search

Pennyw0rth / NetExec

The Network Execution Tool
https://netexec.wiki/
BSD 2-Clause "Simplified" License
3.27k stars 358 forks source link

Stacktrace with share listing #377

Closed nikaiw closed 3 months ago

nikaiw commented 4 months ago

A connection timeout can lead to a stacktrace with share listing module Latest version of nxc was used:

[02:32:56] ERROR    Exception while calling proto_flow() on target <redacted>: The NETBIOS connection with the remote host timed out.                                     connection.py:151
╭───────────────────────────────────────────────────────── Traceback (most recent call last) ─────────────────────────────────────────────────────────╮                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/nmb.py:984 in non_polling_read                                                  │                  
│                                                                                                                                                     │                  
│    981 │   │   while bytes_left > 0:                                                                                                                │                  
│    982 │   │   │   self._sock.settimeout(timeout)                                                                                                   │                  
│    983 │   │   │   try:                                                                                                                             │                  
│ ❱  984 │   │   │   │   received = self._sock.recv(bytes_left)                                                                                       │                  
│    985 │   │   │   except socket.timeout:                                                                                                           │                  
│    986 │   │   │   │   raise NetBIOSTimeout                                                                                                         │                  
│    987 │   │   │   except Exception as ex:                                                                                                          │                  
╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯                  
TimeoutError: timed out                                                                                                                                                  

During handling of the above exception, another exception occurred:                                                                                                      

╭───────────────────────────────────────────────────────── Traceback (most recent call last) ─────────────────────────────────────────────────────────╮                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/nxc/connection.py:143 in __init__                                                        │                  
│                                                                                                                                                     │                  
│   140 │   │                                                                                                                                         │                  
│   141 │   │   try:                                                                                                                                  │                  
│   142 │   │   │   #before = set(list_open_sockets())                                                                                                │                  
│ ❱ 143 │   │   │   self.proto_flow()                                                                                                                 │                  
│   144 │   │   │   #after = set(list_open_sockets())                                                                                                 │                  
│   145 │   │   │   #leaked_sockets = after - before                                                                                                  │                  
│   146 │   │   │   #if leaked_sockets:                                                                                                               │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/nxc/connection.py:208 in proto_flow                                                      │                  
│                                                                                                                                                     │                  
│   205 │   │   │   │   │   self.call_modules()                                                                                                       │                  
│   206 │   │   │   │   else:                                                                                                                         │                  
│   207 │   │   │   │   │   self.logger.debug("Calling command arguments")                                                                            │                  
│ ❱ 208 │   │   │   │   │   self.call_cmd_args()                                                                                                      │                  
│   209 │                                                                                                                                             │                  
│   210 │   def call_cmd_args(self):                                                                                                                  │                  
│   211 │   │   """Calls all the methods specified by the command line arguments                                                                      │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/nxc/connection.py:229 in call_cmd_args                                                   │                  
│                                                                                                                                                     │                  
│   226 │   │   for attr, value in vars(self.args).items():                                                                                           │                  
│   227 │   │   │   if hasattr(self, attr) and callable(getattr(self, attr)) and value is not                                                         │                  
│       False and value is not None:                                                                                                                  │                  
│   228 │   │   │   │   self.logger.debug(f"Calling {attr}()")                                                                                        │                  
│ ❱ 229 │   │   │   │   getattr(self, attr)()                                                                                                         │                  
│   230 │                                                                                                                                             │                  
│   231 │   def call_modules(self):                                                                                                                   │                  
│   232 │   │   """Calls modules and performs various actions based on the module's attributes.                                                       │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/nxc/protocols/smb.py:845 in shares                                                       │                  
│                                                                                                                                                     │                  
│    842 │   │   │   read = False                                                                                                                     │                  
│    843 │   │   │   write = False                                                                                                                    │                  
│    844 │   │   │   try:                                                                                                                             │                  
│ ❱  845 │   │   │   │   self.conn.listPath(share_name, "*")                                                                                          │                  
│    846 │   │   │   │   read = True                                                                                                                  │                  
│    847 │   │   │   │   share_info["access"].append("READ")                                                                                          │                  
│    848 │   │   │   except SessionError as e:                                                                                                        │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/smbconnection.py:400 in listPath                                                │                  
│                                                                                                                                                     │                  
│   397 │   │   """                                                                                                                                   │                  
│   398 │   │                                                                                                                                         │                  
│   399 │   │   try:                                                                                                                                  │                  
│ ❱ 400 │   │   │   return self._SMBConnection.list_path(shareName, path, password)                                                                   │                  
│   401 │   │   except (smb.SessionError, smb3.SessionError) as e:                                                                                    │                  
│   402 │   │   │   raise SessionError(e.get_error_code(), e.get_error_packet())                                                                      │                  
│   403                                                                                                                                               │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/smb3.py:1822 in listPath                                                        │                  
│                                                                                                                                                     │                  
│   1819 │   │   │   │   │   raise                                                                                                                    │                  
│   1820 │   │   finally:                                                                                                                             │                  
│   1821 │   │   │   if fileId is not None:                                                                                                           │                  
│ ❱ 1822 │   │   │   │   self.close(treeId, fileId)                                                                                                   │                  
│   1823 │   │   │   self.disconnectTree(treeId)                                                                                                      │                  
│   1824 │   │                                                                                                                                        │                  
│   1825 │   │   return files                                                                                                                         │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/smb3.py:1355 in close                                                           │                  
│                                                                                                                                                     │                  
│   1352 │   │   packet['Data'] = smbClose                                                                                                            │                  
│   1353 │   │                                                                                                                                        │                  
│   1354 │   │   packetID = self.sendSMB(packet)                                                                                                      │                  
│ ❱ 1355 │   │   ans = self.recvSMB(packetID)                                                                                                         │                  
│   1356 │   │                                                                                                                                        │                  
│   1357 │   │   if ans.isValidAnswer(STATUS_SUCCESS):                                                                                                │                  
│   1358 │   │   │   del(self.GlobalFileTable[self._Session['OpenTable'][fileId]['FileName']])                                                        │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/smb3.py:512 in recvSMB                                                          │                  
│                                                                                                                                                     │                  
│    509 │   │   if packetID in self._Connection['OutstandingResponses']:                                                                             │                  
│    510 │   │   │   return self._Connection['OutstandingResponses'].pop(packetID)                                                                    │                  
│    511 │   │                                                                                                                                        │                  
│ ❱  512 │   │   data = self._NetBIOSSession.recv_packet(self._timeout)                                                                               │                  
│    513 │   │                                                                                                                                        │                  
│    514 │   │   if data.get_trailer().startswith(b'\xfdSMB'):                                                                                        │                  
│    515 │   │   │   # Packet is encrypted                                                                                                            │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/nmb.py:915 in recv_packet                                                       │                  
│                                                                                                                                                     │                  
│    912 │   │   self._sock.sendall(p.rawData())                                                                                                      │                  
│    913 │                                                                                                                                            │                  
│    914 │   def recv_packet(self, timeout = None):                                                                                                   │                  
│ ❱  915 │   │   data = self.__read(timeout)                                                                                                          │                  
│    916 │   │   NBSPacket = NetBIOSSessionPacket(data)                                                                                               │                  
│    917 │   │   if NBSPacket.get_type() == NETBIOS_SESSION_KEEP_ALIVE:                                                                               │                  
│    918 │   │   │   # Discard packet                                                                                                                 │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/nmb.py:1002 in __read                                                           │                  
│                                                                                                                                                     │                  
│    999 │   │   return bytes(data)                                                                                                                   │                  
│   1000 │                                                                                                                                            │                  
│   1001 │   def __read(self, timeout = None):                                                                                                        │                  
│ ❱ 1002 │   │   data = self.read_function(4, timeout)                                                                                                │                  
│   1003 │   │   type, flags, length = unpack('>ccH', data)                                                                                           │                  
│   1004 │   │   if ord(type) == NETBIOS_SESSION_MESSAGE:                                                                                             │                  
│   1005 │   │   │   length |= ord(flags) << 16                                                                                                       │                  
│                                                                                                                                                     │                  
│ /home/user/tools/NetExec/venv/lib/python3.10/site-packages/impacket/nmb.py:986 in non_polling_read                                                  │                  
│                                                                                                                                                     │                  
│    983 │   │   │   try:                                                                                                                             │                  
│    984 │   │   │   │   received = self._sock.recv(bytes_left)                                                                                       │                  
│    985 │   │   │   except socket.timeout:                                                                                                           │                  
│ ❱  986 │   │   │   │   raise NetBIOSTimeout                                                                                                         │                  
│    987 │   │   │   except Exception as ex:                                                                                                          │                  
│    988 │   │   │   │   raise NetBIOSError('Error occurs while reading from remote',                                                                 │                  
│        ERRCLASS_OS, ex.errno)                                                                                                                       │                  
│    989                                                                                                                                              │                  
╰─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯                  
NetBIOSTimeout: The NETBIOS connection with the remote host timed out.
NeffIsBack commented 3 months ago

Thanks for reporting! The exceptions NetBIOSTimeout and NetBIOSError should be handled properly when #387 is merged.