本文整理汇总了Python中impacket.dcerpc.v5.lsat.POLICY_LOOKUP_NAMES属性的典型用法代码示例。如果您正苦于以下问题:Python lsat.POLICY_LOOKUP_NAMES属性的具体用法?Python lsat.POLICY_LOOKUP_NAMES怎么用?Python lsat.POLICY_LOOKUP_NAMES使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.lsat的用法示例。
在下文中一共展示了lsat.POLICY_LOOKUP_NAMES属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: connect
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT, transfer_syntax = self.ts)
request = lsat.LsarOpenPolicy2()
request['SystemName'] = NULL
request['ObjectAttributes']['RootDirectory'] = NULL
request['ObjectAttributes']['ObjectName'] = NULL
request['ObjectAttributes']['SecurityDescriptor'] = NULL
request['ObjectAttributes']['SecurityQualityOfService'] = NULL
request['DesiredAccess'] = MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES
resp = dce.request(request)
return dce, rpctransport, resp['PolicyHandle'] 示例2: connect
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def connect(self, host, port, user, password, sid):
smbt = transport.SMBTransport(host, int(port), r'\lsarpc', user, password)
dce = smbt.get_dce_rpc()
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
op2 = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
if sid is None:
res = lsad.hLsarQueryInformationPolicy2(dce, op2['PolicyHandle'], lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
sid = res['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
self.sid = sid
self.policy_handle = op2['PolicyHandle']
return DCE_Connection(dce, smbt) 示例3: connect
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT, transfer_syntax = self.ts)
request = lsad.LsarOpenPolicy2()
request['SystemName'] = NULL
request['ObjectAttributes']['RootDirectory'] = NULL
request['ObjectAttributes']['ObjectName'] = NULL
request['ObjectAttributes']['SecurityDescriptor'] = NULL
request['ObjectAttributes']['SecurityQualityOfService'] = NULL
request['DesiredAccess'] = MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES
resp = dce.request(request)
return dce, rpctransport, resp['PolicyHandle'] 示例4: __resolveSids
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def __resolveSids(self, sids):
dce = self.__getDceBinding(self.__lsaBinding)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for n, item in enumerate(resp['TranslatedNames']['Names']):
names.append(u"{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'].encode('utf-16-le'), item['Name']))
dce.disconnect()
return names 示例5: getParentSidAndAdminName
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def getParentSidAndAdminName(self, parentDC, creds):
if self.__doKerberos is True:
# In Kerberos we need the target's name
machineNameOrIp = self.getDNSMachineName(gethostbyname(parentDC))
logging.debug('%s is %s' % (gethostbyname(parentDC), machineNameOrIp))
else:
machineNameOrIp = gethostbyname(parentDC)
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % machineNameOrIp
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(creds['username'], creds['password'], creds['domain'], creds['lmhash'],
creds['nthash'], creds['aesKey'])
rpctransport.set_kerberos(self.__doKerberos)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
# Now that we have the Sid, let's get the Administrator's account name
sids = list()
sids.append(domainSid+'-500')
resp = hLsarLookupSids(dce, policyHandle, sids, LSAP_LOOKUP_LEVEL.LsapLookupWksta)
adminName = resp['TranslatedNames']['Names'][0]['Name']
return domainSid, adminName 示例6: __resolveSids
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def __resolveSids(self, sids):
dce = self.__getDceBinding(self.__lsaBinding)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for n, item in enumerate(resp['TranslatedNames']['Names']):
names.append("{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'].encode('utf-16-le'), item['Name']))
dce.disconnect()
return names 示例7: getForestSid
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def getForestSid(self):
logging.debug('Calling NRPC DsrGetDcNameEx()')
stringBinding = r'ncacn_np:%s[\pipe\netlogon]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_NRPC)
resp = hDsrGetDcNameEx(dce, NULL, NULL, NULL, NULL, 0)
forestName = resp['DomainControllerInfo']['DnsForestName'][:-1]
logging.debug('DNS Forest name is %s' % forestName)
dce.disconnect()
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % forestName
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
dce.disconnect()
forestSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
logging.info("Forest SID: %s"% forestSid)
return forestSid 示例8: __bruteForce
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import POLICY_LOOKUP_NAMES [as 别名]
def __bruteForce(self, rpctransport, maxRid):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
# Want encryption? Uncomment next line
# But make SIMULTANEOUS variable <= 100
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
# Want fragmentation? Uncomment next line
#dce.set_max_fragment_size(32)
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
soFar = 0
SIMULTANEOUS = 1000
for j in range(maxRid/SIMULTANEOUS+1):
if (maxRid - soFar) / SIMULTANEOUS == 0:
sidsToCheck = (maxRid - soFar) % SIMULTANEOUS
else:
sidsToCheck = SIMULTANEOUS
if sidsToCheck == 0:
break
sids = list()
for i in xrange(soFar, soFar+sidsToCheck):
sids.append(domainSid + '-%d' % i)
try:
lsat.hLsarLookupSids(dce, policyHandle, sids,lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
except DCERPCException, e:
if str(e).find('STATUS_NONE_MAPPED') >= 0:
soFar += SIMULTANEOUS
continue
elif str(e).find('STATUS_SOME_NOT_MAPPED') >= 0:
resp = e.get_packet()
else:
raise
for n, item in enumerate(resp['TranslatedNames']['Names']):
if item['Use'] != SID_NAME_USE.SidTypeUnknown:
print "%d: %s\\%s (%s)" % (
soFar + n, resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'],
SID_NAME_USE.enumItems(item['Use']).name)
soFar += SIMULTANEOUS