3
0

SMBLib.py 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108
  1. from os import urandom
  2. from binascii import b2a_hex
  3. from random import random
  4. from ID2TLib.Utility import check_platform, get_filetime_format, get_rnd_boot_time
  5. # SMB port
  6. smb_port = 445
  7. # SMB versions
  8. smb_versions = {"1", "2.0", "2.1", "3.0", "3.0.2", "3.1.1"}
  9. smb_versions_per_win = {'win7': "2.1", 'win10': "3.1.1", 'winxp': "1", 'win8.1': "3.0.2", 'win8': "3.0",
  10. 'winvista': "2.0", 'winnt': "1", "win2000": "1"}
  11. smb_versions_per_samba = {'3.6': "2.0", '4.0': "2.1", '4.1': "3.0", '4.3': "3.1.1"}
  12. # SMB dialects
  13. smb_dialects = ["PC NETWORK PROGRAM 1.0", "LANMAN1.0", "Windows for Workgroups 3.1a", "LM1.2X002", "LANMAN2.1",
  14. "NT LM 0.12", "SMB 2.002", "SMB 2.???"]
  15. # SMB security blobs
  16. security_blob_windows = "\x60\x82\x01\x3c\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x82\x01\x30" \
  17. "\x30\x82\x01\x2c\xa0\x1a\x30\x18\x06\x0a\x2b\x06\x01\x04\x01\x82" \
  18. "\x37\x02\x02\x1e\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" \
  19. "\xa2\x82\x01\x0c\x04\x82\x01\x08\x4e\x45\x47\x4f\x45\x58\x54\x53" \
  20. "\x01\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x70\x00\x00\x00" \
  21. "\xbc\x84\x03\x97\x6f\x80\x3b\x81\xa6\x45\x1b\x05\x92\x39\xde\x3d" \
  22. "\xd6\x91\x85\x49\x8a\xd0\x3b\x58\x87\x99\xb4\x98\xdf\xa6\x1d\x73" \
  23. "\x3b\x57\xbf\x05\x63\x5e\x30\xea\xa8\xd8\xd8\x45\xba\x80\x52\xa5" \
  24. "\x00\x00\x00\x00\x00\x00\x00\x00\x60\x00\x00\x00\x01\x00\x00\x00" \
  25. "\x00\x00\x00\x00\x00\x00\x00\x00\x5c\x33\x53\x0d\xea\xf9\x0d\x4d" \
  26. "\xb2\xec\x4a\xe3\x78\x6e\xc3\x08\x4e\x45\x47\x4f\x45\x58\x54\x53" \
  27. "\x03\x00\x00\x00\x01\x00\x00\x00\x40\x00\x00\x00\x98\x00\x00\x00" \
  28. "\xbc\x84\x03\x97\x6f\x80\x3b\x81\xa6\x45\x1b\x05\x92\x39\xde\x3d" \
  29. "\x5c\x33\x53\x0d\xea\xf9\x0d\x4d\xb2\xec\x4a\xe3\x78\x6e\xc3\x08" \
  30. "\x40\x00\x00\x00\x58\x00\x00\x00\x30\x56\xa0\x54\x30\x52\x30\x27" \
  31. "\x80\x25\x30\x23\x31\x21\x30\x1f\x06\x03\x55\x04\x03\x13\x18\x54" \
  32. "\x6f\x6b\x65\x6e\x20\x53\x69\x67\x6e\x69\x6e\x67\x20\x50\x75\x62" \
  33. "\x6c\x69\x63\x20\x4b\x65\x79\x30\x27\x80\x25\x30\x23\x31\x21\x30" \
  34. "\x1f\x06\x03\x55\x04\x03\x13\x18\x54\x6f\x6b\x65\x6e\x20\x53\x69" \
  35. "\x67\x6e\x69\x6e\x67\x20\x50\x75\x62\x6c\x69\x63\x20\x4b\x65\x79"
  36. security_blob_ubuntu = "\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e" \
  37. "\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa3\x2a" \
  38. "\x30\x28\xa0\x26\x1b\x24\x6e\x6f\x74\x5f\x64\x65\x66\x69\x6e\x65" \
  39. "\x64\x5f\x69\x6e\x5f\x52\x46\x43\x34\x31\x37\x38\x40\x70\x6c\x65" \
  40. "\x61\x73\x65\x5f\x69\x67\x6e\x6f\x72\x65"
  41. security_blob_macos = "\x60\x7e\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x74\x30\x72\xa0\x44" \
  42. "\x30\x42\x06\x09\x2a\x86\x48\x82\xf7\x12\x01\x02\x02\x06\x09\x2a" \
  43. "\x86\x48\x86\xf7\x12\x01\x02\x02\x06\x06\x2a\x85\x70\x2b\x0e\x03" \
  44. "\x06\x06\x2b\x06\x01\x05\x05\x0e\x06\x0a\x2b\x06\x01\x04\x01\x82" \
  45. "\x37\x02\x02\x0a\x06\x06\x2b\x05\x01\x05\x02\x07\x06\x06\x2b\x06" \
  46. "\x01\x05\x02\x05\xa3\x2a\x30\x28\xa0\x26\x1b\x24\x6e\x6f\x74\x5f" \
  47. "\x64\x65\x66\x69\x6e\x65\x64\x5f\x69\x6e\x5f\x52\x46\x43\x34\x31" \
  48. "\x37\x38\x40\x70\x6c\x65\x61\x73\x65\x5f\x69\x67\x6e\x6f\x72\x65"
  49. def get_smb_version(platform: str):
  50. """
  51. Returns SMB version based on given platform
  52. :param platform: the platform as string
  53. :return: SMB version as string
  54. """
  55. check_platform(platform)
  56. if platform is "linux":
  57. return random.choice(list(smb_versions_per_samba.values()))
  58. elif platform is "macos":
  59. return "2.1"
  60. else:
  61. return smb_versions_per_win[platform]
  62. def get_smb_platform_data(platform: str, timestamp: float):
  63. """
  64. Gets platform-dependent data for SMB 2 packets
  65. :param platform: the platform for which to get SMB 2 packet data
  66. :param timestamp: a timestamp for calculating the boot-time
  67. :return: server_guid, security_blob, capabilities, data_size and server_start_time of the given platform
  68. """
  69. check_platform(platform)
  70. if platform == "linux":
  71. server_guid = "ubuntu"
  72. security_blob = security_blob_ubuntu
  73. capabilities = 0x5
  74. data_size = 0x800000
  75. server_start_time = 0
  76. elif platform == "macos":
  77. server_guid = b2a_hex(urandom(15)).decode()
  78. security_blob = security_blob_macos
  79. capabilities = 0x6
  80. data_size = 0x400000
  81. server_start_time = 0
  82. else:
  83. server_guid = b2a_hex(urandom(15)).decode()
  84. security_blob = security_blob_windows
  85. capabilities = 0x7
  86. data_size = 0x100000
  87. server_start_time = get_filetime_format(get_rnd_boot_time(timestamp))
  88. return server_guid, security_blob, capabilities, data_size, server_start_time
  89. def invalid_smb_version(version: str):
  90. """
  91. Prints an error and exits
  92. :param version: the invalid SMB
  93. """
  94. print("\nInvalid smb version: " + version +
  95. "\nPlease select one of the following versions: ", smb_versions)
  96. exit(1)