scapy.layers.smbclient

SMB 1 / 2 Client Automaton

Note

You will find more complete documentation for this layer over at SMB

class scapy.layers.smbclient.SMB_Client(self, debug: int = 0, store: int = 0, **kargs: Any)[source]

Bases: Automaton

SMB client automaton

Parameters:
  • sock – the SMBStreamSocket to use

  • ssp – the SSP to use

All other options (in caps) are optional, and SMB specific:

Parameters:
  • REQUIRE_SIGNATURE – set ‘Require Signature’

  • MIN_DIALECT – minimum SMB dialect. Defaults to 0x0202 (2.0.2)

  • MAX_DIALECT – maximum SMB dialect. Defaults to 0x0311 (3.1.1)

  • DIALECTS – list of supported SMB2 dialects. Constructed from MIN_DIALECT, MAX_DIALECT otherwise.

AUTHENTICATED(*args: ATMT, **kargs: Any) NewStateRequested[source]
AUTH_FAILED(*args: ATMT, **kargs: Any) NewStateRequested[source]
BEGIN(*args: ATMT, **kargs: Any) NewStateRequested[source]
NEGOTIATED(*args: ATMT, **kargs: Any) NewStateRequested[source]
SENT_NEGOTIATE(*args: ATMT, **kargs: Any) NewStateRequested[source]
SENT_SETUP_ANDX_REQUEST(*args: ATMT, **kargs: Any) NewStateRequested[source]
SMB2_NEGOTIATE(*args: ATMT, **kargs: Any) NewStateRequested[source]
SOCKET_BIND(*args: ATMT, **kargs: Any) NewStateRequested[source]
SOCKET_MODE_SMB(*args: ATMT, **kargs: Any) NewStateRequested[source]
actions: Dict[str, List[_StateWrapper]] = {'authenticated_post_actions': [], 'continue_smb2': [], 'incoming_data_received_smb': [<function SMB_Client.receive_data_smb>], 'outgoing_data_received_smb': [<function SMB_Client.send_data>], 'receive_negotiate_response': [], 'receive_setup_andx_response': [], 'send_negotiate': [<function SMB_Client.on_negotiate>], 'send_negotiate_smb2': [<function SMB_Client.on_negotiate_smb2>], 'should_send_setup_andx_request': [<function SMB_Client.send_setup_andx_request>], 'start_smb_socket': []}
authenticated_post_actions()[source]
breakpoints: Set[_StateWrapper]
cls[source]

alias of DirectTCP

conditions: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [<function SMB_Client.authenticated_post_actions>], 'AUTH_FAILED': [], 'BEGIN': [<function SMB_Client.continue_smb2>, <function SMB_Client.send_negotiate>], 'NEGOTIATED': [<function SMB_Client.should_send_setup_andx_request>], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [<function SMB_Client.send_negotiate_smb2>], 'SOCKET_BIND': [<function SMB_Client.start_smb_socket>], 'SOCKET_MODE_SMB': []}
continue_smb2()[source]
eofs: Dict[str, _StateWrapper] = {}
classmethod from_tcpsock(sock, **kwargs)[source]
incoming_data_received_smb(pkt)[source]
initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
intercepted_packet: None | Packet
interception_points: Set[_StateWrapper]
ioevents: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': [<function SMB_Client.outgoing_data_received_smb>]}
ionames: List[str] = ['smbpipe']
iosupersockets: List[SuperSocket] = [<function SMB_Client.outgoing_data_received_smb>]
listen_sock: SuperSocket | None
on_negotiate()[source]
on_negotiate_smb2()[source]
outgoing_data_received_smb(fd)[source]
packets: PacketList
port = 445
receive_data_smb(pkt)[source]
receive_negotiate_response(pkt)[source]
receive_setup_andx_response(pkt)[source]
recv_conditions: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [<function SMB_Client.receive_negotiate_response>], 'SENT_SETUP_ANDX_REQUEST': [<function SMB_Client.receive_setup_andx_response>], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': [<function SMB_Client.incoming_data_received_smb>]}
send(pkt)[source]
send_data(d)[source]
send_negotiate()[source]
send_negotiate_smb2()[source]
send_setup_andx_request(ssp_tuple)[source]
send_sock: SuperSocket | None
property session
should_send_setup_andx_request(ssp_tuple)[source]
start_smb_socket()[source]
states: Dict[str, _StateWrapper] = {'AUTHENTICATED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'AUTH_FAILED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'NEGOTIATED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_NEGOTIATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_SETUP_ANDX_REQUEST': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SMB2_NEGOTIATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_BIND': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_MODE_SMB': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
stop_state: _StateWrapper | None = None
threadid: int | None
timeout: Dict[str, _TimerList] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': []}
update_smbheader(pkt)[source]

Called when receiving a SMB2 packet to update the current smb_header

class scapy.layers.smbclient.SMB_RPC_SOCKET(smbsock, use_ioctl=True, timeout=3)[source]

Bases: ObjectPipe, SMB_SOCKET

Extends SMB_SOCKET (which is a wrapper over SMB_Client.smblink) to send DCE/RPC messages (bind, reqs, etc.)

This is usable as a normal SuperSocket (sr1, etc.) and performs the wrapping of the DCE/RPC messages into SMB2_Write/Read packets.

close()[source]
close_pipe()[source]
open_pipe(name)[source]
send(x)[source]

Internal ObjectPipe function.

class scapy.layers.smbclient.SMB_SOCKET(smbsock, use_ioctl=True, timeout=3)[source]

Bases: SuperSocket

Mid-level wrapper over SMB_Client.smblink that provides some basic SMB client functions, such as tree connect, directory query, etc.

changenotify(FileId)[source]

Register change notify

close_request(FileId)[source]

Close the FileId

create_request(name, mode='r', type='pipe', extra_create_options=[], extra_desired_access=[])[source]

Open a file/pipe by its name

Parameters:

name – the name of the file or named pipe. e.g. ‘srvsvc’

classmethod from_tcpsock(sock, **kwargs)[source]

Wraps the tcp socket in a SMB_Client.smblink first, then into the SMB_SOCKET/SMB_RPC_SOCKET

get_TID()[source]

Get the current TID from the underlying socket

query_directory(FileId, FileName='*')[source]

Query the Directory with FileId

query_info(FileId, InfoType, FileInfoClass, AdditionalInformation=0)[source]

Query the Info

read_request(FileId, Length, Offset=0)[source]

Read request

property session
set_TID(TID)[source]

Set the TID (Tree ID). This can be called before sending a packet

tree_connect(name)[source]

Send a TreeConnect request

tree_disconnect()[source]

Send a TreeDisconnect request

write_request(Data, FileId, Offset=0)[source]

Write request

class scapy.layers.smbclient.smbclient(target: str, UPN: str = None, password: str = None, guest: bool = False, kerberos: bool = True, kerberos_required: bool = False, HashNt: str = None, port: int = 445, timeout: int = 2, debug: int = 0, ssp=None, ST=None, KEY=None, cli=True, **kwargs)[source]

Bases: CLIUtil

A simple smbclient CLI

Parameters:
  • target – can be a hostname, the IPv4 or the IPv6 to connect to

  • UPN – the upn to use (DOMAIN/USER, DOMAINUSER, USER@DOMAIN or USER)

  • guest – use guest mode (over NTLM)

  • ssp – if provided, use this SSP for auth.

  • kerberos – if available, whether to use Kerberos or not

  • kerberos_required – require kerberos

  • port – the TCP port. default 445

  • password – (string) if provided, used for auth

  • HashNt – (bytes) if provided, used for auth (NTLM)

  • ST – if provided, the service ticket to use (Kerberos)

  • KEY – if provided, the session key associated to the ticket (Kerberos)

  • cli – CLI mode (default True). False to use for scripting

backup()[source]

Turn on or off backup intent

cat(file)[source]

Print a file

cat_complete(file)[source]

Auto-complete cat

cat_output(result)[source]

Print the output of ‘cat’

cd(folder)[source]

Change the remote current directory

cd_complete(folder)[source]

Auto-complete cd

cd_output(result)[source]

Print the output of ‘cd’

close()[source]
collapse_path(path)[source]
get(file, _dest=None, _verb=True, *, r=False)[source]

Retrieve a file -r: recursively download a directory

get_complete(file)[source]

Auto-complete get

get_output(info)[source]

Print the output of ‘get’

lcd(folder)[source]

Change the local current directory

lcd_complete(folder)[source]

Auto-complete lcd

lcd_output(result)[source]

Print the output of ‘lcd’

lls()[source]

List the files in the local directory

lls_output(results)[source]

Print the output of ‘lls’

ls(parent=None)[source]

List the files in the remote directory -t: sort by timestamp -S: sort by size -r: reverse while sorting

ls_complete(folder)[source]

Auto-complete ls

ls_output(results, *, t=False, S=False, r=False)[source]

Print the output of ‘ls’

normalize_path(path)[source]

Normalize path for CIFS usage

ps1()[source]
put(file)[source]

Upload a file

put_complete(folder)[source]

Auto-complete put

rm(file)[source]

Delete a file

rm_complete(file)[source]

Auto-complete rm

shares()[source]

List the shares available

shares_output(results)[source]

Print the output of ‘shares’

use(share)[source]

Open a share

use_complete(share)[source]

Auto-complete ‘use’