swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Forgot to add the smbspider class back in connector.py, whoops!

main
byt3bl33d3r 2016-03-29 23:58:24 -06:00
parent 0bc0855c43
commit 811001edc4
4 changed files with 94 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/connector.py
View File

@ -165,19 +165,24 @@ def connector(target, args, db, module, context, cmeserver):
if connection.admin_privs and args.uac:
UAC(connection.conn, logger).enum()
if args.spider:
spider = SMBSpider(logger, connection, args)
spider.spider(args.spider, args.depth)
spider.finish()
if args.enum_shares:
ShareEnum(connection.conn, logger).enum()
if args.enum_lusers or args.enum_disks or args.enum_sessions:
rpc_connection = RPCQUERY(connection, logger)
if connection.admin_privs and args.enum_lusers:
if args.enum_lusers:
rpc_connection.enum_lusers()
if args.enum_sessions:
rpc_connection.enum_sessions()
if connection.admin_privs and args.enum_disks:
if args.enum_disks:
rpc_connection.enum_disks()
if args.pass_pol:

22
core/enum/rpcquery.py
View File

@ -43,8 +43,12 @@ class RPCQUERY():
def enum_lusers(self):
dce, rpctransport = self.connect('wkssvc')
resp = wkst.hNetrWkstaUserEnum(dce, 1)
lusers = resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']
try:
resp = wkst.hNetrWkstaUserEnum(dce, 1)
lusers = resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']
except Exception:
return
self.logger.success("Enumerating logged on users")
for user in lusers:
@ -55,14 +59,20 @@ class RPCQUERY():
def enum_sessions(self):
dce, rpctransport = self.connect('srvsvc')
level = 502
try:
level = 502
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, level)
sessions = resp['InfoStruct']['SessionInfo']['Level502']['Buffer']
except Exception:
pass
try:
level = 0
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, level)
sessions = resp['InfoStruct']['SessionInfo']['Level0']['Buffer']
except Exception:
return
self.logger.success("Enumerating active sessions")
for session in sessions:
@ -80,10 +90,16 @@ class RPCQUERY():
def enum_disks(self):
dce, rpctransport = self.connect('srvsvc')
try:
resp = srvs.hNetrServerDiskEnum(dce, 1)
except Exception:
pass
try:
resp = srvs.hNetrServerDiskEnum(dce, 0)
except Exception:
return
self.logger.success("Enumerating disks")
for disk in resp['DiskInfoStruct']['Buffer']:

103
core/spider/smbspider.py
View File

@ -7,18 +7,17 @@ import traceback
class SMBSpider:
def __init__(self, logger, connection):
def __init__(self, logger, connection, args):
self.logger = logger
self.smbconnection = smbconnection
self.smbconnection = connection.conn
self.start_time = time()
self.host = host
self.logger.success("Started spidering")
self.args = args
self.logger.info("Started spidering")
def spider(self, subfolder, depth):
'''
Apperently spiders don't like stars! (*)
who knew?
Apperently spiders don't like stars *!
who knew? damn you spiders
'''
if subfolder == '' or subfolder == '.':
@ -31,7 +30,7 @@ class SMBSpider:
subfolder = subfolder.replace('/*/', '/') + '/*'
try:
filelist = self.smbconnection.listPath(settings.args.share, subfolder)
filelist = self.smbconnection.listPath(self.args.share, subfolder)
self.dir_list(filelist, subfolder)
if depth == 0:
return
@ -42,36 +41,49 @@ class SMBSpider:
if result.is_directory() and result.get_longname() != '.' and result.get_longname() != '..':
if subfolder == '*':
self.spider(subfolder.replace('*', '') + result.get_longname(), depth-1)
elif subfolder != '*' and (subfolder[:-2].split('/')[-1] not in settings.args.exclude_dirs):
elif subfolder != '*' and (subfolder[:-2].split('/')[-1] not in self.args.exclude_dirs):
self.spider(subfolder.replace('*', '') + result.get_longname(), depth-1)
return
def dir_list(self, files, path):
path = path.replace('*', '')
for result in files:
for pattern in settings.args.pattern:
if re.findall(pattern, result.get_longname()):
if result.is_directory():
self.logger.highlight(u"//{}/{}{} [dir]".format(self.__host, path, result.get_longname()))
else:
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{}]".format(self.host,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize()))
if self.args.pattern:
for pattern in self.args.pattern:
if result.get_longname().lower().find(pattern.lower()) != -1:
if result.is_directory():
self.logger.highlight(u"//{}/{}{} [dir]".format(self.args.share, path, result.get_longname()))
else:
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{}]".format(self.args.share,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize()))
if settings.args.search_content:
if not result.is_directory():
self.search_content(path, result, pattern)
elif self.args.regex:
for regex in self.args.regex:
if re.findall(regex, result.get_longname()):
if result.is_directory():
self.logger.highlight(u"//{}/{}{} [dir]".format(self.args.share, path, result.get_longname()))
else:
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{}]".format(self.args.share,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize()))
if self.args.search_content:
if not result.is_directory():
self.search_content(path, result)
return
def search_content(self, path, result, pattern):
def search_content(self, path, result):
path = path.replace('*', '')
try:
rfile = RemoteFile(self.smbconnection,
path + result.get_longname(),
settings.args.share,
self.args.share,
access = FILE_READ_DATA)
rfile.open()
@ -82,23 +94,40 @@ class SMBSpider:
if 'STATUS_END_OF_FILE' in str(e):
return
if re.findall(pattern, contents):
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{} offset:{} pattern:{}]".format(self.host,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize(),
rfile.tell(),
pattern.pattern))
rfile.close()
return
if self.args.pattern:
for pattern in self.args.pattern:
if contents.lower().find(pattern.lower()) != -1:
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{} offset:{} pattern:'{}']".format(self.args.share,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize(),
rfile.tell(),
pattern))
break
elif self.args.regex:
for regex in self.args.regex:
if re.findall(pattern, contents):
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{} offset:{} regex:'{}']".format(self.args.share,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize(),
rfile.tell(),
regex.pattern))
break
rfile.close()
return
except SessionError as e:
if 'STATUS_SHARING_VIOLATION' in str(e):
pass
except Exception as e:
traceback.print_exc()
except Exception:
pass
#traceback.print_exc()
def finish(self):
self.logger.error("Done spidering (Completed in {})".format(time() - self.start_time))
self.logger.info("Done spidering (Completed in {})".format(time() - self.start_time))

4
crackmapexec.py
View File

@ -102,8 +102,8 @@ sgroup.add_argument("--spider", metavar='FOLDER', nargs='?', const='.', type=str
sgroup.add_argument("--content", dest='search_content', action='store_true', help='Enable file content searching')
sgroup.add_argument("--exclude-dirs", type=str, metavar='DIR_LIST', default='', dest='exclude_dirs', help='Directories to exclude from spidering')
esgroup = sgroup.add_mutually_exclusive_group()
esgroup.add_argument("--pattern", type=str, help='Pattern to search for in folders, filenames and file content')
esgroup.add_argument("--regex", type=str, help='Regex to search for in folders, filenames and file content')
esgroup.add_argument("--pattern", nargs='*', help='Pattern(s) to search for in folders, filenames and file content')
esgroup.add_argument("--regex", nargs='*', help='Regex(s) to search for in folders, filenames and file content')
sgroup.add_argument("--depth", type=int, default=10, help='Spider recursion depth (default: 10)')
cgroup = parser.add_argument_group("Command Execution", "Options for executing commands")