Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

Commit

Permalink
SMB kerberos better you can put ip whithout fqdn
Browse files Browse the repository at this point in the history
  • Loading branch information
mpgn committed Nov 10, 2022
1 parent a88a6e8 commit 193ce41
Showing 1 changed file with 23 additions and 13 deletions.
36 changes: 23 additions & 13 deletions cme/protocols/smb.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -345,7 +345,8 @@ def print_host_info(self):
def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey = '', kdcHost = '', useCache = False):
logging.getLogger("impacket").disabled = True
#Re-connect since we logged off
self.create_conn_obj()
kdchost = self.hostname if not self.kdcHost else self.kdcHost
self.create_conn_obj(kdchost)
lmhash = ''
nthash = ''
if not all('' == s for s in [self.nthash, password, aesKey]):
Expand Down Expand Up @@ -397,6 +398,15 @@ def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey
except (FileNotFoundError, KerberosException) as e:
self.logger.error('CCache Error: {}'.format(e))
return False
except OSError as e:
self.logger.error(u'{}\\{}{} {} {}'.format(domain,
self.username,
# Show what was used between cleartext, nthash, aesKey and ccache
" from ccache" if useCache
else ":%s" % (next(sub for sub in [nthash,password,aesKey] if (sub != '' and sub != None) or sub != None) if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8),
str(e),
'',
color='red'))
except (SessionError, Exception) as e:
error, desc = e.getErrorString()
self.logger.error(u'{}\\{}{} {} {}'.format(domain,
Expand All @@ -410,7 +420,7 @@ def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey
if error not in smb_error_status:
self.inc_failed_login(username)
return False
return False
return False

def plaintext_login(self, domain, username, password):
#Re-connect since we logged off
Expand Down Expand Up @@ -523,38 +533,38 @@ def hash_login(self, domain, username, ntlm_hash):
self.logger.error('Connection Error: {}'.format(e))
return False

def create_smbv1_conn(self):
def create_smbv1_conn(self, kdc=''):
try:
self.conn = SMBConnection(self.host, self.host, None, self.args.port, preferredDialect=SMB_DIALECT, timeout=self.args.smb_timeout)
self.conn = SMBConnection(self.host if not kdc else kdc, self.host if not kdc else kdc, None, self.args.port, preferredDialect=SMB_DIALECT, timeout=self.args.smb_timeout)
self.smbv1 = True
except socket.error as e:
if str(e).find('Connection reset by peer') != -1:
logging.debug('SMBv1 might be disabled on {}'.format(self.host))
logging.debug('SMBv1 might be disabled on {}'.format(self.host if not kdc else kdc))
return False
except (Exception, NetBIOSTimeout) as e:
logging.debug('Error creating SMBv1 connection to {}: {}'.format(self.host, e))
logging.debug('Error creating SMBv1 connection to {}: {}'.format(self.host if not kdc else kdc, e))
return False

return True

def create_smbv3_conn(self):
def create_smbv3_conn(self, kdc=''):
try:
self.conn = SMBConnection(self.host, self.host, None, self.args.port, timeout=self.args.smb_timeout)
self.conn = SMBConnection(self.host if not kdc else kdc, self.host if not kdc else kdc, None, self.args.port, timeout=self.args.smb_timeout)
self.smbv1 = False
except socket.error as e:
if str(e).find('Too many open files') != -1:
self.logger.error('SMBv3 connection error on {}: {}'.format(self.host, e))
self.logger.error('SMBv3 connection error on {}: {}'.format(self.host if not kdc else kdc, e))
return False
except (Exception, NetBIOSTimeout) as e:
logging.debug('Error creating SMBv3 connection to {}: {}'.format(self.host, e))
logging.debug('Error creating SMBv3 connection to {}: {}'.format(self.host if not kdc else kdc, e))
return False

return True

def create_conn_obj(self):
if self.create_smbv1_conn():
def create_conn_obj(self, kdc=''):
if self.create_smbv1_conn(kdc):
return True
elif self.create_smbv3_conn():
elif self.create_smbv3_conn(kdc):
return True

return False
Expand Down

0 comments on commit 193ce41

Please sign in to comment.