From 193ce4128effe3d8860888bb8d18ba6c23d47047 Mon Sep 17 00:00:00 2001 From: mpgn Date: Thu, 10 Nov 2022 04:17:01 -0500 Subject: [PATCH] SMB kerberos better you can put ip whithout fqdn --- cme/protocols/smb.py | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py index 67e0e66c9..275f9475a 100755 --- a/cme/protocols/smb.py +++ b/cme/protocols/smb.py @@ -345,7 +345,8 @@ def print_host_info(self): def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey = '', kdcHost = '', useCache = False): logging.getLogger("impacket").disabled = True #Re-connect since we logged off - self.create_conn_obj() + kdchost = self.hostname if not self.kdcHost else self.kdcHost + self.create_conn_obj(kdchost) lmhash = '' nthash = '' if not all('' == s for s in [self.nthash, password, aesKey]): @@ -397,6 +398,15 @@ def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey except (FileNotFoundError, KerberosException) as e: self.logger.error('CCache Error: {}'.format(e)) return False + except OSError as e: + self.logger.error(u'{}\\{}{} {} {}'.format(domain, + self.username, + # Show what was used between cleartext, nthash, aesKey and ccache + " from ccache" if useCache + else ":%s" % (next(sub for sub in [nthash,password,aesKey] if (sub != '' and sub != None) or sub != None) if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), + str(e), + '', + color='red')) except (SessionError, Exception) as e: error, desc = e.getErrorString() self.logger.error(u'{}\\{}{} {} {}'.format(domain, @@ -410,7 +420,7 @@ def kerberos_login(self, domain, username, password = '', ntlm_hash = '', aesKey if error not in smb_error_status: self.inc_failed_login(username) return False - return False + return False def plaintext_login(self, domain, username, password): #Re-connect since we logged off @@ -523,38 +533,38 @@ def hash_login(self, domain, username, ntlm_hash): self.logger.error('Connection Error: {}'.format(e)) return False - def create_smbv1_conn(self): + def create_smbv1_conn(self, kdc=''): try: - self.conn = SMBConnection(self.host, self.host, None, self.args.port, preferredDialect=SMB_DIALECT, timeout=self.args.smb_timeout) + self.conn = SMBConnection(self.host if not kdc else kdc, self.host if not kdc else kdc, None, self.args.port, preferredDialect=SMB_DIALECT, timeout=self.args.smb_timeout) self.smbv1 = True except socket.error as e: if str(e).find('Connection reset by peer') != -1: - logging.debug('SMBv1 might be disabled on {}'.format(self.host)) + logging.debug('SMBv1 might be disabled on {}'.format(self.host if not kdc else kdc)) return False except (Exception, NetBIOSTimeout) as e: - logging.debug('Error creating SMBv1 connection to {}: {}'.format(self.host, e)) + logging.debug('Error creating SMBv1 connection to {}: {}'.format(self.host if not kdc else kdc, e)) return False return True - def create_smbv3_conn(self): + def create_smbv3_conn(self, kdc=''): try: - self.conn = SMBConnection(self.host, self.host, None, self.args.port, timeout=self.args.smb_timeout) + self.conn = SMBConnection(self.host if not kdc else kdc, self.host if not kdc else kdc, None, self.args.port, timeout=self.args.smb_timeout) self.smbv1 = False except socket.error as e: if str(e).find('Too many open files') != -1: - self.logger.error('SMBv3 connection error on {}: {}'.format(self.host, e)) + self.logger.error('SMBv3 connection error on {}: {}'.format(self.host if not kdc else kdc, e)) return False except (Exception, NetBIOSTimeout) as e: - logging.debug('Error creating SMBv3 connection to {}: {}'.format(self.host, e)) + logging.debug('Error creating SMBv3 connection to {}: {}'.format(self.host if not kdc else kdc, e)) return False return True - def create_conn_obj(self): - if self.create_smbv1_conn(): + def create_conn_obj(self, kdc=''): + if self.create_smbv1_conn(kdc): return True - elif self.create_smbv3_conn(): + elif self.create_smbv3_conn(kdc): return True return False