Multiple Enhancements and Bugfixes - Feature: Bypass STATUS_SHARING_VIOLATION errors #30
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This makes more sense as this class is used by all Triage classes in the project.
For some reason we define the 'false_positive' property for (almost) every Triage class. This will help us reduce redefinitions and messy code.
This make much more sense as the entire project is aimed for modularity. Now we can utilize the power of Object Oriented Programming ;)
This is related to my fix in the impacket source code.
covertivy
changed the title
You guys should merge this PR ASAP as it will greatly enhance the usage and reliability of both
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR Summary
As this PR is not being accepted any time soon I thought I might add some value to it... 😄
Initially I Redesigned & Re-Implemented all of the Triage Classes in order to create a better codebase as well as fix a bug in which the
false_positivevariable could not be changed by the user at all - as it was hardcoded.Later, following my recent
impacketPR, I decided to add support for bypassingSTATUS_SHARING_VIOLATIONwith no hassle at all.I will describe both features in depth below.
enjoy!
Feature: Bypass
STATUS_SHARING_VIOLATIONerrors with easeThis is the original PR I created for
impacket.What I discovered is that we can actually read files that are open by other processes with no restriction at all (as long as they are not system files) as a feature.
The problem stems from the first implementation of
impacket'sSMBandSMB3classes that restrict (by default) sharing access rights to other processes.This means that
impacketis forcing other processes to have READONLY handles to files, if a process with write permissions has an open handle -impacketfails and raises anSTATUS_SHARING_VIOLATION(orSTATUS_ACCESS_DENIED).Why is this important?
Basically what everyone else did to solve this issue is overcomplicated as fuck and really bad...
This means that all (extremely awful) solutions such as killing the browser of the user etc... can be COMPLETELY AVOIDED.
Refactor: Redesign & Re-Implement
TriageClassesThere are a couple of noticeable problems with the triage classes:
OOP(Object Oriented Programming) in mind, but they are not.false_positiveproperty, it is hard coded and not changeable.dplootinDonPAPI- where thefalse_positiveparameter does almost nothing (as everything is hardcoded).I sought to fix both problems, this PR does not change any of the logic of the project so there is nothing to worry about in that sense.
This PR will help me create a following PR on
DonPAPIthat implements better filtering of user folders and false positives.Thanks! I am free to answer questions as always!