sneedmca/shadowbrokers-exploits
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
shadowbrokers-exploits/windows/Resources/Ops/PyScripts/scansweep/scanengine2/rpctouch.py
Donncha O'Cearbhaill 7f640a83d4 Inital commit of Shadowbrokers 'Lost in Translation' release
2017-04-14 11:45:07 +02:00

116 lines
No EOL
4 KiB
Python
Raw Permalink Blame History

import ops.cmd
import util.mac
import dsz
from scanengine2 import scan
import os.path
import re
def _whats_your_job():
return 'rpctouch\\|*'
def _whats_your_name():
return 'rpctouch'
def _support_ipv6():
return False
class rpctouch(scan, ):
def __init__(self, job, timeout=60):
scan.__init__(self, job)
if (len(job) > 1):
self.port = job[0].split('|')[1]
self.scan_type = _whats_your_name()
self.timeout = timeout
def execute_scan(self, verbose):
redir_cmd = scan.gettunnel(self, self.target, 'tcp', self.port)
PATH_TO_RPCTOUCH = scan.find_newest_touch(self, 'Rpctouch', 'exe')
PATH_TO_RPCXML = scan.find_newest_touch(self, 'Rpctouch', 'xml')
rpccmd = ops.cmd.getDszCommand('run', dszquiet=(not verbose))
rpc_cmd_list = []
rpc_cmd_list.append(('--InConfig %s' % PATH_TO_RPCXML))
rpc_cmd_list.append(('--TargetIp %s' % '127.0.0.1'))
rpc_cmd_list.append(('--TargetPort %s' % redir_cmd.lplisten))
rpc_cmd_list.append(('--NetworkTimeout %s' % self.timeout))
if (int(self.port) == 445):
rpc_cmd_list.append(('--Protocol %s' % 'SMB'))
elif (int(self.port) == 139):
rpc_cmd_list.append(('--Protocol %s' % 'NBT'))
rpc_cmd_list.append(('--NetBIOSName %s' % '*SMBSERVER'))
rpc_cmd_list.append(('--TouchLanguage %s' % 'False'))
rpc_cmd_list.append(('--TouchArchitecture %s' % 'False'))
outconfig = os.path.join(ops.LOGDIR, 'Logs', ('%s_%s_%s.xml' % (os.path.basename(PATH_TO_RPCTOUCH), self.target, dsz.Timestamp())))
rpc_cmd_list.append(('--OutConfig %s' % outconfig))
rpc_cmd_string = ((PATH_TO_RPCTOUCH + ' ') + ' '.join(rpc_cmd_list))
rpccmd.command = ('cmd /C %s' % rpc_cmd_string)
rpccmd.arglist.append('-redirect')
rpccmd.arglist.append(('-directory %s' % os.path.join(ops.DSZDISKSDIR, 'lib', 'x86-Windows')))
rpccmd.prefixes.append('local')
rpccmd.prefixes.append('log')
rpcobject = rpccmd.execute()
ops.networking.redirect.stop_tunnel(dsz_cmd=redir_cmd)
cmd_output = {}
cmd_output['error'] = None
screenlog = os.path.join(ops.PROJECTLOGDIR, rpcobject.commandmetadata.screenlog)
f = open(screenlog, 'r')
screenlog_lines = f.readlines()
f.close()
error = False
for line in screenlog_lines:
re_out = re.search('] SMB String:', line.strip())
if (re_out is not None):
self.os = line.split(':')[(-1)].strip()
if ((self.os is None) or (self.os == '(none)')):
error = True
self.timestamp = dsz.Timestamp()
if (error == False):
self.success = True
def return_success_message(self):
return ('RPCtouch response for %s' % self.target)
def verify_escalation(self, escalation_rule):
rpctouch = self
try:
eval_res = eval(escalation_rule)
if ((eval_res == True) or (eval_res == False)):
return True
else:
return False
except:
return False
def check_escalation(self, escalation_rule):
rpctouch = self
try:
if eval(escalation_rule):
return True
else:
return False
except:
return False
def return_data(self):
return scan.return_data(self)
def get_display_headers(self):
return ['Targeted Address', 'Port', 'OS', 'Time Stamp']
def get_data_fields(self):
return ['target', 'port', 'os', 'timestamp']
def get_raw_fields(self):
return (self.get_data_fields() + ['success'])
def verify_job(self, job):
if ((not (len(job) == 2)) or (not (int(job[1]) in [139, 445]))):
return False
return True
def min_time(self):
return 30
def min_range(self):
return 5
Reference in a new issue View git blame Copy permalink