Skip to content

Commit

Permalink
Unicode fixes V1 (#1631)
Browse files Browse the repository at this point in the history
* Fixed unicode shares not being found

* Fixed unicode SPNs not being decoded appropriately

* Fixed spn not being found in getST, fixes #1595

* Fixed unicode issues on login when using ntlmV1 fallback
Fixes #1419
  • Loading branch information
alexisbalbachan authored Nov 14, 2023
1 parent 33058eb commit 4b56c18
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 6 deletions.
2 changes: 1 addition & 1 deletion examples/GetUserSPNs.py
Original file line number Diff line number Diff line change
Expand Up @@ -369,7 +369,7 @@ def run(self):
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
elif str(attribute['type']) == 'servicePrincipalName':
for spn in attribute['vals']:
SPNs.append(str(spn))
SPNs.append(spn.asOctets().decode('utf-8'))

if mustCommit is True:
if int(userAccountControl) & UF_ACCOUNTDISABLE:
Expand Down
3 changes: 2 additions & 1 deletion impacket/krb5/types.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import struct

from pyasn1.codec.der import decoder
from six import ensure_binary

from . import asn1
from . import constants
Expand Down Expand Up @@ -151,7 +152,7 @@ def components_to_asn1(self, name):
strings = name.setComponentByName('name-string'
).getComponentByName('name-string')
for i, c in enumerate(self.components):
strings.setComponentByPosition(i, c)
strings.setComponentByPosition(i, ensure_binary(c))

return name

Expand Down
4 changes: 3 additions & 1 deletion impacket/smb.py
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@
from impacket.structure import Structure
from impacket.spnego import SPNEGO_NegTokenInit, TypesMech, SPNEGO_NegTokenResp, ASN1_OID, asn1encode, ASN1_AID
from impacket.krb5.gssapi import KRB5_AP_REQ
import six

# For signing
import hashlib
Expand Down Expand Up @@ -3501,7 +3502,8 @@ def login(self, user, password, domain = '', lmhash = '', nthash = '', ntlm_fall
self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True)
except:
# If the target OS is Windows 5.0 or Samba, let's try using NTLMv1
if ntlm_fallback and ((self.get_server_lanman().find('Windows 2000') != -1) or (self.get_server_lanman().find('Samba') != -1)):
if ntlm_fallback and ((six.ensure_binary(self.get_server_lanman()).find(b'Windows 2000') != -1) or
(six.ensure_binary(self.get_server_lanman()).find(b'Samba') != -1)):
self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = False)
self.__isNTLMv2 = False
else:
Expand Down
7 changes: 4 additions & 3 deletions impacket/smbserver.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
import hmac

from binascii import unhexlify, hexlify, a2b_hex
from six import PY2, b, text_type
from six import b, ensure_str
from six.moves import configparser, socketserver

# For signing
Expand Down Expand Up @@ -234,6 +234,7 @@ def getShares(connId, smbServer):


def searchShare(connId, share, smbServer):
share = ensure_str(share)
config = smbServer.getServerConfig()
if config.has_section(share):
return dict(config.items(share))
Expand Down Expand Up @@ -3217,10 +3218,10 @@ def smb2Create(connId, smbServer, recvPacket):
else:
if sys.platform == 'win32':
mode |= os.O_BINARY
if str(pathName) in smbServer.getRegisteredNamedPipes():
if ensure_str(pathName) in smbServer.getRegisteredNamedPipes():
fid = PIPE_FILE_DESCRIPTOR
sock = socket.socket()
sock.connect(smbServer.getRegisteredNamedPipes()[str(pathName)])
sock.connect(smbServer.getRegisteredNamedPipes()[ensure_str(pathName)])
else:
fid = os.open(pathName, mode)
except Exception as e:
Expand Down

0 comments on commit 4b56c18

Please sign in to comment.