def getShares(self): # Setup up a DCE SMBTransport with the connection already in place LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost())) try: self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\srvsvc', smb_connection = self.connection) dce_srvs = self._rpctransport.get_dce_rpc() dce_srvs.connect() dce_srvs.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce_srvs, 1) return resp['InfoStruct']['ShareInfo']['Level1'] except: LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost())) raise
def listShares(self): """ get a list of available shares at the connected target :return: a list containing dict entries for each share, raises exception if error """ # Get the shares through RPC from mitmflib.impacket.dcerpc.v5 import transport, srvs rpctransport = transport.SMBTransport(self.getRemoteHost(), self.getRemoteHost(), filename = r'\srvsvc', smb_connection = self) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce, 1) return resp['InfoStruct']['ShareInfo']['Level1']['Buffer']
def getShares(self): # Setup up a DCE SMBTransport with the connection already in place LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost())) try: self._rpctransport = transport.SMBTransport( self.connection.getRemoteHost(), self.connection.getRemoteHost(), filename=r'\srvsvc', smb_connection=self.connection) dce_srvs = self._rpctransport.get_dce_rpc() dce_srvs.connect() dce_srvs.bind(srvs.MSRPC_UUID_SRVS) resp = srvs.hNetrShareEnum(dce_srvs, 1) return resp['InfoStruct']['ShareInfo']['Level1'] except: LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost())) raise
def test_hNetrShareEnum(self): dce, rpctransport = self.connect() resp = srvs.hNetrShareEnum(dce, 0) resp.dump() resp = srvs.hNetrShareEnum(dce, 1) resp.dump() resp = srvs.hNetrShareEnum(dce, 2) resp.dump() resp = srvs.hNetrShareEnum(dce, 501) resp.dump() resp = srvs.hNetrShareEnum(dce, 502) resp.dump() resp = srvs.hNetrShareEnum(dce, 503) resp.dump()