Merge branch 'master' into apsw-with-sqlalchemy

Signed-off-by: Achintya Jai <[email protected]>

Author: pUrGe12

nettacker/core/lib/smb.py

@@ -0,0 +1,49 @@
+from impacket.smbconnection import SMBConnection
+
+from nettacker.core.lib.base import BaseEngine, BaseLibrary
+
+
+def create_connection(host, port):
+    return SMBConnection(host, remoteHost=host, sess_port=port)
+
+
+class SmbLibrary(BaseLibrary):
+    def brute_force(self, *args, **kwargs):
+        host = kwargs["host"]
+        port = kwargs["port"]
+        username = kwargs["username"]
+
+        response = {
+            "host": host,
+            "port": port,
+            "username": username,
+        }
+
+        domain = "."
+        if "domain" in kwargs:
+            domain = kwargs["domain"]
+            response.update({"domain": domain})
+
+        password = ""
+        if "password" in kwargs:
+            password = kwargs["password"]
+            response.update({"password": password})
+
+        lm = ""
+        if "lm" in kwargs:
+            lm = kwargs["lm"]
+            response.update({"lm": lm})
+
+        nt = ""
+        if "nt" in kwargs:
+            nt = kwargs["nt"]
+            response.update({"nt": nt})
+
+        connection = create_connection(host, port)
+        connection.login(username, password, domain, lm, nt)
+
+        return response
+
+
+class SmbEngine(BaseEngine):
+    library = SmbLibrary

nettacker/modules/brute/smb.yaml

@@ -0,0 +1,41 @@
+info:
+  name: smb_brute
+  author: OWASP Nettacker Team
+  severity: 3
+  description: SMB Bruteforcer
+  reference:
+  profiles:
+    - brute
+    - brute_force
+    - smb
+
+payloads:
+  - library: smb
+    steps:
+      - method: brute_force
+        timeout: 3
+        host: '{target}'
+        ports:
+          - 445
+        usernames:
+          - administrator
+          - admin
+          - root
+          - user
+          - test
+          - guest
+        passwords:
+          nettacker_fuzzer:
+            input_format: '{{passwords}}'
+            prefix:
+            suffix:
+            interceptors:
+            data:
+              passwords:
+                read_from_file: passwords/top_1000_common_passwords.txt
+        response:
+          condition_type: or
+          conditions:
+            successful_login:
+              regex: ''
+              reverse: false

poetry.lock

@@ -65,6 +65,7 @@ zipp = "^3.19.1"
 uvloop = "^0.21.0"
 pymysql = "^1.1.1"
 apsw = "^3.50.0.0"
+impacket = "^0.11.0"
 
 [tool.poetry.group.dev.dependencies]
 ipython = "^8.16.1"

pyproject.toml

@@ -0,0 +1,44 @@
+from unittest.mock import patch
+
+from nettacker.core.lib.smb import SmbLibrary
+from tests.common import TestCase
+
+SMB_SESSION_PORT = 445
+
+
+class MockSmbConnectionObject:
+    def __init__(self, remoteName="", remoteHost="", sess_port=SMB_SESSION_PORT):
+        self._sess_port = sess_port
+        self._remoteHost = remoteHost
+        self._remoteName = remoteName
+
+    def login(self, user, password, domain="", lmhash="", nthash=""):
+        return None
+
+
+class TestSmbMethod(TestCase):
+    @patch("nettacker.core.lib.smb.create_connection")
+    def test_brute_force_password(self, mock_smb_connection):
+        library = SmbLibrary()
+        HOST = "dc-01"
+        PORT = 445
+        USERNAME = "Administrator"
+        PASSWORD = "Password@123"
+
+        mock_smb_connection.return_value = MockSmbConnectionObject(
+            HOST, remoteHost=HOST, sess_port=PORT
+        )
+        self.assertEqual(
+            library.brute_force(
+                host=HOST,
+                port=PORT,
+                username=USERNAME,
+                password=PASSWORD,
+            ),
+            {
+                "host": HOST,
+                "port": PORT,
+                "username": USERNAME,
+                "password": PASSWORD,
+            },
+        )