-
Notifications
You must be signed in to change notification settings - Fork 0
/
notes
69 lines (53 loc) · 2.26 KB
/
notes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
Home CANT JOIN DOMAIN or USE GPE
Pro/Enterprise/Education CAN JOIN DOMAIN or USE GPE
gpedit.msc (Local) Group Policy Editor Global
secpol.msc Local Security Policy (Editor) Local - brother of GPE
---------------------------------
# GUEST
#### Enable file and printer sharing
Control Panel\Network and Internet\Network and Sharing Center\Advanced sharing settings
Network discovery: disable->enable (enables port discovery)
File and printer sharing: disable->enable (enables pinging)
#### Enable Guest account
LSP -> Security Settings -> Local Policy -> Security Options -> Accounts: Guest account status | Disabled -> Enabled
#### Remove Guest from 'deny access from - policy'
LSP -> Security Settings -> Local Policy -> User Right Assignment -> Deny access to this computer from the network | Remove Guest
#### SAMR ENUMERATION
LSP -> Security Settings -> Local Policy -> Security Options -> Network access: Do not allow anonymous enumeration of SAM accounts | Enabled -> Disabled
# SHARE
Create folder and share it
---------------------------------
# shares
tree_id = conn.connectTree("IPC$")
conn.openFile(tree_id, "srvsvc")
shares = conn.listShares()
def list_shares(shares):
for share in range(len(shares)):
print(" --",shares[share]['shi1_netname'][:-1])
# read C$
conn.listPath("C$", "\*")
# transport.SMBTransport -> SMBConnection.connection
conn = SMBTransport(TARGET, filename="lsarpc", username=username, password=password)
dce = conn.get_dce_rpc()
dce.connect()
conn = conn.get_smb_connection()
# SMBConnection.connection -> transport.SMBTransport
conn = SMBConnection(TARGET, TARGET)
conn.login(username, password)
conn = SMBTransport(TARGET, filename="samr", smb_connection=conn)
dce = conn.get_dce_rpc()
# is the same
conn = SMBTransport(TARGET, filename="samr", username=username, password=password)
dce = conn.get_dce_rpc()
dce.connect()
conn = SMBConnection(TARGET, TARGET)
conn.login(username, password)
tree_id = conn.connectTree("IPC$")
file_id = conn.openFile(tree_id, "samr")
# guest
resp = hLsarOpenPolicy2(dce, POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
hLsarLookupNames2(dce, policyHandle, (username,))
# SMB signing
is_signing = conn.isSigningRequired()
print("SMB signing\t\t:", "YES" if is_signing else "NO")