scapy.layers.smbclient

SMB 1 / 2 Client Automaton

Note

You will find more complete documentation for this layer over at SMB

class scapy.layers.smbclient.SMB_Client(self, debug: int = 0, store: int = 0, **kargs: Any)[source]

Bases: Automaton

SMB client automaton

Parameters:

sock – the SMBStreamSocket to use
ssp – the SSP to use

All other options (in caps) are optional, and SMB specific:

Parameters:

REQUIRE_SIGNATURE – set ‘Require Signature’
MIN_DIALECT – minimum SMB dialect. Defaults to 0x0202 (2.0.2)
MAX_DIALECT – maximum SMB dialect. Defaults to 0x0210 (2.1.0)
DIALECTS – list of supported SMB2 dialects. Constructed from MIN_DIALECT, MAX_DIALECT otherwise.

AUTHENTICATED(*args: ATMT, **kargs: Any) → NewStateRequested[source]

AUTH_FAILED(*args: ATMT, **kargs: Any) → NewStateRequested[source]

BEGIN(*args: ATMT, **kargs: Any) → NewStateRequested[source]

NEGOTIATED(*args: ATMT, **kargs: Any) → NewStateRequested[source]

SENT_NEGOTIATE(*args: ATMT, **kargs: Any) → NewStateRequested[source]

SENT_SETUP_ANDX_REQUEST(*args: ATMT, **kargs: Any) → NewStateRequested[source]

SMB2_NEGOTIATE(*args: ATMT, **kargs: Any) → NewStateRequested[source]

SOCKET_BIND(*args: ATMT, **kargs: Any) → NewStateRequested[source]

SOCKET_MODE_SMB(*args: ATMT, **kargs: Any) → NewStateRequested[source]

actions: Dict[str, List[_StateWrapper]] = {'authenticated_post_actions': [], 'continue_smb2': [], 'incoming_data_received_smb': [<function SMB_Client.receive_data_smb>], 'outgoing_data_received_smb': [<function SMB_Client.send_data>], 'receive_negotiate_response': [], 'receive_setup_andx_response': [], 'send_negotiate': [<function SMB_Client.on_negotiate>], 'send_negotiate_smb2': [<function SMB_Client.on_negotiate_smb2>], 'should_send_setup_andx_request': [<function SMB_Client.send_setup_andx_request>], 'start_smb_socket': []}

authenticated_post_actions()[source]

breakpoints: Set[_StateWrapper]

cls[source]: alias of DirectTCP

conditions: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [<function SMB_Client.authenticated_post_actions>], 'AUTH_FAILED': [], 'BEGIN': [<function SMB_Client.continue_smb2>, <function SMB_Client.send_negotiate>], 'NEGOTIATED': [<function SMB_Client.should_send_setup_andx_request>], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [<function SMB_Client.send_negotiate_smb2>], 'SOCKET_BIND': [<function SMB_Client.start_smb_socket>], 'SOCKET_MODE_SMB': []}

continue_smb2()[source]

eofs: Dict[str, _StateWrapper] = {}

classmethod from_tcpsock(sock, **kwargs)[source]

incoming_data_received_smb(pkt)[source]

initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]

intercepted_packet: None | Packet

interception_points: Set[_StateWrapper]

ioevents: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': [<function SMB_Client.outgoing_data_received_smb>]}

ionames: List[str] = ['smbpipe']

iosupersockets: List[SuperSocket] = [<function SMB_Client.outgoing_data_received_smb>]

listen_sock: SuperSocket | None

on_negotiate()[source]

on_negotiate_smb2()[source]

outgoing_data_received_smb(fd)[source]

packets: PacketList

port = 445

receive_data_smb(pkt)[source]

receive_negotiate_response(pkt)[source]

receive_setup_andx_response(pkt)[source]

recv_conditions: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [<function SMB_Client.receive_negotiate_response>], 'SENT_SETUP_ANDX_REQUEST': [<function SMB_Client.receive_setup_andx_response>], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': [<function SMB_Client.incoming_data_received_smb>]}

send(pkt)[source]

send_data(d)[source]

send_negotiate()[source]

send_negotiate_smb2()[source]

send_setup_andx_request(ssp_tuple)[source]

send_sock: SuperSocket | None

property session

should_send_setup_andx_request(ssp_tuple)[source]

smblink = <scapy.automaton._ATMT_to_supersocket object>

start_smb_socket()[source]

states: Dict[str, _StateWrapper] = {'AUTHENTICATED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'AUTH_FAILED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'NEGOTIATED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_NEGOTIATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_SETUP_ANDX_REQUEST': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SMB2_NEGOTIATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_BIND': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_MODE_SMB': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}

stop_state: _StateWrapper | None = None

threadid: int | None

timeout: Dict[str, _TimerList] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': []}

update_smbheader(pkt)[source]: Called when receiving a SMB2 packet to update the current smb_header

class scapy.layers.smbclient.SMB_RPC_SOCKET(smbsock, use_ioctl=True, timeout=3)[source]

Bases: ObjectPipe, SMB_SOCKET

Extends SMB_SOCKET (which is a wrapper over SMB_Client.smblink) to send DCE/RPC messages (bind, reqs, etc.)

This is usable as a normal SuperSocket (sr1, etc.) and performs the wrapping of the DCE/RPC messages into SMB2_Write/Read packets.

close()[source]

close_pipe()[source]

open_pipe(name)[source]

send(x)[source]: Internal ObjectPipe function.

class scapy.layers.smbclient.SMB_SOCKET(smbsock, use_ioctl=True, timeout=3)[source]

Bases: SuperSocket

Mid-level wrapper over SMB_Client.smblink that provides some basic SMB client functions, such as tree connect, directory query, etc.

changenotify(FileId)[source]: Register change notify

close_request(FileId)[source]: Close the FileId

create_request(name, mode='r', type='pipe', extra_create_options=[], extra_desired_access=[])[source]

Open a file/pipe by its name

Parameters:: name – the name of the file or named pipe. e.g. ‘srvsvc’

classmethod from_tcpsock(sock, **kwargs)[source]: Wraps the tcp socket in a SMB_Client.smblink first, then into the SMB_SOCKET/SMB_RPC_SOCKET

get_TID()[source]: Get the current TID from the underlying socket

query_directory(FileId, FileName='*')[source]: Query the Directory with FileId

query_info(FileId, InfoType, FileInfoClass, AdditionalInformation=0)[source]: Query the Info

read_request(FileId, Length, Offset=0)[source]: Read request

set_TID(TID)[source]: Set the TID (Tree ID). This can be called before sending a packet

tree_connect(name)[source]: Send a TreeConnect request

tree_disconnect()[source]: Send a TreeDisconnect request

write_request(Data, FileId, Offset=0)[source]: Write request

class scapy.layers.smbclient.smbclient(target: str, UPN: str = None, password: str = None, guest: bool = False, kerberos: bool = True, kerberos_required: bool = False, HashNt: str = None, port: int = 445, timeout: int = 2, debug: int = 0, ssp=None, ST=None, KEY=None, cli=True, **kwargs)[source]

Bases: CLIUtil

A simple smbclient CLI

Parameters:

target – can be a hostname, the IPv4 or the IPv6 to connect to
UPN – the upn to use (DOMAIN/USER, DOMAINUSER, USER@DOMAIN or USER)
guest – use guest mode (over NTLM)
ssp – if provided, use this SSP for auth.
kerberos – if available, whether to use Kerberos or not
kerberos_required – require kerberos
port – the TCP port. default 445
password – (string) if provided, used for auth
HashNt – (bytes) if provided, used for auth (NTLM)
ST – if provided, the service ticket to use (Kerberos)
KEY – if provided, the session key associated to the ticket (Kerberos)
cli – CLI mode (default True). False to use for scripting

backup()[source]: Turn on or off backup intent

cat(file)[source]: Print a file

cat_complete(file)[source]: Auto-complete cat

cat_output(result)[source]: Print the output of ‘cat’

cd(folder)[source]: Change the remote current directory

cd_complete(folder)[source]: Auto-complete cd

cd_output(result)[source]: Print the output of ‘cd’

close()[source]

collapse_path(path)[source]

get(file, _dest=None, _verb=True, *, r=False)[source]: Retrieve a file -r: recursively download a directory

get_complete(file)[source]: Auto-complete get

get_output(info)[source]: Print the output of ‘get’

lcd(folder)[source]: Change the local current directory

lcd_complete(folder)[source]: Auto-complete lcd

lcd_output(result)[source]: Print the output of ‘lcd’

lls()[source]: List the files in the local directory

lls_output(results)[source]: Print the output of ‘lls’

ls(parent=None)[source]: List the files in the remote directory -t: sort by timestamp -S: sort by size -r: reverse while sorting

ls_complete(folder)[source]: Auto-complete ls

ls_output(results, *, t=False, S=False, r=False)[source]: Print the output of ‘ls’

normalize_path(path)[source]: Normalize path for CIFS usage

ps1()[source]

put(file)[source]: Upload a file

put_complete(folder)[source]: Auto-complete put

rm(file)[source]: Delete a file

rm_complete(file)[source]: Auto-complete rm

shares()[source]: List the shares available

shares_output(results)[source]: Print the output of ‘shares’

use(share)[source]: Open a share