I'm using Win32::LanMan to enum shares on a range of IPs: Sometimes authenticated to the domain, sometimes through null session.
Here's my issue:
Sometimes the machine will pass back LanMan error messages. 1240, etc. I know what these errors are, but I'd like to just skip them and continue to the next IP. When I get the error, my foreach() loop exits and it ends the script.. Help me see the light!! :c)
Please refrain from criticing my coding practices... I'm a security guy, not a coder..(yet)... It's not pretty but it works.. :c)
Here is a look at part of my script::
Any easy way to test this is to type this at a DOS prompt::
net use \\server /u:validuser valid password
And then:
eshares.pl serverip-serverip <- I will be adding the ability to just enter a single machines ip..
#*************************************Begin Code
#Some code borrowed from null.pl by H. Carvey, [EMAIL PROTECTED]
#eshares.pl 04/01/02
use Win32::Lanman;
use Net::DNS;
use IO::Select;
use Net::Ping;
use Win32::AuthenticateUser;
use Getopt::Long;
use Term::ReadKey;
my(@shares,@users,$rr,$res,$query,$fndShare);
my($startip,$endip,$startlong,$endlong);
my($i, @host_array,$server,$sServer,@phosts,$count);
my($user, $domain, $test, $authd, $result, $name);
#check data entered
#$Getopt::Long::debug =1;
GetOptions("user:s","pass:s");
my($Range) = $ARGV[0] || die "\n\nNo range entered.\n\nUsage: eshares x.x.x.x-x.x.x.x\n";
$count = ($Range =~ tr/.//);
if ($Range !~ "-" || $count != 6){die "\n\nPlease enter a range in the format of x.x.x.x-x.x.x.x\n"}
$test = "";
#check for user spec and parse. Prompt for pass if not in ARGV
if ($opt_user){
if ($opt_user =~ /\\/){
($domain,$user)=split /\\/,$opt_user;
print "\nAttempting as $user in $domain..\n";
}else{
print "\nAssuming Quantum.com domain account..\n";
$domain= "Quantum";
$user = $opt_user;
}
if (! $opt_pass){
print "Enter your password: ";
ReadMode 'noecho';
$opt_pass = ReadLine 0;
chomp $opt_pass;
ReadMode 'normal';
print "\n";
}
}
#split IP range
($startip,$endip)= split /\-/,$Range;
$startlong = &longIP($startip);
$endlong = &longIP($endip);
#build host array
for ($i = 0; $i <= $endlong - $startlong ; $i++){
$host_array[$i] = $startlong + $i;
}
#*******************************
pingem();
foreach $sServer(@phosts){
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n\n";
$server = shortIP($sServer);
print "Checking $server :: ";
#Establish null session or authenticated session
# THIS IS WHERE THE ERROR OCCURS. IF ConnectIPC() GENERATES
# AN ERROR, $authd IS 0 AND IT SHOULD DROP DOWN TO THE ELSE PART OF
# THE IF($AUTHD) LOOP, PRINT "COULD NOT ESTABLISH..." AND GO THE NEXT SERVER
# IN THE FOREACH LOOP. IT PRINTS "COULD NOT ESTABLISH..." BUT THEN EXITS THE LOOP.
$authd = 0;
if($user){
$authd = ConnectIPC($server, $opt_pass, $user, $domain)
}else{
$authd = ConnectIPC($server, $test, $test, $test)
}
#if Authenticated successfully...
if ($authd == 1) {
print "Null Session to $server successful.\n";
print "\n[Shares]\n";
@shares = GetShares($server);
#enum shares
foreach $fndShare(@shares){
open ( MYFILE, ">> \\\\$server\\$fndShare\\mwagenkn.matt");
print MYFILE "This is a test file. Feel free to delete it. Just looking for EVERYONE FULL CONTROL shares. Matt";
close MYFILE;
if (-e "\\\\$server\\$fndShare\\mwagenkn.matt") {
if ($result == $server) {
printf "%-35s %-21s \n","\\\\$server\\$fndShare","<--- OPEN TO EVERYONE";
#print "\\\\$server\\$fndShare <--- OPEN TO EVERYONE\n";
}else{
printf "%-35s %-21s \n","\\\\$name\\$fndShare","<--- OPEN TO EVERYONE";
#print "\\\\$name\\$fndShare <--- OPEN TO EVERYONE\n";
}
}else{
printf "%-35s %-21s \n","\\\\$server\\$fndShare","OK";
#print "\\\\$server\\$fndShare OK\n";
}
unlink("\\\\$server\\$fndShare\\mwagenkn.matt");
}
#(@shares) ? (map{print "$_ \n";}@shares) : (print "No shares.\n");
print "\n";
if (Disconnect($server)) {
print "Disconnected from $server.\n\n";
}else{
print "Could not disconnect.\n";
}
}else {
if ($opt_user){
print "Could not establish session as $domain\\$user.\n";
}else{
print "Could not establish null session with $server.\n";
}
}
}
print "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n\n\n";
if(Win32::Lanman::GetLastError()!= 0){ print Win32::Lanman::GetLastError();}
#-----------------------------------------------------
# Attempt a connection to IPC$; used for null session
# connections, as well as checking passwords
#-----------------------------------------------------
sub ConnectIPC {
my($server,$passwd,$user,$domain) = @_;
my(%Hash) = (remote => "\\\\$server\\ipc\$",
asg_type => &USE_IPC,
password => $passwd,
username => $user,
domainname => $domain);
Win32::Lanman::NetUseAdd(\%Hash);
}
#-----------------------------------------------------
# Disconnect the IPC$ connection
#-----------------------------------------------------
sub Disconnect {
#print "#";
my(@server) = @_;
Win32::Lanman::NetUseDel("\\\\$server\\ipc\$",&USE_FORCE)
}
#-----------------------------------------------------
# Get the available shares
#-----------------------------------------------------
sub GetShares {
#print "\$";
my($server) = @_;
my(@stuff,$str);
my(@shares) = ();
if (Win32::Lanman::NetShareEnum("\\\\$server",\@stuff)) {
foreach (@stuff) {
$str = "${$_}{'netname'}";
push (@shares,$str);
}
}
else {
$err = Win32::FormatMessage Win32::Lanman::GetLastError();
$err = Win32::Lanman::GetLastError() if ($err eq "");
print "Could not get shares. $err\n";
}
return @shares;
}
sub longIP { #converts short IPs to long IPs
my($n, @sip, $longip);
$n = 256;
my @ip = @_;
@sip = split(/\./, $ip[0]);
$longip = ($sip[0]*($n * $n * $n))+($sip[1]*($n * $n))+($sip[2] * $n) + ($sip[3]);
}
sub shortIP { #Converts Long IPs to Short IPs
my($n, $n1, $n2, @sip, $ip, $shortip);
$n = 256;
$n1=256*256*256;
$n2=256*256;
my @lip = @_;
$ip = $lip[0];
$sip[0] = $ip/$n1;
$sip[1] = ($ip%$n1)/$n2;
$sip[2] = (($ip%$n1)%$n2)/$n;
$sip[3] = (($ip%$n2)%$n1)%$n;
use integer;
$sip[0] = int($sip[0]);
$sip[1] = int($sip[1]);
$sip[2] = int($sip[2]);
$sip[3] = int($sip[3]);
$shortip = "$sip[0].$sip[1].$sip[2].$sip[3]";
}
sub pingem { #Pings hosts(s) to see what's there
my($p, $host, $shorthost, $pnum);
print "Pinging hosts...\n";
$p = Net::Ping->new("icmp");
foreach $host(@host_array) {
if ($p->ping($host, 1)){
$shorthost = &shortIP($host);
#print "adding $shorthost\n";
print "o";
$phosts[$pnum] = $host;
$pnum++;
}else{
print "."
}
}
print "\n ";
if ($pnum == 1){
print "$pnum host responded to ICMP..\n";
}else{
print "$pnum hosts responded to ICMP..\n";
}
$p->close();
}
#*************************************End Code
...::: Matt :::...
Not everything that is counted
counts, and not everything that
counts can be counted. - A. Einstein
