本文整理汇总了Python中impacket.dcerpc.v5.samr.MSRPC_UUID_SAMR属性的典型用法代码示例。如果您正苦于以下问题:Python samr.MSRPC_UUID_SAMR属性的具体用法?Python samr.MSRPC_UUID_SAMR怎么用?Python samr.MSRPC_UUID_SAMR使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.samr的用法示例。
在下文中一共展示了samr.MSRPC_UUID_SAMR属性的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __getLocalAdminSids
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def __getLocalAdminSids(self):
dce = self.__getDceBinding(self.__samrBinding)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, 'Builtin')
resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId'])
domainHandle = resp['DomainHandle']
resp = samr.hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=544)
resp = samr.hSamrGetMembersInAlias(dce, resp['AliasHandle'])
memberSids = []
for member in resp['Members']['Sids']:
memberSids.append(member['SidPointer'].formatCanonical())
dce.disconnect()
return memberSids 示例2: getUserSID
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def getUserSID(self):
stringBinding = r'ncacn_np:%s[\pipe\samr]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, self.__domain)
domainId = resp['DomainId']
resp = samr.hSamrOpenDomain(dce, serverHandle, domainId = domainId)
domainHandle = resp['DomainHandle']
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.__username,))
# Let's pick the relative ID
rid = resp['RelativeIds']['Element'][0]['Data']
logging.info("User SID: %s-%s"% (domainId.formatCanonical(), rid))
return domainId, rid 示例3: setUp
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def setUp(self):
SAMRTests.setUp(self)
configFile = ConfigParser.ConfigParser()
configFile.read('dcetests.cfg')
self.username = configFile.get('TCPTransport', 'username')
self.domain = configFile.get('TCPTransport', 'domain')
self.serverName = configFile.get('TCPTransport', 'servername')
self.password = configFile.get('TCPTransport', 'password')
self.machine = configFile.get('TCPTransport', 'machine')
self.hashes = configFile.get('TCPTransport', 'hashes')
#print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp')
self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp')
self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0')
# Process command-line arguments. 示例4: connectSamr
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def connectSamr(self, domain):
rpc = transport.DCERPCTransportFactory(self.__stringBindingSamr)
rpc.set_smb_connection(self.__smbConnection)
self.__samr = rpc.get_dce_rpc()
self.__samr.connect()
self.__samr.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(self.__samr)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(self.__samr, serverHandle, domain)
resp = samr.hSamrOpenDomain(self.__samr, serverHandle=serverHandle, domainId=resp['DomainId'])
self.__domainHandle = resp['DomainHandle']
self.__domainName = domain 示例5: connect
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
#rpctransport.set_dport(self.dport)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY)
dce.bind(samr.MSRPC_UUID_SAMR, transfer_syntax = self.ts)
request = samr.SamrConnect()
request['ServerName'] = u'BETO\x00'
request['DesiredAccess'] = samr.DELETE | samr.READ_CONTROL | samr.WRITE_DAC | samr.WRITE_OWNER | samr.ACCESS_SYSTEM_SECURITY | samr.GENERIC_READ | samr.GENERIC_WRITE | samr.GENERIC_EXECUTE | samr.SAM_SERVER_CONNECT | samr.SAM_SERVER_SHUTDOWN | samr.SAM_SERVER_INITIALIZE | samr.SAM_SERVER_CREATE_DOMAIN | samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN | samr.SAM_SERVER_READ | samr.SAM_SERVER_WRITE | samr.SAM_SERVER_EXECUTE
resp = dce.request(request)
request = samr.SamrEnumerateDomainsInSamServer()
request['ServerHandle'] = resp['ServerHandle']
request['EnumerationContext'] = 0
request['PreferedMaximumLength'] = 500
resp2 = dce.request(request)
request = samr.SamrLookupDomainInSamServer()
request['ServerHandle'] = resp['ServerHandle']
request['Name'] = resp2['Buffer']['Buffer'][0]['Name']
resp3 = dce.request(request)
request = samr.SamrOpenDomain()
request['ServerHandle'] = resp['ServerHandle']
request['DesiredAccess'] = samr.DOMAIN_READ_PASSWORD_PARAMETERS | samr.DOMAIN_READ_OTHER_PARAMETERS | samr.DOMAIN_CREATE_USER | samr.DOMAIN_CREATE_ALIAS | samr.DOMAIN_LOOKUP | samr.DOMAIN_LIST_ACCOUNTS | samr.DOMAIN_ADMINISTER_SERVER | samr.DELETE | samr.READ_CONTROL | samr.ACCESS_SYSTEM_SECURITY | samr.DOMAIN_WRITE_OTHER_PARAMETERS | samr.DOMAIN_WRITE_PASSWORD_PARAMS
request['DomainId'] = resp3['DomainId']
resp4 = dce.request(request)
return dce, rpctransport, resp4['DomainHandle'] 示例6: setUp
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def setUp(self):
SAMRTests.setUp(self)
configFile = ConfigParser.ConfigParser()
configFile.read('dcetests.cfg')
self.username = configFile.get('SMBTransport', 'username')
self.domain = configFile.get('SMBTransport', 'domain')
self.serverName = configFile.get('SMBTransport', 'servername')
self.password = configFile.get('SMBTransport', 'password')
self.machine = configFile.get('SMBTransport', 'machine')
self.hashes = configFile.get('SMBTransport', 'hashes')
self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np')
self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 示例7: test_bigRequestMustFragment
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def test_bigRequestMustFragment(self):
class dummyCall(NDRCALL):
opnum = 2
structure = (
('Name', RPC_UNICODE_STRING),
)
lmhash, nthash = self.hashes.split(':')
oldBinding = self.stringBinding
self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp')
print self.stringBinding
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=0,
auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE,
dceAuth=True,
doKerberos=True, bind=samr.MSRPC_UUID_SAMR)
self.stringBinding = oldBinding
request = samr.SamrConnect()
request['ServerName'] = u'BETO\x00'
request['DesiredAccess'] = samr.DELETE | samr.READ_CONTROL | samr.WRITE_DAC | samr.WRITE_OWNER | samr.ACCESS_SYSTEM_SECURITY | samr.GENERIC_READ | samr.GENERIC_WRITE | samr.GENERIC_EXECUTE | samr.SAM_SERVER_CONNECT | samr.SAM_SERVER_SHUTDOWN | samr.SAM_SERVER_INITIALIZE | samr.SAM_SERVER_CREATE_DOMAIN | samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN | samr.SAM_SERVER_READ | samr.SAM_SERVER_WRITE | samr.SAM_SERVER_EXECUTE
resp = dce.request(request)
request = samr.SamrEnumerateDomainsInSamServer()
request['ServerHandle'] = resp['ServerHandle']
request['EnumerationContext'] = 0
request['PreferedMaximumLength'] = 500
resp2 = dce.request(request)
try:
request = samr.SamrLookupDomainInSamServer()
request['ServerHandle'] = resp['ServerHandle']
request['Name'] = 'A'*4500
resp = dce.request(request)
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise 示例8: _create_rpc_connection
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def _create_rpc_connection(self, pipe):
# Here we build the DCE/RPC connection
self._pipe = pipe
binding_strings = dict()
binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
binding_strings['samr'] = samr.MSRPC_UUID_SAMR
binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
# TODO: try to fallback to TCP/139 if tcp/445 is closed
if self._pipe == r'\drsuapi':
string_binding = epm.hept_map(self._target_computer, drsuapi.MSRPC_UUID_DRSUAPI,
protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(string_binding)
rpctransport.set_credentials(username=self._user, password=self._password,
domain=self._domain, lmhash=self._lmhash,
nthash=self._nthash)
else:
rpctransport = transport.SMBTransport(self._target_computer, 445, self._pipe,
username=self._user, password=self._password,
domain=self._domain, lmhash=self._lmhash,
nthash=self._nthash)
rpctransport.set_connect_timeout(10)
dce = rpctransport.get_dce_rpc()
if self._pipe == r'\drsuapi':
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
try:
dce.connect()
except socket.error:
self._rpc_connection = None
else:
dce.bind(binding_strings[self._pipe[1:]])
self._rpc_connection = dce 示例9: connect
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
#rpctransport.set_dport(self.dport)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY)
dce.bind(samr.MSRPC_UUID_SAMR, transfer_syntax = self.ts)
request = samr.SamrConnect()
request['ServerName'] = 'BETO\x00'
request['DesiredAccess'] = samr.DELETE | samr.READ_CONTROL | samr.WRITE_DAC | samr.WRITE_OWNER | samr.ACCESS_SYSTEM_SECURITY | samr.GENERIC_READ | samr.GENERIC_WRITE | samr.GENERIC_EXECUTE | samr.SAM_SERVER_CONNECT | samr.SAM_SERVER_SHUTDOWN | samr.SAM_SERVER_INITIALIZE | samr.SAM_SERVER_CREATE_DOMAIN | samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN | samr.SAM_SERVER_READ | samr.SAM_SERVER_WRITE | samr.SAM_SERVER_EXECUTE
resp = dce.request(request)
request = samr.SamrEnumerateDomainsInSamServer()
request['ServerHandle'] = resp['ServerHandle']
request['EnumerationContext'] = 0
request['PreferedMaximumLength'] = 500
resp2 = dce.request(request)
request = samr.SamrLookupDomainInSamServer()
request['ServerHandle'] = resp['ServerHandle']
request['Name'] = resp2['Buffer']['Buffer'][0]['Name']
resp3 = dce.request(request)
request = samr.SamrOpenDomain()
request['ServerHandle'] = resp['ServerHandle']
request['DesiredAccess'] = samr.DOMAIN_READ_PASSWORD_PARAMETERS | samr.DOMAIN_READ_OTHER_PARAMETERS | samr.DOMAIN_CREATE_USER | samr.DOMAIN_CREATE_ALIAS | samr.DOMAIN_LOOKUP | samr.DOMAIN_LIST_ACCOUNTS | samr.DOMAIN_ADMINISTER_SERVER | samr.DELETE | samr.READ_CONTROL | samr.ACCESS_SYSTEM_SECURITY | samr.DOMAIN_WRITE_OTHER_PARAMETERS | samr.DOMAIN_WRITE_PASSWORD_PARAMS
request['DomainId'] = resp3['DomainId']
resp4 = dce.request(request)
return dce, rpctransport, resp4['DomainHandle'] 示例10: create_rpc_con
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import MSRPC_UUID_SAMR [as 别名]
def create_rpc_con(self, pipe):
# Here we build the DCE/RPC connection
self.pipe = pipe
binding_strings = dict()
binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
binding_strings['samr'] = samr.MSRPC_UUID_SAMR
binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
if self.pipe == r'\drsuapi':
string_binding = epm.hept_map(self.host, drsuapi.MSRPC_UUID_DRSUAPI, protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(string_binding)
rpctransport.set_credentials(username=self.username, password=self.password,domain=self.domain, lmhash=self.lmhash,nthash=self.nthash)
else:
rpctransport = transport.SMBTransport(self.host, self.port, self.pipe,username=self.username, password=self.password, domain=self.domain, lmhash=self.lmhash,nthash=self.nthash)
# SET TIMEOUT
rpctransport.set_connect_timeout(self.timeout)
dce = rpctransport.get_dce_rpc()
if self.pipe == r'\drsuapi':
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
try:
dce.connect()
except socket.error:
self.rpc_connection = None
else:
dce.bind(binding_strings[self.pipe[1:]])
self.rpc_connection = dce