github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/impacket/examples/smbclient.py (about)

     1  #!/usr/bin/env python
     2  # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
     3  #
     4  # This software is provided under under a slightly modified version
     5  # of the Apache Software License. See the accompanying LICENSE file
     6  # for more information.
     7  #
     8  # Description: Mini shell using some of the SMB funcionality of the library
     9  #
    10  # Author:
    11  #  Alberto Solino (@agsolino)
    12  #
    13  #
    14  # Reference for:
    15  #  SMB DCE/RPC
    16  #
    17  from __future__ import division
    18  from __future__ import print_function
    19  import sys
    20  import logging
    21  import argparse
    22  from impacket.examples import logger
    23  from impacket.examples.smbclient import MiniImpacketShell
    24  from impacket import version
    25  from impacket.smbconnection import SMBConnection
    26  
    27  def main():
    28      # Init the example's logger theme
    29      logger.init()
    30      print(version.BANNER)
    31      parser = argparse.ArgumentParser(add_help = True, description = "SMB client implementation.")
    32  
    33      parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')
    34      parser.add_argument('-file', type=argparse.FileType('r'), help='input file with commands to execute in the mini shell')
    35      parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
    36  
    37      group = parser.add_argument_group('authentication')
    38  
    39      group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH')
    40      group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful for -k)')
    41      group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file '
    42                                                         '(KRB5CCNAME) based on target parameters. If valid credentials '
    43                                                         'cannot be found, it will use the ones specified in the command '
    44                                                         'line')
    45      group.add_argument('-aesKey', action="store", metavar = "hex key", help='AES key to use for Kerberos Authentication '
    46                                                                              '(128 or 256 bits)')
    47  
    48      group = parser.add_argument_group('connection')
    49  
    50      group.add_argument('-dc-ip', action='store', metavar="ip address",
    51                         help='IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in '
    52                              'the target parameter')
    53      group.add_argument('-target-ip', action='store', metavar="ip address",
    54                         help='IP Address of the target machine. If omitted it will use whatever was specified as target. '
    55                              'This is useful when target is the NetBIOS name and you cannot resolve it')
    56      group.add_argument('-port', choices=['139', '445'], nargs='?', default='445', metavar="destination port",
    57                         help='Destination port to connect to SMB Server')
    58  
    59      if len(sys.argv)==1:
    60          parser.print_help()
    61          sys.exit(1)
    62  
    63      options = parser.parse_args()
    64  
    65      if options.debug is True:
    66          logging.getLogger().setLevel(logging.DEBUG)
    67      else:
    68          logging.getLogger().setLevel(logging.INFO)
    69  
    70      import re
    71      domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match(
    72          options.target).groups('')
    73  
    74      #In case the password contains '@'
    75      if '@' in address:
    76          password = password + '@' + address.rpartition('@')[0]
    77          address = address.rpartition('@')[2]
    78  
    79      if options.target_ip is None:
    80          options.target_ip = address
    81  
    82      if domain is None:
    83          domain = ''
    84  
    85      if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None:
    86          from getpass import getpass
    87          password = getpass("Password:")
    88  
    89      if options.aesKey is not None:
    90          options.k = True
    91  
    92      if options.hashes is not None:
    93          lmhash, nthash = options.hashes.split(':')
    94      else:
    95          lmhash = ''
    96          nthash = ''
    97  
    98      try:
    99          smbClient = SMBConnection(address, options.target_ip, sess_port=int(options.port))
   100          if options.k is True:
   101              smbClient.kerberosLogin(username, password, domain, lmhash, nthash, options.aesKey, options.dc_ip )
   102          else:
   103              smbClient.login(username, password, domain, lmhash, nthash)
   104  
   105          shell = MiniImpacketShell(smbClient)
   106  
   107          if options.file is not None:
   108              logging.info("Executing commands from %s" % options.file.name)
   109              for line in options.file.readlines():
   110                  if line[0] != '#':
   111                      print("# %s" % line, end=' ')
   112                      shell.onecmd(line)
   113                  else:
   114                      print(line, end=' ')
   115          else:
   116              shell.cmdloop()
   117      except Exception as e:
   118          if logging.getLogger().level == logging.DEBUG:
   119              import traceback
   120              traceback.print_exc()
   121          logging.error(str(e))
   122  
   123  if __name__ == "__main__":
   124      main()