diff --git a/smbclientng/core/InteractiveShell.py b/smbclientng/core/InteractiveShell.py index 176adbf..2c5df01 100644 --- a/smbclientng/core/InteractiveShell.py +++ b/smbclientng/core/InteractiveShell.py @@ -969,10 +969,24 @@ def command_shares(self, arguments, command): # Active SMB connection needed : Yes # SMB share needed : No + test_write = False do_check_rights = False if len(arguments) != 0: if arguments[0] == "rights": do_check_rights = True + test_write = False + + self.logger.print("WARNING: Checking WRITE access to shares in offensive tools implies creating a folder and trying to delete it.") + self.logger.print("| If you have CREATE_CHILD rights but no DELETE_CHILD rights, the folder cannot be deleted and will remain on the target.") + self.logger.print("| Do you want to continue? [N/y] ", end='') + user_response = input() + self.logger.write_to_logfile(user_response) + while user_response.lower().strip() not in ['y', 'n']: + self.logger.print("| Invalid response, Do you want to continue? [N/y] ", end='') + user_response = input() + self.logger.write_to_logfile(user_response) + if user_response.lower().strip() == 'y': + test_write = True shares = self.sessionsManager.current_session.list_shares() if len(shares.keys()) != 0: @@ -1000,7 +1014,7 @@ def command_shares(self, arguments, command): str_comment = "[bold bright_yellow]" + shares[sharename]["comment"] + "[/bold bright_yellow]" if do_check_rights: - access_rights = self.sessionsManager.current_session.test_rights(sharename=shares[sharename]["name"]) + access_rights = self.sessionsManager.current_session.test_rights(sharename=shares[sharename]["name"], test_write=test_write) str_access_rights = "[bold yellow]NO ACCESS[/bold yellow]" if access_rights["readable"] and access_rights["writable"]: str_access_rights = "[bold green]READ[/bold green], [bold red]WRITE[/bold red]" diff --git a/smbclientng/core/SMBSession.py b/smbclientng/core/SMBSession.py index 23b100a..cd50fb5 100644 --- a/smbclientng/core/SMBSession.py +++ b/smbclientng/core/SMBSession.py @@ -1246,7 +1246,7 @@ def umount(self, local_mount_point): # Other functions - def test_rights(self, sharename): + def test_rights(self, sharename, test_write=False): """ Tests the read and write access rights of the current SMB session. @@ -1263,19 +1263,24 @@ def test_rights(self, sharename): self.set_share(shareName=sharename) access_rights = {"readable": False, "writable": False} + + # READ try: self.smbClient.listPath(self.smb_share, '*', password=None) access_rights["readable"] = True except impacket.smbconnection.SessionError as e: access_rights["readable"] = False - - try: - temp_dir = ntpath.normpath("\\" + ''.join([random.choice("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456759") for k in range(16)])) - self.smbClient.createDirectory(self.smb_share, temp_dir) - self.smbClient.deleteDirectory(self.smb_share, temp_dir) - access_rights["writable"] = True - except impacket.smbconnection.SessionError as e: - access_rights["writable"] = False + + + if test_write: + # WRITE + try: + temp_dir = ntpath.normpath("\\" + ''.join([random.choice("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRSTUVWXYZ0123456759") for k in range(16)])) + self.smbClient.createDirectory(self.smb_share, temp_dir) + self.smbClient.deleteDirectory(self.smb_share, temp_dir) + access_rights["writable"] = True + except impacket.smbconnection.SessionError as e: + access_rights["writable"] = False # Restore the current share self.set_share(shareName=current_share)