github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/impacket/examples/smbclient.py (about) 1 #!/usr/bin/env python 2 # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 3 # 4 # This software is provided under under a slightly modified version 5 # of the Apache Software License. See the accompanying LICENSE file 6 # for more information. 7 # 8 # Description: Mini shell using some of the SMB funcionality of the library 9 # 10 # Author: 11 # Alberto Solino (@agsolino) 12 # 13 # 14 # Reference for: 15 # SMB DCE/RPC 16 # 17 from __future__ import division 18 from __future__ import print_function 19 import sys 20 import logging 21 import argparse 22 from impacket.examples import logger 23 from impacket.examples.smbclient import MiniImpacketShell 24 from impacket import version 25 from impacket.smbconnection import SMBConnection 26 27 def main(): 28 # Init the example's logger theme 29 logger.init() 30 print(version.BANNER) 31 parser = argparse.ArgumentParser(add_help = True, description = "SMB client implementation.") 32 33 parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>') 34 parser.add_argument('-file', type=argparse.FileType('r'), help='input file with commands to execute in the mini shell') 35 parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON') 36 37 group = parser.add_argument_group('authentication') 38 39 group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH') 40 group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful for -k)') 41 group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file ' 42 '(KRB5CCNAME) based on target parameters. If valid credentials ' 43 'cannot be found, it will use the ones specified in the command ' 44 'line') 45 group.add_argument('-aesKey', action="store", metavar = "hex key", help='AES key to use for Kerberos Authentication ' 46 '(128 or 256 bits)') 47 48 group = parser.add_argument_group('connection') 49 50 group.add_argument('-dc-ip', action='store', metavar="ip address", 51 help='IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in ' 52 'the target parameter') 53 group.add_argument('-target-ip', action='store', metavar="ip address", 54 help='IP Address of the target machine. If omitted it will use whatever was specified as target. ' 55 'This is useful when target is the NetBIOS name and you cannot resolve it') 56 group.add_argument('-port', choices=['139', '445'], nargs='?', default='445', metavar="destination port", 57 help='Destination port to connect to SMB Server') 58 59 if len(sys.argv)==1: 60 parser.print_help() 61 sys.exit(1) 62 63 options = parser.parse_args() 64 65 if options.debug is True: 66 logging.getLogger().setLevel(logging.DEBUG) 67 else: 68 logging.getLogger().setLevel(logging.INFO) 69 70 import re 71 domain, username, password, address = re.compile('(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)').match( 72 options.target).groups('') 73 74 #In case the password contains '@' 75 if '@' in address: 76 password = password + '@' + address.rpartition('@')[0] 77 address = address.rpartition('@')[2] 78 79 if options.target_ip is None: 80 options.target_ip = address 81 82 if domain is None: 83 domain = '' 84 85 if password == '' and username != '' and options.hashes is None and options.no_pass is False and options.aesKey is None: 86 from getpass import getpass 87 password = getpass("Password:") 88 89 if options.aesKey is not None: 90 options.k = True 91 92 if options.hashes is not None: 93 lmhash, nthash = options.hashes.split(':') 94 else: 95 lmhash = '' 96 nthash = '' 97 98 try: 99 smbClient = SMBConnection(address, options.target_ip, sess_port=int(options.port)) 100 if options.k is True: 101 smbClient.kerberosLogin(username, password, domain, lmhash, nthash, options.aesKey, options.dc_ip ) 102 else: 103 smbClient.login(username, password, domain, lmhash, nthash) 104 105 shell = MiniImpacketShell(smbClient) 106 107 if options.file is not None: 108 logging.info("Executing commands from %s" % options.file.name) 109 for line in options.file.readlines(): 110 if line[0] != '#': 111 print("# %s" % line, end=' ') 112 shell.onecmd(line) 113 else: 114 print(line, end=' ') 115 else: 116 shell.cmdloop() 117 except Exception as e: 118 if logging.getLogger().level == logging.DEBUG: 119 import traceback 120 traceback.print_exc() 121 logging.error(str(e)) 122 123 if __name__ == "__main__": 124 main()