scapy.layers.smbclient
SMB 1 / 2 Client Automaton
Note
You will find more complete documentation for this layer over at SMB
- class scapy.layers.smbclient.SMB_Client(self, debug: int = 0, store: int = 0, **kargs: Any)[source]
Bases:
Automaton
SMB client automaton
- Parameters:
sock – the SMBStreamSocket to use
ssp – the SSP to use
All other options (in caps) are optional, and SMB specific:
- Parameters:
REQUIRE_SIGNATURE – set ‘Require Signature’
MIN_DIALECT – minimum SMB dialect. Defaults to 0x0202 (2.0.2)
MAX_DIALECT – maximum SMB dialect. Defaults to 0x0311 (3.1.1)
DIALECTS – list of supported SMB2 dialects. Constructed from MIN_DIALECT, MAX_DIALECT otherwise.
- AUTHENTICATED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- AUTH_FAILED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- BEGIN(*args: ATMT, **kargs: Any) NewStateRequested [source]
- NEGOTIATED(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SENT_NEGOTIATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SENT_SETUP_ANDX_REQUEST(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SMB2_NEGOTIATE(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SOCKET_BIND(*args: ATMT, **kargs: Any) NewStateRequested [source]
- SOCKET_MODE_SMB(*args: ATMT, **kargs: Any) NewStateRequested [source]
- actions: Dict[str, List[_StateWrapper]] = {'authenticated_post_actions': [], 'continue_smb2': [], 'incoming_data_received_smb': [<function SMB_Client.receive_data_smb>], 'outgoing_data_received_smb': [<function SMB_Client.send_data>], 'receive_negotiate_response': [], 'receive_setup_andx_response': [], 'send_negotiate': [<function SMB_Client.on_negotiate>], 'send_negotiate_smb2': [<function SMB_Client.on_negotiate_smb2>], 'should_send_setup_andx_request': [<function SMB_Client.send_setup_andx_request>], 'start_smb_socket': []}
- breakpoints: Set[_StateWrapper]
- conditions: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [<function SMB_Client.authenticated_post_actions>], 'AUTH_FAILED': [], 'BEGIN': [<function SMB_Client.continue_smb2>, <function SMB_Client.send_negotiate>], 'NEGOTIATED': [<function SMB_Client.should_send_setup_andx_request>], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [<function SMB_Client.send_negotiate_smb2>], 'SOCKET_BIND': [<function SMB_Client.start_smb_socket>], 'SOCKET_MODE_SMB': []}
- eofs: Dict[str, _StateWrapper] = {}
- initial_states: List[_StateWrapper] = [<function ATMT.state.<locals>.deco.<locals>._state_wrapper>]
- interception_points: Set[_StateWrapper]
- ioevents: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': [<function SMB_Client.outgoing_data_received_smb>]}
- ionames: List[str] = ['smbpipe']
- iosupersockets: List[SuperSocket] = [<function SMB_Client.outgoing_data_received_smb>]
- listen_sock: SuperSocket | None
- packets: PacketList
- port = 445
- recv_conditions: Dict[str, List[_StateWrapper]] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [<function SMB_Client.receive_negotiate_response>], 'SENT_SETUP_ANDX_REQUEST': [<function SMB_Client.receive_setup_andx_response>], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': [<function SMB_Client.incoming_data_received_smb>]}
- send_sock: SuperSocket | None
- property session
- smblink = <scapy.automaton._ATMT_to_supersocket object>
- states: Dict[str, _StateWrapper] = {'AUTHENTICATED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'AUTH_FAILED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'BEGIN': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'NEGOTIATED': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_NEGOTIATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SENT_SETUP_ANDX_REQUEST': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SMB2_NEGOTIATE': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_BIND': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>, 'SOCKET_MODE_SMB': <function ATMT.state.<locals>.deco.<locals>._state_wrapper>}
- stop_state: _StateWrapper | None = None
- threadid: int | None
- timeout: Dict[str, _TimerList] = {'AUTHENTICATED': [], 'AUTH_FAILED': [], 'BEGIN': [], 'NEGOTIATED': [], 'SENT_NEGOTIATE': [], 'SENT_SETUP_ANDX_REQUEST': [], 'SMB2_NEGOTIATE': [], 'SOCKET_BIND': [], 'SOCKET_MODE_SMB': []}
- class scapy.layers.smbclient.SMB_RPC_SOCKET(smbsock, use_ioctl=True, timeout=3)[source]
Bases:
ObjectPipe
,SMB_SOCKET
Extends SMB_SOCKET (which is a wrapper over SMB_Client.smblink) to send DCE/RPC messages (bind, reqs, etc.)
This is usable as a normal SuperSocket (sr1, etc.) and performs the wrapping of the DCE/RPC messages into SMB2_Write/Read packets.
- class scapy.layers.smbclient.SMB_SOCKET(smbsock, use_ioctl=True, timeout=3)[source]
Bases:
SuperSocket
Mid-level wrapper over SMB_Client.smblink that provides some basic SMB client functions, such as tree connect, directory query, etc.
- create_request(name, mode='r', type='pipe', extra_create_options=[], extra_desired_access=[])[source]
Open a file/pipe by its name
- Parameters:
name – the name of the file or named pipe. e.g. ‘srvsvc’
- classmethod from_tcpsock(sock, **kwargs)[source]
Wraps the tcp socket in a SMB_Client.smblink first, then into the SMB_SOCKET/SMB_RPC_SOCKET
- property session
- class scapy.layers.smbclient.smbclient(target: str, UPN: str = None, password: str = None, guest: bool = False, kerberos: bool = True, kerberos_required: bool = False, HashNt: str = None, port: int = 445, timeout: int = 2, debug: int = 0, ssp=None, ST=None, KEY=None, cli=True, **kwargs)[source]
Bases:
CLIUtil
A simple smbclient CLI
- Parameters:
target – can be a hostname, the IPv4 or the IPv6 to connect to
UPN – the upn to use (DOMAIN/USER, DOMAINUSER, USER@DOMAIN or USER)
guest – use guest mode (over NTLM)
ssp – if provided, use this SSP for auth.
kerberos – if available, whether to use Kerberos or not
kerberos_required – require kerberos
port – the TCP port. default 445
password – (string) if provided, used for auth
HashNt – (bytes) if provided, used for auth (NTLM)
ST – if provided, the service ticket to use (Kerberos)
KEY – if provided, the session key associated to the ticket (Kerberos)
cli – CLI mode (default True). False to use for scripting
- get(file, _dest=None, _verb=True, *, r=False)[source]
Retrieve a file -r: recursively download a directory
- ls(parent=None)[source]
List the files in the remote directory -t: sort by timestamp -S: sort by size -r: reverse while sorting
List the shares available
Print the output of ‘shares’