本文整理汇总了Python中impacket.dcerpc.v5.nrpc.MSRPC_UUID_NRPC属性的典型用法代码示例。如果您正苦于以下问题:Python nrpc.MSRPC_UUID_NRPC属性的具体用法?Python nrpc.MSRPC_UUID_NRPC怎么用?Python nrpc.MSRPC_UUID_NRPC使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.nrpc的用法示例。
在下文中一共展示了nrpc.MSRPC_UUID_NRPC属性的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: rpc_get_domain_trusts
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def rpc_get_domain_trusts(self):
binding = r'ncacn_np:%s[\PIPE\netlogon]' % self.addr
dce = self.dce_rpc_connect(binding, nrpc.MSRPC_UUID_NRPC)
if dce is None:
return
try:
req = nrpc.DsrEnumerateDomainTrusts()
req['ServerName'] = NULL
req['Flags'] = 1
resp = dce.request(req)
except Exception as e:
raise e
for domain in resp['Domains']['Domains']:
logging.info('Found domain trust from %s to %s', self.hostname, domain['NetbiosDomainName'])
self.trusts.append({'domain': domain['DnsDomainName'],
'type': domain['TrustType'],
'flags': domain['Flags']})
dce.disconnect() 示例2: connect
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(nrpc.MSRPC_UUID_NRPC)
resp = nrpc.hNetrServerReqChallenge(dce, NULL, self.serverName + '\x00', '12345678')
resp.dump()
serverChallenge = resp['ServerChallenge']
if self.hashes == '':
ntHash = None
else:
ntHash = unhexlify(self.hashes.split(':')[1])
self.sessionKey = nrpc.ComputeSessionKeyStrongKey(self.password, '12345678', serverChallenge, ntHash)
ppp = nrpc.ComputeNetlogonCredential('12345678', self.sessionKey)
try:
resp = nrpc.hNetrServerAuthenticate3(dce, NULL, self.username + '\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel,self.serverName + '\x00',ppp, 0x600FFFFF )
resp.dump()
except Exception, e:
if str(e).find('STATUS_DOWNGRADE_DETECTED') < 0:
raise 示例3: setUp
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def setUp(self):
NRPCTests.setUp(self)
configFile = ConfigParser.ConfigParser()
configFile.read('dcetests.cfg')
self.username = configFile.get('TCPTransport', 'username')
self.domain = configFile.get('TCPTransport', 'domain')
self.serverName = configFile.get('TCPTransport', 'servername')
self.password = configFile.get('TCPTransport', 'password')
self.machine = configFile.get('TCPTransport', 'machine')
self.hashes = configFile.get('TCPTransport', 'hashes')
#print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp')
self.stringBinding = epm.hept_map(self.machine, nrpc.MSRPC_UUID_NRPC, protocol = 'ncacn_ip_tcp') 示例4: getChildInfo
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def getChildInfo(self, creds):
logging.debug('Calling NRPC DsrGetDcNameEx()')
target = creds['domain']
if self.__doKerberos is True:
# In Kerberos we need the target's name
machineNameOrIp = self.getDNSMachineName(gethostbyname(target))
logging.debug('%s is %s' % (gethostbyname(target), machineNameOrIp))
else:
machineNameOrIp = target
stringBinding = r'ncacn_np:%s[\pipe\netlogon]' % machineNameOrIp
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(creds['username'], creds['password'], creds['domain'], creds['lmhash'],
creds['nthash'], creds['aesKey'])
if self.__doKerberos or creds['aesKey'] is not None:
rpctransport.set_kerberos(True)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_NRPC)
resp = hDsrGetDcNameEx(dce, NULL, NULL, NULL, NULL, 0)
#resp.dump()
return resp['DomainControllerInfo']['DomainName'][:-1], resp['DomainControllerInfo']['DnsForestName'][:-1] 示例5: setUp
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def setUp(self):
NRPCTests.setUp(self)
configFile = ConfigParser.ConfigParser()
configFile.read('dcetests.cfg')
self.username = configFile.get('TCPTransport', 'username')
self.domain = configFile.get('TCPTransport', 'domain')
self.serverName = configFile.get('TCPTransport', 'servername')
self.password = configFile.get('TCPTransport', 'password')
self.machine = configFile.get('TCPTransport', 'machine')
self.hashes = configFile.get('TCPTransport', 'hashes')
self.machineUser = configFile.get('TCPTransport', 'machineuser')
self.machineUserHashes = configFile.get('TCPTransport', 'machineuserhashes')
# print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp')
self.stringBinding = epm.hept_map(self.machine, nrpc.MSRPC_UUID_NRPC, protocol='ncacn_ip_tcp') 示例6: getForestSid
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def getForestSid(self):
logging.debug('Calling NRPC DsrGetDcNameEx()')
stringBinding = r'ncacn_np:%s[\pipe\netlogon]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_NRPC)
resp = hDsrGetDcNameEx(dce, NULL, NULL, NULL, NULL, 0)
forestName = resp['DomainControllerInfo']['DnsForestName'][:-1]
logging.debug('DNS Forest name is %s' % forestName)
dce.disconnect()
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % forestName
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
dce.disconnect()
forestSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
logging.info("Forest SID: %s"% forestSid)
return forestSid 示例7: connect
# 需要导入模块: from impacket.dcerpc.v5 import nrpc [as 别名]
# 或者: from impacket.dcerpc.v5.nrpc import MSRPC_UUID_NRPC [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.machineUserHashes) > 0:
lmhash, nthash = self.machineUserHashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.machineUser, '', self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
# dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(nrpc.MSRPC_UUID_NRPC)
resp = nrpc.hNetrServerReqChallenge(dce, NULL, self.serverName + '\x00', b'12345678')
resp.dump()
serverChallenge = resp['ServerChallenge']
if self.machineUserHashes == '':
ntHash = None
else:
ntHash = unhexlify(self.machineUserHashes.split(':')[1])
self.sessionKey = nrpc.ComputeSessionKeyStrongKey('', b'12345678', serverChallenge, ntHash)
ppp = nrpc.ComputeNetlogonCredential(b'12345678', self.sessionKey)
try:
resp = nrpc.hNetrServerAuthenticate3(dce, NULL, self.machineUser + '\x00',
nrpc.NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel,
self.serverName + '\x00', ppp, 0x600FFFFF)
resp.dump()
except Exception as e:
if str(e).find('STATUS_DOWNGRADE_DETECTED') < 0:
raise
self.clientStoredCredential = pack('<Q', unpack('<Q', ppp)[0] + 10)
# dce.set_auth_type(RPC_C_AUTHN_NETLOGON)
# dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
# dce2 = dce.alter_ctx(nrpc.MSRPC_UUID_NRPC)
# dce2.set_session_key(self.sessionKey)
return dce, rpctransport