def host_enum(target, args, lockout, config_obj, db_obj, loggers):
try:
# OS Enumeration
try:
con = login(args, loggers, target, db_obj, lockout)
if con.admin:
loggers['console'].success([con.host, con.ip, "ENUM", con.os + con.os_arch, "(Domain: {})".format(con.srvdomain), "(Signing: {})".format(str(con.signing)), "(SMBv1: {})".format(str(con.smbv1)), "({})".format(highlight(config_obj.PWN3D_MSG, 'yellow'))])
else:
loggers['console'].info([con.host, con.ip, "ENUM", con.os + con.os_arch, "(Domain: {})".format(con.srvdomain),"(Signing: {})".format(str(con.signing)), "(SMBv1: {})".format(str(con.smbv1))])
except Exception as e:
return []
# Sharefinder
shares = []
if args.share:
shares = args.share.split(",")
for share in shares:
loggers['console'].info([con.host, con.ip, "USER_SHARES", "\\\\{}\\{}".format(con.host, share)])
elif args.sharefinder or args.spider:
shares = share_finder(con, args, loggers, target)
# Secondary actions
if args.gen_relay_list and not con.signing:
loggers['relay_list'].info(con.host)
if args.passpol:
password_policy(con, args, db_obj, loggers)
if args.sam:
extract_sam(con, args, target, loggers)
if args.ntds:
extract_ntds(con, args, target, loggers)
if args.loggedon:
loggedon_users(con, args, target, loggers)
if args.sessions:
active_sessions(con, args, target, loggers)
if args.list_processes:
tasklist(con, args, loggers)
if args.wmi_query:
wmi_query(con, args, target, loggers)
if args.execute:
code_execution(con, args, target, loggers, config_obj)
if args.ps_execute:
ps_execution(con, args, target, loggers, config_obj)
if args.module:
execute_module(con, args, target, loggers, config_obj)
# Close connections & return
try:
con.con.logoff()
except:
pass
con.close()
loggers['console'].debug("Shares returned for: {} {}".format(target, shares))
return shares
except KeyboardInterrupt:
try:
con.close()
except:
pass
_exit(0)
except Exception as e:
loggers['console'].debug(str(e))
def host_enum(target, args, lockout, config_obj, db_obj, loggers):
# @TODO refactor
try:
try:
if args.exec_method == 'ssh':
con = ssh_login(args, loggers, target, db_obj, lockout,
config_obj)
else:
con = smb_login(args, loggers, target, db_obj, lockout,
config_obj)
except Exception as e:
loggers['console'].debug(
[target, target, "ENUM",
highlight(str(e), 'red')])
return []
shares = []
if args.exec_method == 'ssh' and con.auth:
if args.execute:
con.admin = True # Override admin to allow execution
code_execution(con, args, target, loggers, config_obj,
args.execute)
return []
elif con.auth:
# Sharefinder
if args.share:
shares = args.share.split(",")
for share in shares:
loggers['console'].info([
con.host, con.ip, "SHAREFINDER",
"\\\\{}\\{}".format(con.host, share)
])
elif args.sharefinder or args.spider:
shares = share_finder(con, args, loggers, target)
# Secondary actions
if args.passpol:
password_policy(con, args, db_obj, loggers)
if args.sam:
extract_sam(con, args, target, loggers)
if args.lsa:
extract_lsa(con, args, target, loggers)
if args.ntds:
extract_ntds(con, args, target, loggers)
if args.loggedon:
loggedon_users(con, args, target, loggers)
if args.sessions:
active_sessions(con, args, target, loggers)
if args.list_processes:
tasklist(con, args, loggers)
if args.list_services:
list_services(con, args, loggers, target)
if args.local_groups:
get_netlocalgroups(con, args, target, loggers)
if args.local_members:
localgroup_members(con, args, target, loggers)
if args.wmi_query:
wmi_query(con, args, target, loggers)
if args.execute:
code_execution(con, args, target, loggers, config_obj,
args.execute)
if args.ps_execute:
ps_execution(con, args, target, loggers, config_obj)
if args.module:
execute_module(con, args, target, loggers, config_obj)
# Close connections & return
try:
con.con.logoff()
except:
pass
con.close()
loggers['console'].debug("Shares returned for: {} {}".format(
target, shares))
return shares
except KeyboardInterrupt:
try:
con.close()
except:
pass
_exit(0)
except Exception as e:
loggers['console'].debug(str(e))