Skip to content

Commit

Permalink
Merge pull request #96 from p0dalirius/fixed-pass-the-hash
Browse files Browse the repository at this point in the history 
[bugfix] Pass the Hash, Fixed #95
  • Loading branch information
@p0dalirius
p0dalirius authored Aug 7, 2024
2 parents b6a9dd4 + 2d6b5b3 commit cc0a740
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 17 deletions.
4 changes: 2 additions & 2 deletions smbclientng/core/Credentials.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,10 +66,10 @@ def set_hashes(self, hashes):

lmhash, nthash = None, None
if hashes is not None:
matched = re.search("([0-9a-f]{32})(:)?([0-9a-f]{32})?", hashes.lower(), re.IGNORECASE)
matched = re.search("([0-9a-f]{32})?:([0-9a-f]{32})?", hashes.lower(), re.IGNORECASE)
if matched is not None:
lmhash = matched.groups()[0]
nthash = matched.groups()[2]
nthash = matched.groups()[1]
if lmhash is None:
lmhash = "aad3b435b51404eeaad3b435b51404ee"
if nthash is None:
Expand Down
52 changes: 37 additions & 15 deletions smbclientng/core/SMBSession.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,21 +155,43 @@ def init_smb_session(self):
self.connected = False

else:
self.logger.debug("[>] Authenticating as '%s\\%s' with NTLM ... " % (self.credentials.domain, self.credentials.username))

try:
self.connected = self.smbClient.login(
user=self.credentials.username,
password=self.credentials.password,
domain=self.credentials.domain,
lmhash=self.credentials.lm_hex,
nthash=self.credentials.nt_hex
)
except impacket.smbconnection.SessionError as err:
if self.config.debug:
traceback.print_exc()
self.logger.error("Could not login: %s" % err)
self.connected = False
if len(self.credentials.lm_hex) != 0 and len(self.credentials.nt_hex) != 0:
self.logger.debug("[>] Authenticating as '%s\\%s' with NTLM with pass the hash ... " % (self.credentials.domain, self.credentials.username))
try:
self.logger.debug(" | user = %s" % self.credentials.username)
self.logger.debug(" | password = %s" % self.credentials.password)
self.logger.debug(" | domain = %s" % self.credentials.domain)
self.logger.debug(" | lmhash = %s" % self.credentials.lm_hex)
self.logger.debug(" | nthash = %s" % self.credentials.nt_hex)

self.connected = self.smbClient.login(
user=self.credentials.username,
password=self.credentials.password,
domain=self.credentials.domain,
lmhash=self.credentials.lm_hex,
nthash=self.credentials.nt_hex
)
except impacket.smbconnection.SessionError as err:
if self.config.debug:
traceback.print_exc()
self.logger.error("Could not login: %s" % err)
self.connected = False

else:
self.logger.debug("[>] Authenticating as '%s\\%s' with NTLM with password ... " % (self.credentials.domain, self.credentials.username))
try:
self.connected = self.smbClient.login(
user=self.credentials.username,
password=self.credentials.password,
domain=self.credentials.domain,
lmhash=self.credentials.lm_hex,
nthash=self.credentials.nt_hex
)
except impacket.smbconnection.SessionError as err:
if self.config.debug:
traceback.print_exc()
self.logger.error("Could not login: %s" % err)
self.connected = False

if self.connected:
self.logger.print("[+] Successfully authenticated to '%s' as '%s\\%s'!" % (self.host, self.credentials.domain, self.credentials.username))
Expand Down

0 comments on commit cc0a740

Please sign in to comment.