:py:mod:`dissect.target.loaders.smb` ==================================== .. py:module:: dissect.target.loaders.smb Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.loaders.smb.SmbLoader dissect.target.loaders.smb.SmbRegistry dissect.target.loaders.smb.SmbRegistryHive dissect.target.loaders.smb.SmbRegistryKey dissect.target.loaders.smb.SmbRegistryValue .. py:class:: SmbLoader(path: Union[pathlib.Path, str], **kwargs) Bases: :py:obj:`dissect.target.loader.Loader` Use remote SMB servers as targets. This loader maps SMB shares from a remote SMB server as filesystems. It makes use of Impacket's ``SMBConnection`` class to connect to the remote server and enumerate all available shares. The shares are then mapped as filesystems in the target. You can use the following examples to connect to a guest. Connect as guest (you're probably not going to get very far with this one):: smb://10.10.128.3 Connect as administrator using NTLM password authentication:: smb://administrator:Dissect123!@10.10.128.3 Connect as administrator using NTLM pass-the-hash authentication:: smb://administrator@10.10.128.3?hash=3c19c73ccd2bbcb84c592321caa4b1be Connect using a Kerberos authentication:: smb://administrator@infected.dissect.lab?kerberos=true&ip=10.10.128.3&ticket=administrator.ccache&dc=dc01.dissect.lab&dc-ip=10.10.10.10 You can also use the following environment variables instead: - ``SMB_TARGET_IP`` - ``SMB_TARGET_HOST`` - ``SMB_DOMAIN`` - ``SMB_USERNAME`` - ``SMB_PASSWORD`` - ``SMB_KERBEROS_TICKET (or KRB5CCNAME)`` - ``SMB_KERBEROS_DC`` - ``SMB_KERBEROS_DC_IP`` - ``SMB_KERBEROS_AES_KEY`` When using environment variables, you can invoke this loader using an empty ``smb://`` URI. .. py:attribute:: MACHINE_NAME :value: 'DISSECT-TARGET' .. py:attribute:: EMPTY_NT :value: '31d6cfe0d16ae931b73c59d7e0c089c0' .. py:attribute:: EMPTY_LM :value: 'aad3b435b51404eeaad3b435b51404ee' .. py:method:: detect(path: pathlib.Path) -> bool :staticmethod: This loader can only be activated with the URI-scheme ``smb://``. .. py:method:: map(target: dissect.target.Target) -> None Map all target filesystems (network shares) from the SMB connection. .. py:class:: SmbRegistry(target: dissect.target.Target, conn: impacket.smbconnection.SMBConnection) Bases: :py:obj:`dissect.target.plugins.os.windows.registry.RegistryPlugin` Provides registry access for Windows targets. Acts much the same to how the registry works on a live Windows machine. Hives are correctly mapped under e.g. HKLM\SOFTWARE. Internal functions only. .. py:attribute:: __register__ :value: False .. py:method:: check_compatible() -> bool Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: __del__() -> None .. py:class:: SmbRegistryHive(winreg: impacket.dcerpc.v5.rpcrt.DCERPC_v5, name: str, handle: int) Bases: :py:obj:`dissect.target.helpers.regutil.RegistryHive` Base class for registry hives. .. py:method:: key(key: str) -> SmbRegistryKey Retrieve a registry key from a specific path. :param key: A path to a registry key within this hive. :raises RegistryKeyNotFoundError: If the registry key could not be found. .. py:class:: SmbRegistryKey(hive: SmbRegistryHive, path: str) Bases: :py:obj:`dissect.target.helpers.regutil.RegistryKey` Base class for registry keys. :param hive: The registry hive to which this registry key belongs. .. py:property:: name :type: str Returns the name of this key. .. py:property:: path :type: str Returns the path of this key. .. py:property:: timestamp :type: datetime.datetime Returns the last modified timestamp of this key. .. py:attribute:: hive :type: SmbRegistryHive .. py:method:: handle() -> int .. py:method:: subkey(subkey: str) -> SmbRegistryKey Returns a specific subkey from this key. :param subkey: The name of the subkey to retrieve. :raises RegistryKeyNotFoundError: If this key has no subkey with the requested name. .. py:method:: subkeys() -> list[SmbRegistryKey] Returns a list of subkeys from this key. .. py:method:: value(value: str) -> str Returns a specific value from this key. :param value: The name of the value to retrieve. :raises RegistryValueNotFoundError: If this key has no value with the requested name. .. py:method:: values() -> list[SmbRegistryValue] Returns a list of all the values from this key. .. py:class:: SmbRegistryValue(hive: str, name: str, data: bytes, type: int) Bases: :py:obj:`dissect.target.helpers.regutil.RegistryValue` Base class for registry values. :param hive: The registry hive to which this registry value belongs. .. py:property:: name :type: str Returns the name of this value. .. py:property:: value :type: str Returns the value of this value. .. py:property:: type :type: str Returns the type of this value. Reference: - https://docs.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types