWS':
raise Exception('SSPI auth only works on Windows!')
if self.username is None:
self.username = '******'
if self.password is None:
self.password = '******'
if self.domain is None:
self.domain = '<CURRENT>'
if self.auth_scheme in MSLDAP_KERBEROS_PROTOCOLS and self.dc_ip is None:
raise Exception('The "dc" parameter MUST be used for kerberos authentication types!')