Jump to content
Hak5 Forums
Sign in to follow this  
PoSHMagiC0de

Impacket's karmasmb.py info

Recommended Posts

Welp, it is my turn to ask a question.  Been a minute hahaha.

So, I once in awhile go through the impacket packages and mess with them from time to time and even go through their code (they are examples after all).

One tool has me stumped as I have yet to get it going right.  That is karmasmb.py.

I know it is similar to smbserver.py but some differences.  It takes a config file to resolve extensions and all that jazz.  I have tried to use it like smbserver.py but get errors going to the folder on a windows machine though it does show a connection coming in on karmasmb just serves the wrong stuff and I end up if I just browse to it is a folder with a * in it.  Tried the config file method too but getting same issues.

I am curious in seeing how this module works.  Anyone have a working example so I can get a feel of how it is configured and ran?

Yeah, I looked online. I think there is a video of Mubix using it for an exploit from back in 2015 but he already had it configured and just ran it.  😐

 

Share this post


Link to post
Share on other sites
36 minutes ago, PoSHMagiC0de said:

Yeah, I looked online. I think there is a video of Mubix using it for an exploit from back in 2015 but he already had it configured and just ran it.  😐

Classic.

Just to be sure, does your config file look like this?

# Format: <ext> = <file>
txt = /dir/readme.txt
bat = /dir/start.bat

It looks like that if I was to query the SMB server for a path like (below) it will resolve to the preset file.

# If I go to..
smb://smbserver/path/to/text.txt
# It will resolve to..
smb://smbserver/dir/readme

You probably already knew that though. Or I'm just understanding it completely differently and probably incorrectly.

I can't visualise how it would work in an explorer window though. That would be quite strange, as it shows the files but doesn't really request them.. 🤔
But I guess if you asked for the contents of the file via CLI it would return the contents of the predefined file. So if you tried to execute a batch file somewhere else it would execute the pre-determined bat file.

But if you were to open a batch file with Notepad via CLI then it would open the pre-determined file in Notepad..

Double-edged sword much. I guess that's why it's called KarmaSMB? I don't know.

Everything I have said is speculation. 😄 

I've had a look through some of Impacket's scripts and there are many that catch my curiosity, but I've never really been bothered to play around with them heavily, just run it and go "that didn't work, doh".

Share this post


Link to post
Share on other sites

I figured out what my issue was.  I was trying to use it like smbserver.py.  All the path parameters have to be full paths, not relative.  Also, explorer will not work right with it.  I used Powershell to get the contents of the paths and was able to get them.  Also if the extension is recongnized by Windows you can use the run line to get it like the txt file I pulled and it opened notepad to display it.  So, it is working now.  🙂

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×