swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Forgot to add the smbspider class back in connector.py, whoops!

main
byt3bl33d3r 2016-03-29 23:58:24 -06:00
parent 0bc0855c43
commit 811001edc4
4 changed files with 94 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
core/connector.py
View File

@ -165,19 +165,24 @@ def connector(target, args, db, module, context, cmeserver):
if connection.admin_privs and args.uac: if connection.admin_privs and args.uac:
UAC(connection.conn, logger).enum() UAC(connection.conn, logger).enum()
if args.spider:
spider = SMBSpider(logger, connection, args)
spider.spider(args.spider, args.depth)
spider.finish()
if args.enum_shares: if args.enum_shares:
ShareEnum(connection.conn, logger).enum() ShareEnum(connection.conn, logger).enum()
if args.enum_lusers or args.enum_disks or args.enum_sessions: if args.enum_lusers or args.enum_disks or args.enum_sessions:
rpc_connection = RPCQUERY(connection, logger) rpc_connection = RPCQUERY(connection, logger)
if connection.admin_privs and args.enum_lusers: if args.enum_lusers:
rpc_connection.enum_lusers() rpc_connection.enum_lusers()
if args.enum_sessions: if args.enum_sessions:
rpc_connection.enum_sessions() rpc_connection.enum_sessions()
if connection.admin_privs and args.enum_disks: if args.enum_disks:
rpc_connection.enum_disks() rpc_connection.enum_disks()
if args.pass_pol: if args.pass_pol:

22
core/enum/rpcquery.py
View File

@ -43,8 +43,12 @@ class RPCQUERY():
def enum_lusers(self): def enum_lusers(self):
dce, rpctransport = self.connect('wkssvc') dce, rpctransport = self.connect('wkssvc')
resp = wkst.hNetrWkstaUserEnum(dce, 1)
lusers = resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer'] try:
resp = wkst.hNetrWkstaUserEnum(dce, 1)
lusers = resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']
except Exception:
return
self.logger.success("Enumerating logged on users") self.logger.success("Enumerating logged on users")
for user in lusers: for user in lusers:
@ -55,14 +59,20 @@ class RPCQUERY():
def enum_sessions(self): def enum_sessions(self):
dce, rpctransport = self.connect('srvsvc') dce, rpctransport = self.connect('srvsvc')
level = 502
try: try:
level = 502
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, level) resp = srvs.hNetrSessionEnum(dce, NULL, NULL, level)
sessions = resp['InfoStruct']['SessionInfo']['Level502']['Buffer'] sessions = resp['InfoStruct']['SessionInfo']['Level502']['Buffer']
except Exception: except Exception:
pass
try:
level = 0 level = 0
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, level) resp = srvs.hNetrSessionEnum(dce, NULL, NULL, level)
sessions = resp['InfoStruct']['SessionInfo']['Level0']['Buffer'] sessions = resp['InfoStruct']['SessionInfo']['Level0']['Buffer']
except Exception:
return
self.logger.success("Enumerating active sessions") self.logger.success("Enumerating active sessions")
for session in sessions: for session in sessions:
@ -80,10 +90,16 @@ class RPCQUERY():
def enum_disks(self): def enum_disks(self):
dce, rpctransport = self.connect('srvsvc') dce, rpctransport = self.connect('srvsvc')
try: try:
resp = srvs.hNetrServerDiskEnum(dce, 1) resp = srvs.hNetrServerDiskEnum(dce, 1)
except Exception: except Exception:
pass
try:
resp = srvs.hNetrServerDiskEnum(dce, 0) resp = srvs.hNetrServerDiskEnum(dce, 0)
except Exception:
return
self.logger.success("Enumerating disks") self.logger.success("Enumerating disks")
for disk in resp['DiskInfoStruct']['Buffer']: for disk in resp['DiskInfoStruct']['Buffer']:

103
core/spider/smbspider.py
View File

@ -7,18 +7,17 @@ import traceback
class SMBSpider: class SMBSpider:
def __init__(self, logger, connection): def __init__(self, logger, connection, args):
self.logger = logger self.logger = logger
self.smbconnection = smbconnection self.smbconnection = connection.conn
self.start_time = time() self.start_time = time()
self.host = host self.args = args
self.logger.info("Started spidering")
self.logger.success("Started spidering")
def spider(self, subfolder, depth): def spider(self, subfolder, depth):
''' '''
Apperently spiders don't like stars! (*) Apperently spiders don't like stars *!
who knew? who knew? damn you spiders
''' '''
if subfolder == '' or subfolder == '.': if subfolder == '' or subfolder == '.':
@ -31,7 +30,7 @@ class SMBSpider:
subfolder = subfolder.replace('/*/', '/') + '/*' subfolder = subfolder.replace('/*/', '/') + '/*'
try: try:
filelist = self.smbconnection.listPath(settings.args.share, subfolder) filelist = self.smbconnection.listPath(self.args.share, subfolder)
self.dir_list(filelist, subfolder) self.dir_list(filelist, subfolder)
if depth == 0: if depth == 0:
return return
@ -42,36 +41,49 @@ class SMBSpider:
if result.is_directory() and result.get_longname() != '.' and result.get_longname() != '..': if result.is_directory() and result.get_longname() != '.' and result.get_longname() != '..':
if subfolder == '*': if subfolder == '*':
self.spider(subfolder.replace('*', '') + result.get_longname(), depth-1) self.spider(subfolder.replace('*', '') + result.get_longname(), depth-1)
elif subfolder != '*' and (subfolder[:-2].split('/')[-1] not in settings.args.exclude_dirs): elif subfolder != '*' and (subfolder[:-2].split('/')[-1] not in self.args.exclude_dirs):
self.spider(subfolder.replace('*', '') + result.get_longname(), depth-1) self.spider(subfolder.replace('*', '') + result.get_longname(), depth-1)
return return
def dir_list(self, files, path): def dir_list(self, files, path):
path = path.replace('*', '') path = path.replace('*', '')
for result in files: for result in files:
for pattern in settings.args.pattern: if self.args.pattern:
if re.findall(pattern, result.get_longname()): for pattern in self.args.pattern:
if result.is_directory(): if result.get_longname().lower().find(pattern.lower()) != -1:
self.logger.highlight(u"//{}/{}{} [dir]".format(self.__host, path, result.get_longname())) if result.is_directory():
else: self.logger.highlight(u"//{}/{}{} [dir]".format(self.args.share, path, result.get_longname()))
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{}]".format(self.host, else:
path, self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{}]".format(self.args.share,
result.get_longname(), path,
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())), result.get_longname(),
result.get_filesize())) strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize()))
if settings.args.search_content: elif self.args.regex:
if not result.is_directory(): for regex in self.args.regex:
self.search_content(path, result, pattern) if re.findall(regex, result.get_longname()):
if result.is_directory():
self.logger.highlight(u"//{}/{}{} [dir]".format(self.args.share, path, result.get_longname()))
else:
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{}]".format(self.args.share,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize()))
if self.args.search_content:
if not result.is_directory():
self.search_content(path, result)
return return
def search_content(self, path, result, pattern): def search_content(self, path, result):
path = path.replace('*', '') path = path.replace('*', '')
try: try:
rfile = RemoteFile(self.smbconnection, rfile = RemoteFile(self.smbconnection,
path + result.get_longname(), path + result.get_longname(),
settings.args.share, self.args.share,
access = FILE_READ_DATA) access = FILE_READ_DATA)
rfile.open() rfile.open()
@ -82,23 +94,40 @@ class SMBSpider:
if 'STATUS_END_OF_FILE' in str(e): if 'STATUS_END_OF_FILE' in str(e):
return return
if re.findall(pattern, contents): if self.args.pattern:
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{} offset:{} pattern:{}]".format(self.host, for pattern in self.args.pattern:
path, if contents.lower().find(pattern.lower()) != -1:
result.get_longname(), self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{} offset:{} pattern:'{}']".format(self.args.share,
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())), path,
result.get_filesize(), result.get_longname(),
rfile.tell(), strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
pattern.pattern)) result.get_filesize(),
rfile.close() rfile.tell(),
return pattern))
break
elif self.args.regex:
for regex in self.args.regex:
if re.findall(pattern, contents):
self.logger.highlight(u"//{}/{}{} [lastm:'{}' size:{} offset:{} regex:'{}']".format(self.args.share,
path,
result.get_longname(),
strftime('%Y-%m-%d %H:%M', localtime(result.get_mtime_epoch())),
result.get_filesize(),
rfile.tell(),
regex.pattern))
break
rfile.close()
return
except SessionError as e: except SessionError as e:
if 'STATUS_SHARING_VIOLATION' in str(e): if 'STATUS_SHARING_VIOLATION' in str(e):
pass pass
except Exception as e: except Exception:
traceback.print_exc() pass
#traceback.print_exc()
def finish(self): def finish(self):
self.logger.error("Done spidering (Completed in {})".format(time() - self.start_time)) self.logger.info("Done spidering (Completed in {})".format(time() - self.start_time))

4
crackmapexec.py
View File

@ -102,8 +102,8 @@ sgroup.add_argument("--spider", metavar='FOLDER', nargs='?', const='.', type=str
sgroup.add_argument("--content", dest='search_content', action='store_true', help='Enable file content searching') sgroup.add_argument("--content", dest='search_content', action='store_true', help='Enable file content searching')
sgroup.add_argument("--exclude-dirs", type=str, metavar='DIR_LIST', default='', dest='exclude_dirs', help='Directories to exclude from spidering') sgroup.add_argument("--exclude-dirs", type=str, metavar='DIR_LIST', default='', dest='exclude_dirs', help='Directories to exclude from spidering')
esgroup = sgroup.add_mutually_exclusive_group() esgroup = sgroup.add_mutually_exclusive_group()
esgroup.add_argument("--pattern", type=str, help='Pattern to search for in folders, filenames and file content') esgroup.add_argument("--pattern", nargs='*', help='Pattern(s) to search for in folders, filenames and file content')
esgroup.add_argument("--regex", type=str, help='Regex to search for in folders, filenames and file content') esgroup.add_argument("--regex", nargs='*', help='Regex(s) to search for in folders, filenames and file content')
sgroup.add_argument("--depth", type=int, default=10, help='Spider recursion depth (default: 10)') sgroup.add_argument("--depth", type=int, default=10, help='Spider recursion depth (default: 10)')
cgroup = parser.add_argument_group("Command Execution", "Options for executing commands") cgroup = parser.add_argument_group("Command Execution", "Options for executing commands")