Module: Msf::Exploit::Remote::SMB::RelayServer
- Includes:
- Auxiliary::MultipleTargetHosts, Relay::NTLM::HashCapture, Msf::Exploit::Remote::SocketServer
- Defined in:
- lib/msf/core/exploit/remote/smb/relay_server.rb
Overview
This mixin provides a minimal SMB server
Defined Under Namespace
Classes: SMBRelayServer
Instance Attribute Summary
Attributes included from Msf::Exploit::Remote::SocketServer
Instance Method Summary collapse
- #initialize(info = {}) ⇒ Object
- #on_relay_failure(relay_connection:) ⇒ Object
- #relay_targets ⇒ Object
- #smb_logger ⇒ Object
- #start_service(_opts = {}) ⇒ Object
Methods included from Msf::Exploit::Remote::SocketServer
#_determine_server_comm, #bindhost, #bindport, #cleanup, #cleanup_service, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvhost_addr, #srvport, #via_string
Methods included from Auxiliary::MultipleTargetHosts
Instance Method Details
#initialize(info = {}) ⇒ Object
11 12 13 14 15 16 17 18 19 20 21 22 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 11 def initialize(info = {}) super ( [ OptPort.new('SRVPORT', [true, 'The local port to listen on.', 445]), OptString.new('SMBDomain', [true, 'The domain name used during SMB exchange.', 'WORKGROUP'], aliases: ['DOMAIN_NAME']), OptInt.new('SRV_TIMEOUT', [true, 'Seconds that the server socket will wait for a response after the client has initiated communication.', 25]), OptAddressRange.new('RHOSTS', [true, 'Target address range or CIDR identifier to relay to'], aliases: ['SMBHOST', 'RELAY_TARGETS']), OptInt.new('RELAY_TIMEOUT', [true, 'Seconds that the relay socket will wait for a response after the client has initiated communication.', 25]) ], self.class) end |
#on_relay_failure(relay_connection:) ⇒ Object
155 156 157 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 155 def on_relay_failure(relay_connection:) # noop end |
#relay_targets ⇒ Object
151 152 153 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 151 def relay_targets raise NotImplementedError, 'the including module must define #relay_targets' end |
#smb_logger ⇒ Object
24 25 26 27 28 29 30 31 32 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 24 def smb_logger log_device = if datastore['VERBOSE'] Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Module.new(self) else Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Framework.new(framework) end Msf::Exploit::Remote::SMB::LogAdapter::Logger.new(self, log_device) end |
#start_service(_opts = {}) ⇒ Object
107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 |
# File 'lib/msf/core/exploit/remote/smb/relay_server.rb', line 107 def start_service(_opts = {}) ntlm_provider = Msf::Exploit::Remote::SMB::Relay::Provider::AlwaysGrantAccess.new( default_domain: datastore['SMBDomain'] ) # Set domain name for all future server responses ntlm_provider.dns_domain = datastore['SMBDomain'] ntlm_provider.dns_hostname = datastore['SMBDomain'] ntlm_provider.netbios_domain = datastore['SMBDomain'] ntlm_provider.netbios_hostname = datastore['SMBDomain'] validate_hash_capture_datastore(datastore, ntlm_provider) comm = _determine_server_comm(bindhost) @service = Rex::ServiceManager.start( self.class::SMBRelayServer, { socket: { 'Comm' => comm, 'LocalHost' => bindhost, 'LocalPort' => datastore['SRVPORT'], 'Server' => true, 'Timeout' => datastore['SRV_TIMEOUT'], 'Context' => { 'Msf' => framework, 'MsfExploit' => self } }, smb_server: { gss_provider: ntlm_provider, logger: smb_logger, relay_targets: relay_targets, listener: self, relay_timeout: datastore['RELAY_TIMEOUT'], thread_manager: framework.threads } } ) print_status("SMB Server is running. Listening on #{Rex::Socket.(bindhost, datastore['SRVPORT'])}") @service rescue Errno::EACCES => e fail_with(Msf::Module::Failure::BadConfig, "Failed to create the relay server: #{e.to_s}") end |