Add files via upload

2025-06-29 14:18:42 +02:00 · 2024-09-23 10:35:53 -05:00
parent 17af4fbf30
commit a17ceeb6aa
31 changed files with 4559 additions and 0 deletions
--- a/Scripts/ConfigParsers/parser-smb.conf.ps1
+++ b/Scripts/ConfigParsers/parser-smb.conf.ps1
@ -0,0 +1,105 @@
+# Author: Scott Sutherland, NetSPI (@_nullbind / nullbind)
+
+function Get-SmbConfCredentials {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$FilePath
+    )
+
+    # Initialize a hashtable to store extracted values
+    $configData = @{
+        Username = $null
+        Password = $null
+    }
+
+    # Check if the file exists
+    if (-Not (Test-Path -Path $FilePath)) {
+        Write-Error "File not found: $FilePath"
+        return
+    }
+
+    # Read the configuration file
+    $configFile = Get-Content -Path $FilePath
+
+    # Parse the configuration file line by line
+    foreach ($line in $configFile) {
+        # Ignore comment lines and empty lines
+        if ($line -match '^\s*#' -or $line -match '^\s*$') {
+            continue
+        }
+
+        # Extract the username
+        if ($line -match '^\s*username\s*=\s*(.+)') {
+            $configData.Username = $matches[1].Trim()
+        }
+
+        # Extract the password
+        if ($line -match '^\s*password\s*=\s*(.+)') {
+            $configData.Password = $matches[1].Trim()
+        }
+    }
+
+    # Output the extracted configuration as a PowerShell object
+    [PSCustomObject]@{
+        Username = $configData.Username
+        Password = $configData.Password
+    }
+}
+
+# Example usage:
+$credentials = Get-SmbConfCredentials -FilePath "c:\temp\configs\smb.conf"
+$credentials | Format-List
+
+
+<# smb.conf
+
+[global]
+    # General server settings
+    workgroup = EXAMPLE
+    realm = EXAMPLE.COM
+    server string = Samba Server Version %v
+    security = ads
+    encrypt passwords = yes
+    kerberos method = secrets and keytab
+    log file = /var/log/samba/log.%m
+    max log size = 50
+
+    # Domain and authentication settings
+    idmap config * : backend = tdb
+    idmap config EXAMPLE : backend = rid
+    idmap config EXAMPLE : range = 10000-20000
+    template shell = /bin/bash
+    winbind use default domain = yes
+    winbind offline logon = yes
+    winbind enum users = yes
+    winbind enum groups = yes
+
+    # INSECURE: Credentials for binding to Active Directory (avoid plaintext credentials)
+    # This exposes the AD admin account and password directly in the smb.conf file
+    username = ad-admin
+    password = P@ssw0rd123
+
+    # Kerberos keytab file location (more secure than plaintext credentials)
+    dedicated keytab file = /etc/krb5.keytab
+    kerberos method = secrets and keytab
+
+[homes]
+    comment = Home Directories
+    browseable = no
+    writable = yes
+
+[printers]
+    comment = All Printers
+    path = /var/spool/samba
+    printable = yes
+    guest ok = no
+    writable = no
+    browseable = no
+
+[shared]
+    path = /srv/samba/shared
+    browseable = yes
+    read only = no
+    valid users = @staff
+#>