Skip to content

Commit

Permalink
If target server supports SMB >= 3, encrypt packets by default.
Browse files Browse the repository at this point in the history
* Unless pycrypto experimental is not installed :(
  • Loading branch information
asolino committed Mar 21, 2017
1 parent b7c35ec commit f62fc5c
Showing 1 changed file with 16 additions and 1 deletion.
17 changes: 16 additions & 1 deletion impacket/smb3.py
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,7 @@ def sendSMB(self, packet):
AES.MODE_CCM
except:
LOG.critical("Your pycrypto doesn't support AES.MODE_CCM. Currently only pycrypto experimental supports this mode.\nDownload it from https://www.dlitz.net/software/pycrypto ")
raise
raise
cipher = AES.new(self._Session['EncryptionKey'], AES.MODE_CCM, transformHeader['Nonce'])
cipher.update(str(transformHeader)[20:])
cipherText = cipher.encrypt(plainText)
Expand Down Expand Up @@ -656,6 +656,14 @@ def kerberosLogin(self, user, password, domain = '', lmhash = '', nthash = '', a
if self._Session['SigningRequired'] is True:
self._Session['SigningActivated'] = True
if self._Connection['Dialect'] == SMB2_DIALECT_30:
# SMB 3.0. Encryption should be available. Let's enforce it if we have AES CCM available
from Crypto.Cipher import AES
try:
AES.MODE_CCM
self._Session['SessionFlags'] |= SMB2_SESSION_FLAG_ENCRYPT_DATA
except:
LOG.debug(
"Your pycrypto doesn't support AES.MODE_CCM. Currently only pycrypto experimental supports this mode.\nDownload it from https://www.dlitz.net/software/pycrypto")
self._Session['ApplicationKey'] = crypto.KDF_CounterMode(self._Session['SessionKey'], "SMB2APP\x00", "SmbRpc\x00", 128)
self._Session['EncryptionKey'] = crypto.KDF_CounterMode(self._Session['SessionKey'], "SMB2AESCCM\x00", "ServerIn \x00", 128)
self._Session['DecryptionKey'] = crypto.KDF_CounterMode(self._Session['SessionKey'], "SMB2AESCCM\x00", "ServerOut\x00", 128)
Expand Down Expand Up @@ -797,6 +805,13 @@ def login(self, user, password, domain = '', lmhash = '', nthash = ''):
if self._Session['SigningRequired'] is True:
self._Session['SigningActivated'] = True
if self._Connection['Dialect'] == SMB2_DIALECT_30:
# SMB 3.0. Encryption should be available. Let's enforce it if we have AES CCM available
from Crypto.Cipher import AES
try:
AES.MODE_CCM
self._Session['SessionFlags'] |= SMB2_SESSION_FLAG_ENCRYPT_DATA
except:
LOG.debug("Your pycrypto doesn't support AES.MODE_CCM. Currently only pycrypto experimental supports this mode.\nDownload it from https://www.dlitz.net/software/pycrypto")
self._Session['ApplicationKey'] = crypto.KDF_CounterMode(exportedSessionKey, "SMB2APP\x00", "SmbRpc\x00", 128)
self._Session['EncryptionKey'] = crypto.KDF_CounterMode(exportedSessionKey, "SMB2AESCCM\x00", "ServerIn \x00", 128)
self._Session['DecryptionKey'] = crypto.KDF_CounterMode(exportedSessionKey, "SMB2AESCCM\x00", "ServerOut\x00", 128)
Expand Down

0 comments on commit f62fc5c

Please sign in to comment.