Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# Config utilities 

8# 

9# Author: 

10# Dirk-jan Mollema / Fox-IT (https://www.fox-it.com) 

11# 

12# Description: 

13# Configuration class which holds the config specified on the 

14# command line, this can be passed to the tools' servers and clients 

15 

16from impacket.examples.utils import parse_credentials 

17 

18 

19class NTLMRelayxConfig: 

20 def __init__(self): 

21 

22 self.daemon = True 

23 

24 # Set the value of the interface ip address 

25 self.interfaceIp = None 

26 

27 self.listeningPort = None 

28 

29 self.domainIp = None 

30 

31 self.machineAccount = None 

32 self.machineHashes = None 

33 self.target = None 

34 self.mode = None 

35 self.redirecthost = None 

36 self.outputFile = None 

37 self.attacks = None 

38 self.lootdir = None 

39 self.randomtargets = False 

40 self.encoding = None 

41 self.ipv6 = False 

42 self.remove_mic = False 

43 

44 self.command = None 

45 

46 # WPAD options 

47 self.serve_wpad = False 

48 self.wpad_host = None 

49 self.wpad_auth_num = 0 

50 self.smb2support = False 

51 

52 # WPAD options 

53 self.serve_wpad = False 

54 self.wpad_host = None 

55 self.wpad_auth_num = 0 

56 self.smb2support = False 

57 

58 # SMB options 

59 self.exeFile = None 

60 self.interactive = False 

61 self.enumLocalAdmins = False 

62 self.SMBServerChallenge = None 

63 

64 # RPC options 

65 self.rpc_mode = None 

66 self.rpc_use_smb = False 

67 self.auth_smb = '' 

68 self.smblmhash = None 

69 self.smbnthash = None 

70 self.port_smb = 445 

71 

72 # LDAP options 

73 self.dumpdomain = True 

74 self.addda = True 

75 self.aclattack = True 

76 self.validateprivs = True 

77 self.escalateuser = None 

78 

79 # MSSQL options 

80 self.queries = [] 

81 

82 # Registered protocol clients 

83 self.protocolClients = {} 

84 

85 # SOCKS options 

86 self.runSocks = False 

87 self.socksServer = None 

88 

89 # HTTP options 

90 self.remove_target = False 

91 

92 # WebDAV options 

93 self.serve_image = False 

94 

95 def setSMBChallenge(self, value): 

96 self.SMBServerChallenge = value 

97 

98 def setSMB2Support(self, value): 

99 self.smb2support = value 

100 

101 def setProtocolClients(self, clients): 

102 self.protocolClients = clients 

103 

104 def setInterfaceIp(self, ip): 

105 self.interfaceIp = ip 

106 

107 def setListeningPort(self, port): 

108 self.listeningPort = port 

109 

110 def setRunSocks(self, socks, server): 

111 self.runSocks = socks 

112 self.socksServer = server 

113 

114 def setOutputFile(self, outputFile): 

115 self.outputFile = outputFile 

116 

117 def setTargets(self, target): 

118 self.target = target 

119 

120 def setExeFile(self, filename): 

121 self.exeFile = filename 

122 

123 def setCommand(self, command): 

124 self.command = command 

125 

126 def setEnumLocalAdmins(self, enumLocalAdmins): 

127 self.enumLocalAdmins = enumLocalAdmins 

128 

129 def setEncoding(self, encoding): 

130 self.encoding = encoding 

131 

132 def setMode(self, mode): 

133 self.mode = mode 

134 

135 def setAttacks(self, attacks): 

136 self.attacks = attacks 

137 

138 def setLootdir(self, lootdir): 

139 self.lootdir = lootdir 

140 

141 def setRedirectHost(self, redirecthost): 

142 self.redirecthost = redirecthost 

143 

144 def setDomainAccount(self, machineAccount, machineHashes, domainIp): 

145 # Don't set this if we're not exploiting it 

146 if not self.remove_target: 

147 return 

148 if machineAccount is None or machineHashes is None or domainIp is None: 

149 raise Exception("You must specify machine-account/hashes/domain all together!") 

150 self.machineAccount = machineAccount 

151 self.machineHashes = machineHashes 

152 self.domainIp = domainIp 

153 

154 def setRandomTargets(self, randomtargets): 

155 self.randomtargets = randomtargets 

156 

157 def setLDAPOptions(self, dumpdomain, addda, aclattack, validateprivs, escalateuser, addcomputer, delegateaccess, dumplaps, dumpgmsa, sid): 

158 self.dumpdomain = dumpdomain 

159 self.addda = addda 

160 self.aclattack = aclattack 

161 self.validateprivs = validateprivs 

162 self.escalateuser = escalateuser 

163 self.addcomputer = addcomputer 

164 self.delegateaccess = delegateaccess 

165 self.dumplaps = dumplaps 

166 self.dumpgmsa = dumpgmsa 

167 self.sid = sid 

168 

169 def setMSSQLOptions(self, queries): 

170 self.queries = queries 

171 

172 def setRPCOptions(self, rpc_mode, rpc_use_smb, auth_smb, hashes_smb, rpc_smb_port): 

173 self.rpc_mode = rpc_mode 

174 self.rpc_use_smb = rpc_use_smb 

175 self.smbdomain, self.smbuser, self.smbpass = parse_credentials(auth_smb) 

176 

177 if hashes_smb is not None: 

178 self.smblmhash, self.smbnthash = hashes_smb.split(':') 

179 else: 

180 self.smblmhash = '' 

181 self.smbnthash = '' 

182 

183 self.rpc_smb_port = rpc_smb_port 

184 

185 def setInteractive(self, interactive): 

186 self.interactive = interactive 

187 

188 def setIMAPOptions(self, keyword, mailbox, dump_all, dump_max): 

189 self.keyword = keyword 

190 self.mailbox = mailbox 

191 self.dump_all = dump_all 

192 self.dump_max = dump_max 

193 

194 def setIPv6(self, use_ipv6): 

195 self.ipv6 = use_ipv6 

196 

197 def setWpadOptions(self, wpad_host, wpad_auth_num): 

198 if wpad_host is not None: 

199 self.serve_wpad = True 

200 self.wpad_host = wpad_host 

201 self.wpad_auth_num = wpad_auth_num 

202 

203 def setExploitOptions(self, remove_mic, remove_target): 

204 self.remove_mic = remove_mic 

205 self.remove_target = remove_target 

206 

207 def setWebDAVOptions(self, serve_image): 

208 self.serve_image = serve_image