Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

# Copyright (c) 2013-2017 CORE Security Technologies 

# 

# This software is provided under under a slightly modified version 

# of the Apache Software License. See the accompanying LICENSE file 

# for more information. 

# 

# Protocol Attack Base Class definition 

# 

# Authors: 

# Alberto Solino (@agsolino) 

# Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com) 

# 

# Description: 

# Defines a base class for all attacks + loads all available modules 

# 

# ToDo: 

# 

import os, sys 

import pkg_resources 

from impacket import LOG 

from threading import Thread 

 

PROTOCOL_ATTACKS = {} 

 

# Base class for Protocol Attacks for different protocols (SMB, MSSQL, etc) 

# Besides using this base class you need to define one global variable when 

# writing a plugin for protocol clients: 

# PROTOCOL_ATTACK_CLASS = "<name of the class for the plugin>" 

# or (to support multiple classes in one file) 

# PROTOCOL_ATTACK_CLASSES = ["<name of the class for the plugin>", "<another class>"] 

# These classes must have the attribute PLUGIN_NAMES which is a list of protocol names 

# that will be matched later with the relay targets (e.g. SMB, LDAP, etc) 

class ProtocolAttack(Thread): 

PLUGIN_NAMES = ['PROTOCOL'] 

def __init__(self, config, client, username): 

Thread.__init__(self) 

# Set threads as daemon 

self.daemon = True 

self.config = config 

self.client = client 

# By default we only use the username and remove the domain 

self.username = username.split('/')[1] 

 

def run(self): 

raise RuntimeError('Virtual Function') 

 

for file in pkg_resources.resource_listdir('impacket.examples.ntlmrelayx', 'attacks'): 

if file.find('__') >= 0 or file.endswith('.py') is False: 

continue 

# This seems to be None in some case (py3 only) 

# __spec__ is py3 only though, but I haven't seen this being None on py2 

# so it should cover all cases. 

try: 

package = __spec__.name # Python 3 

except NameError: 

package = __package__ # Python 2 

__import__(package + '.' + os.path.splitext(file)[0]) 

module = sys.modules[package + '.' + os.path.splitext(file)[0]] 

try: 

pluginClasses = set() 

try: 

62 ↛ 64line 62 didn't jump to line 64, because the condition on line 62 was never true if hasattr(module, 'PROTOCOL_ATTACK_CLASSES'): 

# Multiple classes 

for pluginClass in module.PROTOCOL_ATTACK_CLASSES: 

pluginClasses.add(getattr(module, pluginClass)) 

else: 

# Single class 

pluginClasses.add(getattr(module, getattr(module, 'PROTOCOL_ATTACK_CLASS'))) 

except Exception as e: 

LOG.debug(e) 

pass 

 

for pluginClass in pluginClasses: 

for pluginName in pluginClass.PLUGIN_NAMES: 

LOG.debug('Protocol Attack %s loaded..' % pluginName) 

PROTOCOL_ATTACKS[pluginName] = pluginClass 

except Exception as e: 

LOG.debug(str(e))