Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2021 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# Config utilities 

11# 

12# Configuration class which holds the config specified on the 

13# command line, this can be passed to the tools' servers and clients 

14# 

15# Author: 

16# Dirk-jan Mollema / Fox-IT (https://www.fox-it.com) 

17# 

18from impacket.examples.utils import parse_credentials 

19 

20 

21class NTLMRelayxConfig: 

22 def __init__(self): 

23 

24 self.daemon = True 

25 

26 # Set the value of the interface ip address 

27 self.interfaceIp = None 

28 

29 self.listeningPort = None 

30 

31 self.domainIp = None 

32 

33 self.machineAccount = None 

34 self.machineHashes = None 

35 self.target = None 

36 self.mode = None 

37 self.redirecthost = None 

38 self.outputFile = None 

39 self.attacks = None 

40 self.lootdir = None 

41 self.randomtargets = False 

42 self.encoding = None 

43 self.ipv6 = False 

44 self.remove_mic = False 

45 

46 self.command = None 

47 

48 # WPAD options 

49 self.serve_wpad = False 

50 self.wpad_host = None 

51 self.wpad_auth_num = 0 

52 self.smb2support = False 

53 

54 # WPAD options 

55 self.serve_wpad = False 

56 self.wpad_host = None 

57 self.wpad_auth_num = 0 

58 self.smb2support = False 

59 

60 # SMB options 

61 self.exeFile = None 

62 self.interactive = False 

63 self.enumLocalAdmins = False 

64 self.SMBServerChallenge = None 

65 

66 # RPC options 

67 self.rpc_mode = None 

68 self.rpc_use_smb = False 

69 self.auth_smb = '' 

70 self.smblmhash = None 

71 self.smbnthash = None 

72 self.port_smb = 445 

73 

74 # LDAP options 

75 self.dumpdomain = True 

76 self.addda = True 

77 self.aclattack = True 

78 self.validateprivs = True 

79 self.escalateuser = None 

80 

81 # MSSQL options 

82 self.queries = [] 

83 

84 # Registered protocol clients 

85 self.protocolClients = {} 

86 

87 # SOCKS options 

88 self.runSocks = False 

89 self.socksServer = None 

90 

91 # HTTP options 

92 self.remove_target = False 

93 

94 # WebDAV options 

95 self.serve_image = False 

96 

97 # AD CS attack options 

98 self.isADCSAttack = False 

99 self.template = None 

100 

101 def setSMBChallenge(self, value): 

102 self.SMBServerChallenge = value 

103 

104 def setSMB2Support(self, value): 

105 self.smb2support = value 

106 

107 def setProtocolClients(self, clients): 

108 self.protocolClients = clients 

109 

110 def setInterfaceIp(self, ip): 

111 self.interfaceIp = ip 

112 

113 def setListeningPort(self, port): 

114 self.listeningPort = port 

115 

116 def setRunSocks(self, socks, server): 

117 self.runSocks = socks 

118 self.socksServer = server 

119 

120 def setOutputFile(self, outputFile): 

121 self.outputFile = outputFile 

122 

123 def setTargets(self, target): 

124 self.target = target 

125 

126 def setExeFile(self, filename): 

127 self.exeFile = filename 

128 

129 def setCommand(self, command): 

130 self.command = command 

131 

132 def setEnumLocalAdmins(self, enumLocalAdmins): 

133 self.enumLocalAdmins = enumLocalAdmins 

134 

135 def setEncoding(self, encoding): 

136 self.encoding = encoding 

137 

138 def setMode(self, mode): 

139 self.mode = mode 

140 

141 def setAttacks(self, attacks): 

142 self.attacks = attacks 

143 

144 def setLootdir(self, lootdir): 

145 self.lootdir = lootdir 

146 

147 def setRedirectHost(self, redirecthost): 

148 self.redirecthost = redirecthost 

149 

150 def setDomainAccount(self, machineAccount, machineHashes, domainIp): 

151 # Don't set this if we're not exploiting it 

152 if not self.remove_target: 

153 return 

154 if machineAccount is None or machineHashes is None or domainIp is None: 

155 raise Exception("You must specify machine-account/hashes/domain all together!") 

156 self.machineAccount = machineAccount 

157 self.machineHashes = machineHashes 

158 self.domainIp = domainIp 

159 

160 def setRandomTargets(self, randomtargets): 

161 self.randomtargets = randomtargets 

162 

163 def setLDAPOptions(self, dumpdomain, addda, aclattack, validateprivs, escalateuser, addcomputer, delegateaccess, dumplaps, dumpgmsa, sid): 

164 self.dumpdomain = dumpdomain 

165 self.addda = addda 

166 self.aclattack = aclattack 

167 self.validateprivs = validateprivs 

168 self.escalateuser = escalateuser 

169 self.addcomputer = addcomputer 

170 self.delegateaccess = delegateaccess 

171 self.dumplaps = dumplaps 

172 self.dumpgmsa = dumpgmsa 

173 self.sid = sid 

174 

175 def setMSSQLOptions(self, queries): 

176 self.queries = queries 

177 

178 def setRPCOptions(self, rpc_mode, rpc_use_smb, auth_smb, hashes_smb, rpc_smb_port): 

179 self.rpc_mode = rpc_mode 

180 self.rpc_use_smb = rpc_use_smb 

181 self.smbdomain, self.smbuser, self.smbpass = parse_credentials(auth_smb) 

182 

183 if hashes_smb is not None: 

184 self.smblmhash, self.smbnthash = hashes_smb.split(':') 

185 else: 

186 self.smblmhash = '' 

187 self.smbnthash = '' 

188 

189 self.rpc_smb_port = rpc_smb_port 

190 

191 def setInteractive(self, interactive): 

192 self.interactive = interactive 

193 

194 def setIMAPOptions(self, keyword, mailbox, dump_all, dump_max): 

195 self.keyword = keyword 

196 self.mailbox = mailbox 

197 self.dump_all = dump_all 

198 self.dump_max = dump_max 

199 

200 def setIPv6(self, use_ipv6): 

201 self.ipv6 = use_ipv6 

202 

203 def setWpadOptions(self, wpad_host, wpad_auth_num): 

204 if wpad_host is not None: 

205 self.serve_wpad = True 

206 self.wpad_host = wpad_host 

207 self.wpad_auth_num = wpad_auth_num 

208 

209 def setExploitOptions(self, remove_mic, remove_target): 

210 self.remove_mic = remove_mic 

211 self.remove_target = remove_target 

212 

213 def setWebDAVOptions(self, serve_image): 

214 self.serve_image = serve_image 

215 

216 def setADCSOptions(self, template): 

217 self.template = template 

218 

219 def setIsADCSAttack(self, isADCSAttack): 

220 self.isADCSAttack = isADCSAttack