From 243f936575b1ae15eb50fea3634f22a19e2f57de Mon Sep 17 00:00:00 2001 From: Charlie Fligg Date: Thu, 6 Mar 2025 21:22:09 -0500 Subject: [PATCH 1/3] initial idea of solution --- snaffcore/go_snaffle.py | 2 +- snaffcore/smb.py | 7 ++++++- snaffler.py | 2 ++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/snaffcore/go_snaffle.py b/snaffcore/go_snaffle.py index 5100122..a516df2 100644 --- a/snaffcore/go_snaffle.py +++ b/snaffcore/go_snaffle.py @@ -51,7 +51,7 @@ def begin_snaffle(options): for target in options.targets: smb_client = SMBClient( - target, options.username, options.password, options.domain, options.hash) + target, options.username, options.password, options.domain, options.hash, options.shares) if not smb_client.login(): log.error(f"Unable to login to{target}") continue diff --git a/snaffcore/smb.py b/snaffcore/smb.py index 1eb536e..d767831 100644 --- a/snaffcore/smb.py +++ b/snaffcore/smb.py @@ -20,7 +20,7 @@ class SMBClient: Wrapper around impacket's SMBConnection() object ''' - def __init__(self, server, username, password, domain, nthash): + def __init__(self, server, username, password, domain, nthash, share_names): self.server = server @@ -30,6 +30,7 @@ def __init__(self, server, username, password, domain, nthash): self.password = password self.domain = domain self.nthash = nthash + self.share_names = share_names if self.nthash: # means no password, see https://yougottahackthat.com/blog/339/what-is-aad3b435b51404eeaad3b435b51404ee self.lmhash = 'aad3b435b51404eeaad3b435b51404ee' @@ -46,6 +47,10 @@ def shares(self): remarkname = resp[i]['shi1_remark'][:-1] # log.info(f'Found share {sharename} on {self.server}, remark {remarkname}') + if(self.share_names != "" or self.share_names != None): # if shares are empty, then scan all shares + if(not sharename in self.share_names.split(",")): # if share is not in our list of shares to scan, skip it + continue + share_text = termcolor.colored("[Share]", 'light_yellow') print(share_text, termcolor.colored( diff --git a/snaffler.py b/snaffler.py index 6370ffa..9cd3631 100644 --- a/snaffler.py +++ b/snaffler.py @@ -41,6 +41,8 @@ def parse_arguments(): parser.add_argument("--no-download", action='store_true', help="Don't download files, just print found file names to stdout - this can only show the top level of files from the share and is unable to recurse into subdirectories.") + parser.add_argument("-s", "--shares", action="store_true", help="Comma separated list of shares to scan. ie: hr,document,test") + try: if len(sys.argv) <= 1: parser.print_help() From de0f970f06b2710434075c7730ed72b5d6e08934 Mon Sep 17 00:00:00 2001 From: Charlie Fligg Date: Thu, 6 Mar 2025 21:27:17 -0500 Subject: [PATCH 2/3] change checking for none per argparse documentation --- snaffcore/smb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snaffcore/smb.py b/snaffcore/smb.py index d767831..3101786 100644 --- a/snaffcore/smb.py +++ b/snaffcore/smb.py @@ -47,7 +47,7 @@ def shares(self): remarkname = resp[i]['shi1_remark'][:-1] # log.info(f'Found share {sharename} on {self.server}, remark {remarkname}') - if(self.share_names != "" or self.share_names != None): # if shares are empty, then scan all shares + if(self.share_names != None): # if shares are empty, then scan all shares if(not sharename in self.share_names.split(",")): # if share is not in our list of shares to scan, skip it continue From 985136eb90c45c3378e61f2755c6bf244f574cb7 Mon Sep 17 00:00:00 2001 From: Charlie Fligg Date: Thu, 6 Mar 2025 21:27:56 -0500 Subject: [PATCH 3/3] update comments --- snaffcore/smb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/snaffcore/smb.py b/snaffcore/smb.py index 3101786..604dc5e 100644 --- a/snaffcore/smb.py +++ b/snaffcore/smb.py @@ -47,7 +47,7 @@ def shares(self): remarkname = resp[i]['shi1_remark'][:-1] # log.info(f'Found share {sharename} on {self.server}, remark {remarkname}') - if(self.share_names != None): # if shares are empty, then scan all shares + if(self.share_names != None): # if shares are empty, then scan all shares (otherwise) if(not sharename in self.share_names.split(",")): # if share is not in our list of shares to scan, skip it continue