#include "smbrelay.h"
#include "httprelay.h"
#include "smtprelay.h"
#include "pop3relay.h"
#include "imaprelay.h"
#include "smb.h"
#include "ntlm.h"
#include "misc.h"
#include "payload.h"
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
Go to the source code of this file.
Functions | |
int | HandleIncommingSmbRequest (RELAY *relay, char *destinationhostname, char *AlternateDestinationHostname, int destinationport, int ReconnectToSameTarget) |
int | ReplayAttackAgainst (int srcProtocol, int dstProtocol, int port, char *hostname, int DestinationPort) |
int | StablishNTLMSession (RELAY relay, char *host, char *lpUserName, char *lpPassword) |
int | ExecuteCode (RELAY relay) |
int | main (int argc, char *argv[]) |
Variables | |
const uint8 | SpoofedChallengeKey [] = "\x11\x22\x33\x44\x55\x66\x77\x88" |
char | lpBackdoorFile [] = "smrs.exe" |
int | ListForSMBRequests = 0 |
int | ListForHTTPRequests = 0 |
int | ListForSMTPRequests = 0 |
int | ListForIMAPRequests = 0 |
int | ListForPOP3Requests = 0 |
int | ProxySMB = 0 |
int | PsExec = 0 |
int | AdminResourceAvailable |
int | ListeningPort |
int | DestinationPort = 445 |
char * | DestinationHost = NULL |
char * | lpUsername |
char * | lpPassword |
int | verbose = 0 |
char | ftphost [100] = "" |
int | ftpport = 21 |
char | ftpusername [100] = "a" |
char | ftppass [100] = "a" |
char | lpSrcHostname [256] = "SmbRelay3" |
uint16 | MultpleID |
int ExecuteCode | ( | RELAY | relay | ) |
Definition at line 557 of file smbrelay3.cpp.
References CtxItem::AbstractSyntaxis, AttackWeakServices(), BuildSmbPacket(), BuildTreeConnectAndXStub(), CtxItem::ContextID, CREATESERVICE, CreateServiceWStub(), debug, RELAY::destination, RELAY::destinationaddr, DumpMem(), ftphost, ftppass, ftpport, ftpusername, GenerateFTPTransfer(), GetDceRpcPacketFromBuffer, RELAY::hostname, lpBackdoorFile, DceInterface::MayorVersion, DceInterface::MinorVersion, NTCREATEANDX, CtxItem::NumberOfTransItems, OPENSCMANAGER, OpenScManagerWStub(), OPENSERVICEW, OpenServiceWStub(), CtxItem::padding, READANDX, RPC_RESPONSE, RPCBIND, SC_MANAGER_CREATE_SERVICE, SendBytesAndWaitForResponse(), SERVICE_AUTO_START, SERVICE_START, SERVICE_WIN32_OWN_PROCESS, Sleep, SMB_COM_TRANSACTION, SmbPacketLen, SMBWAITTIMEOUT, STARTSERVICE, TREECONNETANDX, verbose, WRITEANDX, and WriteRemoteFile().
Referenced by HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), and main().
int HandleIncommingSmbRequest | ( | RELAY * | relay, | |
char * | destinationhostname, | |||
char * | AlternateDestinationHostname, | |||
int | destinationport, | |||
int | ReconnectToSameTarget | |||
) |
Definition at line 159 of file smbrelay3.cpp.
References AddDialect(), smheader::buffer, BuildSmbPacket(), BuildSmbPacket1(), CleanLine(), closesocket, ConnectToRemoteHost(), CONTINUERESPONSE, debug, RELAY::destination, dumpAuthChallenge(), DumpMem(), ERRORRESPONSE, ExecuteCode(), smheader::flags, GetNTLMPacket3FromSmbPacket, GetNTLMPacketFromSmbPacket, GetSmbPacket2(), HandleIncommingSmbRequest(), smheader::multipleID, MultpleID, NEGOTIATEPROTOCOLREQUEST, smheader::NtStatus, SendBytesAndWaitForResponse(), SESSIONLOGOFF, SESSIONSETUPANDX, SmbPacketLen, SMBWAITTIMEOUT, RELAY::source, smheader::UserID, verbose, and Widetochar().
int main | ( | int | argc, | |
char * | argv[] | |||
) |
Definition at line 771 of file smbrelay3.cpp.
References Banner(), ConnectToRemoteHost(), DestinationHost, DestinationPort, ExecuteCode(), ftphost, ftppass, ftpport, ftpusername, RELAY::hostname, ListeningPort, ListForHTTPRequests, ListForSMBRequests, lpPassword, lpSrcHostname, lpUsername, PSEXEC, PsExec, REPLAY_HTTP, REPLAY_IMAP, REPLAY_POP3, REPLAY_SMB, REPLAY_SMTP, ReplayAttackAgainst(), StablishNTLMSession(), usage(), and verbose.
int ReplayAttackAgainst | ( | int | srcProtocol, | |
int | dstProtocol, | |||
int | port, | |||
char * | hostname, | |||
int | DestinationPort | |||
) |
Definition at line 378 of file smbrelay3.cpp.
References closesocket, HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), INVALID_SOCKET, REPLAY_HTTP, REPLAY_IMAP, REPLAY_POP3, REPLAY_SMB, REPLAY_SMTP, and SOCKET.
int StablishNTLMSession | ( | RELAY | relay, | |
char * | host, | |||
char * | lpUserName, | |||
char * | lpPassword | |||
) |
Definition at line 451 of file smbrelay3.cpp.
References AddDialect(), BuildSmbPacket(), BuildSmbPacket1(), debug, RELAY::destination, dumpAuthChallenge(), DumpMem(), GetNTLMPacketFromSmbPacket, GetSmbPacket2(), GetSmbPacket3(), lpSrcHostname, NEGOTIATEPROTOCOLREQUEST, smheader::NtStatus, SendBytesAndWaitForResponse(), SetEnviroment(), SmbPacketLen, SMBWAITTIMEOUT, UserID, and verbose.
Referenced by main().
Definition at line 137 of file smbrelay3.cpp.
char* DestinationHost = NULL |
int DestinationPort = 445 |
char ftphost[100] = "" |
char ftppass[100] = "a" |
int ftpport = 21 |
char ftpusername[100] = "a" |
int ListeningPort |
int ListForHTTPRequests = 0 |
int ListForIMAPRequests = 0 |
Definition at line 133 of file smbrelay3.cpp.
int ListForPOP3Requests = 0 |
Definition at line 134 of file smbrelay3.cpp.
int ListForSMBRequests = 0 |
int ListForSMTPRequests = 0 |
Definition at line 132 of file smbrelay3.cpp.
char lpBackdoorFile[] = "smrs.exe" |
char* lpPassword |
char lpSrcHostname[256] = "SmbRelay3" |
char* lpUsername |
Definition at line 31 of file smb.cpp.
Referenced by BuildSmbPacket(), and HandleIncommingSmbRequest().
int ProxySMB = 0 |
int PsExec = 0 |
const uint8 SpoofedChallengeKey[] = "\x11\x22\x33\x44\x55\x66\x77\x88" |
int verbose = 0 |
Definition at line 147 of file smbrelay3.cpp.
Referenced by ExecuteCode(), HandleIncommingHTTPRequest(), HandleIncommingIMAPRequest(), HandleIncommingPOP3Request(), HandleIncommingSmbRequest(), HandleIncommingSMTPRequest(), main(), StablishNTLMSession(), and WriteRemoteFile().