#include "smbrelay.h"#include "httprelay.h"#include "smtprelay.h"#include "pop3relay.h"#include "imaprelay.h"#include "smb.h"#include "ntlm.h"#include "misc.h"#include "payload.h"#include <stdio.h>#include <stdlib.h>#include <time.h>
Go to the source code of this file.
Functions | |
| int | HandleIncommingSmbRequest (RELAY *relay, char *destinationhostname, char *AlternateDestinationHostname, int destinationport, int ReconnectToSameTarget) |
| int | ReplayAttackAgainst (int srcProtocol, int dstProtocol, int port, char *hostname, int DestinationPort) |
| int | StablishNTLMSession (RELAY relay, char *host, char *lpUserName, char *lpPassword) |
| int | ExecuteCode (RELAY relay) |
| int | main (int argc, char *argv[]) |
Variables | |
| const uint8 | SpoofedChallengeKey [] = "\x11\x22\x33\x44\x55\x66\x77\x88" |
| char | lpBackdoorFile [] = "smrs.exe" |
| int | ListForSMBRequests = 0 |
| int | ListForHTTPRequests = 0 |
| int | ListForSMTPRequests = 0 |
| int | ListForIMAPRequests = 0 |
| int | ListForPOP3Requests = 0 |
| int | ProxySMB = 0 |
| int | PsExec = 0 |
| int | AdminResourceAvailable |
| int | ListeningPort |
| int | DestinationPort = 445 |
| char * | DestinationHost = NULL |
| char * | lpUsername |
| char * | lpPassword |
| int | verbose = 0 |
| char | ftphost [100] = "" |
| int | ftpport = 21 |
| char | ftpusername [100] = "a" |
| char | ftppass [100] = "a" |
| char | lpSrcHostname [256] = "SmbRelay3" |
| uint16 | MultpleID |
| int ExecuteCode | ( | RELAY | relay | ) |
Definition at line 557 of file smbrelay3.cpp.
References CtxItem::AbstractSyntaxis, AttackWeakServices(), BuildSmbPacket(), BuildTreeConnectAndXStub(), CtxItem::ContextID, CREATESERVICE, CreateServiceWStub(), debug, RELAY::destination, RELAY::destinationaddr, DumpMem(), ftphost, ftppass, ftpport, ftpusername, GenerateFTPTransfer(), GetDceRpcPacketFromBuffer, RELAY::hostname, lpBackdoorFile, DceInterface::MayorVersion, DceInterface::MinorVersion, NTCREATEANDX, CtxItem::NumberOfTransItems, OPENSCMANAGER, OpenScManagerWStub(), OPENSERVICEW, OpenServiceWStub(), CtxItem::padding, READANDX, RPC_RESPONSE, RPCBIND, SC_MANAGER_CREATE_SERVICE, SendBytesAndWaitForResponse(), SERVICE_AUTO_START, SERVICE_START, SERVICE_WIN32_OWN_PROCESS, Sleep, SMB_COM_TRANSACTION, SmbPacketLen, SMBWAITTIMEOUT, STARTSERVICE, TREECONNETANDX, verbose, WRITEANDX, and WriteRemoteFile().
Referenced by HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), and main().
| int HandleIncommingSmbRequest | ( | RELAY * | relay, | |
| char * | destinationhostname, | |||
| char * | AlternateDestinationHostname, | |||
| int | destinationport, | |||
| int | ReconnectToSameTarget | |||
| ) |
Definition at line 159 of file smbrelay3.cpp.
References AddDialect(), smheader::buffer, BuildSmbPacket(), BuildSmbPacket1(), CleanLine(), closesocket, ConnectToRemoteHost(), CONTINUERESPONSE, debug, RELAY::destination, dumpAuthChallenge(), DumpMem(), ERRORRESPONSE, ExecuteCode(), smheader::flags, GetNTLMPacket3FromSmbPacket, GetNTLMPacketFromSmbPacket, GetSmbPacket2(), HandleIncommingSmbRequest(), smheader::multipleID, MultpleID, NEGOTIATEPROTOCOLREQUEST, smheader::NtStatus, SendBytesAndWaitForResponse(), SESSIONLOGOFF, SESSIONSETUPANDX, SmbPacketLen, SMBWAITTIMEOUT, RELAY::source, smheader::UserID, verbose, and Widetochar().
| int main | ( | int | argc, | |
| char * | argv[] | |||
| ) |
Definition at line 771 of file smbrelay3.cpp.
References Banner(), ConnectToRemoteHost(), DestinationHost, DestinationPort, ExecuteCode(), ftphost, ftppass, ftpport, ftpusername, RELAY::hostname, ListeningPort, ListForHTTPRequests, ListForSMBRequests, lpPassword, lpSrcHostname, lpUsername, PSEXEC, PsExec, REPLAY_HTTP, REPLAY_IMAP, REPLAY_POP3, REPLAY_SMB, REPLAY_SMTP, ReplayAttackAgainst(), StablishNTLMSession(), usage(), and verbose.
| int ReplayAttackAgainst | ( | int | srcProtocol, | |
| int | dstProtocol, | |||
| int | port, | |||
| char * | hostname, | |||
| int | DestinationPort | |||
| ) |
Definition at line 378 of file smbrelay3.cpp.
References closesocket, HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), INVALID_SOCKET, REPLAY_HTTP, REPLAY_IMAP, REPLAY_POP3, REPLAY_SMB, REPLAY_SMTP, and SOCKET.
| int StablishNTLMSession | ( | RELAY | relay, | |
| char * | host, | |||
| char * | lpUserName, | |||
| char * | lpPassword | |||
| ) |
Definition at line 451 of file smbrelay3.cpp.
References AddDialect(), BuildSmbPacket(), BuildSmbPacket1(), debug, RELAY::destination, dumpAuthChallenge(), DumpMem(), GetNTLMPacketFromSmbPacket, GetSmbPacket2(), GetSmbPacket3(), lpSrcHostname, NEGOTIATEPROTOCOLREQUEST, smheader::NtStatus, SendBytesAndWaitForResponse(), SetEnviroment(), SmbPacketLen, SMBWAITTIMEOUT, UserID, and verbose.
Referenced by main().
Definition at line 137 of file smbrelay3.cpp.
| char* DestinationHost = NULL |
| int DestinationPort = 445 |
| char ftphost[100] = "" |
| char ftppass[100] = "a" |
| int ftpport = 21 |
| char ftpusername[100] = "a" |
| int ListeningPort |
| int ListForHTTPRequests = 0 |
| int ListForIMAPRequests = 0 |
Definition at line 133 of file smbrelay3.cpp.
| int ListForPOP3Requests = 0 |
Definition at line 134 of file smbrelay3.cpp.
| int ListForSMBRequests = 0 |
| int ListForSMTPRequests = 0 |
Definition at line 132 of file smbrelay3.cpp.
| char lpBackdoorFile[] = "smrs.exe" |
| char* lpPassword |
| char lpSrcHostname[256] = "SmbRelay3" |
| char* lpUsername |
Definition at line 31 of file smb.cpp.
Referenced by BuildSmbPacket(), and HandleIncommingSmbRequest().
| int ProxySMB = 0 |
| int PsExec = 0 |
| const uint8 SpoofedChallengeKey[] = "\x11\x22\x33\x44\x55\x66\x77\x88" |
| int verbose = 0 |
Definition at line 147 of file smbrelay3.cpp.
Referenced by ExecuteCode(), HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), main(), StablishNTLMSession(), and WriteRemoteFile().
1.5.4