Rewrite #6
Rewrite #6
Conversation
… passed causing ip->name resolution to fail 100% of the time
Fixed bug in socket.getnameinfo() call
re-wrote the argument parsing, using argparse
Added wmi as a method for command execution By default will act as the smb_version scanner in metasploit
|
Hey man! Holy cow these changes are amazing! Threading was something I was planning on doing for a while now. I've never really done any work with threads though, and I knew that adding it would require some pretty major changes to the way in which the script executed. I'm currently engaged with a couple of clients at the moment, so I'll have to check this out in detail during some down time later in the week. Talk about some major changes though :) . I think this might warrant an entirely new branch for us to work with. I'm a thrilled that someone with some actual coding skills took interest in this project. It started a little over a year ago using PySMB, and really took off once I made the jump to Impacket. Hopefully we can get the remaining functions (path listing, file search, auto download etc) integrated into this branch. It's such a crazy useful resource to have when you're doing internals. With the addition of threading, it will now be useful for account brute forcing (gotta love Season+Year password combos and a juicy null session on the DC). Thanks a ton for putting in the effort man!! I'm really looking forward to the final take on this iteration. -Shawn |
|
Hey Man, One other question, i saw that you added CIDR notation support. This was -Shawn On Sat, May 2, 2015 at 12:33 PM, byt3bl33d3r [email protected]
Shawn Evans |
|
@ShawnDEvans Glad you liked the changes ;) |
|
@ShawnDEvans you can drop me an email anytime at [email protected] if you have any suggestions or questions |
|
I'm all for adding an IP range parser to this thing, but probably once all the features are back up and running. I'm going to have a bit of free time today so I'll checkout your commit and see if I can get anything else working on the threaded release. One more thing I wanted to bounce off you. The current version has a distributed file content searching feature. It's stupid simple, and pretty slow (it uses findstr so maybe searching through 1gb/sec on the victim host), but it's a solid idea. Basically a findstr job is started, it gets a unique name, and the output is stored in the "temp" directory of the current user as the job name. Once SMBMap sends the command to the remote host, it periodically checks to see if the output file (jobname.txt) is still locked by the parent process (findstr). Once the lock is removed, the fiIe is downloaded. I know PowerShell has Select-String, which from what I understand is pretty fast (even compared to grep). I'm considering changing around the findstr command to run "gci" to dump the dirs, and then fire off a "Select-String" process for each top level dir (omitting Windows) to improve performance. What are your thoughts on that approach, or any other method to improve the speed with which you can scan for regex patterns within files on a remote host. Take it easy man! |
|
I've been working with the @byt3bl33d3r code this week and have made some additional changes to improve the output, which has been coming out extremely scattered and difficult to read. I've also cut down the number of connections made against shares by slicing out bad logins, adding a filter (with flag) to not show NO ACCESS shares, and re-adding file read (with flag) since I often collect systems to scan from nmap. I'm also looking to add auto-mapping for discovered shares and cred sets to try in case one set fails. However, I'm hesitant to create a pull request until you've accepted his code (or updated to whichever portion you're going to keep). That way, it reduces the amount of code that you need to review. If you'd rather I create the pull request, let me know. |
|
Hey! Thanks for your interesting in contributing. I'm actually working on packing in all of the existing functionality into the "gevent" threaded release at the moment. I'm also pretty new to using 'git' on the command line, so I'm sure at some point i'll accidentally trash someone else's changes. That said, I'm hoping to have most of that wrapped up by tomorrow. Maybe hold off until then, and we can combine the enhanced output at that point? I'm pretty sure that all of the changes you made will still be present after everything is added back in. Again, many thanks for your interest in the project. I'm really looking forward to seeing where this tool goes with the help of the community on GitHub! -Shawn |
|
Sure. I'm following the project, so I'll see updates. I'll just rework things from what you provide from tomorrow's update. Small request: Can you add in a version number to make tracking a little easier? |
|
Will add a version number too, any preference where it starts? Also, I got distracted by a client, so work on the threaded version is paused for the moment. |
|
Start where it makes sense to you. Just waiting for the update, and hope we
can see it soon.
|
|
I'll roll with subversions of the tagged release. I had to pause dev on the threaded version because I had so many issues crop up with the "stable" one. This happens literally every time I'm engaged with a client on-site (i.e on a network with lots of juicy SMB targets). That said, the changes to the non-threaded version will make their way into this fork (branch?) eventually, as 90% of the logic is the same. Baby steps. |
|
Nice pull request, are this and the other pulls still going to be merged or is it not under development anymore? |
|
So, will this be merged or? Sincerely, |
|
It's 2022 now.. Still no merge on this? |
|
Ha too long to still say I'm busy? I actually refactored the entire code
base and threaded everything. It was awesome, literally 20 tunes
faster....I lost everything after a hard drive crash and that kick to the
nuts demotivated me. I'll review the pull soon.
…On Sun, Mar 6, 2022, 2:20 PM Jerrad ***@***.***> wrote:
It's 2022 now.. Still no merge on this?
—
Reply to this email directly, view it on GitHub
<#6 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA6SKWFZ75BH3GPVXYF2TWLU6UARHANCNFSM4BBY4TIA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
A kick to the nuts is a fair demotivator. I've incorporated a bunch of your code as a library i'll PR it at some point. |
hey man,
I've been wanting to write something similar to smbmap for a long time, so I've been tweaking it the past day or so..
This is by no means finished, just wanted to submit this PR so you can kinda get a sense of the shape that it's taking.
So far there have been only a couple of major changes:
Usage examples
smb_versionMetasploit module,by default it will use ten threads (you can use more with the
-toption)With 100 threads:
A very notable difference :)
-execmswitch if you want to execute the command using wmi:If you don't specify the execution method it will default to
smbexec.The reason for this is that
wmiexeccontains blocking calls so it can't be made asynchronous,smbexecon the other hand can , so I thought it was best to default to that.I'm still working on re-implementing all of the other options such as file searching ecc...
Let me know what you think!
Cheers