def connect(self):
inventory = Inventory()
address = self.hostname
if inventory.has_option(self.hostname, 'address'):
address = inventory.get(self.hostname, 'address')
ip = None
nb_name = None
try:
socket.inet_aton(address)
ip = address
except OSError as e:
nb_name = address
nb = NetBIOS()
if ip is not None and nb_name is None:
# need to look up the hostname
logger.debug('Looking up NetBIOS name from IP ' + ip)
nb_names = nb.queryIPForName(ip)
if nb_names is None or len(nb_names) < 1:
raise RuntimeError('Cannot connect to host ' + self.hostname +
'; looking up NetBIOS name failed')
nb_name = nb_names[0]
elif ip is None and nb_name is not None:
# not a IPv4 address, need to look up the ip
nb_name = address
logger.debug('Looking up NetBIOS IP from name ' + nb_name)
ips = nb.queryName(nb_name)
if ips is None or len(ips) < 1:
raise RuntimeError('Cannot connect to host ' + self.hostname +
'; looking up NetBIOS IP failed')
ip = ips[0]
nb.close()
if inventory.has_option(self.hostname,
'username') and inventory.has_option(
self.hostname, 'password'):
username = inventory.get(self.hostname, 'username')
password = inventory.get(self.hostname, 'password')
client_machine_name = ''.join(
random.choice(string.ascii_letters + string.digits)
for _ in range(15))
logger.debug('Using client name of ' + client_machine_name)
logger.info('Connecting to ' + nb_name + ' as ' + username +
' for host ' + self.hostname)
self.connection = SMBHost(username,
password,
client_machine_name,
nb_name,
use_ntlm_v2=True,
sign_options=SMBHost.SIGN_WHEN_SUPPORTED
) #, is_direct_tcp=True)
if not self.connection.connect(ip):
raise RuntimeError('Cannot connect to host ' + self.hostname +
'; connecting via SMB failed')
else:
raise RuntimeError('No method of authenticating with host ' +
self.hostname + ' found')
print(str(self.connection.listPath('ADMIN$', '\\')))
def run(self):
print "Starting thread for " + self.ip
net = NetBIOS()
net_name = str(net.queryIPForName(self.ip)).strip("['").strip("']")
net.close()
conn = SMBConnection(self.user,
self.pwd,
'cobwebs',
net_name,
domain=self.domain,
use_ntlm_v2=False)
if conn.connect(self.ip, port=139, timeout=10):
print(
"Connecting to %s was successful! How about a nice game of spidering %s%s?"
% (self.ip, self.share, self.subfolder))
else:
print("Connection error: %s" % (self.ip))
if self.recursive > 0:
recurse(conn, self.ip, self.share, self.subfolder, self.pattern,
int(self.recursive))
else:
filelist = conn.listPath(self.share, self.subfolder)
dir_list(filelist, self.ip, self.subfolder, self.pattern)
conn.close()
print "Exiting thread for " + self.ip
def get_netbios_name(remote_addr):
nb = NetBIOS()
names = nb.queryIPForName(remote_addr)
nb.close()
if len(names) == 0:
raise NameError('No NetBIOS name found for {}'.format(remote_addr))
elif len(names) > 1:
logging.warn('More than one NetBIOS name for {}'.format(remote_addr))
return names[0]
def getBIOSName(remote_smb_ip, timeout=30): try: bios = NetBIOS() srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout) except: print >> sys.stderr, "Looking up timeout, check remote_smb_ip again!!" finally: bios.close() return srv_name
def getBIOSIp(remote_smb_name, timeout=30): try: bios = NetBIOS() server_ip_list = bios.queryName(remote_smb_name, timeout=timeout) except: print >> sys.stderr, "Looking up timeout, check remote_smb_name again!!" finally: bios.close() return server_ip_list
def get_netbios_name(remote_addr, timeout=DEFAULT_TIMEOUT):
nb = NetBIOS()
names = nb.queryIPForName(remote_addr, timeout=timeout)
nb.close()
if names is None or len(names) == 0:
raise NameError('No NetBIOS name found for {}'.format(remote_addr))
elif len(names) > 1:
logging.warn('More than one NetBIOS name for {}'.format(remote_addr))
return names[0]
def getBIOSName(remote_smb_ip, timeout=30):
try:
bios = NetBIOS()
srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
except:
print(sys.stderr, "Looking up timeout, check remote_smb_ip again!!")
finally:
bios.close()
return srv_name
def getBIOSName(timeout=30):
try:
bios = NetBIOS()
srv_name = bios.queryIPForName('172.25.73.100', timeout=timeout)
except:
print("Looking up timeout, check remote_smb_ip again!!", sys.stderr)
finally:
bios.close()
return srv_name
def getServerName(self, remote_smb_ip, timeout=30):
bios = NetBIOS()
srv_name = None
try:
srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
except:
log.err("Couldn't find SMB server name, check remote_smb_ip again!!")
finally:
bios.close()
return srv_name
def getBIOSName(remote_smb_ip, timeout=5):
try:
bios = NetBIOS()
srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
except:
print 'getBIOSName: timeout too short?'
finally:
bios.close()
#print 'bios name = ' + srv_name[0]
return srv_name[0]
def getServerName(self, remote_smb_ip, timeout=30):
bios = NetBIOS()
srv_name = None
try:
srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
except:
log.err(
"Couldn't find SMB server name, check remote_smb_ip again!!")
finally:
bios.close()
return srv_name
def reverse_host(host, timeout=1, save=True):
n = NetBIOS()
try:
host.hostname = n.queryIPForName(host.ip_address, timeout=timeout)[0]
except:
pass
n.close()
host.reverse_latest_time = timezone.datetime.now()
if save:
host.save()
return host
def reverse_host(host, timeout=1, save=True):
n = NetBIOS()
try:
host.hostname = n.queryIPForName(host.ip_address, timeout=timeout)[0]
except:
pass
n.close()
host.reverse_latest_time = timezone.datetime.now()
if save:
host.save()
return host
def get_BIOSName(self, host, timeout=30):
try:
bios = NetBIOS()
srv_name = bios.queryIPForName(host, timeout=timeout)
except Exception as e:
logger.error("Looking up timeout, check remote_smb_ip again. %s" %
str(e))
finally:
bios.close()
return srv_name
def getBIOSName(remote_smb_ip, timeout=30):
# 通过IP地址,查找smb服务器的名称
srv_name = None
bios = NetBIOS()
try:
srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
except:
print "查找samba服务器的名称时超时。"
finally:
bios.close()
return srv_name
def clean_up(ip, share, subfolder, user, pwd, domain):
net = NetBIOS()
net_name = str(net.queryIPForName(ip)).strip("['").strip("']")
net.close()
conn = SMBConnection(user, pwd, 'cobwebs', net_name, domain=domain, use_ntlm_v2=True, is_direct_tcp=True)
if conn.connect(ip, port=445, timeout=10):
print(Fore.GREEN+"[+] Connection to %s Successful! Cleaning up SCF's Now!" % ip + Style.RESET_ALL)
else:
print(Fore.RED+"[!] Connection to %s Failed!" % ip + Style.RESET_ALL)
delete_file(conn, ip, subfolder, share)
conn.close()
def getBIOSName(remote_smb_ip, timeout=5):
# Devuelvo el nombre NetBios de una máquina remota
from nmb.NetBIOS import NetBIOS
Aux = 'ERROR'
try:
bios = NetBIOS()
srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
Aux = srv_name[0]
except:
print 'No es posible conocer el nombre NETBIOS del servidor ' + remote_smb_ip + ' en el tiempo ' + str(
timeout)
finally:
bios.close()
return Aux
def get_name(target, timeout=5):
logger.blue('Getting NetBIOS Name for {}'.format(logger.BLUE(target)))
logger.verbose('Timeout for NetBIOS resolution: '+str(timeout))
bios = NetBIOS()
try:
tmpnetbios_name = bios.queryIPForName(target, timeout=timeout)
netbios_name = str(tmpnetbios_name[0])
except:
netbios_name = None
bios.close()
if netbios_name == None:
logger.red_indent('Failed to get NetBIOS Name')
return None
else:
logger.green_indent('Got NetBIOS Name: {}'.format(
logger.GREEN(netbios_name)))
return str(netbios_name)
def run(self):
print "Starting thread for " + self.ip
net = NetBIOS()
net_name = str(net.queryIPForName(self.ip)).strip("['").strip("']")
net.close()
conn = SMBConnection(self.user, self.pwd, 'cobwebs', net_name, domain=self.domain, use_ntlm_v2 = False)
if conn.connect(self.ip, port=139, timeout=10):
print ("Connecting to %s was successful! How about a nice game of spidering %s%s?" % (self.ip, self.share, self.subfolder))
else:
print ("Connection error: %s" % (self.ip))
if self.recursive > 0:
recurse(conn,self.ip,self.share,self.subfolder,self.pattern,int(self.recursive))
else:
filelist = conn.listPath(self.share, self.subfolder)
dir_list(filelist,self.ip,self.subfolder,self.pattern)
conn.close()
print "Exiting thread for " + self.ip
def run(options):
ip = options['ip']
port = options['port']
username = options['username']
password = options['password']
test = random.choice(config.SMB_FILES)
expected = test['checksum']
try:
n = NetBIOS()
hostname = n.queryIPForName(ip)[0]
n.close()
conn = SMBConnection(username, password, '', hostname, config.DOMAIN)
conn.connect(ip, port)
t = tempfile.TemporaryFile()
conn.retrieveFile(test['sharename'], test['path'], t)
except (SMBTimeout, socket.timeout):
logger.debug('Timeout')
return False
except NotReadyError:
logger.debug(ERROR_STRINGS['NotReadyError'] % (username, password))
return False
except (NotConnectedError, UnsupportedFeature, ProtocolError, OperationFailure) as e:
name = e.__class__.__name__
if name in ERROR_STRINGS:
logger.debug(ERROR_STRINGS[name] % e)
else:
logger.debug('%s: %s' % (name, e))
return False
sha1 = hashlib.sha1()
t.seek(0)
sha1.update(t.read())
t.close()
checksum = sha1.hexdigest()
if checksum == expected:
return True
else:
logger.debug('Check failed: output: %s | expected: %s' % (checksum, expected))
return False
def get_name(target, timeout=2):
logger.live_info('[{}]:\tATTEMPTING NETBIOS NAME'.format(logger.BLUE(target)))
# logger.verbose('Timeout for NetBIOS resolution: '+str(timeout))
logger.verbose('[{}]:\tNETBIOS TIMEOUT: {}'.format(logger.YELLOW(target),logger.YELLOW(str(timeout))))
bios = NetBIOS()
try:
tmpnetbios_name = bios.queryIPForName(target, timeout=timeout)
netbios_name = str(tmpnetbios_name[0])
except:
netbios_name = None
bios.close()
if netbios_name == None:
logger.live_bad('[{}]:\tNETBIOS NAME: {}'.format(logger.RED(target),logger.RED('FAILED')))
return None
else:
logger.green('[{}]:\tNETBIOS NAME: {}'.format(logger.GREEN(target),logger.GREEN(netbios_name)))
return str(netbios_name)
def run(self):
if self.ip is None:
print(Fore.YELLOW+Style.DIM+"[*] No IP to go after, moving to next target..."+Style.RESET_ALL)
else:
print(Fore.YELLOW+"[+] Starting thread for " + self.ip+Style.RESET_ALL)
net = NetBIOS()
net_name = str(net.queryIPForName(self.ip)).strip("['").strip("']")
net.close()
conn = SMBConnection(self.user, self.pwd, 'cobwebs', net_name, domain=self.domain, use_ntlm_v2 = True, is_direct_tcp=True)
if conn.connect(self.ip, port=445, timeout=10):
print(Fore.GREEN+"[+] Connection to %s Successful! Time to Spider!" % self.ip+Style.RESET_ALL)
else:
print(Fore.RED+"[!] Connection Failed to %s!" % self.ip+Style.RESET_ALL)
shares = conn.listShares()
for share in shares:
if not share.isSpecial and share.name not in ['NETLOGON', 'SYSVOL']:
x = True
while x == True:
x = recurse(conn,self.ip,share,"/")
if x == False:
break
conn.close()
def connect_smb(self, host, username, password):
try:
#remote_machine_name = str(getfqdn(host))
nbs = NetBIOS(broadcast=True, listen_port=0)
remote_machine_name = str(nbs.queryIPForName(host, timeout=10)[0])
nbs.close()
if not remote_machine_name:
print("Noname")
return 0
conn = SMBConnection.SMBConnection(str(username),
str(password),
'Samurai',
remote_machine_name,
use_ntlm_v2=True)
if conn.connect(
host, 139, timeout=10
) == True: #assert conn.connect(host,139,timeout=10)
conn.close()
return 1
else:
return 0
except Exception as e:
return 0
def run(self):
print("Starting thread for " + self.ip)
net = NetBIOS()
net_name = str(net.queryIPForName(self.ip)).strip("['").strip("']")
net.close()
conn = SMBConnection(self.user,
self.pwd,
'cobwebs',
net_name,
domain=self.domain,
use_ntlm_v2=False)
if conn.connect(self.ip, port=139, timeout=10):
print(("Successfully connected to %s! Spidering %s%s?" %
(self.ip, self.share, self.subfolder)))
else:
print("Failed to connect to: %s" % (self.ip))
if int(self.recursive) > 0:
recurse(conn, self.ip, self.share, self.subfolder, self.pattern,
int(self.recursive))
else:
file_list = conn.listPath(self.share, self.subfolder)
dir_list(file_list, self.ip, self.subfolder, self.pattern)
conn.close()
print("Exiting thread for " + self.ip)
if update_code < 0:
return 201
# get scan path from redis server
smb_path = get_sub_path(redis_con, args.scankey)
if smb_path is None:
return 201
# smb_path = {"192.168.2.30@dp:dpdp":[u"/产品版本/BSW/BSWV100R003/神州二号"],}
print("[%s] scanning smb server path %s" % (time.ctime(), smb_path))
logger.info("scanning smb server path %s" % smb_path)
client_name = socket.gethostname()
for ismb in smb_path.keys():
ismb_ip = ismb.split("@")[0]
userpasw = ismb.split("@")[1].split(":")
bios = NetBIOS()
srv_name = bios.queryIPForName(ismb_ip)
bios.close()
smb_con = SMBConnection(userpasw[0], userpasw[1], client_name,
srv_name[0])
smb_con.connect(ismb_ip)
scansmb = ScanSmbPath(smb_con, smb_path[ismb], args.filepattren)
scansmb.find_file()
for ipath in smb_path[ismb]:
(n_file, n_fsize) = scansmb.get_new_file(ipath)
filename = os.path.split(n_file)[1]
ret = scansmb.retrieve_file(ipath, args.tftppath, n_fsize)
if ret == 0:
pulish_update_msg(redis_con, args.pubkey, ismb, ipath,
args.tftpip, filename)
smb_con.close()
def getServerIP(self):
q = NetBIOS()
self.server_ip = q.queryName(self.server_name)[0]
q.close()
print('Looking up IP from target NetBIOS name ' + target_nb_name)
ips = nb.queryName(target_nb_name)
print('Got IPs:' + str(ips))
if ips is None or len(ips) < 1:
raise RuntimeError('Cannot connect to host ' + target + '; looking up NetBIOS IP failed')
target_ip = ips[0]
if target_nb_name is None:
print('Looking up NetBIOS name from target IP: ' + target_ip)
nb_names = nb.queryIPForName(target_ip)
print('Got NB names: ' + str(nb_names))
if nb_names is None or len(nb_names) < 1:
raise RuntimeError('Cannot connect to host ' + target + '; looking up NetBIOS name failed')
target_nb_name = nb_names[0]
nb.close()
client_machine_name = socket.gethostbyaddr(socket.gethostname())[0]
# client_machine_name = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(15))
# print('Generated client machine name: ' + client_machine_name + '\n')
domain = input('Enter domain [none]: ')
username = input('Enter username: '******'Enter password: '******'Could not connect to host ' + target + '; establishing connection failed')
if conn.echo('blah') != 'blah':
print('Got IPs:' + str(ips))
if ips is None or len(ips) < 1:
raise RuntimeError('Cannot connect to host ' + target +
'; looking up NetBIOS IP failed')
target_ip = ips[0]
if target_nb_name is None:
print('Looking up NetBIOS name from target IP: ' + target_ip)
nb_names = nb.queryIPForName(target_ip)
print('Got NB names: ' + str(nb_names))
if nb_names is None or len(nb_names) < 1:
raise RuntimeError('Cannot connect to host ' + target +
'; looking up NetBIOS name failed')
target_nb_name = nb_names[0]
nb.close()
client_machine_name = socket.gethostbyaddr(socket.gethostname())[0]
# client_machine_name = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(15))
# print('Generated client machine name: ' + client_machine_name + '\n')
domain = input('Enter domain [none]: ')
username = input('Enter username: '******'Enter password: ')
conn = SMBConnection(username,
password,
client_machine_name,
target_nb_name,
domain=domain,
use_ntlm_v2=True,