本文整理汇总了Python中impacket.dcerpc.v5.samr.MAXIMUM_ALLOWED属性的典型用法代码示例。如果您正苦于以下问题:Python samr.MAXIMUM_ALLOWED属性的具体用法?Python samr.MAXIMUM_ALLOWED怎么用?Python samr.MAXIMUM_ALLOWED使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.samr的用法示例。
在下文中一共展示了samr.MAXIMUM_ALLOWED属性的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_sid
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MAXIMUM_ALLOWED [as 别名]
def get_sid(self, name):
self.log.info('[*] Looking up SID for {0}..'.format(name))
stringbinding = r'ncacn_np:{0}[\pipe\lsarpc]'.format(self.target)
logging.debug('StringBinding {0}'.format(stringbinding))
rpctransport = transport.DCERPCTransportFactory(stringbinding)
rpctransport.set_dport(self.port)
rpctransport.setRemoteHost(self.target)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.username, self.password, self.domain)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsad.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupNames(dce, policyHandle, (name,))
self.rid = resp['TranslatedSids']['Sids'][0]['RelativeId']
dce.disconnect()
return 示例2: fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MAXIMUM_ALLOWED [as 别名]
def fetchList(self, rpctransport):
dce = DCERPC_v5(rpctransport)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
# Setup Connection
resp = samr.hSamrConnect2(dce)
if resp['ErrorCode'] != 0:
raise Exception('Connect error')
resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle=resp['ServerHandle'],
enumerationContext=0,
preferedMaximumLength=500)
if resp2['ErrorCode'] != 0:
raise Exception('Connect error')
resp3 = samr.hSamrLookupDomainInSamServer(dce, serverHandle=resp['ServerHandle'],
name=resp2['Buffer']['Buffer'][0]['Name'])
if resp3['ErrorCode'] != 0:
raise Exception('Connect error')
resp4 = samr.hSamrOpenDomain(dce, serverHandle=resp['ServerHandle'],
desiredAccess=samr.MAXIMUM_ALLOWED,
domainId=resp3['DomainId'])
if resp4['ErrorCode'] != 0:
raise Exception('Connect error')
self.__domains = resp2['Buffer']['Buffer']
domainHandle = resp4['DomainHandle']
# End Setup
re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation)
self.__min_pass_len = re['Buffer']['Password']['MinPasswordLength'] or "None"
self.__pass_hist_len = re['Buffer']['Password']['PasswordHistoryLength'] or "None"
self.__max_pass_age = convert(int(re['Buffer']['Password']['MaxPasswordAge']['LowPart']), int(re['Buffer']['Password']['MaxPasswordAge']['HighPart']))
self.__min_pass_age = convert(int(re['Buffer']['Password']['MinPasswordAge']['LowPart']), int(re['Buffer']['Password']['MinPasswordAge']['HighPart']))
self.__pass_prop = d2b(re['Buffer']['Password']['PasswordProperties'])
re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation)
self.__rst_accnt_lock_counter = convert(0, re['Buffer']['Lockout']['LockoutObservationWindow'], lockout=True)
self.__lock_accnt_dur = convert(0, re['Buffer']['Lockout']['LockoutDuration'], lockout=True)
self.__accnt_lock_thres = re['Buffer']['Lockout']['LockoutThreshold'] or "None"
re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation)
self.__force_logoff_time = convert(re['Buffer']['Logoff']['ForceLogoff']['LowPart'], re['Buffer']['Logoff']['ForceLogoff']['HighPart'])
self.pass_pol = {'min_pass_len': self.__min_pass_len, 'pass_hist_len': self.__pass_hist_len,
'max_pass_age': self.__max_pass_age, 'min_pass_age': self.__min_pass_age,
'pass_prop': self.__pass_prop, 'rst_accnt_lock_counter': self.__rst_accnt_lock_counter,
'lock_accnt_dur': self.__lock_accnt_dur, 'accnt_lock_thres': self.__accnt_lock_thres,
'force_logoff_time': self.__force_logoff_time} 示例3: enumerate_user_info
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MAXIMUM_ALLOWED [as 别名]
def enumerate_user_info(self, dce, domain_handle):
# Most of this method was built using logic from samrdump.py
user_request = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, self.rid)
self.log.info('[*] User RID detected. Enumerating information on user..\n')
info = samr.hSamrQueryInformationUser(dce, user_request['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation)
user = info['Buffer']['All']
pass_last_set = self.expiration_check(user, 'PasswordLastSet')
account_expires = self.expiration_check(user, 'AccountExpires')
pass_expires = self.expiration_check(user, 'PasswordMustChange')
pass_can_change = self.expiration_check(user, 'PasswordCanChange')
last_logon = self.expiration_check(user, 'LastLogon')
account_active = self.attribute_bool(user, samr.USER_ACCOUNT_DISABLED)
user_may_change_pass = self.attribute_bool(user, samr.USER_CHANGE_PASSWORD)
password_required = self.attribute_bool(user, samr.USER_PASSWORD_NOT_REQUIRED)
workstations_allowed = user['WorkStations']
if workstations_allowed == '':
workstations_allowed = 'All'
self.log.info('User name\t\t\t{0}'.format(user['UserName']))
self.log.info('User RID\t\t\t{0}'.format(user['UserId']))
self.log.info('Full Name\t\t\t{0}'.format(user['FullName']))
self.log.info('Comment\t\t\t\t{0}'.format(user['AdminComment']))
self.log.info("User's Comment\t\t\t\t{0}".format(user['UserComment']))
self.log.info('Country/region code\t\t{0}'.format(user['CountryCode']))
self.log.info('Account active\t\t\t{0}'.format(account_active))
self.log.info('Account expires\t\t\t{0}\n'.format(account_expires))
self.log.info('Password last set\t\t{0}'.format(pass_last_set))
self.log.info('Password expires\t\t{0}'.format(pass_expires))
self.log.info('Password changeable\t\t{0}'.format(pass_can_change))
self.log.info('Password required\t\t{0}'.format(password_required))
self.log.info('Bad Password Count\t\t{0}'.format(user['BadPasswordCount']))
self.log.info('User may change password\t{0}\n'.format(user_may_change_pass))
self.log.info('Workstations allowed\t\t{0}'.format(workstations_allowed))
self.log.info('Logon script\t\t\t\t{0}'.format(user['ScriptPath']))
self.log.info('User profile\t\t\t\t{0}'.format(user['ProfilePath']))
self.log.info('Home directory\t\t\t{0}'.format(user['HomeDirectory']))
self.log.info('Home directory drive\t\t{0}\n'.format(user['HomeDirectoryDrive']))
self.log.info('Group Memberships')
group_rids = samr.hSamrGetGroupsForUser(dce, user_request['UserHandle'])['Groups']['Groups']
for i, group_rid in enumerate(group_rids):
group_rid = group_rids[i]['RelativeId']
group_request = samr.hSamrOpenGroup(dce, domain_handle, samr.MAXIMUM_ALLOWED, group_rid)
group_info = samr.hSamrQueryInformationGroup(dce, group_request['GroupHandle'])
group_name = group_info['Buffer']['General']['Name']
group_comment = group_info['Buffer']['General']['AdminComment']
self.log.info('Name: {0}\nDesc: {1}\n'.format(group_name, group_comment))
samr.hSamrCloseHandle(dce, user_request['UserHandle'])
samr.hSamrCloseHandle(dce, group_request['GroupHandle']) 示例4: enumerate_users_in_group
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MAXIMUM_ALLOWED [as 别名]
def enumerate_users_in_group(self, dce, domain_handle):
request = samr.SamrOpenGroup()
request['DomainHandle'] = domain_handle
request['DesiredAccess'] = samr.MAXIMUM_ALLOWED
request['GroupId'] = self.rid
try:
resp = dce.request(request)
except samr.DCERPCSessionError:
raise
request = samr.SamrGetMembersInGroup()
request['GroupHandle'] = resp['GroupHandle']
resp = dce.request(request)
self.log.info('[*] Group RID detected. Enumerating users/hosts in group..\n')
try:
rids = resp['Members']['Members']
except AttributeError:
self.log.info('[-] No users in group')
return
mutex = Lock()
for rid in rids:
try:
resp = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, rid['Data'])
rid_data = samr.hSamrQueryInformationUser2(dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation)
except samr.DCERPCSessionError as e:
# Occasionally an ACCESS_DENIED is rasied even though the user has permissions?
# Other times a STATUS_NO_SUCH_USER is raised when a rid apparently doesn't exist, even though it reported back as existing.
self.log.debug(e)
continue
if self.fqdn:
rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '') + '.' + self.fqdn
else:
rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '')
samr.hSamrCloseHandle(dce, resp['UserHandle'])
if self.dns_lookup:
# Threading because DNS lookups are slow
t = Thread(target=self.get_ip, args=(rid_data, mutex,))
t.start()
else:
self.log.info(rid_data)
self.data.append(rid_data) 示例5: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MAXIMUM_ALLOWED [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print('Found domain(s):')
for domain in domains:
print(" . %s" % domain['Name'])
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print("Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] ))
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException as e:
logging.critical("Error listing users: %s" % e)
dce.disconnect()
return entries
# Process command-line arguments. 示例6: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MAXIMUM_ALLOWED [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e)