async def connect(self, is_kerberos = False): """ """ #hiding the import, so you'll only need to install multiplexor only when actually using it from multiplexor.operator import MultiplexorOperator con_str = self.target.proxy.target.get_server_url() #creating operator and connecting to multiplexor server self.operator = MultiplexorOperator(con_str, logging_sink = logger) await self.operator.connect() #creating socks5 proxy server_info = await self.operator.start_socks5(self.target.proxy.target.agent_id) await self.operator.terminate() #print(server_info) if is_kerberos is False: #copying the original target, then feeding it to socks5proxy object. it will hold the actual socks5 proxy server address we created before tp = MSLDAPProxy() tp.target = SocksTarget() tp.target.version = SocksServerVersion.SOCKS5 tp.target.server_ip = server_info['listen_ip'] tp.target.server_port = server_info['listen_port'] tp.target.is_bind = False tp.target.proto = SocksProtocol.TCP tp.target.timeout = self.target.timeout tp.target.buffer_size = 4096 tp.target.endpoint_ip = self.target.host tp.target.endpoint_port = self.target.port tp.target.endpoint_timeout = None # TODO: maybe implement endpoint timeout in the msldap target? tp.type = MSLDAPProxyType.SOCKS5 newtarget = copy.deepcopy(self.target) newtarget.proxy = tp return SocksProxyConnection(target = newtarget) else: kt = copy.deepcopy(self.target) kt.proxy = KerberosProxy() kt.proxy.target = SocksTarget() kt.proxy.target.version = SocksServerVersion.SOCKS5 kt.proxy.target.server_ip = server_info['listen_ip'] kt.proxy.target.server_port = server_info['listen_port'] kt.proxy.target.is_bind = False kt.proxy.target.proto = SocksProtocol.TCP kt.proxy.target.timeout = 10 kt.proxy.target.buffer_size = 4096 kt.proxy.target.endpoint_ip = self.target.ip kt.proxy.target.endpoint_port = self.target.port #kt.proxy.creds = copy.deepcopy(self.target.proxy.auth) return kt
async def setup(self): try: if self.no_work_dir is False: logger.debug('Setting up working directory') if self.work_dir is not None: if isinstance(self.work_dir, str): self.work_dir = pathlib.Path(self.work_dir) else: self.work_dir = pathlib.Path() self.work_dir.mkdir(parents=True, exist_ok=True) self.ldap_work_dir = self.work_dir.joinpath('ldap') self.ldap_work_dir.mkdir(parents=True, exist_ok=True) self.smb_work_dir = self.work_dir.joinpath('smb') self.smb_work_dir.mkdir(parents=True, exist_ok=True) logger.debug('Setting up connection objects') if self.dns_server is not None: self.rdns_resolver = RDNS(server=self.dns_server, protocol='TCP', cache=True, proxy=self.proxy) if self.ldap_url is not None: self.ldap_mgr = self.ldap_url if isinstance(self.ldap_url, str): self.ldap_mgr = MSLDAPURLDecoder(self.ldap_url) if self.proxy is not None: #overriding proxy! pu = SocksClientURL.from_urls(self.proxy) p = MSLDAPProxy(MSLDAPProxyType.SOCKS5, pu) self.ldap_mgr.proxy = p if self.smb_url is not None: self.smb_mgr = self.smb_url if isinstance(self.smb_url, str): self.smb_mgr = SMBConnectionURL(self.smb_url) if self.proxy is not None: #overriding proxy! pu = SocksClientURL.from_urls(self.proxy) p = SMBProxy() p.type = SMBProxyType.SOCKS5 p.target = pu self.smb_mgr.proxy = p logger.debug('Setting up database connection') if self.progress_queue is None and self.show_progress is True: self.progress_queue = asyncio.Queue() self.progress_task = asyncio.create_task(self.print_progress()) return True, None except Exception as e: return False, e
def get_target(self): target = MSLDAPTarget(self.ldap_host, port=self.ldap_port, proto=self.ldap_proto.lower(), tree=self.ldap_tree, timeout=self.target_timeout) if self.proxy_scheme is not None: proxy = MSLDAPProxy() proxy.ip = self.proxy_ip proxy.port = self.proxy_port proxy.timeout = 10 proxy.proxy_type = self.proxy_scheme proxy.username = self.proxy_username proxy.domain = self.proxy_domain proxy.settings = self.proxy_settings proxy.timeout = self.proxy_timeout target.proxy = proxy return target
def parse(self): url_e = urlparse(self.url) self.scheme_decoder(url_e.scheme) self.password = url_e.password if self.__pwpreprocess is not None: if self.__pwpreprocess == 'PROMPT': self.password = getpass.getpass() elif self.__pwpreprocess == 'HEX': self.password = bytes.fromhex(self.password).decode() elif self.__pwpreprocess == 'B64': self.password = base64.b64decode(self.password).decode() else: raise Exception('Unknown password preprocess directive %s' % self.__pwpreprocess) if url_e.username is not None: if url_e.username.find('\\') != -1: self.domain , self.username = url_e.username.split('\\') else: self.domain = None self.username = url_e.username #defaulting schemes... if self.auth_scheme is None: if self.username is not None and self.domain is not None and self.password is not None: #tricky parsing to make user feel confortable... if len(self.password) == 32: try: bytes.fromhex(self.password) self.auth_scheme = LDAPAuthProtocol.NTLM_NT except: self.auth_scheme = LDAPAuthProtocol.NTLM_PASSWORD else: self.auth_scheme = LDAPAuthProtocol.NTLM_PASSWORD else: self.auth_scheme = LDAPAuthProtocol.SIMPLE self.ldap_host = url_e.hostname if url_e.port is not None: self.ldap_port = int(url_e.port) if url_e.path is not None: tree = url_e.path.replace('/','') if tree != '': self.ldap_tree = tree proxy_present = False if url_e.query is not None: query = parse_qs(url_e.query) if 'etype' in query: self.etypes = [] for k in query: if k.startswith('proxy') is True: proxy_present = True if k == 'dc': self.dc_ip = query[k][0] elif k == 'timeout': self.timeout = int(query[k][0]) elif k == 'serverip': self.serverip = query[k][0] elif k == 'dns': self.dns = query[k] #multiple dns can be set, so not trimming here elif k == 'encrypt': self.encrypt = bool(int(query[k][0])) elif k == 'etype': self.etypes = [int(x) for x in query[k]] elif k.startswith('auth'): self.auth_settings[k[len('auth'):]] = query[k] elif k == 'rate': self.target_ratelimit = float(query[k][0]) elif k == 'pagesize': self.target_pagesize = int(query[k][0]) elif k == 'altname': self.altname = query[k][0] elif k == 'altdomain': self.altdomain = query[k][0] #elif k.startswith('same'): # self.auth_settings[k[len('same'):]] = query[k] if proxy_present is True: self.proxy = MSLDAPProxy.from_params(self.url) if self.auth_scheme in [LDAPAuthProtocol.SSPI_NTLM, LDAPAuthProtocol.SSPI_KERBEROS]: if platform.system().upper() != 'WINDOWS': raise Exception('SSPI auth only works on Windows!') if self.username is None: self.username = '******' if self.password is None: self.password = '******' if self.domain is None: self.domain = '<CURRENT>' if self.auth_scheme in MSLDAP_KERBEROS_PROTOCOLS and self.dc_ip is None: raise Exception('The "dc" parameter MUST be used for kerberos authentication types!')