Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign uplist_path function -> TypeError: can't concat str to bytes #691
Comments
This comment has been minimized.
This comment has been minimized.
|
Heyhey @mpgn think i know what you are running into over there ;) to: |
This comment has been minimized.
This comment has been minimized.
|
Hello @awsmhacks I'm using the spider in my case. When CME call this function https://github.com/mpgn/CrackMapExec/blob/python3/cme/protocols/smb/smbspider.py#L80 with the following path :
I got this error: (CrackMapExec) root@kali:~/tools/CrackMapExec# cme smb 172.16.60.164 -u Administrator -p P@ssword --spider C\$ --pattern txt
SMB 172.16.60.164 445 DEMO-DC [*] Windows Server 2012 R2 Standard Evaluation 9600 x64 (name:DEMO-DC) (domain:DEMO) (signing:True) (SMBv1:True)
SMB 172.16.60.164 445 DEMO-DC [+] DEMO\Administrator:P@ssword (Pwn3d!)
SMB 172.16.60.164 445 DEMO-DC [*] Started spidering
SMB 172.16.60.164 445 DEMO-DC [*] Spidering .
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$I0F1R6A.txt [lastm:'2019-11-11 23:56' size:544]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$IK3LOJG.txt [lastm:'2019-11-11 23:56' size:544]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$IMRE8B0.txt [lastm:'2019-11-11 23:59' size:544]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$IW82ZWJ.txt [lastm:'2019-11-11 23:56' size:544]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$R0F1R6A.txt [lastm:'2019-11-11 23:56' size:21]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$RK3LOJG.txt [lastm:'2019-11-11 23:56' size:21]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$RMRE8B0.txt [lastm:'2019-11-11 23:59' size:21]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/$Recycle.Bin/S-1-5-21-4019336599-49157453-3884925909-500/$RW82ZWJ.txt [lastm:'2019-11-11 23:56' size:20]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files/Windows NT/TableTextService/TableTextServiceAmharic.txt [lastm:'2019-11-11 21:05' size:13862]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files/Windows NT/TableTextService/TableTextServiceArray.txt [lastm:'2019-11-11 21:05' size:1272944]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files/Windows NT/TableTextService/TableTextServiceDaYi.txt [lastm:'2019-11-11 21:05' size:980224]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files/Windows NT/TableTextService/TableTextServiceTigrinya.txt [lastm:'2019-11-11 21:05' size:13874]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files/Windows NT/TableTextService/TableTextServiceYi.txt [lastm:'2019-11-11 21:05' size:45170]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files (x86)/Windows NT/TableTextService/TableTextServiceAmharic.txt [lastm:'2019-11-11 21:05' size:13862]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files (x86)/Windows NT/TableTextService/TableTextServiceArray.txt [lastm:'2019-11-11 21:05' size:1272944]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files (x86)/Windows NT/TableTextService/TableTextServiceDaYi.txt [lastm:'2019-11-11 21:05' size:980224]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files (x86)/Windows NT/TableTextService/TableTextServiceTigrinya.txt [lastm:'2019-11-11 21:05' size:13874]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Program Files (x86)/Windows NT/TableTextService/TableTextServiceYi.txt [lastm:'2019-11-11 21:05' size:45170]
SMB 172.16.60.164 445 DEMO-DC //172.16.60.164/C$/Users/Administrator/AppData/Local/Microsoft/Internet Explorer/brndlog.txt [lastm:'2019-11-11 21:24' size:6506]
b'Classic_{40419485-c444-4567-851a-2dd7bfa1684d}.settingcontent-ms\x00' <class 'bytes'>
Traceback (most recent call last):
File "src/gevent/greenlet.py", line 766, in gevent._greenlet.Greenlet.run
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb.py", line 110, in __init__
connection.__init__(self, args, db, host)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/connection.py", line 42, in __init__
self.proto_flow()
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/connection.py", line 78, in proto_flow
self.call_cmd_args()
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/connection.py", line 85, in call_cmd_args
getattr(self, k)()
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb.py", line 704, in spider
self.args.content, self.args.only_files)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb/smbspider.py", line 55, in spider
self._spider(folder, depth)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb/smbspider.py", line 93, in _spider
self._spider(subfolder.replace('*', '') + result.get_longname(), depth-1 if depth else None)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb/smbspider.py", line 95, in _spider
self._spider(subfolder.replace('*', '') + result.get_longname(), depth-1 if depth else None)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb/smbspider.py", line 95, in _spider
self._spider(subfolder.replace('*', '') + result.get_longname(), depth-1 if depth else None)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb/smbspider.py", line 95, in _spider
self._spider(subfolder.replace('*', '') + result.get_longname(), depth-1 if depth else None)
[Previous line repeated 6 more times]
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/protocols/smb/smbspider.py", line 80, in _spider
filelist = self.smbconnection.listPath(self.share, subfolder)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/thirdparty/impacket/impacket/smbconnection.py", line 421, in listPath
return self._SMBConnection.list_path(shareName, path, password)
File "/root/.local/share/virtualenvs/CrackMapExec-TyYiRZur/lib/python3.7/site-packages/crackmapexec-4.0.1.dev0-py3.7.egg/cme/thirdparty/impacket/impacket/smb.py", line 3873, in list_path
findNextParameter['FileName'] = resume_filename + '\x00'
TypeError: can't concat str to bytes
2019-11-25T12:41:34Z <Greenlet at 0x7fb5f5fa6048: smb(Namespace(clear_obfscripts=False, content=False, c, <protocol.database object at 0x7fb5fbd30898>, '172.16.60.164')> failed with TypeErrorWhere a print of |
This comment has been minimized.
This comment has been minimized.
|
What target OS is that you're testing against @mpgn ? |
This comment has been minimized.
This comment has been minimized.
|
Windows serveur 2012 R2 64 bits. |
This comment has been minimized.
This comment has been minimized.
|
Wondering why did you end up on that code, that OS version is support to be having |
This comment has been minimized.
This comment has been minimized.
|
When using CME in python2 (so Impacket python2) I didn't get any errors, only when using the Impacket python3 |
This comment has been minimized.
This comment has been minimized.
|
Can you |
This comment has been minimized.
This comment has been minimized.
|
hum... |
This comment has been minimized.
This comment has been minimized.
|
Thanks for checking that our @mpgn . Looks like CME is not using UNICODE support in SMB1, probably for backward compatibility with old NT boxes. I did fix the original issue, ran my tests and didn't look like it's bringing any regression bugs. Please |
This comment has been minimized.
This comment has been minimized.
|
Unfortunately, the error move to another location: Where a print of |
mpgn
added a commit
to mpgn/impacket
that referenced
this issue
Nov 27, 2019
If `data` is already a bytes then we cannot convert it to bytes again. This PR check if the the variable is not already a bytes Should fix issue SecureAuthCorp#691
This comment has been minimized.
This comment has been minimized.
|
Okay @asolino I've made a pull request that should fix the problem (at least spider is working now). Can you review it ? |
This comment has been minimized.
This comment has been minimized.
|
Ran the regression tests and looks good.. merged. thanks @mpgn. Closing this one too. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is an encoding error on the function list_path
From this line: https://github.com/SecureAuthCorp/impacket/blob/master/impacket/smb.py#L3872
I did a print before the assignment line 3873
The folder path contains this type of files from:
Users/Administrator/AppData/Local/Packages/windows.immersivecontrolpanel_cw5n1h2txyewy/LocalState/Indexed/Settings/en-US/*I'm using the master branch