本文整理汇总了Python中impacket.dcerpc.v5.lsad.hLsarQueryInformationPolicy2方法的典型用法代码示例。如果您正苦于以下问题:Python lsad.hLsarQueryInformationPolicy2方法的具体用法?Python lsad.hLsarQueryInformationPolicy2怎么用?Python lsad.hLsarQueryInformationPolicy2使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.lsad的用法示例。
在下文中一共展示了lsad.hLsarQueryInformationPolicy2方法的9个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_hLsarSetInformationPolicy2
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def test_hLsarSetInformationPolicy2(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation)
resp.dump()
oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode']
resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0
resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] )
resp2.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation)
resp.dump()
resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = oldValue
resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] )
resp2.dump() 示例2: test_hLsarSetInformationPolicy
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def test_hLsarSetInformationPolicy(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation)
resp.dump()
oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode']
resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0
resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] )
resp2.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation)
resp.dump()
resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = oldValue
resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] )
resp2.dump() 示例3: connect
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def connect(self, host, port, user, password, sid):
smbt = transport.SMBTransport(host, int(port), r'\lsarpc', user, password)
dce = smbt.get_dce_rpc()
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
op2 = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
if sid is None:
res = lsad.hLsarQueryInformationPolicy2(dce, op2['PolicyHandle'], lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
sid = res['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
self.sid = sid
self.policy_handle = op2['PolicyHandle']
return DCE_Connection(dce, smbt) 示例4: test_hLsarQueryInformationPolicy2
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def test_hLsarQueryInformationPolicy2(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditLogInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyPdAccountInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt)
resp.dump()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation)
resp.dump() 示例5: test_hLsarCreateAccount_hLsarDeleteObject
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def test_hLsarCreateAccount_hLsarDeleteObject(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle,lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
sid = sid + '-9999'
resp = lsad.hLsarCreateAccount(dce, policyHandle, sid)
resp.dump()
resp = lsad.hLsarDeleteObject(dce,resp['AccountHandle'])
resp.dump() 示例6: test_hLsarAddPrivilegesToAccount_hLsarRemovePrivilegesFromAccount
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def test_hLsarAddPrivilegesToAccount_hLsarRemovePrivilegesFromAccount(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle,lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
sid = sid + '-9999'
resp = lsad.hLsarCreateAccount(dce, policyHandle, sid)
accountHandle = resp['AccountHandle']
attributes = list()
attribute = lsad.LSAPR_LUID_AND_ATTRIBUTES()
attribute['Luid']['LowPart'] = 0
attribute['Luid']['HighPart'] = 3
attribute['Attributes'] = 3
attributes.append(attribute)
try:
resp = lsad.hLsarAddPrivilegesToAccount(dce,accountHandle, attributes)
resp.dump()
except:
resp = lsad.hLsarDeleteObject(dce, accountHandle)
return
resp = lsad.hLsarRemovePrivilegesFromAccount(dce, accountHandle, NULL, 1)
resp.dump()
resp = lsad.hLsarDeleteObject(dce,accountHandle )
resp.dump() 示例7: getParentSidAndAdminName
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def getParentSidAndAdminName(self, parentDC, creds):
if self.__doKerberos is True:
# In Kerberos we need the target's name
machineNameOrIp = self.getDNSMachineName(gethostbyname(parentDC))
logging.debug('%s is %s' % (gethostbyname(parentDC), machineNameOrIp))
else:
machineNameOrIp = gethostbyname(parentDC)
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % machineNameOrIp
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(creds['username'], creds['password'], creds['domain'], creds['lmhash'],
creds['nthash'], creds['aesKey'])
rpctransport.set_kerberos(self.__doKerberos)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
# Now that we have the Sid, let's get the Administrator's account name
sids = list()
sids.append(domainSid+'-500')
resp = hLsarLookupSids(dce, policyHandle, sids, LSAP_LOOKUP_LEVEL.LsapLookupWksta)
adminName = resp['TranslatedNames']['Names'][0]['Name']
return domainSid, adminName 示例8: getForestSid
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def getForestSid(self):
logging.debug('Calling NRPC DsrGetDcNameEx()')
stringBinding = r'ncacn_np:%s[\pipe\netlogon]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_NRPC)
resp = hDsrGetDcNameEx(dce, NULL, NULL, NULL, NULL, 0)
forestName = resp['DomainControllerInfo']['DnsForestName'][:-1]
logging.debug('DNS Forest name is %s' % forestName)
dce.disconnect()
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % forestName
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
dce.disconnect()
forestSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
logging.info("Forest SID: %s"% forestSid)
return forestSid 示例9: __bruteForce
# 需要导入模块: from impacket.dcerpc.v5 import lsad [as 别名]
# 或者: from impacket.dcerpc.v5.lsad import hLsarQueryInformationPolicy2 [as 别名]
def __bruteForce(self, rpctransport, maxRid):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
# Want encryption? Uncomment next line
# But make SIMULTANEOUS variable <= 100
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
# Want fragmentation? Uncomment next line
#dce.set_max_fragment_size(32)
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
soFar = 0
SIMULTANEOUS = 1000
for j in range(maxRid/SIMULTANEOUS+1):
if (maxRid - soFar) / SIMULTANEOUS == 0:
sidsToCheck = (maxRid - soFar) % SIMULTANEOUS
else:
sidsToCheck = SIMULTANEOUS
if sidsToCheck == 0:
break
sids = list()
for i in xrange(soFar, soFar+sidsToCheck):
sids.append(domainSid + '-%d' % i)
try:
lsat.hLsarLookupSids(dce, policyHandle, sids,lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
except DCERPCException, e:
if str(e).find('STATUS_NONE_MAPPED') >= 0:
soFar += SIMULTANEOUS
continue
elif str(e).find('STATUS_SOME_NOT_MAPPED') >= 0:
resp = e.get_packet()
else:
raise
for n, item in enumerate(resp['TranslatedNames']['Names']):
if item['Use'] != SID_NAME_USE.SidTypeUnknown:
print "%d: %s\\%s (%s)" % (
soFar + n, resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'],
SID_NAME_USE.enumItems(item['Use']).name)
soFar += SIMULTANEOUS