source

Author: 3gstudent

Diff for: Smbtouch-1.1.1.exe

@@ -0,0 +1,70 @@
+<?xml version='1.0' encoding='utf-8'?>
+<config xmlns='urn:trch' name='Smbtouch' version='1.1.1' schemaversion='2.1.0' configversion='1.1.1.0' id='985f383e6edd6d9397aa5da9601c8bc867f6b713'>
+  <inputparameters>
+    <parameter type='S16' name='NetworkTimeout' description='Timeout for blocking network calls (in seconds).  Use -1 for no timeout.'>
+      <value>60</value>
+    </parameter>
+    <parameter type='IPv4' name='TargetIp' description='Target IP Address'>
+      <value>127.0.0.1</value>
+    </parameter>
+    <parameter type='TcpPort' name='TargetPort' description='Port used by the SMB service'>
+      <value>445</value>
+    </parameter>
+    <parameter hidden='true' required='false' type='IPv4' name='RedirectedTargetIp' description='Physical (redirected) target IP'/>
+
+    <parameter hidden='true' required='false' type='TcpPort' name='RedirectedTargetPort' description='Physical (redirected) target port'/>
+    <paramchoice name='Protocol' description='SMB (default port 445) or NBT (default port 139)'>
+      <value>SMB</value>
+      <paramgroup name='SMB' description=''>
+        <parameter hidden='true' type='Boolean' name='UsingNbt' description='Boolean stating to use Nbt or not'>
+          <value>0</value>
+        </parameter>
+      </paramgroup>
+      <paramgroup name='NBT' description=''>
+        <parameter hidden='true' type='Boolean' name='UsingNbt' description='Boolean stating to use Nbt or not'>
+          <value>1</value>
+        </parameter>
+      </paramgroup>
+    </paramchoice>
+    <parameter type='String' name='Pipe' description='Test an additional pipe to see if it is accessible (optional)'>
+      <default/>
+    </parameter>
+    <parameter type='Buffer' name='Share' description='Test a file share to see if it is accessible (optional), entered as hex bytes (in unicode)'>
+      <default/>
+    </parameter>
+    <paramchoice name='Credentials' description='Type of credentials to use'>
+      <value>Anonymous</value>
+      <paramgroup name='Anonymous' description='Anonymous (NULL session)'/>
+      <paramgroup name='Guest' description='Guest account'/>
+      <paramgroup name='Blank' description='User account with no password set'>
+        <parameter type='Buffer' name='Username' description='Username entered as hex bytes (in unicode)'/>
+      </paramgroup>
+      <paramgroup name='Password' description='User name and password'>
+        <parameter type='Buffer' name='Username' description='Username entered as hex bytes (in unicode)'/>
+        <parameter type='Buffer' name='Password' description='Password entered as hex bytes (in unicode)'/>
+      </paramgroup>
+      <paramgroup name='NTLM' description='User name and NTLM hash'>
+        <parameter type='Buffer' name='Username' description='Username entered as hex bytes (in unicode)'/>
+        <parameter type='Buffer' name='NtlmHash' description='NTLM password hash (in hex)'/>
+      </paramgroup>
+    </paramchoice>
+  </inputparameters>
+  <constants>
+    <parameter type='U8' name='Anonymous' description=''>
+      <value>0</value>
+    </parameter>
+    <parameter type='U8' name='Guest' description=''>
+      <value>1</value>
+    </parameter>
+    <parameter type='U8' name='Blank' description=''>
+      <value>2</value>
+    </parameter>
+    <parameter type='U8' name='Password' description=''>
+      <value>3</value>
+    </parameter>
+    <parameter type='U8' name='NTLM' description=''>
+      <value>4</value>
+    </parameter>
+  </constants>
+
+</config>

Diff for: Smbtouch-1.1.1.xml

@@ -0,0 +1,60 @@
+#!/usr/bin/env python
+#
+# Smbtouch Scanner
+# By: 3gstudent
+# License: BSD 3-Clause
+'''
+
+Automatically scan the inner network.
+Use Smbtouch.exe to detect whether the target is vulnerable.
+Protocol: SMB
+Scan port:445
+Note:
+   You can also use protocl NBT and port 139,just change the Smbtouch-1.1.1.xml
+
+You can get Smbtouch.exe from this:
+https://github.com/x0rz/EQGRP_Lost_in_Translation/blob/master/windows/touches/Smbtouch-1.1.1.exe
+
+'''
+import os
+import fileinput
+#Start IP,change it
+BeginIP = '192.168.1.1'
+#End IP,change it
+EndIP = '192.168.1.10'
+#Log file
+fp = open('log.txt', 'w+')
+
+OldIP = '      <value>127.0.0.1</value>'
+TempIP = OldIP
+IP1 =  BeginIP.split('.')[0]
+IP2 =  BeginIP.split('.')[1]
+IP3 =  BeginIP.split('.')[2]
+IP4 = BeginIP.split('.')[-1]
+EndIP_last = EndIP.split('.')[-1]
+
+for i in range(int(IP4)-1,int(EndIP_last)):
+     ip = str(IP1+'.'+IP2+'.'+IP3+'.'+IP4)
+     int_IP4 = int(IP4)
+     int_IP4 += 1
+     IP4 = str(int_IP4)
+     NewIP= '      <value>'+ip+'</value>'
+     for line in fileinput.input('Smbtouch-1.1.1.xml',inplace=1):  
+     	print line.rstrip().replace(TempIP,NewIP)
+     TempIP = NewIP			     
+     Output = os.popen(r"Smbtouch-1.1.1.exe").read()
+     Output = Output[0:Output.find('<config',1)]
+     fp.writelines(Output)
+     Flag = Output.find('[-] Touch failed')
+     if Flag == -1 :
+	print '[+] Touch success:	' +ip
+     else:  
+	print '[-] Touch failed:	' +ip
+else:
+     fp.close( )     
+     for line in fileinput.input('Smbtouch-1.1.1.xml',inplace=1):  
+     	print line.rstrip().replace(NewIP,OldIP)
+
+
+
+