HD Moore
a5cde85299
git-svn-id: file:///home/svn/incoming/trunk@2954 4d416f70-5f16-0410-b530-b9f4589650da
74 lines
1.6 KiB
Ruby
74 lines
1.6 KiB
Ruby
require 'rex/proto/smb'
|
|
require 'rex/proto/dcerpc'
|
|
|
|
module Msf
|
|
|
|
###
|
|
#
|
|
# SMB
|
|
# ------
|
|
#
|
|
# This mixin provides utility methods for interacting with a SMB/CIFS service on
|
|
# a remote machine. These methods may generally be useful in the context of
|
|
# exploitation. This mixin extends the Tcp exploit mixin. Only one SMB
|
|
# service can be accessed at a time using this class.
|
|
#
|
|
###
|
|
|
|
module Exploit::Remote::SMB
|
|
|
|
include Exploit::Remote::Tcp
|
|
SIMPLE = Rex::Proto::SMB::SimpleClient
|
|
XCEPT = Rex::Proto::SMB::Exceptions
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
register_options(
|
|
[
|
|
Opt::RHOST,
|
|
OptInt.new('RPORT', [ 1, 'Set the SMB service port', 445]),
|
|
OptBool.new('SMBDirect', [ 1, 'The target port is a raw SMB service (not NetBIOS)', 'T' ]),
|
|
OptString.new('SMBUSER', [ 0, 'The username to authenticate as', '']),
|
|
OptString.new('SMBPASS', [ 0, 'The password for the specified username', '']),
|
|
OptString.new('SMBDOM', [ 0, 'The Windows domain to use for authentication', 'WORKGROUP']),
|
|
OptString.new('SMBNAME', [ 1, 'The NetBIOS hostname (required for port 139 connections)', '*SMBSERVER'])
|
|
|
|
], Msf::Exploit::Remote::SMB)
|
|
end
|
|
|
|
def smb_login
|
|
self.simple = SIMPLE.new(self.sock, datastore['SMBDirect'])
|
|
|
|
simple.login(
|
|
datastore['SMBNAME'],
|
|
datastore['SMBUSER'],
|
|
datastore['SMBPASS'],
|
|
datastore['SMBDOM']
|
|
)
|
|
end
|
|
|
|
def smb_peer_os
|
|
self.simple.client.peer_native_os
|
|
end
|
|
|
|
def smb_peer_lm
|
|
self.simple.client.peer_native_lm
|
|
end
|
|
|
|
def smb_create(pipe)
|
|
self.simple.create_pipe(pipe)
|
|
end
|
|
|
|
def smb_dcerpc_bind(fid, uuid, vers = '')
|
|
end
|
|
|
|
def smb_dcerpc_call(fid, func, stub = '')
|
|
end
|
|
|
|
attr_accessor :simple
|
|
|
|
|
|
end
|
|
end
|