[SMB] Massive Fixes, Features and Refactoring

[covertivy]

Hello!

I did some research regarding some annoying STATUS_SHARING_VIOLATION and STATUS_ACCESS_DENIED errors.
I know for a fact that some files that cannot be read with smbclient can be copied aside with a command / the file explorer.
This means that theoretically it should be possible to do so over SMB!

I opened up Wireshark and played around a bit - it seems this is caused by over-restrictive share access permissions on impacket's side.
I then dug deeper and saw some mismatching flag usage in the SMBv1 implementation of the protocol so I fixed those too.

To sum up, I added the ability to READ FILES WITH OPEN HANDLES WITH (ALMOST) NO RESTRICTION!!!
The only restriction is of course for some system files (eg. SAM, SECURITY, SYSTEM and basically all files that require a ShadowCopy to allow reading them).
This means that files with "weak handles" can be read remotely WITH ABSOLUTELY NO LIMITATION!

The list contains:

• Event Logs - *.evt / *.evtx
• Files open by Local Users
• Browser Files - Chrome Logins & History
• And much much more!

Glad to suffer for all y'alls pleasure!

[yuri2o1o]

Really important fix that makes SMB more intuitive! Please merge!

[laxa]

Hello, interesting PR, however, it does not seem to be working on my side, am I missing something?

$ smbclient.py 'User:Password'@192.168.122.111
# use C$
# cd users/user/appdata/local/microsoft/edge/user data/default/network
# get cookies
[-] SMB SessionError: code: 0xc0000043 - STATUS_SHARING_VIOLATION - A file cannot be opened because the share access flags are incompatible.

[covertivy]

The problem is with your test case.
On chromium based browsers the Cookies file is locked with a "strong handle" which restricts read access to other processes, therefore in this case the file cannot be read by us.
However, the other sensitive chrome files such as Local State, Login Data, History and others can be read with no issue!

I am happy to help with any other questions you may have 😊

[covertivy]

Hi again, I am changing the title because this is slowly growing into something much bigger.

I will soon add a better description and list all of the current changes I have made to the SMB libraries but the work is far from over 😅

Changes done so far:

• Add better constant definitions for shareAccessMode, createDisposition and desiredAccess in smb.py
• Fix bad shareAccessMode given in all readFile/retr_file implementations.
• Add set_file_info method in SMBv1.
• Add SMB_DATE and SMB_TIME class definitions.
• Replace poorly implemented getSMBDate and getSMBTime methods from smbserver.py to now use the newly implemented class definitions.
• Moved & Renamed FileTime conversion methods from smbserver.py to smb.py for ease of use and access.
• Fix broken SMBSetFileBasicInfo struct.
• Add setInfo method to the SMBConnection wrapper class.
• Add type hinting all over the SMBConnection class in order to allow easier programming for the user.
• Add example script attrib.py to showcase newly implemented setInfo method.

I believe that is all for now, I will make sure to keep you posted!

Have a good one 😉