本文整理汇总了Python中impacket.dcerpc.v5.srvs.MSRPC_UUID_SRVS属性的典型用法代码示例。如果您正苦于以下问题:Python srvs.MSRPC_UUID_SRVS属性的具体用法?Python srvs.MSRPC_UUID_SRVS怎么用?Python srvs.MSRPC_UUID_SRVS使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.srvs的用法示例。
在下文中一共展示了srvs.MSRPC_UUID_SRVS属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getShares
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def getShares(self):
# Setup up a DCE SMBTransport with the connection already in place
LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost()))
try:
self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(),
self.connection.getRemoteHost(),filename = r'\srvsvc',
smb_connection = self.connection)
dce_srvs = self._rpctransport.get_dce_rpc()
dce_srvs.connect()
dce_srvs.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce_srvs, 1)
return resp['InfoStruct']['ShareInfo']['Level1']
except:
LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost()))
raise 示例2: do_info
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def do_info(self, line):
if self.loggedIn is False:
LOG.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major'])
print("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor'])
print("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name'])
print("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment'])
print("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath'])
print("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users']) 示例3: get_version
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def get_version(self, host):
try:
rpctransport = transport.SMBTransport(self.smbconn[host].getServerName(), self.smbconn[host].getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smbconn[host])
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
info("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major'])
info("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor'])
info("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name'])
info("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment'])
info("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath'])
info("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users'])
except Exception as e:
color('[!] RPC Access denied...oh well')
color('[!]', e)
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
info(exc_type, fname, exc_tb.tb_lineno)
sys.exit() 示例4: do_info
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def do_info(self, line):
if self.loggedIn is False:
logging.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print "Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major']
print "Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor']
print "Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name']
print "Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment']
print "Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath']
print "Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users'] 示例5: getShares
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def getShares(self):
# Setup up a DCE SMBTransport with the connection already in place
LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost()))
try:
self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\srvsvc', smb_connection = self.connection)
dce_srvs = self._rpctransport.get_dce_rpc()
dce_srvs.connect()
dce_srvs.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce_srvs, 1)
return resp['InfoStruct']['ShareInfo']['Level1']
except:
LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost()))
raise 示例6: connect
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS, transfer_syntax = self.ts)
return dce, rpctransport 示例7: listShares
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def listShares(self):
"""
get a list of available shares at the connected target
:return: a list containing dict entries for each share, raises exception if error
"""
# Get the shares through RPC
from impacket.dcerpc.v5 import transport, srvs
rpctransport = transport.SMBTransport(self.getRemoteName(), self.getRemoteHost(), filename=r'\srvsvc',
smb_connection=self)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce, 1)
return resp['InfoStruct']['ShareInfo']['Level1']['Buffer'] 示例8: try_copy_library
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def try_copy_library(self, lib_name):
rpctransport = transport.SMBTransport(self.smb.getRemoteName(), self.smb.getRemoteHost(),
filename=r'\srvsvc', smb_connection=self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce, 2)
l = []
ignore_shares = ["print$", "IPC$"]
for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
share_name = share['shi2_netname'][:-1]
share_path = self.translate_smb_path(share['shi2_path'][:-1])
l.append([share_name, share_path])
# Randomize the list of shares instead of going from the first to the last
random.shuffle(l)
if len(self.customBinary) < 1:
real_file = self.get_real_library_name()
else:
real_file = self.customBinary
log("Using %s" % real_file)
for share in l:
log("Trying to copy library '%s' to share '%s'" % (lib_name, share))
if self.try_put(share, lib_name, real_file):
log("Done!")
return share[1]
return None 示例9: _create_rpc_connection
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def _create_rpc_connection(self, pipe):
# Here we build the DCE/RPC connection
self._pipe = pipe
binding_strings = dict()
binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
binding_strings['samr'] = samr.MSRPC_UUID_SAMR
binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
# TODO: try to fallback to TCP/139 if tcp/445 is closed
if self._pipe == r'\drsuapi':
string_binding = epm.hept_map(self._target_computer, drsuapi.MSRPC_UUID_DRSUAPI,
protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(string_binding)
rpctransport.set_credentials(username=self._user, password=self._password,
domain=self._domain, lmhash=self._lmhash,
nthash=self._nthash)
else:
rpctransport = transport.SMBTransport(self._target_computer, 445, self._pipe,
username=self._user, password=self._password,
domain=self._domain, lmhash=self._lmhash,
nthash=self._nthash)
rpctransport.set_connect_timeout(10)
dce = rpctransport.get_dce_rpc()
if self._pipe == r'\drsuapi':
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
try:
dce.connect()
except socket.error:
self._rpc_connection = None
else:
dce.bind(binding_strings[self._pipe[1:]])
self._rpc_connection = dce 示例10: findSuitableShare
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def findSuitableShare(self):
from impacket.dcerpc.v5 import transport, srvs
rpctransport = transport.SMBTransport(self.__smbClient.getRemoteName(), self.__smbClient.getRemoteHost(),
filename=r'\srvsvc', smb_connection=self.__smbClient)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce, 2)
for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
if self.isShareWritable(share['shi2_netname'][:-1]):
sharePath = share['shi2_path'].split(':')[-1:][0][:-1]
return share['shi2_netname'][:-1], sharePath
raise Exception('No suitable share found, aborting!') 示例11: do_who
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def do_who(self, line):
if self.loggedIn is False:
LOG.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 10)
for session in resp['InfoStruct']['SessionInfo']['Level10']['Buffer']:
print("host: %15s, user: %5s, active: %5d, idle: %5d" % (
session['sesi10_cname'][:-1], session['sesi10_username'][:-1], session['sesi10_time'],
session['sesi10_idle_time'])) 示例12: create_rpc_con
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def create_rpc_con(self, pipe):
# Here we build the DCE/RPC connection
self.pipe = pipe
binding_strings = dict()
binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
binding_strings['samr'] = samr.MSRPC_UUID_SAMR
binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
if self.pipe == r'\drsuapi':
string_binding = epm.hept_map(self.host, drsuapi.MSRPC_UUID_DRSUAPI, protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(string_binding)
rpctransport.set_credentials(username=self.username, password=self.password,domain=self.domain, lmhash=self.lmhash,nthash=self.nthash)
else:
rpctransport = transport.SMBTransport(self.host, self.port, self.pipe,username=self.username, password=self.password, domain=self.domain, lmhash=self.lmhash,nthash=self.nthash)
# SET TIMEOUT
rpctransport.set_connect_timeout(self.timeout)
dce = rpctransport.get_dce_rpc()
if self.pipe == r'\drsuapi':
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
try:
dce.connect()
except socket.error:
self.rpc_connection = None
else:
dce.bind(binding_strings[self.pipe[1:]])
self.rpc_connection = dce 示例13: do_who
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def do_who(self, line):
if self.loggedIn is False:
logging.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 10)
for session in resp['InfoStruct']['SessionInfo']['Level10']['Buffer']:
print "host: %15s, user: %5s, active: %5d, idle: %5d" % (
session['sesi10_cname'][:-1], session['sesi10_username'][:-1], session['sesi10_time'],
session['sesi10_idle_time']) 示例14: getSessions
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def getSessions(self, target):
if self.__targets[target]['SRVS'] is None:
stringSrvsBinding = r'ncacn_np:%s[\PIPE\srvsvc]' % target
rpctransportSrvs = transport.DCERPCTransportFactory(stringSrvsBinding)
if hasattr(rpctransportSrvs, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransportSrvs.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey)
rpctransportSrvs.set_kerberos(self.__doKerberos, self.__kdcHost)
dce = rpctransportSrvs.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
self.__maxConnections -= 1
else:
dce = self.__targets[target]['SRVS']
try:
resp = srvs.hNetrSessionEnum(dce, '\x00', NULL, 10)
except Exception, e:
if str(e).find('Broken pipe') >= 0:
# The connection timed-out. Let's try to bring it back next round
self.__targets[target]['SRVS'] = None
self.__maxConnections += 1
return
else:
raise 示例15: rpc_get_sessions
# 需要导入模块: from impacket.dcerpc.v5 import srvs [as 别名]
# 或者: from impacket.dcerpc.v5.srvs import MSRPC_UUID_SRVS [as 别名]
def rpc_get_sessions(self):
binding = r'ncacn_np:%s[\PIPE\srvsvc]' % self.addr
dce = self.dce_rpc_connect(binding, srvs.MSRPC_UUID_SRVS)
if dce is None:
return
try:
resp = srvs.hNetrSessionEnum(dce, '\x00', NULL, 10)
except DCERPCException as e:
if 'rpc_s_access_denied' in str(e):
logging.debug('Access denied while enumerating Sessions on %s, likely a patched OS', self.hostname)
return []
else:
raise
except Exception as e:
if str(e).find('Broken pipe') >= 0:
return
else:
raise
sessions = []
for session in resp['InfoStruct']['SessionInfo']['Level10']['Buffer']:
userName = session['sesi10_username'][:-1]
ip = session['sesi10_cname'][:-1]
# Strip \\ from IPs
if ip[:2] == '\\\\':
ip = ip[2:]
# Skip empty IPs
if ip == '':
continue
# Skip our connection
if userName == self.ad.auth.username:
continue
# Skip empty usernames
if len(userName) == 0:
continue
# Skip machine accounts
if userName[-1] == '$':
continue
# Skip local connections
if ip in ['127.0.0.1', '[::1]']:
continue
# IPv6 address
if ip[0] == '[' and ip[-1] == ']':
ip = ip[1:-1]
logging.info('User %s is logged in on %s from %s' % (userName, self.hostname, ip))
sessions.append({'user': userName, 'source': ip, 'target': self.hostname})
dce.disconnect()
return sessions