Class: Msf::Exploit::Remote::SMB::Server::HashCapture::HashCaptureNTLMProvider

Inherits:
RubySMB::Gss::Provider::NTLM
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/smb/server/hash_capture.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(allow_anonymous: false, allow_guests: false, default_domain: 'WORKGROUP', listener: nil, ntlm_type3_status: ::WindowsError::NTStatus::STATUS_ACCESS_DENIED) ⇒ HashCaptureNTLMProvider

Returns a new instance of HashCaptureNTLMProvider.

Parameters:

  • ntlm_type3_status (::WindowsError::NTStatus) (defaults to: ::WindowsError::NTStatus::STATUS_ACCESS_DENIED)

    A specific NT Status to return as the response to the NTLM type 3 message. If this value is nil, the message will be processed as normal.


180
181
182
183
184
# File 'lib/msf/core/exploit/remote/smb/server/hash_capture.rb', line 180

def initialize(allow_anonymous: false, allow_guests: false, default_domain: 'WORKGROUP', listener: nil, ntlm_type3_status: ::WindowsError::NTStatus::STATUS_ACCESS_DENIED)
  super(allow_anonymous: allow_anonymous, allow_guests: allow_guests, default_domain: default_domain)
  @listener = listener
  @ntlm_type3_status = ntlm_type3_status
end

Instance Attribute Details

#listenerObject (readonly)

Returns the value of attribute listener.


193
194
195
# File 'lib/msf/core/exploit/remote/smb/server/hash_capture.rb', line 193

def listener
  @listener
end

#ntlm_type3_statusObject

Returns the value of attribute ntlm_type3_status.


194
195
196
# File 'lib/msf/core/exploit/remote/smb/server/hash_capture.rb', line 194

def ntlm_type3_status
  @ntlm_type3_status
end

Instance Method Details

#new_authenticator(server_client) ⇒ Object

Needs overwritten to ensure our version of Authenticator is returned


187
188
189
190
191
# File 'lib/msf/core/exploit/remote/smb/server/hash_capture.rb', line 187

def new_authenticator(server_client)
  # build and return an instance that can process and track stateful information for a particular connection but
  # that's backed by this particular provider
  HashCaptureAuthenticator.new(self, server_client)
end