From 2630693d6f2120769ca2de29116af6a3559c7fd8 Mon Sep 17 00:00:00 2001 From: gabrielg5 Date: Tue, 29 Jul 2025 15:11:44 -0400 Subject: [PATCH 1/2] ntlmrelayx: showing client ip when relay successful. standardized relay server prefixes (protocol). showin an incremental id for session relayed. --- .../examples/ntlmrelayx/clients/__init__.py | 7 ++ .../ntlmrelayx/servers/httprelayserver.py | 66 ++++++++----------- .../ntlmrelayx/servers/rawrelayserver.py | 28 ++++---- .../ntlmrelayx/servers/rpcrelayserver.py | 56 ++++++++-------- .../ntlmrelayx/servers/smbrelayserver.py | 57 ++++++++-------- .../ntlmrelayx/servers/wcfrelayserver.py | 55 ++++++++-------- 6 files changed, 129 insertions(+), 140 deletions(-) diff --git a/impacket/examples/ntlmrelayx/clients/__init__.py b/impacket/examples/ntlmrelayx/clients/__init__.py index aadb371572..c492422344 100644 --- a/impacket/examples/ntlmrelayx/clients/__init__.py +++ b/impacket/examples/ntlmrelayx/clients/__init__.py @@ -16,6 +16,7 @@ # Alberto Solino (@agsolino) # import os, sys, pkg_resources +from threading import Lock from impacket import LOG PROTOCOL_CLIENTS = {} @@ -25,6 +26,8 @@ # writing a plugin for protocol clients: # PROTOCOL_CLIENT_CLASS = "" # PLUGIN_NAME must be the protocol name that will be matched later with the relay targets (e.g. SMB, LDAP, etc) +client_idx = 0 +lock = Lock() class ProtocolClient: PLUGIN_NAME = 'PROTOCOL' def __init__(self, serverConfig, target, targetPort, extendedSecurity=True): @@ -40,6 +43,10 @@ def __init__(self, serverConfig, target, targetPort, extendedSecurity=True): self.extendedSecurity = extendedSecurity self.session = None self.sessionData = {} + with lock: + global client_idx + client_idx += 1 + self.client_id = client_idx def initConnection(self): raise RuntimeError('Virtual Function') diff --git a/impacket/examples/ntlmrelayx/servers/httprelayserver.py b/impacket/examples/ntlmrelayx/servers/httprelayserver.py index b409be7c45..a8887689f1 100644 --- a/impacket/examples/ntlmrelayx/servers/httprelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/httprelayserver.py @@ -68,8 +68,8 @@ def __init__(self,request, client_address, server): try: http.server.SimpleHTTPRequestHandler.__init__(self,request, client_address, server) except Exception as e: - LOG.debug("Exception:", exc_info=True) - LOG.error(str(e)) + LOG.debug("(HTTP): Exception:", exc_info=True) + LOG.error("(HTTP): %s" % str(e)) def handle_one_request(self): try: @@ -77,8 +77,8 @@ def handle_one_request(self): except KeyboardInterrupt: raise except Exception as e: - LOG.debug("HTTPD(%s): Exception:" % self.server.server_address[1], exc_info=True) - LOG.error('HTTPD(%s): Exception in HTTP request handler: %s' % (self.server.server_address[1], e)) + LOG.debug("(HTTP): Exception:", exc_info=True) + LOG.error('(HTTP): Exception in HTTP request handler: %s' % e) def log_message(self, format, *args): return @@ -160,7 +160,7 @@ def strip_blob(self, proxy): _, blob = typeX.split('NTLM') token = base64.b64decode(blob.strip()) except Exception: - LOG.debug("Exception:", exc_info=True) + LOG.debug("(HTTP): Exception:", exc_info=True) self.do_AUTHHEAD(message = b'NTLM', proxy=proxy) else: messageType = struct.unpack('> 16 packet['ErrorClass'] = errorCode & 0xff - LOG.error("Authenticating against %s://%s as %s FAILED" % (self.target.scheme, self.target.netloc, self.authUser)) + LOG.error("(SMB): Authenticating against %s://%s as %s FAILED" % (self.target.scheme, self.target.netloc, self.authUser)) #Log this target as processed for this client self.targetprocessor.registerTarget(self.target, False, self.authUser) @@ -662,7 +661,7 @@ def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): return None, [packet], errorCode else: # We have a session, create a thread and do whatever we want - LOG.info("Authenticating against %s://%s as %s SUCCEED" % (self.target.scheme, self.target.netloc, self.authUser)) + LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED [%s]" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc, client.client_id)) # Log this target as processed for this client self.targetprocessor.registerTarget(self.target, True, self.authUser) @@ -674,7 +673,7 @@ def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): client.sessionData['JOHN_OUTPUT'] = ntlm_hash_data if self.server.getDumpHashes(): - LOG.info(ntlm_hash_data['hash_string']) + LOG.info("(SMB): %s" % ntlm_hash_data['hash_string']) if self.server.getJTRdumpPath() != '': writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'], @@ -742,7 +741,7 @@ def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): else: # We have a session, create a thread and do whatever we want self.authUser = ('%s/%s' % (sessionSetupData['PrimaryDomain'], sessionSetupData['Account'])).upper() - LOG.info("Authenticating against %s://%s as %s SUCCEED" % (self.target.scheme, self.target.netloc, self.authUser)) + LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED [%s]" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc, client.client_id)) # Log this target as processed for this client self.targetprocessor.registerTarget(self.target, True, self.authUser) @@ -752,7 +751,7 @@ def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): client.sessionData['JOHN_OUTPUT'] = ntlm_hash_data if self.server.getDumpHashes(): - LOG.info(ntlm_hash_data['hash_string']) + LOG.info("(SMB): %s" % ntlm_hash_data['hash_string']) if self.server.getJTRdumpPath() != '': writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'], @@ -801,14 +800,14 @@ def smbComTreeConnectAndX(self, connId, smbServer, SMBCommand, recvPacket): self.target = self.targetprocessor.getTarget(multiRelay=False) else: # No more targets to process, just let the victim to fail later - LOG.info('SMBD-%s: Connection from %s@%s controlled, but there are no more targets left!' % (connId, self.authUser, connData['ClientIP'])) + LOG.info('(SMB): Connection from %s@%s controlled, but there are no more targets left!' % (self.authUser, connData['ClientIP'])) return self.origsmbComTreeConnectAndX (connId, smbServer, recvPacket) - LOG.info('SMBD-%s: Connection from %s@%s controlled, attacking target %s://%s' % ( connId, self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc)) + LOG.info('(SMB): Connection from %s@%s controlled, attacking target %s://%s' % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc)) if self.config.mode.upper() == 'REFLECTION': # Force standard security when doing reflection - LOG.debug("Downgrading to standard security") + LOG.debug("(SMB): Downgrading to standard security") extSec = False recvPacket['Flags2'] += (~smb.SMB.FLAGS2_EXTENDED_SECURITY) else: @@ -816,7 +815,7 @@ def smbComTreeConnectAndX(self, connId, smbServer, SMBCommand, recvPacket): # Init the correct client for our target client = self.init_client(extSec) except Exception as e: - LOG.error("Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e))) + LOG.error("(SMB): Connection against target %s://%s FAILED: %s" % (self.target.scheme, self.target.netloc, str(e))) self.targetprocessor.registerTarget(self.target, False, self.authUser) else: connData['relayToHost'] = True @@ -921,7 +920,7 @@ def do_attack(self,client): clientThread = self.config.attacks[self.target.scheme.upper()](self.config, client.session, self.authUser) clientThread.start() else: - LOG.error('No attack configured for %s' % self.target.scheme.upper()) + LOG.error('(SMB): No attack configured for %s' % self.target.scheme.upper()) def _start(self): self.server.daemon_threads=True diff --git a/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py b/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py index 7e93c040df..c0bc9da702 100644 --- a/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py @@ -71,9 +71,9 @@ def __init__(self, request, client_address, server): self.server.config.target = TargetsProcessor(singleTarget='SMB://%s:445/' % client_address[0]) self.target = self.server.config.target.getTarget() if self.target is None: - LOG.info("WCF: Received connection from %s, but there are no more targets left!" % client_address[0]) + LOG.info("(WCF): Received connection from %s, but there are no more targets left!" % client_address[0]) return - LOG.info("WCF: Received connection from %s, attacking target %s://%s" % ( + LOG.info("(WCF): Received connection from %s, attacking target %s://%s" % ( client_address[0], self.target.scheme, self.target.netloc)) socketserver.BaseRequestHandler.__init__(self, request, client_address, server) @@ -91,55 +91,55 @@ def recvall(self, length): def handle(self): version_code = self.recvall(1) if version_code != b'\x00': - LOG.error("WCF: wrong VersionRecord code") + LOG.error("(WCF): wrong VersionRecord code") return version = self.recvall(2) # should be \x01\x00 but we don't care if version != b'\x01\x00': - LOG.error("WCF: wrong VersionRecord version") + LOG.error("(WCF): wrong VersionRecord version") return mode_code = self.recvall(1) if mode_code != b'\x01': - LOG.error("WCF: wrong ModeRecord code") + LOG.error("(WCF): wrong ModeRecord code") return mode = self.recvall(1) # we don't care via_code = self.recvall(1) if via_code != b'\x02': - LOG.error("WCF: wrong ViaRecord code") + LOG.error("(WCF): wrong ViaRecord code") return via_len = self.recvall(1) via_len = struct.unpack("B", via_len)[0] via = self.recvall(via_len).decode("utf-8") if not via.startswith("net.tcp://"): - LOG.error("WCF: the Via URL '" + via + "' does not start with 'net.tcp://'. " + LOG.error("(WCF): the Via URL '" + via + "' does not start with 'net.tcp://'. " "Only NetTcpBinding is currently supported!") return known_encoding_code = self.recvall(1) if known_encoding_code != b'\x03': - LOG.error("WCF: wrong KnownEncodingRecord code") + LOG.error("(WCF): wrong KnownEncodingRecord code") return encoding = self.recvall(1) # we don't care upgrade_code = self.recvall(1) if upgrade_code != b'\x09': - LOG.error("WCF: wrong UpgradeRequestRecord code") + LOG.error("(WCF): wrong UpgradeRequestRecord code") return upgrade_len = self.recvall(1) upgrade_len = struct.unpack("B", upgrade_len)[0] upgrade = self.recvall(upgrade_len).decode("utf-8") if upgrade != "application/negotiate": - LOG.error("WCF: upgrade '" + upgrade + "' is not 'application/negotiate'. Only Negotiate is supported!") + LOG.error("(WCF): upgrade '" + upgrade + "' is not 'application/negotiate'. Only Negotiate is supported!") return self.request.sendall(b'\x0a') while True: handshake_in_progress = self.recvall(5) if not handshake_in_progress[0] == 0x16: - LOG.error("WCF: Wrong handshake_in_progress message") + LOG.error("(WCF): Wrong handshake_in_progress message") return securityBlob_len = struct.unpack(">H", handshake_in_progress[3:5])[0] @@ -160,7 +160,7 @@ def handle(self): mechStr = MechTypes[mechType] else: mechStr = hexlify(mechType) - LOG.debug("Unsupported MechType '%s'" % mechStr) + LOG.debug("(WCF): Unsupported MechType '%s'" % mechStr) # We don't know the token, we answer back again saying # we just support NTLM. respToken = SPNEGO_NegTokenResp() @@ -188,12 +188,12 @@ def handle(self): break if not token.startswith(b"NTLMSSP\0\1"): # NTLMSSP_NEGOTIATE: message type 1 - LOG.error("WCF: Wrong NTLMSSP_NEGOTIATE message") + LOG.error("(WCF): Wrong NTLMSSP_NEGOTIATE message") return if not self.do_ntlm_negotiate(token): # Connection failed - LOG.error('Negotiating NTLM with %s://%s failed. Skipping to next target', + LOG.error('(WCF): Negotiating NTLM with %s://%s failed. Skipping to next target', self.target.scheme, self.target.netloc) self.server.config.target.registerTarget(self.target) return @@ -222,7 +222,7 @@ def handle(self): error_len = struct.unpack(">H", handshake_done[3:5])[0] error_msg = self.recvall(error_len) hresult = hex(struct.unpack('>I', error_msg[4:8])[0]) - LOG.error("WCF: Received handshake_error message: " + hresult) + LOG.error("(WCF): Received handshake_error message: " + hresult) return ntlmssp_auth_len = struct.unpack(">H", handshake_done[3:5])[0] @@ -234,7 +234,7 @@ def handle(self): ntlmssp_auth = blob['ResponseToken'] if not ntlmssp_auth.startswith(b"NTLMSSP\0\3"): # NTLMSSP_AUTH: message type 3 - LOG.error("WCF: Wrong NTLMSSP_AUTH message") + LOG.error("(WCF): Wrong NTLMSSP_AUTH message") return authenticateMessage = ntlm.NTLMAuthChallengeResponse() @@ -242,12 +242,12 @@ def handle(self): if not self.do_ntlm_auth(ntlmssp_auth, authenticateMessage): if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: - LOG.error("Authenticating against %s://%s as %s\\%s FAILED" % ( + LOG.error("(WCF): Authenticating against %s://%s as %s\\%s FAILED" % ( self.target.scheme, self.target.netloc, authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'))) else: - LOG.error("Authenticating against %s://%s as %s\\%s FAILED" % ( + LOG.error("(WCF): Authenticating against %s://%s as %s\\%s FAILED" % ( self.target.scheme, self.target.netloc, authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'))) @@ -255,14 +255,13 @@ def handle(self): # Relay worked, do whatever we want here... if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: - LOG.info("Authenticating against %s://%s as %s\\%s SUCCEED" % ( - self.target.scheme, self.target.netloc, - authenticateMessage['domain_name'].decode('utf-16le'), - authenticateMessage['user_name'].decode('utf-16le'))) + LOG.info("(WCF): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'), + self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) else: - LOG.info("Authenticating against %s://%s as %s\\%s SUCCEED" % ( - self.target.scheme, self.target.netloc, authenticateMessage['domain_name'].decode('ascii'), - authenticateMessage['user_name'].decode('ascii'))) + LOG.info("(WCF): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'), + self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) ntlm_hash_data = outputToJohnFormat(self.challengeMessage['challenge'], authenticateMessage['user_name'], @@ -271,7 +270,7 @@ def handle(self): self.client.sessionData['JOHN_OUTPUT'] = ntlm_hash_data if self.server.config.dumpHashes is True: - LOG.info(ntlm_hash_data['hash_string']) + LOG.info("(WCF): %s" % ntlm_hash_data['hash_string']) if self.server.config.outputFile is not None: writeJohnOutputToFile(ntlm_hash_data['hash_string'], ntlm_hash_data['hash_version'], @@ -302,7 +301,7 @@ def do_ntlm_negotiate(self, token): if self.challengeMessage is False: return False else: - LOG.error('Protocol Client for %s not found!' % self.target.scheme.upper()) + LOG.error('(WCF): Protocol Client for %s not found!' % self.target.scheme.upper()) return False return True @@ -339,7 +338,7 @@ def do_attack(self): self.authUser) clientThread.start() else: - LOG.error('No attack configured for %s' % self.target.scheme.upper()) + LOG.error('(WCF): No attack configured for %s' % self.target.scheme.upper()) def __init__(self, config): Thread.__init__(self) From 3eb73a0764d9d2ab8456d43007ea603997ef8fee Mon Sep 17 00:00:00 2001 From: gabrielg5 Date: Thu, 31 Jul 2025 14:45:51 -0400 Subject: [PATCH 2/2] reverting 'client_id' additions as are not important/valid in the context of this pr --- impacket/examples/ntlmrelayx/clients/__init__.py | 7 ------- impacket/examples/ntlmrelayx/servers/httprelayserver.py | 2 +- impacket/examples/ntlmrelayx/servers/rawrelayserver.py | 8 ++++---- impacket/examples/ntlmrelayx/servers/rpcrelayserver.py | 8 ++++---- impacket/examples/ntlmrelayx/servers/smbrelayserver.py | 6 +++--- impacket/examples/ntlmrelayx/servers/wcfrelayserver.py | 8 ++++---- 6 files changed, 16 insertions(+), 23 deletions(-) diff --git a/impacket/examples/ntlmrelayx/clients/__init__.py b/impacket/examples/ntlmrelayx/clients/__init__.py index c492422344..aadb371572 100644 --- a/impacket/examples/ntlmrelayx/clients/__init__.py +++ b/impacket/examples/ntlmrelayx/clients/__init__.py @@ -16,7 +16,6 @@ # Alberto Solino (@agsolino) # import os, sys, pkg_resources -from threading import Lock from impacket import LOG PROTOCOL_CLIENTS = {} @@ -26,8 +25,6 @@ # writing a plugin for protocol clients: # PROTOCOL_CLIENT_CLASS = "" # PLUGIN_NAME must be the protocol name that will be matched later with the relay targets (e.g. SMB, LDAP, etc) -client_idx = 0 -lock = Lock() class ProtocolClient: PLUGIN_NAME = 'PROTOCOL' def __init__(self, serverConfig, target, targetPort, extendedSecurity=True): @@ -43,10 +40,6 @@ def __init__(self, serverConfig, target, targetPort, extendedSecurity=True): self.extendedSecurity = extendedSecurity self.session = None self.sessionData = {} - with lock: - global client_idx - client_idx += 1 - self.client_id = client_idx def initConnection(self): raise RuntimeError('Virtual Function') diff --git a/impacket/examples/ntlmrelayx/servers/httprelayserver.py b/impacket/examples/ntlmrelayx/servers/httprelayserver.py index a8887689f1..018d935ff6 100644 --- a/impacket/examples/ntlmrelayx/servers/httprelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/httprelayserver.py @@ -464,7 +464,7 @@ def do_relay(self, messageType, token, proxy, content = None): self.do_AUTHHEAD(b'NTLM', proxy=proxy) else: # Relay worked, do whatever we want here... - LOG.info("(HTTP): Authenticating connection from %s@%s against %s://%s SUCCEED [%s]" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + LOG.info("(HTTP): Authenticating connection from %s@%s against %s://%s SUCCEED" % (self.authUser, self.client_address[0], self.target.scheme, self.target.netloc)) ntlm_hash_data = outputToJohnFormat(self.challengeMessage['challenge'], authenticateMessage['user_name'], diff --git a/impacket/examples/ntlmrelayx/servers/rawrelayserver.py b/impacket/examples/ntlmrelayx/servers/rawrelayserver.py index a5a6eb98a9..c92f5958be 100644 --- a/impacket/examples/ntlmrelayx/servers/rawrelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/rawrelayserver.py @@ -116,13 +116,13 @@ def handle(self): self.request.sendall(struct.pack('?', True)) if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: - LOG.info("(RAW): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + LOG.info("(RAW): Authenticating connection from %s/%s@%s against %s://%s SUCCEED" % ( authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'), - self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + self.client_address[0], self.target.scheme, self.target.netloc)) else: - LOG.info("(RAW): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + LOG.info("(RAW): Authenticating connection from %s/%s@%s against %s://%s SUCCEED" % ( authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'), - self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + self.client_address[0], self.target.scheme, self.target.netloc)) ntlm_hash_data = outputToJohnFormat(self.challengeMessage['challenge'], authenticateMessage['user_name'], diff --git a/impacket/examples/ntlmrelayx/servers/rpcrelayserver.py b/impacket/examples/ntlmrelayx/servers/rpcrelayserver.py index 7a15a9e25e..4a2f554d31 100644 --- a/impacket/examples/ntlmrelayx/servers/rpcrelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/rpcrelayserver.py @@ -240,13 +240,13 @@ def negotiate_ntlm_session(self): # Relay worked, do whatever we want here... if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: - LOG.info("(RPC): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + LOG.info("(RPC): Authenticating connection from %s/%s@%s against %s://%s SUCCEED" % ( authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'), - self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + self.client_address[0], self.target.scheme, self.target.netloc)) else: - LOG.info("(RPC): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + LOG.info("(RPC): Authenticating connection from %s/%s@%s against %s://%s SUCCEED" % ( authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'), - self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + self.client_address[0], self.target.scheme, self.target.netloc)) ntlm_hash_data = outputToJohnFormat(self.challengeMessage['challenge'], authenticateMessage['user_name'], diff --git a/impacket/examples/ntlmrelayx/servers/smbrelayserver.py b/impacket/examples/ntlmrelayx/servers/smbrelayserver.py index 5018b1ae92..2e081ee09b 100644 --- a/impacket/examples/ntlmrelayx/servers/smbrelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/smbrelayserver.py @@ -366,7 +366,7 @@ def SmbSessionSetup(self, connId, smbServer, recvPacket): client.killConnection() else: # We have a session, create a thread and do whatever we want - LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED [%s]" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc, client.client_id)) + LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc)) # Log this target as processed for this client if not self.config.isADCSAttack: @@ -661,7 +661,7 @@ def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): return None, [packet], errorCode else: # We have a session, create a thread and do whatever we want - LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED [%s]" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc, client.client_id)) + LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc)) # Log this target as processed for this client self.targetprocessor.registerTarget(self.target, True, self.authUser) @@ -741,7 +741,7 @@ def SmbSessionSetupAndX(self, connId, smbServer, SMBCommand, recvPacket): else: # We have a session, create a thread and do whatever we want self.authUser = ('%s/%s' % (sessionSetupData['PrimaryDomain'], sessionSetupData['Account'])).upper() - LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED [%s]" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc, client.client_id)) + LOG.info("(SMB): Authenticating connection from %s@%s against %s://%s SUCCEED" % (self.authUser, connData['ClientIP'], self.target.scheme, self.target.netloc)) # Log this target as processed for this client self.targetprocessor.registerTarget(self.target, True, self.authUser) diff --git a/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py b/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py index c0bc9da702..383566da8b 100644 --- a/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py +++ b/impacket/examples/ntlmrelayx/servers/wcfrelayserver.py @@ -255,13 +255,13 @@ def handle(self): # Relay worked, do whatever we want here... if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_UNICODE: - LOG.info("(WCF): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + LOG.info("(WCF): Authenticating connection from %s/%s@%s against %s://%s SUCCEED" % ( authenticateMessage['domain_name'].decode('utf-16le'), authenticateMessage['user_name'].decode('utf-16le'), - self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + self.client_address[0], self.target.scheme, self.target.netloc)) else: - LOG.info("(WCF): Authenticating connection from %s/%s@%s against %s://%s SUCCEED [%s]" % ( + LOG.info("(WCF): Authenticating connection from %s/%s@%s against %s://%s SUCCEED" % ( authenticateMessage['domain_name'].decode('ascii'), authenticateMessage['user_name'].decode('ascii'), - self.client_address[0], self.target.scheme, self.target.netloc, self.client.client_id)) + self.client_address[0], self.target.scheme, self.target.netloc)) ntlm_hash_data = outputToJohnFormat(self.challengeMessage['challenge'], authenticateMessage['user_name'],