[enhancement] Add windows support and windows binary build to Coercer (#97)

* split task preparation and execution into seperate functions

* Update debug + verbose printing

* Refactor reporter, standardize print formatting, and add logging

* Initial Windows Support

* Create windows binary installer script

* Add small snippet to README for using the installer script

* Update installer to install C++ Build Tools

* Fix bug with coerce mode and packet redirection

* Update URL in installer.ps1

---------

Co-authored-by: p0rtL6 <[email protected]>

Author: p0rtL6

README.md

@@ -10,6 +10,9 @@
   <br>
 </p>
 
+## Windows Support
+To build a binary for Windows, download the `installer.ps1` script from this repository. Run it simply with no arguments to create a binary in the working directory. Use `-h` or `--help` for the help menu with options.
+
 ## Features
 
  - Core:

coercer/__main__.py

@@ -8,9 +8,9 @@
 import argparse
 import os
 import sys
+import threading
 from sectools.network.domains import is_fqdn
 from sectools.network.ip import is_ipv4_cidr, is_ipv4_addr, is_ipv6_addr, expand_cidr, expand_port_range
-from coercer.core.Reporter import create_reporter
 
 VERSION = "2.4.3"
 
@@ -187,6 +187,8 @@ def parseArgs():
 
 def main():
     lmhash, nthash, options = parseArgs()
+
+    from coercer.core.Reporter import create_reporter
     create_reporter(options, options.verbose)
 
     from coercer.core.Reporter import reporter
@@ -195,11 +197,19 @@ def main():
     from coercer.core.modes.coerce import action_coerce
     from coercer.core.modes.fuzz import action_fuzz
     from coercer.network.smb import try_login
-    from coercer.network.utils import can_listen_on_port
+    from coercer.network.utils import can_listen_on_port, redirect_smb_packets
     from coercer.core.loader import find_and_load_coerce_methods
 
     available_methods = find_and_load_coerce_methods()
-    
+
+    if options.smb_port == 445 and sys.platform == "win32" and (options.mode == "scan" or options.mode == "fuzz"):
+        reporter.print_info("Redirecting packets between port 445 <-> 4445")
+        options.redirecting_smb_packets = True
+        redirector = threading.Thread(target=redirect_smb_packets)
+        redirector.start()
+    else:
+        options.redirecting_smb_packets = False
+
     # Parsing targets
     targets = []
     if options.target_ip is not None:
@@ -265,8 +275,8 @@ def main():
         reporter.print_info("Starting scan mode")
         if credentials.is_anonymous():
             reporter.print_info("No credentials provided, trying to connect with a NULL session.")
-        if not can_listen_on_port("0.0.0.0", 445):
-            reporter.print_error("Cannot listen on port tcp/%d. Are you root or are other servers running?" % 445)
+        if not can_listen_on_port("0.0.0.0", 4445 if options.redirecting_smb_packets else options.smb_port):
+            reporter.print_error("Cannot listen on port tcp/%d. Are you root or are other servers running?" % 4445 if options.redirecting_smb_packets else options.smb_port)
         else:
             for target in targets:
                 reporter.print_info("Scanning target %s" % target)
@@ -289,8 +299,8 @@ def main():
         reporter.print_info("Starting fuzz mode")
         if credentials.is_anonymous():
             reporter.print_info("No credentials provided, trying to connect with a NULL session.")
-        if not can_listen_on_port("0.0.0.0", 445):
-            reporter.print_error("Cannot listen on port tcp/%d. Are you root or are other servers running?" % 445)
+        if not can_listen_on_port("0.0.0.0", 4445 if options.redirecting_smb_packets else options.smb_port):
+            reporter.print_error("Cannot listen on port tcp/%d. Are you root or are other servers running?" % 4445 if options.redirecting_smb_packets else options.smb_port)
         else:
             for target in targets:
                 reporter.print_info("Fuzzing target %s" % target)

coercer/core/Reporter.py

@@ -213,7 +213,7 @@ def report_test_result(self, target, uuid, version, namedpipe, msprotocol_rpc_in
             sys.stdout.write(EscapeCodes.ERASE_LINE)
 
         if self.options.mode in ["scan", "fuzz"]:
-            if result == TestResult.SMB_AUTH_RECEIVED:
+            if result == TestResult.SMB_AUTH_RECEIVED or result == TestResult.SMB_AUTH_RECEIVED_NTLMv1 or result == TestResult.SMB_AUTH_RECEIVED_NTLMv2:
                 self.print_result("+", "SMB Auth", msprotocol_rpc_instance, EscapeCodes.BOLD_BRIGHT_GREEN)
             elif result == TestResult.HTTP_AUTH_RECEIVED:
                 self.print_result("+", "HTTP Auth", msprotocol_rpc_instance, EscapeCodes.BOLD_BRIGHT_GREEN)

coercer/core/tasks/execute.py

@@ -155,4 +155,4 @@ def connect_function(dcerpc, target, taskEntry):
                             if options.verbose:
                                 reporter.print_error("   ", "Cannot bind to interface (%s, %s)!" % (uuid, version))
             else:
-                reporter.print(transportType.value, " '", (taskEntry, EscapeCodes.BOLD_BRIGHT_BLUE), "' ", ("closed", EscapeCodes.BOLD_BRIGHT_RED), "!", symbol=("!", EscapeCodes.BRIGHT_RED), verbose=True)
+                reporter.print(transportType.value, " '", (taskEntry, EscapeCodes.BOLD_BRIGHT_BLUE), "' ", ("closed", EscapeCodes.BOLD_BRIGHT_RED), "!", symbol=("!", EscapeCodes.BRIGHT_RED), verbose=True)