Module: Msf::Payload::Adapter::Fetch::Server::SMB

Includes:
Exploit::Remote::SMB::LogAdapter, Exploit::Remote::SMB::Server::HashCapture
Included in:
Msf::Payload::Adapter::Fetch::SMB
Defined in:
lib/msf/core/payload/adapter/fetch/server/smb.rb

Instance Method Summary collapse

Methods included from Exploit::Remote::SMB::Server::HashCapture

#bin_to_hex, #build_jtr_file_name, #on_ntlm_type3, #report_ntlm_type3, #validate_smb_hash_capture_datastore

Methods included from Auxiliary::Report

#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Methods included from Metasploit::Framework::Require

optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines

Instance Method Details

#cleanup_smb_fetch_service(fetch_service) ⇒ Object



38
39
40
41
# File 'lib/msf/core/payload/adapter/fetch/server/smb.rb', line 38

def cleanup_smb_fetch_service(fetch_service)
  fetch_service.remove_share(@fetch_virtual_disk)
  fetch_service.deref
end

#fetch_protocolObject



43
44
45
# File 'lib/msf/core/payload/adapter/fetch/server/smb.rb', line 43

def fetch_protocol
  'SMB'
end

#on_client_connect(client) ⇒ Object



72
73
74
# File 'lib/msf/core/payload/adapter/fetch/server/smb.rb', line 72

def on_client_connect(client)
  vprint_status("Received SMB connection from #{client.peerhost}")
end

#start_smb_fetch_handler(srvport, srvhost, srvuri, srvexe) ⇒ Object



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
# File 'lib/msf/core/payload/adapter/fetch/server/smb.rb', line 47

def start_smb_fetch_handler(srvport, srvhost, srvuri, srvexe)
  unless srvuri.include?('\\')
    raise RuntimeError, 'The srvuri argument must include a share name'
  end

  share_name, _, share_path = srvuri.partition('\\')

  fetch_service = start_smb_server(srvport, srvhost)
  if fetch_service.nil?
    cleanup_handler
    fail_with(Msf::Exploit::Failure::BadConfig, "Fetch handler failed to start on #{Rex::Socket.to_authority(srvhost, srvport)}")
  end

  if fetch_service.shares.key?(share_name)
    cleanup_smb_fetch_service(fetch_service)
    fail_with(Msf::Exploit::Failure::BadConfig, "The specified SMB share '#{share_name}' already exists.")
  end

  @fetch_virtual_disk = RubySMB::Server::Share::Provider::VirtualDisk.new(share_name)
  # the virtual disk expects the path to use the native File::SEPARATOR so normalize on that here
  @fetch_virtual_disk.add_static_file(share_path, srvexe)
  fetch_service.add_share(@fetch_virtual_disk)
  fetch_service
end

#start_smb_server(srvport, srvhost) ⇒ Object



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/msf/core/payload/adapter/fetch/server/smb.rb', line 6

def start_smb_server(srvport, srvhost)
  vprint_status("Starting SMB server on #{Rex::Socket.to_authority(srvhost, srvport)}")

  log_device = LogDevice::Framework.new(framework)
  logger = Logger.new(self, log_device)

  ntlm_provider = Msf::Exploit::Remote::SMB::Server::HashCapture::HashCaptureNTLMProvider.new(
    allow_anonymous: true,
    allow_guests: true,
    listener: self,
    ntlm_type3_status: nil
  )

  fetch_service = Rex::ServiceManager.start(
    Rex::Proto::SMB::Server,
    srvport,
    srvhost,
    {
      'Msf'        => framework,
      'MsfExploit' => self,
    },
    _determine_server_comm(srvhost),
    gss_provider: ntlm_provider,
    logger: logger
  )

  fetch_service.on_client_connect_proc = Proc.new { |client|
    on_client_connect(client)
  }
  fetch_service
end