Merge pull request #93 from p0dalirius/adding-explicit-consent-to-tes…

…t-write-access

[enhancement] adding-explicit-consent-to-test-write-access

smbclientng/core/InteractiveShell.py

@@ -969,10 +969,24 @@ def command_shares(self, arguments, command):
         # Active SMB connection needed : Yes
         # SMB share needed             : No
 
+        test_write = False
         do_check_rights = False
         if len(arguments) != 0:
             if arguments[0] == "rights":
                 do_check_rights = True
+                test_write = False
+
+        self.logger.print("WARNING: Checking WRITE access to shares in offensive tools implies creating a folder and trying to delete it.")
+        self.logger.print("| If you have CREATE_CHILD rights but no DELETE_CHILD rights, the folder cannot be deleted and will remain on the target.")
+        self.logger.print("| Do you want to continue? [N/y] ", end='')
+        user_response = input()
+        self.logger.write_to_logfile(user_response)
+        while user_response.lower().strip() not in ['y', 'n']:
+            self.logger.print("| Invalid response, Do you want to continue? [N/y] ", end='')
+            user_response = input()
+            self.logger.write_to_logfile(user_response)
+        if user_response.lower().strip() == 'y':
+            test_write = True
 
         shares = self.sessionsManager.current_session.list_shares()
         if len(shares.keys()) != 0:
@@ -1000,7 +1014,7 @@ def command_shares(self, arguments, command):
                     str_comment = "[bold bright_yellow]" + shares[sharename]["comment"] + "[/bold bright_yellow]"
 
                 if do_check_rights:
-                    access_rights = self.sessionsManager.current_session.test_rights(sharename=shares[sharename]["name"])
+                    access_rights = self.sessionsManager.current_session.test_rights(sharename=shares[sharename]["name"], test_write=test_write)
                     str_access_rights = "[bold yellow]NO ACCESS[/bold yellow]"
                     if access_rights["readable"] and access_rights["writable"]:
                         str_access_rights = "[bold green]READ[/bold green], [bold red]WRITE[/bold red]"

smbclientng/core/SMBSession.py

@@ -1246,7 +1246,7 @@ def umount(self, local_mount_point):
 
     # Other functions
 
-    def test_rights(self, sharename): 
+    def test_rights(self, sharename, test_write=False): 
         """
         Tests the read and write access rights of the current SMB session.
 
@@ -1263,19 +1263,24 @@ def test_rights(self, sharename):
         self.set_share(shareName=sharename)
 
         access_rights = {"readable": False, "writable": False}
+
+        # READ
         try:
             self.smbClient.listPath(self.smb_share, '*', password=None)
             access_rights["readable"] = True
         except impacket.smbconnection.SessionError as e:
             access_rights["readable"] = False
-
-        try:
-            temp_dir = ntpath.normpath("\\" + ''.join([random.choice("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456759") for k in range(16)]))
-            self.smbClient.createDirectory(self.smb_share, temp_dir)
-            self.smbClient.deleteDirectory(self.smb_share, temp_dir)
-            access_rights["writable"] = True
-        except impacket.smbconnection.SessionError as e:
-            access_rights["writable"] = False
+
+
+        if test_write:
+            # WRITE
+            try:
+                temp_dir = ntpath.normpath("\\" + ''.join([random.choice("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456759") for k in range(16)]))
+                self.smbClient.createDirectory(self.smb_share, temp_dir)
+                self.smbClient.deleteDirectory(self.smb_share, temp_dir)
+                access_rights["writable"] = True
+            except impacket.smbconnection.SessionError as e:
+                access_rights["writable"] = False
 
         # Restore the current share
         self.set_share(shareName=current_share)