From 196eded194af27b3a0de949f77d526b858d7b9c1 Mon Sep 17 00:00:00 2001 From: lgandx Date: Tue, 4 Oct 2016 21:28:24 -0300 Subject: [PATCH] Minor fixes --- tools/RelayHTTPSMB/HTTPRelayPacket.py | 4 ++-- tools/RelayHTTPSMB/HTTPToSMBRelay.py | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tools/RelayHTTPSMB/HTTPRelayPacket.py b/tools/RelayHTTPSMB/HTTPRelayPacket.py index 3c0c1ab..7bc9e27 100644 --- a/tools/RelayHTTPSMB/HTTPRelayPacket.py +++ b/tools/RelayHTTPSMB/HTTPRelayPacket.py @@ -505,9 +505,9 @@ class SMBDCEPacketData(Packet): class SMBDCESVCCTLOpenManagerW(Packet): fields = OrderedDict([ ("MachineNameRefID", "\xb5\x97\xb9\xbc"), - ("MaxCount", "\x0f\x00\x00\x00"),#need to calc. + ("MaxCount", "\x0f\x00\x00\x00"), ("Offset", "\x00\x00\x00\x00"), - ("ActualCount", "\x0f\x00\x00\x00"),#need to calc. + ("ActualCount", "\x0f\x00\x00\x00"), ("MachineName", ""), ("MachineNameNull", "\x00\x00"), ("DbPointer", "\x00\x00\x00\x00"), diff --git a/tools/RelayHTTPSMB/HTTPToSMBRelay.py b/tools/RelayHTTPSMB/HTTPToSMBRelay.py index e2f33eb..799636b 100755 --- a/tools/RelayHTTPSMB/HTTPToSMBRelay.py +++ b/tools/RelayHTTPSMB/HTTPToSMBRelay.py @@ -294,6 +294,7 @@ def RunPsExec(Host): ## First, check if user has admin privs on C$: ## Tree Connect if data[8:10] == "\x73\x00": + print "[+] Authenticated.\n" GetSessionResponseFlags(data)#Verify if the target returned a guest session. head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30]) t = SMBTreeConnectData(Path="\\\\"+Host[0]+"\\C$") @@ -321,7 +322,7 @@ def RunPsExec(Host): ## NtCreateAndx if data[8:10] == "\x75\x00": - print "[+] Authenticated.\n[+] Dropping into Responder's interactive shell, type \"exit\" to terminate\n" + print "[+] Dropping into Responder's interactive shell, type \"exit\" to terminate\n" while True: if data[8:10] == "\x75\x00":