C:/Web/smbrelay3/src/smbrelay3.cpp File Reference

#include "smbrelay.h"
#include "httprelay.h"
#include "smtprelay.h"
#include "pop3relay.h"
#include "imaprelay.h"
#include "smb.h"
#include "ntlm.h"
#include "misc.h"
#include "payload.h"
#include <stdio.h>
#include <stdlib.h>
#include <time.h>

Include dependency graph for smbrelay3.cpp:

Go to the source code of this file.

Functions

int HandleIncommingSmbRequest (RELAY *relay, char *destinationhostname, char *AlternateDestinationHostname, int destinationport, int ReconnectToSameTarget)
int ReplayAttackAgainst (int srcProtocol, int dstProtocol, int port, char *hostname, int DestinationPort)
int StablishNTLMSession (RELAY relay, char *host, char *lpUserName, char *lpPassword)
int ExecuteCode (RELAY relay)
int main (int argc, char *argv[])

Variables

const uint8 SpoofedChallengeKey [] = "\x11\x22\x33\x44\x55\x66\x77\x88"
char lpBackdoorFile [] = "smrs.exe"
int ListForSMBRequests = 0
int ListForHTTPRequests = 0
int ListForSMTPRequests = 0
int ListForIMAPRequests = 0
int ListForPOP3Requests = 0
int ProxySMB = 0
int PsExec = 0
int AdminResourceAvailable
int ListeningPort
int DestinationPort = 445
char * DestinationHost = NULL
char * lpUsername
char * lpPassword
int verbose = 0
char ftphost [100] = ""
int ftpport = 21
char ftpusername [100] = "a"
char ftppass [100] = "a"
char lpSrcHostname [256] = "SmbRelay3"
uint16 MultpleID


Function Documentation

int ExecuteCode ( RELAY  relay  ) 

Definition at line 557 of file smbrelay3.cpp.

References CtxItem::AbstractSyntaxis, AttackWeakServices(), BuildSmbPacket(), BuildTreeConnectAndXStub(), CtxItem::ContextID, CREATESERVICE, CreateServiceWStub(), debug, RELAY::destination, RELAY::destinationaddr, DumpMem(), ftphost, ftppass, ftpport, ftpusername, GenerateFTPTransfer(), GetDceRpcPacketFromBuffer, RELAY::hostname, lpBackdoorFile, DceInterface::MayorVersion, DceInterface::MinorVersion, NTCREATEANDX, CtxItem::NumberOfTransItems, OPENSCMANAGER, OpenScManagerWStub(), OPENSERVICEW, OpenServiceWStub(), CtxItem::padding, READANDX, RPC_RESPONSE, RPCBIND, SC_MANAGER_CREATE_SERVICE, SendBytesAndWaitForResponse(), SERVICE_AUTO_START, SERVICE_START, SERVICE_WIN32_OWN_PROCESS, Sleep, SMB_COM_TRANSACTION, SmbPacketLen, SMBWAITTIMEOUT, STARTSERVICE, TREECONNETANDX, verbose, WRITEANDX, and WriteRemoteFile().

Referenced by HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), and main().

Here is the call graph for this function:

int HandleIncommingSmbRequest ( RELAY relay,
char *  destinationhostname,
char *  AlternateDestinationHostname,
int  destinationport,
int  ReconnectToSameTarget 
)

Definition at line 159 of file smbrelay3.cpp.

References AddDialect(), smheader::buffer, BuildSmbPacket(), BuildSmbPacket1(), CleanLine(), closesocket, ConnectToRemoteHost(), CONTINUERESPONSE, debug, RELAY::destination, dumpAuthChallenge(), DumpMem(), ERRORRESPONSE, ExecuteCode(), smheader::flags, GetNTLMPacket3FromSmbPacket, GetNTLMPacketFromSmbPacket, GetSmbPacket2(), HandleIncommingSmbRequest(), smheader::multipleID, MultpleID, NEGOTIATEPROTOCOLREQUEST, smheader::NtStatus, SendBytesAndWaitForResponse(), SESSIONLOGOFF, SESSIONSETUPANDX, SmbPacketLen, SMBWAITTIMEOUT, RELAY::source, smheader::UserID, verbose, and Widetochar().

Here is the call graph for this function:

int main ( int  argc,
char *  argv[] 
)

Definition at line 771 of file smbrelay3.cpp.

References Banner(), ConnectToRemoteHost(), DestinationHost, DestinationPort, ExecuteCode(), ftphost, ftppass, ftpport, ftpusername, RELAY::hostname, ListeningPort, ListForHTTPRequests, ListForSMBRequests, lpPassword, lpSrcHostname, lpUsername, PSEXEC, PsExec, REPLAY_HTTP, REPLAY_IMAP, REPLAY_POP3, REPLAY_SMB, REPLAY_SMTP, ReplayAttackAgainst(), StablishNTLMSession(), usage(), and verbose.

Here is the call graph for this function:

int ReplayAttackAgainst ( int  srcProtocol,
int  dstProtocol,
int  port,
char *  hostname,
int  DestinationPort 
)

Definition at line 378 of file smbrelay3.cpp.

References closesocket, HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), INVALID_SOCKET, REPLAY_HTTP, REPLAY_IMAP, REPLAY_POP3, REPLAY_SMB, REPLAY_SMTP, and SOCKET.

Here is the call graph for this function:

int StablishNTLMSession ( RELAY  relay,
char *  host,
char *  lpUserName,
char *  lpPassword 
)

Definition at line 451 of file smbrelay3.cpp.

References AddDialect(), BuildSmbPacket(), BuildSmbPacket1(), debug, RELAY::destination, dumpAuthChallenge(), DumpMem(), GetNTLMPacketFromSmbPacket, GetSmbPacket2(), GetSmbPacket3(), lpSrcHostname, NEGOTIATEPROTOCOLREQUEST, smheader::NtStatus, SendBytesAndWaitForResponse(), SetEnviroment(), SmbPacketLen, SMBWAITTIMEOUT, UserID, and verbose.

Referenced by main().

Here is the call graph for this function:


Variable Documentation

int AdminResourceAvailable

Definition at line 137 of file smbrelay3.cpp.

char* DestinationHost = NULL

Definition at line 141 of file smbrelay3.cpp.

Referenced by main().

int DestinationPort = 445

Definition at line 140 of file smbrelay3.cpp.

Referenced by main().

char ftphost[100] = ""

Definition at line 150 of file smbrelay3.cpp.

Referenced by ExecuteCode(), and main().

char ftppass[100] = "a"

Definition at line 153 of file smbrelay3.cpp.

Referenced by ExecuteCode(), and main().

int ftpport = 21

Definition at line 151 of file smbrelay3.cpp.

Referenced by ExecuteCode(), and main().

char ftpusername[100] = "a"

Definition at line 152 of file smbrelay3.cpp.

Referenced by ExecuteCode(), and main().

int ListeningPort

Definition at line 139 of file smbrelay3.cpp.

Referenced by main().

int ListForHTTPRequests = 0

Definition at line 131 of file smbrelay3.cpp.

Referenced by main().

int ListForIMAPRequests = 0

Definition at line 133 of file smbrelay3.cpp.

int ListForPOP3Requests = 0

Definition at line 134 of file smbrelay3.cpp.

int ListForSMBRequests = 0

Definition at line 130 of file smbrelay3.cpp.

Referenced by main().

int ListForSMTPRequests = 0

Definition at line 132 of file smbrelay3.cpp.

char lpBackdoorFile[] = "smrs.exe"

Definition at line 129 of file smbrelay3.cpp.

Referenced by ExecuteCode().

char* lpPassword

Definition at line 144 of file smbrelay3.cpp.

Referenced by main().

char lpSrcHostname[256] = "SmbRelay3"

Definition at line 154 of file smbrelay3.cpp.

Referenced by main(), and StablishNTLMSession().

char* lpUsername

Definition at line 143 of file smbrelay3.cpp.

Referenced by main().

uint16 MultpleID

Definition at line 31 of file smb.cpp.

Referenced by BuildSmbPacket(), and HandleIncommingSmbRequest().

int ProxySMB = 0

Definition at line 135 of file smbrelay3.cpp.

Referenced by HandleIncommingHTTPRequest().

int PsExec = 0

Definition at line 136 of file smbrelay3.cpp.

Referenced by main().

const uint8 SpoofedChallengeKey[] = "\x11\x22\x33\x44\x55\x66\x77\x88"

Definition at line 123 of file smbrelay3.cpp.

Referenced by HandleIncommingHTTPRequest().

int verbose = 0

Definition at line 147 of file smbrelay3.cpp.

Referenced by ExecuteCode(), HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), main(), StablishNTLMSession(), and WriteRemoteFile().


Generated on Wed Nov 12 22:04:28 2008 for Smbrelay version 3 by  doxygen 1.5.4