|
312 | 312 | KNOWN_USERNAMES = "administrator,guest,krbtgt,domain admins,root,bin,none" |
313 | 313 | TIMEOUT = 5 |
314 | 314 |
|
315 | | -# GLOBAL_VERBOSE and GLOBAL_COLORS should be the only variables which should be written to |
| 315 | +# GLOBAL_VERBOSE, GLOBAL_COLORS, GLOBAL_SAMBA_LEGACY should be the only variables which should be written to |
316 | 316 | GLOBAL_VERBOSE = False |
317 | 317 | GLOBAL_COLORS = True |
| 318 | +GLOBAL_SAMBA_LEGACY = False |
318 | 319 |
|
319 | 320 | class Colors: |
320 | 321 | ansi_reset = '\033[0m' |
@@ -496,10 +497,8 @@ def __init__(self, command, target, creds): |
496 | 497 | self.env = os.environ.copy() |
497 | 498 | self.env['KRB5CCNAME'] = self.creds.ticket_file |
498 | 499 | # User and domain are taken from the ticket |
499 | | - # Kerberos options differ between samba versions |
500 | | - samba_version = re.match(r".*(\d+\.\d+\.\d+).*", check_output(["smbclient", "--version"]).decode()).group(1) |
501 | | - samba_version = tuple(int(x) for x in samba_version.split('.')) |
502 | | - if samba_version < (4, 15, 0): |
| 500 | + # Kerberos options differ between samba versions - TODO: Can be removed in the future |
| 501 | + if GLOBAL_SAMBA_LEGACY: |
503 | 502 | self.exec += ['-k'] |
504 | 503 | else: |
505 | 504 | self.exec += ['--use-krb5-ccache', self.creds.ticket_file] |
@@ -3171,6 +3170,7 @@ def check_arguments(): |
3171 | 3170 | ''' |
3172 | 3171 |
|
3173 | 3172 | global GLOBAL_VERBOSE |
| 3173 | + global GLOBAL_SAMBA_LEGACY |
3174 | 3174 |
|
3175 | 3175 | parser = ArgumentParser(description="""This tool is a rewrite of Mark Lowe's enum4linux.pl, a tool for enumerating information from Windows and Samba systems. |
3176 | 3176 | It is mainly a wrapper around the Samba tools nmblookup, net, rpcclient and smbclient. Other than the original tool it allows to export enumeration results |
@@ -3261,17 +3261,18 @@ def check_arguments(): |
3261 | 3261 | raise RuntimeError("Timeout must be a valid integer in the range 1-600") |
3262 | 3262 | args.timeout = int(args.timeout) |
3263 | 3263 |
|
| 3264 | + # Perform Samba version checks - TODO: Can be removed in the future |
| 3265 | + samba_version = re.match(r".*(\d+\.\d+\.\d+).*", check_output(["smbclient", "--version"]).decode()).group(1) |
| 3266 | + samba_version = tuple(int(x) for x in samba_version.split('.')) |
| 3267 | + if samba_version < (4, 15, 0): |
| 3268 | + GLOBAL_SAMBA_LEGACY = True |
| 3269 | + |
3264 | 3270 | # While smbclient and rpcclient support '--pw-nt-hash' the net command does not before Samba 4.15. |
3265 | 3271 | # In Samba 4.15 the commandline parser of the various tools were unified so that '--pw-nt-hash' works |
3266 | 3272 | # for this and later versions. An option would be to run the tool in a docker container like a recent |
3267 | 3273 | # Alpine Linux version. |
3268 | | - if args.nthash and (args.Gm or args.C): |
3269 | | - try: |
3270 | | - output = check_output(['net','help'], shell=False, stderr=STDOUT) |
3271 | | - except Exception as e: |
3272 | | - output = str(e.output) |
3273 | | - if '--pw-nt-hash' not in output: |
3274 | | - raise RuntimeError("The -C and -Gm argument require Samba 4.15 or higher when used in combination with -H") |
| 3274 | + if GLOBAL_SAMBA_LEGACY and args.nthash and (args.Gm or args.C): |
| 3275 | + raise RuntimeError("The -C and -Gm argument require Samba 4.15 or higher when used in combination with -H") |
3275 | 3276 |
|
3276 | 3277 | return args |
3277 | 3278 |
|
|
0 commit comments