Module: Msf::Exploit::Remote::SMB::Client::Ipc

Includes:

Auxiliary::Report, Authenticated

Included in:

MsIcpr, MsLsad, MsSamr, MsWkst

Defined in:

lib/msf/core/exploit/remote/smb/client/ipc.rb

Defined Under Namespace

Classes: SmbIpcAuthenticationError, SmbIpcConnectionError, SmbIpcError

Constant Summary

Constants included from Msf::Exploit::Remote::SMB::Client

CONST, DCERPCClient, DCERPCPacket, DCERPCResponse, DCERPCUUID, NDR, SIMPLE, XCEPT

Instance Attribute Summary

Attributes included from Msf::Exploit::Remote::SMB::Client

#simple

Attributes included from Tcp

#sock

Class Method Summary

• .connect_ipc ⇒ Object
• .disconnect_ipc(ipc_tree) ⇒ Object

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Methods included from Authenticated

#initialize

Methods included from Kerberos::ServiceAuthenticator::Options

#kerberos_auth_options, #kerberos_clock_skew_seconds

Methods included from Kerberos::Ticket::Storage

#initialize, #kerberos_storage_options, #kerberos_ticket_storage, store_ccache

Methods included from Msf::Exploit::Remote::SMB::Client

#connect, #domain, #domain_username_split, #initialize, #smb_create, #smb_direct, #smb_enumprinters, #smb_enumprintproviders, #smb_file_exist?, #smb_file_rm, #smb_fingerprint, #smb_fingerprint_windows_lang, #smb_fingerprint_windows_sp, #smb_hostname, #smb_lanman_netshareenumall, #smb_login, #smb_lookup_share_type, #smb_netshareenumall, #smb_netsharegetinfo, #smb_open, #smb_peer_lm, #smb_peer_os, #smb_srvsvc_netshareenumall, #smb_srvsvc_netsharegetinfo, #smbhost, #splitname, #unicode

Methods included from Tcp

#chost, #cleanup, #connect, #connect_timeout, #cport, #disconnect, #handler, #initialize, #lhost, #lport, #peer, #print_prefix, #proxies, #replicant, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version, #sslkeylogfile

Class Method Details

.connect_ipc ⇒ Object

# File 'lib/msf/core/exploit/remote/smb/client/ipc.rb', line 20

def connect_ipc
  begin
    if session
      self.simple = session.simple_client
      ipc_tree = simple.client.tree_connect("\\\\#{simple.peerhost}\\IPC$")
    else
      connect
      # smb_login does a tree_connect to the IPC share already.
      ipc_tree = smb_login
    end
  rescue Rex::ConnectionError => e
    raise SmbIpcConnectionError, e.message
  rescue Rex::Proto::SMB::Exceptions::Error, RubySMB::Error::RubySMBError => e
    raise SmbIpcAuthenticationError, "Unable to authenticate ([#{e.class}] #{e})."
  end

  report_service(
    name: 'dcerpc',
    info: "Module: #{fullname}",
    host: simple.peerhost,
    port: simple.peerport,
    proto: 'tcp',
    resource: { smb: { share: 'IPC$' } },
    parents: {
      name: 'smb',
      host: simple.peerhost,
      port: simple.peerport,
      proto: 'tcp',
      info: "Module: #{fullname}, last negotiated version: SMBv#{simple.client.negotiated_smb_version} (dialect = #{simple.client.dialect})"
    }
  )

  ipc_tree
end

.disconnect_ipc(ipc_tree) ⇒ Object

# File 'lib/msf/core/exploit/remote/smb/client/ipc.rb', line 55

def disconnect_ipc(ipc_tree)
  ipc_tree.disconnect! if ipc_tree
end