Module: Msf::Exploit::Remote::SMB::RelayServer
- Defined in:
- lib/msf/core/exploit/remote/smb/relay_server.rb
Overview
This mixin provides a minimal SMB server
Defined Under Namespace
Classes: SMBRelayServer
Instance Attribute Summary
Attributes included from Msf::Exploit::Remote::SocketServer
Instance Method Summary collapse
- #initialize(info = {}) ⇒ Object
- #on_relay_failure(relay_connection:) ⇒ Object
- #relay_targets ⇒ Object
- #smb_logger ⇒ Object
- #start_service(_opts = {}) ⇒ Object
Methods included from Server::HashCapture
#bin_to_hex, #build_jtr_file_name, #on_ntlm_type3, #report_ntlm_type3, #validate_smb_hash_capture_datastore
Methods included from Auxiliary::Report
#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot
Methods included from Metasploit::Framework::Require
optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines
Methods included from Msf::Exploit::Remote::SocketServer
#_determine_server_comm, #bindhost, #bindport, #cleanup, #cleanup_service, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string
Instance Method Details
#initialize(info = {}) ⇒ Object
10 11 12 13 14 15 16 17 18 19 20 21 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 10 def initialize(info = {}) super ( [ OptPort.new('SRVPORT', [true, 'The local port to listen on.', 445]), OptString.new('SMBDomain', [true, 'The domain name used during SMB exchange.', 'WORKGROUP'], aliases: ['DOMAIN_NAME']), OptInt.new('SRV_TIMEOUT', [true, 'Seconds that the server socket will wait for a response after the client has initiated communication.', 25]), OptAddressRange.new('RELAY_TARGETS', [true, 'Target address range or CIDR identifier to relay to'], aliases: ['SMBHOST']), OptInt.new('RELAY_TIMEOUT', [true, 'Seconds that the relay socket will wait for a response after the client has initiated communication.', 25]) ], self.class) end |
#on_relay_failure(relay_connection:) ⇒ Object
151 152 153 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 151 def on_relay_failure(relay_connection:) # noop end |
#relay_targets ⇒ Object
147 148 149 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 147 def relay_targets raise NotImplementedError, 'the including module must define #relay_targets' end |
#smb_logger ⇒ Object
23 24 25 26 27 28 29 30 31 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 23 def smb_logger log_device = if datastore['VERBOSE'] Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Module.new(self) else Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Framework.new(framework) end Msf::Exploit::Remote::SMB::LogAdapter::Logger.new(self, log_device) end |
#start_service(_opts = {}) ⇒ Object
106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 106 def start_service(_opts = {}) ntlm_provider = Msf::Exploit::Remote::SMB::Relay::Provider::AlwaysGrantAccess.new( default_domain: datastore['SMBDomain'] ) # Set domain name for all future server responses ntlm_provider.dns_domain = datastore['SMBDomain'] ntlm_provider.dns_hostname = datastore['SMBDomain'] ntlm_provider.netbios_domain = datastore['SMBDomain'] ntlm_provider.netbios_hostname = datastore['SMBDomain'] validate_smb_hash_capture_datastore(datastore, ntlm_provider) comm = _determine_server_comm(datastore['SRVHOST']) print_status("SMB Server is running. Listening on #{datastore['SRVHOST']}:#{datastore['SRVPORT']}") @service = Rex::ServiceManager.start( self.class::SMBRelayServer, { socket: { 'Comm' => comm, 'LocalHost' => datastore['SRVHOST'], 'LocalPort' => datastore['SRVPORT'], 'Server' => true, 'Timeout' => datastore['SRV_TIMEOUT'], 'Context' => { 'Msf' => framework, 'MsfExploit' => self } }, smb_server: { gss_provider: ntlm_provider, logger: smb_logger, relay_targets: relay_targets, listener: self, relay_timeout: datastore['RELAY_TIMEOUT'], thread_manager: framework.threads } } ) end |