Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update smbexec.py #1863

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update smbexec.py #1863

wants to merge 1 commit into from

Conversation

AabyssZG
Copy link

Update smbexec.py to fixing Bug

When I use smbexec.py,find a Bug:

C:\impacket\impacket-master\examples>python3 smbexec.py Administrator:QWE@[email protected] -debug

[+] Impacket Library Installation Path: C:\Python\Python38\lib\site-packages\impacket
[+] StringBinding ncacn_np:10.10.0.1[\pipe\svcctl]
[+] Executing %COMSPEC% /Q /c echo cd  ^> \\%COMPUTERNAME%\C$\__output 2^>^&1 > %SYSTEMROOT%\xSBmWrWK.bat & %COMSPEC% /Q /c %SYSTEMROOT%\xSBmWrWK.bat & del %SYSTEMROOT%\xSBmWrWK.bat
Traceback (most recent call last):
  File "C:\Python\Python38\lib\site-packages\impacket\smbconnection.py", line 771, in getFile
    return self._SMBConnection.retr_file(shareName, pathName, callback)
  File "C:\Python\Python38\lib\site-packages\impacket\smb3.py", line 1912, in retrieveFile
    fileId = self.create(treeId, path, FILE_READ_DATA, shareAccessMode, FILE_NON_DIRECTORY_FILE, mode, 0, createContexts=createContexts)
  File "C:\Python\Python38\lib\site-packages\impacket\smb3.py", line 1312, in create
    if ans.isValidAnswer(STATUS_SUCCESS):
  File "C:\Python\Python38\lib\site-packages\impacket\smb3structs.py", line 460, in isValidAnswer
    raise smb3.SessionError(self['Status'], self)
impacket.smb3.SessionError: SMB SessionError: STATUS_SHARING_VIOLATION(A file cannot be opened because the share access flags are incompatible.)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "smbexec.py", line 161, in run
    self.shell = RemoteShell(self.__share, rpctransport, self.__mode, self.__serviceName, self.__shell_type)
  File "smbexec.py", line 209, in __init__
    self.do_cd('')
  File "smbexec.py", line 251, in do_cd
    self.execute_remote('cd ' )
  File "smbexec.py", line 304, in execute_remote
    self.get_output()
  File "smbexec.py", line 271, in get_output
    self.transferClient.getFile(self.__share, OUTPUT_FILENAME, output_callback)
  File "C:\Python\Python38\lib\site-packages\impacket\smbconnection.py", line 775, in getFile
    raise SessionError(e.get_error_code(), e.get_error_packet())
impacket.smbconnection.SessionError: SMB SessionError: code: 0xc0000043 - STATUS_SHARING_VIOLATION - A file cannot be opened because the share access flags are incompatible.

[-] SMB SessionError: code: 0xc0000043 - STATUS_SHARING_VIOLATION - A file cannot be opened because the share access flags are incompatible.

Bugs-2

Beacuse the Old File C$\__output is occupied by a process, the solution is to specify a new file name.

The latest version has not yet been repaired,so i submit this PR,thank you.

@anadrianmanrique anadrianmanrique added the in review This issue or pull request is being analyzed label Dec 12, 2024
@anadrianmanrique anadrianmanrique added medium Medium priority item and removed in review This issue or pull request is being analyzed labels Jan 9, 2025
alexisbalbachan
alexisbalbachan requested changes Jan 15, 2025
View reviewed changes
Copy link
Contributor

@alexisbalbachan alexisbalbachan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, because OUTPUT_FILENAME value changes on each execution, we need to log its value somewhere in the code: logging.debug('OUTPUT_FILENAME: %s' % OUTPUT_FILENAME)

examples/smbexec.py
@@ -56,7 +56,7 @@
from impacket.dcerpc.v5 import transport, scmr
from impacket.krb5.keytab import Keytab

OUTPUT_FILENAME = '__output'
OUTPUT_FILENAME = '__output'.join(random.sample(['z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a'], 2))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be better to import string and then use string.ascii_lowercase as follows

Suggested change
OUTPUT_FILENAME = '__output'.join(random.sample(['z','y','x','w','v','u','t','s','r','q','p','o','n','m','l','k','j','i','h','g','f','e','d','c','b','a'], 2))
OUTPUT_FILENAME = '__output'.join(random.sample(string.ascii_lowercase, 2))

@alexisbalbachan alexisbalbachan added the waiting for response Further information is needed from people who opened the issue or pull request label Jan 15, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexisbalbachan alexisbalbachan alexisbalbachan requested changes

Assignees

@alexisbalbachan alexisbalbachan

Labels
medium Medium priority item waiting for response Further information is needed from people who opened the issue or pull request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AabyssZG @alexisbalbachan @anadrianmanrique