profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/martingalloar/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Martin Gallo martingalloar @SecureAuthCorp Sur https://www.linkedin.com/in/mgallo/ Sr Director of Research at @SecureAuthCorp / Co-organizer @TandilSec / #12 / Words are mine

gelim/pysap 10

pysap SAPMS+SAPRFC patches for Gateway / MS research

martingalloar/python-docx 2

Create and modify Word documents with Python

martingalloar/ansible-honeysap 1

Ansible role: HoneySAP

martingalloar/ansible-tentacool 1

Ansible role: Tentacool

martingalloar/panelseguridad 1

Introducción al mundo de la seguridad

martingalloar/ansible 0

Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy. Avoid writing scripts or custom code to deploy and update your applications— automate in a language that approaches plain English, using SSH, with no agents to install on remote systems.

martingalloar/Basico 0

SAP Notes manager for SAP Consultants

martingalloar/docker_wireshark_sap_plugin 0

Dockerfile for setting up a wireshark with the plugin for dissecting SAP traffic

martingalloar/DVWA 0

Damn Vulnerable Web Application (DVWA)

martingalloar/ekolabs 0

EKOLABS esta dedicada para investigadores independientes y para la comunidad del Software Libre. Vamos a proveer de stands completos con monitor, alimentacion de energia y acceso a internet por cable, y vos vas a traer tu maquina para mostrar tu trabajo y responder preguntas de los participantes de Ekoparty Security Conference

PR opened SecureAuthCorp/impacket

Reviewers
Removed some deprecation warnings
  • Fixed warnings related to threading, that will start to appear in Pyhton 3.10, see https://docs.python.org/3.10/whatsnew/3.10.html#deprecated
  • Fixed warnings related to unrecognized escape sequences, see https://docs.python.org/3/reference/lexical_analysis.html#string-and-bytes-literals
+69 -47

0 comment

9 changed files

pr created time in 3 hours

create barnchSecureAuthCorp/impacket

branch : deprecation-warnings

created branch time in 3 hours

push eventSecureAuthCorp/impacket

Jonathan

commit sha 06af814e78fd3f8adfb7025154c471f005f0c426

Fixed wrong Enum type when dumping credential blob

view details

0xdeaddood

commit sha 8f2cdef322516dec196c5defa5a68bd4d4d4f4a1

Merge pull request #1073 from w0rmh013/master Fixed wrong Enum type when dumping credential blob

view details

0xdeaddood

commit sha 1636eaab69eb3b62399db76d12f552ecebb710d0

dpapi.py: Updated description and copyright year.

view details

Arseniy Sharoglazov

commit sha 4419d1255108f8e7acb6ce5d17a7a13857d83703

Complying MS-RPCH with HTTP/1.1

view details

skelsec

commit sha b73c54b39e6861947f81ecb59bf2b75f9e9cf12d

2x speedup for ntds.dit parsing

view details

skelsec

commit sha c9e8199909e51b0a6c358cf2a1e113b5a7c7ba47

adding peklist to global filter

view details

0xdeaddood

commit sha 358fc7c6be8488f24fa900220b4f2a82901b5774

Merge pull request #1141 from skelsec/master major speedup for ntds parsing

view details

Martin Gallo

commit sha 7bf33024bbbe2466501f8d226225b968aab5be43

SMBServer: Various fixes and improvements * Harness unit and functional tests, covering more operations * Added test for unicode filenames #878 * Added test for unicode username #700 * Added TID checks * Hardened path checks: * Added a normalize_path function * Using isInFileJail across operations * Added close method to avoid address reuse in tests

view details

Martin Gallo

commit sha 0bf5f0515bbab40c65de7b53ab41a2e4d58b24dc

SMBServer: Added missing query information levels * Added missing const and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO. This is part of #1093. * Handling missing SMB2 query info level SMB2_FILE_STANDARD_INFO

view details

Martin Gallo

commit sha 7cd166bfab58f220e122487b356122ffc8c27271

SMB Client: Handling empty search count in FindFileBothDirectoryInfo Better handle the case when SMB_FIND_FILE_BOTH_DIRECTORY_INFO returns and empty list of items.

view details

0xdeaddood

commit sha ee3b178d91f51c52ed60a186acf00afe17e72f2f

SMBServer: Added SMB2 support to QUERY_INFO Request (SMB2_0_INFO_FILE) * It should fix #1094

view details

0xdeaddood

commit sha 51cd77bd0cc6fd66564a337647c03deec6e548da

SMBServer: Enabled SMB_COM_FLUSH method * It should fix #714

view details

Martin Gallo

commit sha b43001875e283d679dfa31cc3cc70ca7d3cd1392

SMBServer: Fixed directory file attribute on SMB2_FILE_ALL_INFO

view details

0xdeaddood

commit sha 730a2c4976bc538473ca563436a0cb45ac1b6cc1

SMBServer: Improved file and path name handling in queryFileInformation & queryPathInformation.

view details

Martin Gallo

commit sha 863b3c8de0255b0fc33ec213f26f11bf9c664438

SMBServer: Adding missing info level and fixed structure This adds a missing Reserved field specified in [MS-FSCC] 2.4.19 and handles some SMB2 info levels that were missing as well. Should help fixing #1093.

view details

Martin Gallo

commit sha def1f7c78eb4f5d2d0accb6953b1f0e4340c6119

Merge branch 'master' into smbserver-fixes

view details

0xdeaddood

commit sha 29f7217e39c07820000f5378cdb192fb2fbbac89

Merge pull request #1136 from mohemiv/http-fix Complying MS-RPCH with HTTP/1.1

view details

Martin Gallo

commit sha 5aa97fa704ab88646f0bd9b814bedb2ba6368892

Merge pull request #1147 from SecureAuthCorp/smbserver-fixes SMBServer: Big review, fixes and improvements

view details

Martin Gallo

commit sha fac172018fddd066955154156cd6378c4348f8d3

Merge branch 'master' into test-refactor

view details

Martin Gallo

commit sha 1893ce7f96d5b616303473e21fdbea946fb55899

Merge branch 'test-refactor' of https://github.com/SecureAuthCorp/impacket into test-refactor

view details

push time in 17 days

delete branch SecureAuthCorp/impacket

delete branch : test-refactor-dcerpc

delete time in 17 days

push eventSecureAuthCorp/impacket

Martin Gallo

commit sha c348d94b0f275db449906fad27ab9434c8c3ff90

Tests: Refactor DCE/RPC endpoints test cases (#1151) Main changes are: * Moved DCE/RPC endpoints test cases to a separate folder to better match code layout * Using a base class for test cases to abstract code and reduce reuse * Improved some of the tests cases to avoid code duplication * Marking and skipping tests cases known to be failing

view details

push time in 17 days

PR merged SecureAuthCorp/impacket

Tests: Refactor DCE/RPC endpoints test cases

Main changes are:

  • Moved DCE/RPC endpoints test cases to a separate folder to better match code layout
  • Using a base class for test cases to abstract code and reduce reuse
  • Improved some of the tests cases to avoid code duplication
  • Marking and skipping tests cases known to be failing
+2602 -3416

0 comment

31 changed files

martingalloar

pr closed time in 17 days

push eventSecureAuthCorp/impacket

push time in 17 days

push eventSecureAuthCorp/impacket

Jonathan

commit sha 06af814e78fd3f8adfb7025154c471f005f0c426

Fixed wrong Enum type when dumping credential blob

view details

0xdeaddood

commit sha 8f2cdef322516dec196c5defa5a68bd4d4d4f4a1

Merge pull request #1073 from w0rmh013/master Fixed wrong Enum type when dumping credential blob

view details

0xdeaddood

commit sha 1636eaab69eb3b62399db76d12f552ecebb710d0

dpapi.py: Updated description and copyright year.

view details

Arseniy Sharoglazov

commit sha 4419d1255108f8e7acb6ce5d17a7a13857d83703

Complying MS-RPCH with HTTP/1.1

view details

skelsec

commit sha b73c54b39e6861947f81ecb59bf2b75f9e9cf12d

2x speedup for ntds.dit parsing

view details

skelsec

commit sha c9e8199909e51b0a6c358cf2a1e113b5a7c7ba47

adding peklist to global filter

view details

0xdeaddood

commit sha 358fc7c6be8488f24fa900220b4f2a82901b5774

Merge pull request #1141 from skelsec/master major speedup for ntds parsing

view details

Martin Gallo

commit sha 7bf33024bbbe2466501f8d226225b968aab5be43

SMBServer: Various fixes and improvements * Harness unit and functional tests, covering more operations * Added test for unicode filenames #878 * Added test for unicode username #700 * Added TID checks * Hardened path checks: * Added a normalize_path function * Using isInFileJail across operations * Added close method to avoid address reuse in tests

view details

Martin Gallo

commit sha 0bf5f0515bbab40c65de7b53ab41a2e4d58b24dc

SMBServer: Added missing query information levels * Added missing const and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO. This is part of #1093. * Handling missing SMB2 query info level SMB2_FILE_STANDARD_INFO

view details

Martin Gallo

commit sha 7cd166bfab58f220e122487b356122ffc8c27271

SMB Client: Handling empty search count in FindFileBothDirectoryInfo Better handle the case when SMB_FIND_FILE_BOTH_DIRECTORY_INFO returns and empty list of items.

view details

0xdeaddood

commit sha ee3b178d91f51c52ed60a186acf00afe17e72f2f

SMBServer: Added SMB2 support to QUERY_INFO Request (SMB2_0_INFO_FILE) * It should fix #1094

view details

0xdeaddood

commit sha 51cd77bd0cc6fd66564a337647c03deec6e548da

SMBServer: Enabled SMB_COM_FLUSH method * It should fix #714

view details

Martin Gallo

commit sha b43001875e283d679dfa31cc3cc70ca7d3cd1392

SMBServer: Fixed directory file attribute on SMB2_FILE_ALL_INFO

view details

0xdeaddood

commit sha 730a2c4976bc538473ca563436a0cb45ac1b6cc1

SMBServer: Improved file and path name handling in queryFileInformation & queryPathInformation.

view details

Martin Gallo

commit sha 863b3c8de0255b0fc33ec213f26f11bf9c664438

SMBServer: Adding missing info level and fixed structure This adds a missing Reserved field specified in [MS-FSCC] 2.4.19 and handles some SMB2 info levels that were missing as well. Should help fixing #1093.

view details

Martin Gallo

commit sha def1f7c78eb4f5d2d0accb6953b1f0e4340c6119

Merge branch 'master' into smbserver-fixes

view details

0xdeaddood

commit sha 29f7217e39c07820000f5378cdb192fb2fbbac89

Merge pull request #1136 from mohemiv/http-fix Complying MS-RPCH with HTTP/1.1

view details

Martin Gallo

commit sha 5aa97fa704ab88646f0bd9b814bedb2ba6368892

Merge pull request #1147 from SecureAuthCorp/smbserver-fixes SMBServer: Big review, fixes and improvements

view details

Martin Gallo

commit sha 4e699e4a27f4bd240d129f4a7fcee246c3d1502a

Merge branch 'master' into test-refactor-dcerpc

view details

push time in 17 days

push eventSecureAuthCorp/impacket

Martin Gallo

commit sha d6c7d14b0d1653a4bfb4b5db7133eb8a367be8ec

Tests: Commenting out failing code on skipped test

view details

push time in 17 days

PR opened SecureAuthCorp/impacket

Tests: Refactor DCE/RPC endpoints test cases

Main changes are:

  • Moved DCE/RPC endpoints test cases to a separate folder to better match code layout
  • Using a base class for test cases to abstract code and reduce reuse
  • Improved some of the tests cases to avoid code duplication
  • Marking and skipping tests cases known to be failing
+2602 -3416

0 comment

31 changed files

pr created time in 17 days

create barnchSecureAuthCorp/impacket

branch : test-refactor-dcerpc

created branch time in 17 days

startedairbus-seclab/c-compiler-security

started time in 20 days

issue closedSecureAuthCorp/impacket

about secretsdump

hi all when i used secretsdump.py i found a fiie name is 2.txt.cached i want to konw what this and how use it

command:secretsdump.py administrator:Passw0rd@10.1.2.90 -outputfile /tmp/2.txt

image

closed time in 21 days

JK-Love

issue commentSecureAuthCorp/impacket

about secretsdump

Hey @JK-Love! That file actually contain the cached credentials that the script was able to find in the target system. There're some nice guides and documentation out there that might give you more details about how to further use those, check out as an example https://medium.com/@benichmt1/secretsdump-demystified-bfd0f933dd9b.

JK-Love

comment created time in 21 days

issue closedSecureAuthCorp/impacket

Blackeye issue - No hyperlinks

Hi Guys, I'm experiencing issue with Blackeye. I tried several versions and updates which should resolve the issue, but nothing to do... I didn't find any hyperlinks to send to the target. Is there somebody who has a solution? Thanks much in advance for your help. Have a nice day

closed time in 21 days

cooperpro62

issue commentSecureAuthCorp/impacket

Blackeye issue - No hyperlinks

Hey @cooperpro62! This repository is about Impacket and we do not support third party tools. I suggest you to check out their contact and try to report to their devs/maintainers/community. Good look with the tool!

cooperpro62

comment created time in 21 days

delete branch SecureAuthCorp/impacket

delete branch : smbserver-fixes

delete time in 24 days

push eventSecureAuthCorp/impacket

Martin Gallo

commit sha 7bf33024bbbe2466501f8d226225b968aab5be43

SMBServer: Various fixes and improvements * Harness unit and functional tests, covering more operations * Added test for unicode filenames #878 * Added test for unicode username #700 * Added TID checks * Hardened path checks: * Added a normalize_path function * Using isInFileJail across operations * Added close method to avoid address reuse in tests

view details

Martin Gallo

commit sha 0bf5f0515bbab40c65de7b53ab41a2e4d58b24dc

SMBServer: Added missing query information levels * Added missing const and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO. This is part of #1093. * Handling missing SMB2 query info level SMB2_FILE_STANDARD_INFO

view details

Martin Gallo

commit sha 7cd166bfab58f220e122487b356122ffc8c27271

SMB Client: Handling empty search count in FindFileBothDirectoryInfo Better handle the case when SMB_FIND_FILE_BOTH_DIRECTORY_INFO returns and empty list of items.

view details

0xdeaddood

commit sha ee3b178d91f51c52ed60a186acf00afe17e72f2f

SMBServer: Added SMB2 support to QUERY_INFO Request (SMB2_0_INFO_FILE) * It should fix #1094

view details

0xdeaddood

commit sha 51cd77bd0cc6fd66564a337647c03deec6e548da

SMBServer: Enabled SMB_COM_FLUSH method * It should fix #714

view details

Martin Gallo

commit sha b43001875e283d679dfa31cc3cc70ca7d3cd1392

SMBServer: Fixed directory file attribute on SMB2_FILE_ALL_INFO

view details

0xdeaddood

commit sha 730a2c4976bc538473ca563436a0cb45ac1b6cc1

SMBServer: Improved file and path name handling in queryFileInformation & queryPathInformation.

view details

Martin Gallo

commit sha 863b3c8de0255b0fc33ec213f26f11bf9c664438

SMBServer: Adding missing info level and fixed structure This adds a missing Reserved field specified in [MS-FSCC] 2.4.19 and handles some SMB2 info levels that were missing as well. Should help fixing #1093.

view details

Martin Gallo

commit sha def1f7c78eb4f5d2d0accb6953b1f0e4340c6119

Merge branch 'master' into smbserver-fixes

view details

Martin Gallo

commit sha 5aa97fa704ab88646f0bd9b814bedb2ba6368892

Merge pull request #1147 from SecureAuthCorp/smbserver-fixes SMBServer: Big review, fixes and improvements

view details

push time in 24 days

PR merged SecureAuthCorp/impacket

SMBServer: Big review, fixes and improvements

The main changes introduced are:

SMBServer:

  • Added TID checks
  • Hardened path checks:
    • Added a normalize_path function
    • Using isInFileJail across operations
  • Added missing Reserved field specified in [MS-FSCC] 2.4.19 and handles some SMB2 info levels that were missing as well. Should help fixing #1093
  • Improved file and path name handling in queryFileInformation & queryPathInformation
  • Fixed directory file attribute on SMB2_FILE_ALL_INFO
  • Enabled SMB_COM_FLUSH method. It should fix #714
  • Added SMB2 support to QUERY_INFO Request (SMB2_0_INFO_FILE). It should fix #1094
  • Added missing constant and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO. This is part of #1093
  • Handling missing SMB2 query info level SMB2_FILE_STANDARD_INFO

SMBClient:

  • Handling empty search count in FindFileBothDirectoryInfo

Tests:

  • Harness unit and functional tests, covering more operations
  • Added close method to avoid address reuse in tests
  • Added test for unicode filenames #878
  • Added test for unicode username #700
+1248 -499

1 comment

5 changed files

martingalloar

pr closed time in 24 days

issue closedSecureAuthCorp/impacket

SMBServer doesn't work with mount.cifs

Configuration

impacket version: 0.9.23 Python version: 3.6.8 Target OS: centos-release-7-8.2003.0.el7.centos.x86_64

Description

I run the examples/smbserver.py script and try to mount it to a folder using mount.cifs. But, it doesn't work. I tested this SMB server with smbclient and it works fine.

Steps to reproduce

Start SMB server with next command:

python3 smbserver.py -comment COMMENT_SME -username USERNAME_SME -password PASSWORD_SME -hashes C7B5C696553EA33C602E46BAB613B889:CF45E37345CD2AAC1562ECC3EF965047 -ts -debug -ip 0.0.0.0 -port 445 -smb2support shareName_SME sharePath_SME

Execute next mount command:

mount -t cifs -o rw,soft,nolock,iocharset=utf8,user='USERNAME_SME',password=PASSWORD_SME,vers=2.0,mapchars '//127.0.0.1/shareName_SME' '/mnt/CIFS/test1/'

Additional Information

I tried to debug it. Here is what I found. It looks like the issue is in the function queryFsInformation in impacket/smbserver.py. The queryFsInformation is called with next params:

path = "sharePath_SME"
filename = "."
level = 0x4
pktFlags = 32768

Because of level = 0x4 it goes to the block:

	lastWriteTime = mtime
	attribs = 0
	if os.path.isdir(pathName):
		attribs |= smb.SMB_FILE_ATTRIBUTE_DIRECTORY
	if os.path.isfile(pathName):
		attribs |= smb.SMB_FILE_ATTRIBUTE_NORMAL
	fileAttributes = attribs
	return fileSize, lastWriteTime, fileAttributes

As I understand the function queryFsInformation should return Structure object. But, in this case it returns a tuple. This is the reason why later it fails with this error:

[2021-06-09 14:13:58] [*] Handle: ("'tuple' object has no attribute 'encode'", "When packing field 'Buffer | : | (4096, 1623236193, 16)' in <class 'impacket.smb3structs.SMB2QueryInfo_Response'>")

closed time in 24 days

igorkostyrko

issue closedSecureAuthCorp/impacket

Filenames with anonymous login smb files, shorter then 12 characters

Cannot run an anonymous smb share

while running this:

docker run --rm -it -p 445:445 -v "${PWD}:/tmp/serve" rflathers/impacket smbserver.py -smb2support SHARE /tmp/serve

with the client on localhost like this:

smbget -a smb://localhost/SHARE/ -R

I would expect that the files would be downloaded but there was an error.

logs

smbget

# smbget -a smb://localhost/SHARE/ -R
Using workgroup WORKGROUP, guest user
smb://localhost/SHARE//smbserver.py                                                                                                                                          
Can't stat smb://localhost/SHARE//test.html: Invalid argument
Failed to download /test.html: Invalid argument

smbserver.py from docker

# docker run --rm -it -p 445:445 -v "${PWD}:/tmp/serve" rflathers/impacket smbserver.py -smb2support SHARE /tmp/serve
Impacket v0.9.22.dev1 - Copyright 2020 SecureAuth Corporation

[*] Config file parsed
[*] Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
[*] Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
[*] Config file parsed
[*] Config file parsed
[*] Config file parsed
[*] Incoming connection (172.17.0.1,48852)
[*] AUTHENTICATE_MESSAGE (\,)
[*] User \ authenticated successfully
[*] :::::4141414141414141
[*] Connecting Share(1:SHARE)
[*] Closing down connection (172.17.0.1,48852)
[*] Remaining connections []

cause of problem

Somehow the files with shorter (len(filename) < 12) will not be downloaded by the client.

Software used:

Clients:

  • smbget
  • smbclient

Server

  • docker smbserver.py
  • impacket-smbserver.py (on kali)

Filename is to short (POC)

Server:

mkdir /tmp/tmp_smb_server
cd /tmp/tmp_smb_server
for i in {20..1}; do touch $(python3 -c "print('A'*($i))"); done
# for with data:
## for i in {20..1}; do echo "a" > $(python3 -c "print('A'*($i) + '.txt')"); done
docker run --rm -it -p 445:445 -v "${PWD}:/tmp/serve" rflathers/impacket smbserver.py -smb2support SHARE /tmp/serve

Client:

mkdir /tmp/temp_smbget
cd /tmp/smbget
for i in {20..0}; do python3 -c "print('A'*$i+'' )"; done | xargs -I {} smbget -d 1 -a smb://localhost/SHARE/{};ls -lA; rm *A

image

closed time in 24 days

esp0xdeadbeef

issue closedSecureAuthCorp/impacket

Samba server returns empty file

Configuration

impacket version: git master (0.9.22.dev1+20200929.152157.fe642b24) Python version: 3.7.3 Target OS: macOS

Debug Output With Command String

INFO:impacket.smbserver:Config file parsed
INFO:impacket:Callback added for UUID 4B324FC8-1670-01D3-1278-5A47BF6EE188 V:3.0
INFO:impacket:Callback added for UUID 6BFFD098-A112-3610-9833-46C3F87E345A V:1.0
INFO:impacket.smbserver:Config file parsed
INFO:impacket.smbserver:Config file parsed
INFO:impacket.smbserver:Config file parsed
INFO:impacket.smbserver:Config file parsed
INFO:impacket.smbserver:Config file parsed
INFO:impacket.smbserver:Incoming connection (127.0.0.1,49160)
INFO:impacket.smbserver:NetBIOS Session request (127.0.0.1,TEST,MMWD           )
INFO:impacket.smbserver:AUTHENTICATE_MESSAGE (\Samba,MMWD)
INFO:impacket.smbserver:User MMWD\Samba authenticated successfully
INFO:impacket.smbserver:Samba:::12345678abcdef00:c9c4de71fc069f0c2abf0e0ded52691b:0101000000000000000000000000000031ba687f558f6bad0000000001000800740065007300740003000800740065007300740002001000620047004d006f0072004c0076004a0004001000620047004d006f0072004c0076004a0007000800806490048a9cd60100000000
INFO:impacket.smbserver:Connecting Share(1:TEST)

Server script:

"""Test samba server."""
import logging

from impacket import smbserver, version
from impacket.ntlm import compute_lmhash, compute_nthash

logging.getLogger().setLevel(logging.DEBUG)
logging.debug(version.getInstallationPath())

if __name__ == '__main__':
    server = smbserver.SimpleSMBServer(listenAddress='localhost', listenPort=1234)
    server._SimpleSMBServer__smbConfig.set('global', 'server_name', 'test')  # needed for pysmb
    server._SimpleSMBServer__server.setServerConfig(server._SimpleSMBServer__smbConfig)
    server._SimpleSMBServer__srvsServer.setServerConfig(server._SimpleSMBServer__smbConfig)
    server._SimpleSMBServer__server.processConfigFile()
    server._SimpleSMBServer__srvsServer.processConfigFile()
    server.addShare('TEST', '../../tests/data', '', readOnly='yes')
    server.setSMB2Support(True)

    lmhash = compute_lmhash('password')
    nthash = compute_nthash('password')
    server.addCredential('Samba', 0, lmhash, nthash)
    server.setSMBChallenge('12345678abcdef00')
    server.setLogFile('')
    server.start()

Additional context

I'm using the impacket smbserver to simulate a samba share for testing purposes. When I try to retrieve a file from the share (file is listed correctly, so is the share) with pysmb, I get an empty object in the return.

import io
from smb.SMBConnection import SMBConnection
conn = SMBConnection('Samba', 'password', 'MMWD', 'test', use_ntlm_v2=True)
connected = conn.connect('localhost', port=1234)
files_list = conn.listPath('TEST', '/myfolder')  # this works
contents = io.BytesIO()
file_attributes, file_size = conn.retrieveFile('TEST', '/myfolder/somefile.csv', contents)
# file_size is zero and contents is empty

Any idea why this is happening? Is some implementation missing from the server? The code above works with a real samba share in production.

closed time in 24 days

vbersier

issue closedSecureAuthCorp/impacket

smbserver 'Not implemented command: 0x5' with reg save \\IP\share

Hello, I've noticed that when I want to use a command like : reg save hklm\sam \\IP\share with latest version of impacket command sudo examples/smbserver.py share . -debug I've the following errors image

The error shown on Windows XP machine :+1: image

The weird thing is that sometime the file get transferred properly despite the error messages. There is no issues with regular copy sam \\IP\share\sam on the same machine.

closed time in 24 days

h4knet

pull request commentSecureAuthCorp/impacket

SMBServer: Big review, fixes and improvements

🚀 Nice team work on this piece, thanks @0xdeaddood!

martingalloar

comment created time in 24 days

issue closedSecureAuthCorp/impacket

Lack of Unicode support?

Not sure what's going on here:

*] Incoming connection (188.0.164.251,54588)
[*] AUTHENTICATE_MESSAGE (\§ ЇЁбЁ,)
[*] User \§ ЇЁбЁ authenticated successfully
[*] § ЇЁбЁ:::4141414141414141:1275790fb737f07885b66f4b9a96d49f:010100000000000080c4a236ed9fd5014e5a6d667569726f00000000010010004500410072005600460074005a006c0002001000720068004d007800710056004f007000030010004500410072005600460074005a006c0004001000720068004d007800710056004f0070000700080080c4a236ed9fd50109001a0063006900660073002f004500410072005600460074005a006c000000000000000000

Looks like the username is getting mangled pretty bad

closed time in 25 days

mubix

issue commentSecureAuthCorp/impacket

Lack of Unicode support?

We added tests for unicode usernames in #1147 and it seem to be working as expected, so this might be due to some weird stuff as mentioned earlier. Closing, please reopen if you happen to find this again!

mubix

comment created time in 25 days

issue closedSecureAuthCorp/impacket

bad unicode support in smbserver

Configuration

impacket version: 0.9.21 Python version: 2.7/3.8 Target OS: Alpine linux

Debug Output With Command String

No unicode bidi support

using python, create a file:

open(u'test\u202Etest', 'wb').close() 

this is comming from str():

2071                  if errorCode == STATUS_SUCCESS:
2072                      try:
2073                          if os.path.isdir(pathName) and sys.platform == 'win32':
2074                             fid = VOID_FILE_DESCRIPTOR
2075                          else:
2076                             if sys.platform == 'win32':
2077                                mode |= os.O_BINARY
2078                             if str(pathName) in smbServer.getRegisteredNamedPipes():
2079                                 fid = PIPE_FILE_DESCRIPTOR
2080                                 sock = socket.socket()
2081                                 sock.connect(smbServer.getRegisteredNamedPipes()[str(pathName)])
2082                             else:
2083                                 fid = os.open(pathName, mode)

closed time in 25 days

pierrehpezier

issue commentSecureAuthCorp/impacket

bad unicode support in smbserver

We took a look at this issue and added tests for unicode file names in #1147. Looks like this is working fine in Python 3.x, but still failing in Python 2.x. However, we're trying to move out of the 2.x and thus not going to back port it.

Please reopen if you still have issues with this in Python 3.x!

pierrehpezier

comment created time in 25 days

PR opened SecureAuthCorp/impacket

Reviewers
SMBServer: Big review, fixes and improvements

The main changes introduced are:

SMBServer:

  • Added TID checks
  • Hardened path checks:
    • Added a normalize_path function
    • Using isInFileJail across operations
  • Added missing Reserved field specified in [MS-FSCC] 2.4.19 and handles some SMB2 info levels that were missing as well. Should help fixing #1093
  • Improved file and path name handling in queryFileInformation & queryPathInformation
  • Fixed directory file attribute on SMB2_FILE_ALL_INFO
  • Enabled SMB_COM_FLUSH method. It should fix #714
  • Added SMB2 support to QUERY_INFO Request (SMB2_0_INFO_FILE). It should fix #1094
  • Added missing constant and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO. This is part of #1093
  • Handling missing SMB2 query info level SMB2_FILE_STANDARD_INFO

SMBClient:

  • Handling empty search count in FindFileBothDirectoryInfo

Tests:

  • Harness unit and functional tests, covering more operations
  • Added close method to avoid address reuse in tests
  • Added test for unicode filenames #878
  • Added test for unicode username #700
+1248 -499

0 comment

5 changed files

pr created time in 25 days

create barnchSecureAuthCorp/impacket

branch : smbserver-fixes

created branch time in 25 days