def test_name_registration_request(self):
n = nmb.NetBIOS()
# ToDo: Look at this
#resp = n.name_registration_request('*SMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_G, '1.1.1.1')
resp = n.name_registration_request('*JSMBSERVER', self.serverName,
nmb.TYPE_WORKSTATION, None,
nmb.NB_FLAGS_ONT_P, '1.1.1.2')
resp.dump()
def __init__(self):
Thread.__init__(self)
self.running = True
self.target = None
self.NBT = nmb.NetBIOS()
#log('#### Setting NBT broadcast address. hardcoded slackness. FIX ####','red')
self.NBT.set_broadcastaddr(broadcastip)
def test_name_registration_request(self):
n = nmb.NetBIOS()
# ToDo: Look at this
#resp = n.name_registration_request('*SMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_G, '1.1.1.1')
try:
resp = n.name_registration_request('*JSMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_ONT_P, '1.1.1.2')
resp.dump()
except Exception as e:
print(str(e))
if str(e).find('NETBIOS') <= 0:
raise e
def run(self):
FIXED_SIZE = 17
if self.target == "":
self.gom.echo("[!] No target specified, using localhost as target")
self.target = "localhost"
objNmb = nmb.NetBIOS()
self.data = []
for node in objNmb.getnodestatus("*", self.target):
data = node.get_nbname()
data = data.replace("\x02", "").replace("\x01", "")
if len(data) < FIXED_SIZE:
data += " " * (FIXED_SIZE - len(data))
else:
data = data[:FIXED_SIZE]
if data.find("__MSBROWSE__") > -1:
self.masterBrowser = True
x = nmb.NAME_TYPES.get(node.get_nametype(), "?")
if len(x) < FIXED_SIZE:
x += " " * (FIXED_SIZE - len(x))
else:
x = x[:FIXED_SIZE]
data += x
mac = objNmb.getmacaddress()
if mac == "00-00-00-00-00-00":
self.isWin32 = False
else:
self.isWin32 = True
self.macVendor = getMacVendor(mac.replace("-", ""))
self.mac = mac
data += " " + mac
if node.is_active():
data += " ACTIVE "
if node.is_group():
data += " GROUP "
if node.is_deleting():
data += " DELETING"
if node.is_conflict():
data += " CONFLICT "
if node.is_permanent():
data += " PERMANENT "
self.data.append(data)
return True
def negotiateSession(self, preferredDialect=None,
flags1=smb.SMB.FLAGS1_PATHCASELESS | smb.SMB.FLAGS1_CANONICALIZED_PATHS,
flags2=smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES,
negoData='\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00'):
"""
Perform protocol negotiation
:param string preferredDialect: the dialect desired to talk with the target server. If None is specified the highest one available will be used
:param string flags1: the SMB FLAGS capabilities
:param string flags2: the SMB FLAGS2 capabilities
:param string negoData: data to be sent as part of the nego handshake
:return: True, raises a Session Error if error.
"""
# If port 445 and the name sent is *SMBSERVER we're setting the name to the IP. This is to help some old
# applications still believing
# *SMSBSERVER will work against modern OSes. If port is NETBIOS_SESSION_PORT the user better know about i
# *SMBSERVER's limitations
if self._sess_port == nmb.SMB_SESSION_PORT and self._remoteName == '*SMBSERVER':
self._remoteName = self._remoteHost
elif self._sess_port == nmb.NETBIOS_SESSION_PORT and self._remoteName == '*SMBSERVER':
# If remote name is *SMBSERVER let's try to query its name.. if can't be guessed, continue and hope for the best
nb = nmb.NetBIOS()
try:
res = nb.getnetbiosname(self._remoteHost)
except:
pass
else:
self._remoteName = res
hostType = nmb.TYPE_SERVER
if preferredDialect is None:
# If no preferredDialect sent, we try the highest available one.
packet = self.negotiateSessionWildcard(self._myName, self._remoteName, self._remoteHost, self._sess_port,
self._timeout, True, flags1=flags1, flags2=flags2, data=negoData)
if packet[0:1] == b'\xfe':
# Answer is SMB2 packet
self._SMBConnection = smb3.SMB3(self._remoteName, self._remoteHost, self._myName, hostType,
self._sess_port, self._timeout, session=self._nmbSession,
negSessionResponse=SMB2Packet(packet))
else:
# Answer is SMB packet, sticking to SMBv1
self._SMBConnection = smb.SMB(self._remoteName, self._remoteHost, self._myName, hostType,
self._sess_port, self._timeout, session=self._nmbSession,
negPacket=packet)
else:
if preferredDialect == smb.SMB_DIALECT:
self._SMBConnection = smb.SMB(self._remoteName, self._remoteHost, self._myName, hostType,
self._sess_port, self._timeout)
elif preferredDialect in [SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30]:
self._SMBConnection = smb3.SMB3(self._remoteName, self._remoteHost, self._myName, hostType,
self._sess_port, self._timeout, preferredDialect=preferredDialect)
else:
raise Exception("Unknown dialect %s")
# propagate flags to the smb sub-object, except for Unicode (if server supports)
# does not affect smb3 objects
if isinstance(self._SMBConnection, smb.SMB):
if self._SMBConnection.get_flags()[1] & smb.SMB.FLAGS2_UNICODE:
flags2 |= smb.SMB.FLAGS2_UNICODE
self._SMBConnection.set_flags(flags1=flags1, flags2=flags2)
return True
def test_name_query_request(self):
n = nmb.NetBIOS()
# ToDo: Look at this
# resp = n.name_registration_request('*SMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_G, '1.1.1.1')
resp = n.name_query_request(self.serverName, self.machine)
print(resp.entries)
def test_gethostbyname(self):
n = nmb.NetBIOS()
n.set_nameserver(self.serverName)
resp = n.gethostbyname(self.serverName, nmb.TYPE_SERVER)
print(resp.entries)
def test_getnodestatus(self):
n = nmb.NetBIOS()
resp = n.getnodestatus(self.serverName.upper(), self.machine)
for r in resp:
r.dump()
print(resp)
def test_getnetbiosname(self):
n = nmb.NetBIOS()
res = n.getnetbiosname(self.machine)
print(repr(res))
self.assertEqual(self.serverName, res)
def test_getnodestatus(self):
n = nmb.NetBIOS()
resp = n.getnodestatus(self.serverName.upper(), self.machine)
print resp
