skelsec / aiosmb Goto Github PK
View Code? Open in Web Editor NEWFully asynchronous SMB library written in pure python
License: Other
aiosmb's People
Contributors
Stargazers
Watchers
Forkers
burrch3s raystyle borgle inspectordidi rvrsh3ll 5l1v3r1 red-infosec xblackswan danxaldanxe cr1sp4 longjohncoder hrnciar rob-blackbourn her0ness hackndo topotam atumcell hexachordanu thelasttzar sagnol ac-rn dirkjanm curtishoughton daddycocoaman noraj mlynchcogent unclestampede thalium zha0 redheadsec allyotov igor-winograd ethicalsecurity-agency michiiii dcnieho sec-tools-repo fckooaiosmb's Issues
New minikerberos lib broke aiosmb
Issue is here:
https://github.com/skelsec/aiosmb/blob/master/aiosmb/authentication/kerberos/gssapi.py#L7
Referencing skelsec/minikerberos#23
python -m aiosmb.examples.smbclient smb+ntlm-password://TEST\qgb:[email protected]
$ ?
Documented commands:
====================
?
cd <directory_name>
dcsync [username=None] It's a suprse tool that will help us later
dcsync [username=None] It's a suprse tool that will help us later
del <file_name> Removes a file from the remote share
dir
domaingroups <domain_name> Lists groups in a domain
domains Lists domain
enumall [depth=3] Enumerates all shares for all files and folders recursively
exit Exit the prompt
get <file_name> Download a file from the remote share to the current folder
getdirsd
getfilesd <file_name>
groupmembers <domain_name> <group_name> Lists members of an arbitrary group
help
interfaces Lists all network interfaces of the remote machine
localgroupmembers <group_name> Lists members of a local group
localgroups Lists local groups
login [url=None] Connects to the remote machine
logout
ls
lsass
mkdir <directory_name> Creates a directory on the remote share
nodce Disables automatic share listing on login
parprintnightmare <share> [driverpath=''] printnightmare bug using the PAR protocol
printerbug <attacker_ip> Printerbug
printerenumdrivers Enumerates all shares for all files and folders recursively
printnightmare <share> [driverpath=''] printnightmare bug using the RPRN protocol
put <file_name> Uploads a file to the remote share
quit Exit the prompt
refreshcurdir
reglistusers Saves a registry hive to a file on remote share
regsave <hive_name> <file_path> Saves a registry hive to a file on remote share
servicecmdexec <command> Executes a shell command as a service and returns the result
servicecreate <service_name> <command> [display_name=None] Creates a remote service
servicedeploy <path_to_exec> <remote_path> Deploys a binary file from the local system as a service on the remote system
serviceen <service_name> Enables a remote service
services Lists remote services
sessions Lists sessions of connected users
shares [show=True] Lists available shares
taskcmdexec <command> Executes a shell command using the scheduled tasks service
taskdel <task_name> Deletes a scheduled task
taskregister <template_file> [task_name=None] Registers a new scheduled task
tasks List scheduled tasks
use <share_name> selects share to be used
users [domain=None] List users in domain
services & sessions command in aiosmbclient throw exception
Not sure if this is just because it's not finished yet, thought I'd open it in case you weren't aware.
$ services
Traceback (most recent call last):
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/examples/smbclient.py", line 157, in do_services
async for service in self.machine.list_services():
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/commons/interfaces/machine.py", line 84, in wrapper
raise e
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/commons/interfaces/machine.py", line 81, in wrapper
async for x in funct(*args, **kwargs):
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/commons/interfaces/machine.py", line 222, in list_services
async for service in self.servicemanager.list():
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/interfaces/servicemanager.py", line 58, in list
resp = await scmr.hREnumServicesStatusW(self.dce, self.handle)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/scmr.py", line 1278, in hREnumServicesStatusW
resp = await dce.request(enumServicesStatus)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/rpcrt.py", line 863, in request
answer = await self.recv()
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/rpcrt.py", line 1436, in recv
response_data = await self._transport.recv(MSRPCRespHeader._SIZE)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/dcerpc/v5/transport/smbtransport.py", line 38, in recv
t = await self.pipe_reader.read(-1)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/filereader.py", line 152, in read
data = await self.__read(self.file.size - self.position, self.position)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/filereader.py", line 41, in __read
data, remaining = await self.connection.read(self.share.tree_id, self.file.file_id, offset = offset, length = size)
File "/Users/byt3bl33d3r/.virtualenvs/aiosmb-MxM14DvL/lib/python3.7/site-packages/aiosmb-0.1.1-py3.7.egg/aiosmb/connection.py", line 608, in read
raise SMBGenericException()
aiosmb.commons.exceptions.SMBGenericException
[QUESTION] Samba support?
I came across a device in a machine enumeration where it said the NtStatus code was invalid. The NtStatus code was STATUS_CASE_SENSITIVE_PATH 0xC00004BA, which isn't a Windows status code and was probably a Samba server. Unfortunately, I can't check it again anytime soon but I'm wondering if this library in the future will support non-Windows shares as well.
Missing 0.4.3 tag on github
Would it be possible for the 0.4.3 tag to be pushed to github? Thanks!
Show shares permissions
Show shares permission like crackmapexec which are read and write
Does it support smb server?
Bug: authentication failure due to bad spn
Hi,
I think I found a bug while testing your library in my lab.
For example using the following command:
asmbshareenum -v --url 'smb2+ntlm-password://nurfed.lab\lowpriv:[email protected]'
In the windows event log, I can see that logon succeeds but afterwards there's an 5168 File Share failure event containing the following:
Spn check for SMB/SMB2 fails.
...
SPN:
SPN Name: cifs/[email protected]
Error Code: 0xC0000022`
When I modify the code at connection.py#L683 to remove the @nurfed.lab part from the SPN, this does not happen and authentication is successful.
After some digging this seems to be related to Microsoft network server: Server SPN target name validation level.
Looking at other implementations, I think the correct might SPN format would be service/hostname, but since I'm not 100% I'd rather create an issue instead of a pull request.
Also, I'm not sure what would be the place to address this in the code. It seems the minikerberos KerberosSPN class does expect the @domain part in the SPN.
License violation
- You still have the MIT classifier
Line 57 in 5f686ca
- As said previously having no license is worse than anything see #4 (comment), and see https://choosealicense.com/no-permission/
- Having no license also violate the Impacket Apache 1.1 License as you don't include Impacket copyright (Forta) and don't include Impacket license.
- Apache License 1.0 (Apache-1.0) https://www.tldrlegal.com/license/apache-license-1-0-apache-1-0
- Apache License 2.0 (Apache-2.0) https://www.tldrlegal.com/license/apache-license-2-0-apache-2-0
So I think the easiest thing to do would be to adopt Apache 1.1 License (see https://www.apache.org/licenses/) for aiosmb (and other similar projects) and to included Impacket copyright and license for the relevant files.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.