Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Copyright (c) 2013-2017 CORE Security Technologies 

2# 

3# This software is provided under under a slightly modified version 

4# of the Apache Software License. See the accompanying LICENSE file 

5# for more information. 

6# 

7# Protocol Client Base Class definition 

8# 

9# Author: 

10# Alberto Solino (@agsolino) 

11# 

12# Description: 

13# Defines a base class for all clients + loads all available modules 

14# 

15# ToDo: 

16# 

17import os, sys, pkg_resources 

18from impacket import LOG 

19 

20PROTOCOL_CLIENTS = {} 

21 

22# Base class for Protocol Clients for different protocols (SMB, MSSQL, etc) 

23# Besides using this base class you need to define one global variable when 

24# writing a plugin for protocol clients: 

25# PROTOCOL_CLIENT_CLASS = "<name of the class for the plugin>" 

26# PLUGIN_NAME must be the protocol name that will be matched later with the relay targets (e.g. SMB, LDAP, etc) 

27class ProtocolClient: 

28 PLUGIN_NAME = 'PROTOCOL' 

29 def __init__(self, serverConfig, target, targetPort, extendedSecurity=True): 

30 self.serverConfig = serverConfig 

31 self.targetHost = target.hostname 

32 # A default target port is specified by the subclass 

33 if target.port is not None: 

34 # We override it by the one specified in the target 

35 self.targetPort = target.port 

36 else: 

37 self.targetPort = targetPort 

38 self.target = target 

39 self.extendedSecurity = extendedSecurity 

40 self.session = None 

41 self.sessionData = {} 

42 

43 def initConnection(self): 

44 raise RuntimeError('Virtual Function') 

45 

46 def killConnection(self): 

47 raise RuntimeError('Virtual Function') 

48 

49 def sendNegotiate(self, negotiateMessage): 

50 """ 

51 Charged of sending the type 1 NTLM Message 

52 

53 :param bytes negotiateMessage: 

54 :return: 

55 """ 

56 raise RuntimeError('Virtual Function') 

57 

58 def sendAuth(self, authenticateMessageBlob, serverChallenge=None): 

59 """ 

60 Charged of sending the type 3 NTLM Message to the Target 

61 

62 :param bytes authenticateMessageBlob: 

63 :param bytes serverChallenge: 

64 :return: 

65 """ 

66 raise RuntimeError('Virtual Function') 

67 

68 def sendStandardSecurityAuth(self, sessionSetupData): 

69 # Handle the situation When FLAGS2_EXTENDED_SECURITY is not set 

70 raise RuntimeError('Virtual Function') 

71 

72 def getSession(self): 

73 # Should return the active session for the relayed connection 

74 raise RuntimeError('Virtual Function') 

75 

76 def getSessionData(self): 

77 # Should return any extra data that could be useful for the SOCKS proxy to work (e.g. some of the 

78 # answers from the original server) 

79 return self.sessionData 

80 

81 def getStandardSecurityChallenge(self): 

82 # Should return the Challenge returned by the server when Extended Security is not set 

83 # This should only happen with against old Servers. By default we return None 

84 return None 

85 

86 def keepAlive(self): 

87 # Charged of keeping connection alive 

88 raise RuntimeError('Virtual Function') 

89 

90 def isAdmin(self): 

91 # Should return whether or not the user is admin in the form of a string (e.g. "TRUE", "FALSE") 

92 # Depending on the protocol, different techniques should be used. 

93 # By default, raise exception 

94 raise RuntimeError('Virtual Function') 

95 

96for file in pkg_resources.resource_listdir('impacket.examples.ntlmrelayx', 'clients'): 

97 if file.find('__') >= 0 or file.endswith('.py') is False: 

98 continue 

99 # This seems to be None in some case (py3 only) 

100 # __spec__ is py3 only though, but I haven't seen this being None on py2 

101 # so it should cover all cases. 

102 try: 

103 package = __spec__.name # Python 3 

104 except NameError: 

105 package = __package__ # Python 2 

106 __import__(package + '.' + os.path.splitext(file)[0]) 

107 module = sys.modules[package + '.' + os.path.splitext(file)[0]] 

108 try: 

109 pluginClasses = set() 

110 try: 

111 if hasattr(module,'PROTOCOL_CLIENT_CLASSES'): 

112 for pluginClass in module.PROTOCOL_CLIENT_CLASSES: 

113 pluginClasses.add(getattr(module, pluginClass)) 

114 else: 

115 pluginClasses.add(getattr(module, getattr(module, 'PROTOCOL_CLIENT_CLASS'))) 

116 except Exception as e: 

117 LOG.debug(e) 

118 pass 

119 

120 for pluginClass in pluginClasses: 

121 LOG.info('Protocol Client %s loaded..' % pluginClass.PLUGIN_NAME) 

122 PROTOCOL_CLIENTS[pluginClass.PLUGIN_NAME] = pluginClass 

123 except Exception as e: 

124 LOG.debug(str(e))