Added support for SMB2 signing

This commit is contained in:
lgandx 2020-12-31 09:39:15 -03:00
parent a78dfdf3c7
commit 24e7b7c667

View file

@ -39,6 +39,7 @@ if options.TARGET is None:
Timeout = 2 Timeout = 2
Host = options.TARGET Host = options.TARGET
SMB1 = "Enabled" SMB1 = "Enabled"
SMB2signing = "False"
class Packet(): class Packet():
fields = OrderedDict([ fields = OrderedDict([
@ -89,6 +90,13 @@ def ParseNegotiateSMB2Ans(data):
else: else:
return False return False
def SMB2SigningMandatory(data):
global SMB2signing
if data[70] == "\x03":
SMB2signing = "True"
else:
SMB2signing = "False"
def WorkstationFingerPrint(data): def WorkstationFingerPrint(data):
return { return {
b"\x04\x00" :"Windows 95", b"\x04\x00" :"Windows 95",
@ -108,7 +116,7 @@ def GetOsBuildNumber(data):
ProductBuild = struct.unpack("<h",data)[0] ProductBuild = struct.unpack("<h",data)[0]
return ProductBuild return ProductBuild
def ParseSMBNTLM2Exchange(data, host, bootime): #Parse SMB NTLMSSP Response def ParseSMBNTLM2Exchange(data, host, bootime, signing): #Parse SMB NTLMSSP Response
data = data.encode('latin-1') data = data.encode('latin-1')
SSPIStart = data.find(b'NTLMSSP') SSPIStart = data.find(b'NTLMSSP')
SSPIString = data[SSPIStart:] SSPIString = data[SSPIStart:]
@ -122,7 +130,7 @@ def ParseSMBNTLM2Exchange(data, host, bootime): #Parse SMB NTLMSSP Response
WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50]) WindowsVers = WorkstationFingerPrint(data[SSPIStart+48:SSPIStart+50])
WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52]) WindowsBuildVers = GetOsBuildNumber(data[SSPIStart+50:SSPIStart+52])
DomainGrab((host, 445)) DomainGrab((host, 445))
print(("[SMB2]:['{}', Os:'{}', Build:'{}', Domain:'{}', Bootime: '{}', RDP:'{}', SMB1:'{}']".format(host, WindowsVers, str(WindowsBuildVers), Domain, Bootime, IsRDPOn((host,3389)),SMB1))) print(("[SMB2]:['{}', Os:'{}', Build:'{}', Domain:'{}', Bootime: '{}', Signing:'{}', RDP:'{}', SMB1:'{}']".format(host, WindowsVers, str(WindowsBuildVers), Domain, Bootime, signing, IsRDPOn((host,3389)),SMB1)))
def GetBootTime(data): def GetBootTime(data):
data = data.encode('latin-1') data = data.encode('latin-1')
@ -319,6 +327,7 @@ def handle(data, host):
if data[28] == "\x01": if data[28] == "\x01":
global Bootime global Bootime
SMB2SigningMandatory(data)
Bootime = IsDCVuln(GetBootTime(data[116:124]), host[0]) Bootime = IsDCVuln(GetBootTime(data[116:124]), host[0])
a = SMBv2Head(SMBv2Command="\x01\x00",CommandSequence= "\x02\x00\x00\x00\x00\x00\x00\x00") a = SMBv2Head(SMBv2Command="\x01\x00",CommandSequence= "\x02\x00\x00\x00\x00\x00\x00\x00")
a.calculate() a.calculate()
@ -329,7 +338,7 @@ def handle(data, host):
return buffer0 return buffer0
if data[28] == "\x02": if data[28] == "\x02":
ParseSMBNTLM2Exchange(data, host[0], Bootime) ParseSMBNTLM2Exchange(data, host[0], Bootime, SMB2signing)
################## ##################
#run it #run it