def __init__(self): # dictionary indexed by uid, points to login tuple (hostname, # domain\name) (string) self.uidname = {} self.tidmap = {} # dictionary indexed by tid, points to tree path # dictionary of smb file objects, indexed by conn+fid (use # sessIndexFromFID function) self.smbfileobjs = {} SMBDecoder.__init__(self, name='smbfiles', description='List files accessed via smb', filter='tcp and (port 445 or port 139)', filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][1] == 139 or t[1][1] == 139, author='amm', optiondict={ 'nopsexec': { 'action': 'store_true', 'help': 'supress psexecsvc streams from output' }, 'activeonly': { 'action': 'store_true', 'help': 'only output files with reads or writes' } })
def __init__(self): # dictionary indexed by uid, points to login domain\name (string) self.uidname = {} self.fidhandles = {} # dictionary to map fid handles to psexec objects # dictionary of psexec objects, indexed by conn+PID (use sessIndex # function) self.psexecobjs = {} # FID won't work as an index because each stream has its own SMBDecoder.__init__( self, name='psexec', description= 'Extract command/response information from psexec over smb', filter='tcp and (port 445 or port 139)', filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][ 1] == 139 or t[1][1] == 139, author='amm', optiondict={ 'alertsonly': { 'action': 'store_true', 'help': 'only dump alerts, not content' }, 'htmlalert': { 'action': 'store_true', 'help': 'include html as named value in alerts' }, 'time': { 'action': 'store_true', 'help': 'display command/response timestamps' } }) self.legacy = True # self.out=colorout.ColorOutput(title='psexec') self.out = colorout.ColorOutput()
def __init__(self): self.fidhandles = {} # dictionary to map fid handles to filenames # dictionary to map fid handles to local filedescriptors # (ie. fd = open(fname,'wb')) self.fds = {} self.outdir = None SMBDecoder.__init__(self, name='rip-smb-uploads', description='Extract files uploaded via SMB', filter='tcp and port 445', filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445, author='bg', optiondict={ "outdir": {"help": "Directory to place files (default: ./smb_out)", "default": "./smb_out", "metavar": "DIRECTORY"}, } ) self.legacy = True
def __init__(self): # dictionary indexed by uid, points to login tuple (hostname, # domain\name) (string) self.uidname = {} self.tidmap = {} # dictionary indexed by tid, points to tree path # dictionary of smb file objects, indexed by conn+fid (use # sessIndexFromFID function) self.smbfileobjs = {} SMBDecoder.__init__(self, name='smbfiles', description='List files accessed via smb', filter='tcp and (port 445 or port 139)', filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][1] == 139 or t[1][1] == 139, author='amm', optiondict={ 'nopsexec': {'action': 'store_true', 'help': 'supress psexecsvc streams from output'}, 'activeonly': {'action': 'store_true', 'help': 'only output files with reads or writes'} } )
def __init__(self): # dictionary indexed by uid, points to login domain\name (string) self.uidname = {} self.fidhandles = {} # dictionary to map fid handles to psexec objects # dictionary of psexec objects, indexed by conn+PID (use sessIndex # function) self.psexecobjs = {} # FID won't work as an index because each stream has its own SMBDecoder.__init__(self, name='psexec', description='Extract command/response information from psexec over smb', filter='tcp and (port 445 or port 139)', filterfn=lambda t: t[0][1] == 445 or t[1][1] == 445 or t[0][1] == 139 or t[1][1] == 139, author='amm', optiondict={ 'alertsonly': {'action': 'store_true', 'help': 'only dump alerts, not content'}, 'htmlalert': {'action': 'store_true', 'help': 'include html as named value in alerts'}, 'time': {'action': 'store_true', 'help': 'display command/response timestamps'} } ) self.legacy = True # self.out=colorout.ColorOutput(title='psexec') self.out = colorout.ColorOutput()
def connectionHandler(self, conn): SMBDecoder.connectionHandler(self, conn) for k in self.smbfileobjs.keys(): del self.smbfileobjs[k]