github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-21 05:43:35 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Minor fixes

Browse source
This commit is contained in:
lgandx 2016-10-04 21:28:24 -03:00
commit 196eded194
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tools/RelayHTTPSMB/HTTPRelayPacket.py
View file

@ -505,9 +505,9 @@ class SMBDCEPacketData(Packet):
class SMBDCESVCCTLOpenManagerW(Packet): class SMBDCESVCCTLOpenManagerW(Packet):
fields = OrderedDict([ fields = OrderedDict([
("MachineNameRefID", "\xb5\x97\xb9\xbc"), ("MachineNameRefID", "\xb5\x97\xb9\xbc"),
("MaxCount", "\x0f\x00\x00\x00"),#need to calc. ("MaxCount", "\x0f\x00\x00\x00"),
("Offset", "\x00\x00\x00\x00"), ("Offset", "\x00\x00\x00\x00"),
("ActualCount", "\x0f\x00\x00\x00"),#need to calc. ("ActualCount", "\x0f\x00\x00\x00"),
("MachineName", ""), ("MachineName", ""),
("MachineNameNull", "\x00\x00"), ("MachineNameNull", "\x00\x00"),
("DbPointer", "\x00\x00\x00\x00"), ("DbPointer", "\x00\x00\x00\x00"),

3
tools/RelayHTTPSMB/HTTPToSMBRelay.py
View file

@ -294,6 +294,7 @@ def RunPsExec(Host):
## First, check if user has admin privs on C$: ## First, check if user has admin privs on C$:
## Tree Connect ## Tree Connect
if data[8:10] == "\x73\x00": if data[8:10] == "\x73\x00":
print "[+] Authenticated.\n"
GetSessionResponseFlags(data)#Verify if the target returned a guest session. GetSessionResponseFlags(data)#Verify if the target returned a guest session.
head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30]) head = SMBHeader(cmd="\x75",flag1="\x18", flag2="\x07\xc8",mid="\x04\x00",pid=data[30:32],uid=data[32:34],tid=data[28:30])
t = SMBTreeConnectData(Path="\\\\"+Host[0]+"\\C$") t = SMBTreeConnectData(Path="\\\\"+Host[0]+"\\C$")
@ -321,7 +322,7 @@ def RunPsExec(Host):
## NtCreateAndx ## NtCreateAndx
if data[8:10] == "\x75\x00": if data[8:10] == "\x75\x00":
print "[+] Authenticated.\n[+] Dropping into Responder's interactive shell, type \"exit\" to terminate\n" print "[+] Dropping into Responder's interactive shell, type \"exit\" to terminate\n"
while True: while True:
if data[8:10] == "\x75\x00": if data[8:10] == "\x75\x00":