本文整理汇总了Python中impacket.dcerpc.v5.wkst.MSRPC_UUID_WKST属性的典型用法代码示例。如果您正苦于以下问题:Python wkst.MSRPC_UUID_WKST属性的具体用法?Python wkst.MSRPC_UUID_WKST怎么用?Python wkst.MSRPC_UUID_WKST使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.wkst的用法示例。
在下文中一共展示了wkst.MSRPC_UUID_WKST属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getMachineNameAndDomain
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def getMachineNameAndDomain(self):
if self.__smbConnection.getServerName() == '':
# No serverName.. this is either because we're doing Kerberos
# or not receiving that data during the login process.
# Let's try getting it through RPC
rpc = transport.DCERPCTransportFactory(r'ncacn_np:445[\pipe\wkssvc]')
rpc.set_smb_connection(self.__smbConnection)
dce = rpc.get_dce_rpc()
dce.connect()
dce.bind(wkst.MSRPC_UUID_WKST)
resp = wkst.hNetrWkstaGetInfo(dce, 100)
dce.disconnect()
return resp['WkstaInfo']['WkstaInfo100']['wki100_computername'][:-1], resp['WkstaInfo']['WkstaInfo100'][
'wki100_langroup'][:-1]
else:
return self.__smbConnection.getServerName(), self.__smbConnection.getServerDomain() 示例2: connect
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(wkst.MSRPC_UUID_WKST, transfer_syntax = self.ts)
return dce, rpctransport 示例3: _create_rpc_connection
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def _create_rpc_connection(self, pipe):
# Here we build the DCE/RPC connection
self._pipe = pipe
binding_strings = dict()
binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
binding_strings['samr'] = samr.MSRPC_UUID_SAMR
binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
# TODO: try to fallback to TCP/139 if tcp/445 is closed
if self._pipe == r'\drsuapi':
string_binding = epm.hept_map(self._target_computer, drsuapi.MSRPC_UUID_DRSUAPI,
protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(string_binding)
rpctransport.set_credentials(username=self._user, password=self._password,
domain=self._domain, lmhash=self._lmhash,
nthash=self._nthash)
else:
rpctransport = transport.SMBTransport(self._target_computer, 445, self._pipe,
username=self._user, password=self._password,
domain=self._domain, lmhash=self._lmhash,
nthash=self._nthash)
rpctransport.set_connect_timeout(10)
dce = rpctransport.get_dce_rpc()
if self._pipe == r'\drsuapi':
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
try:
dce.connect()
except socket.error:
self._rpc_connection = None
else:
dce.bind(binding_strings[self._pipe[1:]])
self._rpc_connection = dce 示例4: _create_rpc_connection
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def _create_rpc_connection(self, target_computer):
rpctransport = transport.SMBTransport(target_computer, 445, r'\wkssvc', username=self._user, password=self._password, domain=self._domain, lmhash=self._lmhash, nthash=self._nthash)
rpctransport.set_connect_timeout(10)
dce = rpctransport.get_dce_rpc()
try:
dce.connect()
except socket.error:
return
else:
dce.bind(wkst.MSRPC_UUID_WKST)
self._rpc_connection = dce 示例5: getMachineNameAndDomain
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def getMachineNameAndDomain(self):
if self.__smbConnection.getServerName() == '':
# No serverName.. this is either because we're doing Kerberos
# or not receiving that data during the login process.
# Let's try getting it through RPC
rpc = transport.DCERPCTransportFactory(r'ncacn_np:445[\pipe\wkssvc]')
rpc.set_smb_connection(self.__smbConnection)
dce = rpc.get_dce_rpc()
dce.connect()
dce.bind(wkst.MSRPC_UUID_WKST)
resp = wkst.hNetrWkstaGetInfo(dce, 100)
dce.disconnect()
return resp['WkstaInfo']['WkstaInfo100']['wki100_computername'][:-1], resp['WkstaInfo']['WkstaInfo100']['wki100_langroup'][:-1]
else:
return self.__smbConnection.getServerName(), self.__smbConnection.getServerDomain() 示例6: create_rpc_con
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def create_rpc_con(self, pipe):
# Here we build the DCE/RPC connection
self.pipe = pipe
binding_strings = dict()
binding_strings['srvsvc'] = srvs.MSRPC_UUID_SRVS
binding_strings['wkssvc'] = wkst.MSRPC_UUID_WKST
binding_strings['samr'] = samr.MSRPC_UUID_SAMR
binding_strings['svcctl'] = scmr.MSRPC_UUID_SCMR
binding_strings['drsuapi'] = drsuapi.MSRPC_UUID_DRSUAPI
if self.pipe == r'\drsuapi':
string_binding = epm.hept_map(self.host, drsuapi.MSRPC_UUID_DRSUAPI, protocol='ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(string_binding)
rpctransport.set_credentials(username=self.username, password=self.password,domain=self.domain, lmhash=self.lmhash,nthash=self.nthash)
else:
rpctransport = transport.SMBTransport(self.host, self.port, self.pipe,username=self.username, password=self.password, domain=self.domain, lmhash=self.lmhash,nthash=self.nthash)
# SET TIMEOUT
rpctransport.set_connect_timeout(self.timeout)
dce = rpctransport.get_dce_rpc()
if self.pipe == r'\drsuapi':
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
try:
dce.connect()
except socket.error:
self.rpc_connection = None
else:
dce.bind(binding_strings[self.pipe[1:]])
self.rpc_connection = dce 示例7: rpc_get_loggedon
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def rpc_get_loggedon(self):
"""
Query logged on users via RPC.
Requires admin privs
"""
binding = r'ncacn_np:%s[\PIPE\wkssvc]' % self.addr
loggedonusers = set()
dce = self.dce_rpc_connect(binding, wkst.MSRPC_UUID_WKST)
if dce is None:
logging.warning('Connection failed: %s', binding)
return
try:
# 1 means more detail, including the domain
resp = wkst.hNetrWkstaUserEnum(dce, 1)
for record in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']:
# Skip computer accounts
if record['wkui1_username'][-2] == '$':
continue
# Skip sessions for local accounts
if record['wkui1_logon_domain'][:-1].upper() == self.samname.upper():
continue
domain = record['wkui1_logon_domain'][:-1].upper()
domain_entry = self.ad.get_domain_by_name(domain)
if domain_entry is not None:
domain = ADUtils.ldap2domain(domain_entry['attributes']['distinguishedName'])
logging.debug('Found logged on user at %s: %s@%s' % (self.hostname, record['wkui1_username'][:-1], domain))
loggedonusers.add((record['wkui1_username'][:-1], domain))
except DCERPCException as e:
if 'rpc_s_access_denied' in str(e):
logging.debug('Access denied while enumerating LoggedOn on %s, probably no admin privs', self.hostname)
else:
logging.debug('Exception connecting to RPC: %s', e)
except Exception as e:
if 'connection reset' in str(e):
logging.debug('Connection was reset: %s', e)
else:
raise e
dce.disconnect()
return list(loggedonusers) 示例8: getLoggedIn
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import MSRPC_UUID_WKST [as 别名]
def getLoggedIn(self, target):
if self.__targets[target]['Admin'] is False:
return
if self.__targets[target]['WKST'] is None:
stringWkstBinding = r'ncacn_np:%s[\PIPE\wkssvc]' % target
rpctransportWkst = transport.DCERPCTransportFactory(stringWkstBinding)
if hasattr(rpctransportWkst, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransportWkst.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey)
rpctransportWkst.set_kerberos(self.__doKerberos, self.__kdcHost)
dce = rpctransportWkst.get_dce_rpc()
dce.connect()
dce.bind(wkst.MSRPC_UUID_WKST)
self.__maxConnections -= 1
else:
dce = self.__targets[target]['WKST']
try:
resp = wkst.hNetrWkstaUserEnum(dce,1)
except Exception, e:
if str(e).find('Broken pipe') >= 0:
# The connection timed-out. Let's try to bring it back next round
self.__targets[target]['WKST'] = None
self.__maxConnections += 1
return
elif str(e).upper().find('ACCESS_DENIED'):
# We're not admin, bye
dce.disconnect()
self.__maxConnections += 1
self.__targets[target]['Admin'] = False
return
else:
raise