skelsec / aiosmb Goto Github PK
View Code? Open in Web Editor NEWFully asynchronous SMB library written in pure python
License: Other
Fully asynchronous SMB library written in pure python
License: Other
Issue is here:
https://github.com/skelsec/aiosmb/blob/master/aiosmb/authentication/kerberos/gssapi.py#L7
Referencing skelsec/minikerberos#23
$ ?
Documented commands:
====================
?
cd <directory_name>
dcsync [username=None] It's a suprse tool that will help us later
dcsync [username=None] It's a suprse tool that will help us later
del <file_name> Removes a file from the remote share
dir
domaingroups <domain_name> Lists groups in a domain
domains Lists domain
enumall [depth=3] Enumerates all shares for all files and folders recursively
exit Exit the prompt
get <file_name> Download a file from the remote share to the current folder
getdirsd
getfilesd <file_name>
groupmembers <domain_name> <group_name> Lists members of an arbitrary group
help
interfaces Lists all network interfaces of the remote machine
localgroupmembers <group_name> Lists members of a local group
localgroups Lists local groups
login [url=None] Connects to the remote machine
logout
ls
lsass
mkdir <directory_name> Creates a directory on the remote share
nodce Disables automatic share listing on login
parprintnightmare <share> [driverpath=''] printnightmare bug using the PAR protocol
printerbug <attacker_ip> Printerbug
printerenumdrivers Enumerates all shares for all files and folders recursively
printnightmare <share> [driverpath=''] printnightmare bug using the RPRN protocol
put <file_name> Uploads a file to the remote share
quit Exit the prompt
refreshcurdir
reglistusers Saves a registry hive to a file on remote share
regsave <hive_name> <file_path> Saves a registry hive to a file on remote share
servicecmdexec <command> Executes a shell command as a service and returns the result
servicecreate <service_name> <command> [display_name=None] Creates a remote service
servicedeploy <path_to_exec> <remote_path> Deploys a binary file from the local system as a service on the remote system
serviceen <service_name> Enables a remote service
services Lists remote services
sessions Lists sessions of connected users
shares [show=True] Lists available shares
taskcmdexec <command> Executes a shell command using the scheduled tasks service
taskdel <task_name> Deletes a scheduled task
taskregister <template_file> [task_name=None] Registers a new scheduled task
tasks List scheduled tasks
use <share_name> selects share to be used
users [domain=None] List users in domain
Not sure if this is just because it's not finished yet, thought I'd open it in case you weren't aware.
$ services
Traceback (most recent call last):
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/examples/smbclient.py", line 157, in do_services
async for service in self.machine.list_services():
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/commons/interfaces/machine.py", line 84, in wrapper
raise e
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/commons/interfaces/machine.py", line 81, in wrapper
async for x in funct(*args, **kwargs):
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/commons/interfaces/machine.py", line 222, in list_services
async for service in self.servicemanager.list():
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/interfaces/servicemanager.py", line 58, in list
resp = await scmr.hREnumServicesStatusW(self.dce, self.handle)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/scmr.py", line 1278, in hREnumServicesStatusW
resp = await dce.request(enumServicesStatus)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/rpcrt.py", line 863, in request
answer = await self.recv()
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/rpcrt.py", line 1436, in recv
response_data = await self._transport.recv(MSRPCRespHeader._SIZE)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/transport/smbtransport.py", line 38, in recv
t = await self.pipe_reader.read(-1)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/filereader.py", line 152, in read
data = await self.__read(self.file.size - self.position, self.position)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/filereader.py", line 41, in __read
data, remaining = await self.connection.read(self.share.tree_id, self.file.file_id, offset = offset, length = size)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/connection.py", line 608, in read
raise SMBGenericException()
aiosmb.commons.exceptions.SMBGenericException
I came across a device in a machine enumeration where it said the NtStatus code was invalid. The NtStatus code was STATUS_CASE_SENSITIVE_PATH 0xC00004BA, which isn't a Windows status code and was probably a Samba server. Unfortunately, I can't check it again anytime soon but I'm wondering if this library in the future will support non-Windows shares as well.
Would it be possible for the 0.4.3 tag to be pushed to github? Thanks!
Show shares permission like crackmapexec which are read and write
Hi,
I think I found a bug while testing your library in my lab.
For example using the following command:
asmbshareenum -v --url 'smb2+ntlm-password://nurfed.lab\lowpriv:[email protected]'
In the windows event log, I can see that logon succeeds but afterwards there's an 5168 File Share failure event containing the following:
Spn check for SMB/SMB2 fails.
...
SPN:
SPN Name: cifs/[email protected]
Error Code: 0xC0000022`
When I modify the code at connection.py#L683 to remove the @nurfed.lab
part from the SPN, this does not happen and authentication is successful.
After some digging this seems to be related to Microsoft network server: Server SPN target name validation level.
Looking at other implementations, I think the correct might SPN format would be service/hostname
, but since I'm not 100% I'd rather create an issue instead of a pull request.
Also, I'm not sure what would be the place to address this in the code. It seems the minikerberos KerberosSPN class does expect the @domain
part in the SPN.
Line 57 in 5f686ca
So I think the easiest thing to do would be to adopt Apache 1.1 License (see https://www.apache.org/licenses/) for aiosmb (and other similar projects) and to included Impacket copyright and license for the relevant files.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.