本文整理汇总了Python中impacket.dcerpc.v5.lsat.hLsarLookupSids方法的典型用法代码示例。如果您正苦于以下问题:Python lsat.hLsarLookupSids方法的具体用法?Python lsat.hLsarLookupSids怎么用?Python lsat.hLsarLookupSids使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.lsat的用法示例。
在下文中一共展示了lsat.hLsarLookupSids方法的7个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_hLsarLookupSids
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def test_hLsarLookupSids(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsat.hLsarLookupNames(dce, policyHandle, ('Administrator',))
resp.dump()
domainSid = resp['ReferencedDomains']['Domains'][0]['Sid'].formatCanonical()
sids = list()
for i in range(1000):
sids.append(domainSid + '-%d' % (500+i))
try:
resp = lsat.hLsarLookupSids(dce, policyHandle, sids )
resp.dump()
except Exception, e:
if str(e).find('STATUS_SOME_NOT_MAPPED') < 0:
raise
else:
resp = e.get_packet()
resp.dump() 示例2: test_hLsarLookupSids
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def test_hLsarLookupSids(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsat.hLsarLookupNames(dce, policyHandle, ('Administrator',))
resp.dump()
domainSid = resp['ReferencedDomains']['Domains'][0]['Sid'].formatCanonical()
sids = list()
for i in range(1000):
sids.append(domainSid + '-%d' % (500+i))
try:
resp = lsat.hLsarLookupSids(dce, policyHandle, sids )
resp.dump()
except Exception as e:
if str(e).find('STATUS_SOME_NOT_MAPPED') < 0:
raise
else:
resp = e.get_packet()
resp.dump() 示例3: execute
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def execute(self, host, port='139', user='', password='', sid=None, rid=None, persistent='1'):
fp, _ = self.bind(host, port, user, password, sid)
if rid:
sid = '%s-%s' % (self.sid, rid)
else:
sid = self.sid
try:
res = lsat.hLsarLookupSids(fp, self.policy_handle, [sid], lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
code, names = 0, []
for n, item in enumerate(res['TranslatedNames']['Names']):
names.append("%s\\%s (%s)" % (res['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'], SID_NAME_USE.enumItems(item['Use']).name[7:]))
except lsat.DCERPCSessionError:
code, names = 1, ['unknown'] # STATUS_NONE_MAPPED
if persistent == '0':
self.reset()
return self.Response(code, ', '.join(names))
# }}}
# POP {{{ 示例4: __resolveSids
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def __resolveSids(self, sids):
dce = self.__getDceBinding(self.__lsaBinding)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for n, item in enumerate(resp['TranslatedNames']['Names']):
names.append(u"{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'].encode('utf-16-le'), item['Name']))
dce.disconnect()
return names 示例5: getParentSidAndAdminName
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def getParentSidAndAdminName(self, parentDC, creds):
if self.__doKerberos is True:
# In Kerberos we need the target's name
machineNameOrIp = self.getDNSMachineName(gethostbyname(parentDC))
logging.debug('%s is %s' % (gethostbyname(parentDC), machineNameOrIp))
else:
machineNameOrIp = gethostbyname(parentDC)
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % machineNameOrIp
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(creds['username'], creds['password'], creds['domain'], creds['lmhash'],
creds['nthash'], creds['aesKey'])
rpctransport.set_kerberos(self.__doKerberos)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
# Now that we have the Sid, let's get the Administrator's account name
sids = list()
sids.append(domainSid+'-500')
resp = hLsarLookupSids(dce, policyHandle, sids, LSAP_LOOKUP_LEVEL.LsapLookupWksta)
adminName = resp['TranslatedNames']['Names'][0]['Name']
return domainSid, adminName 示例6: __resolveSids
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def __resolveSids(self, sids):
dce = self.__getDceBinding(self.__lsaBinding)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for n, item in enumerate(resp['TranslatedNames']['Names']):
names.append("{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'].encode('utf-16-le'), item['Name']))
dce.disconnect()
return names 示例7: __bruteForce
# 需要导入模块: from impacket.dcerpc.v5 import lsat [as 别名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 别名]
def __bruteForce(self, rpctransport, maxRid):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
# Want encryption? Uncomment next line
# But make SIMULTANEOUS variable <= 100
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
# Want fragmentation? Uncomment next line
#dce.set_max_fragment_size(32)
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
soFar = 0
SIMULTANEOUS = 1000
for j in range(maxRid/SIMULTANEOUS+1):
if (maxRid - soFar) / SIMULTANEOUS == 0:
sidsToCheck = (maxRid - soFar) % SIMULTANEOUS
else:
sidsToCheck = SIMULTANEOUS
if sidsToCheck == 0:
break
sids = list()
for i in xrange(soFar, soFar+sidsToCheck):
sids.append(domainSid + '-%d' % i)
try:
lsat.hLsarLookupSids(dce, policyHandle, sids,lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
except DCERPCException, e:
if str(e).find('STATUS_NONE_MAPPED') >= 0:
soFar += SIMULTANEOUS
continue
elif str(e).find('STATUS_SOME_NOT_MAPPED') >= 0:
resp = e.get_packet()
else:
raise
for n, item in enumerate(resp['TranslatedNames']['Names']):
if item['Use'] != SID_NAME_USE.SidTypeUnknown:
print "%d: %s\\%s (%s)" % (
soFar + n, resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'],
SID_NAME_USE.enumItems(item['Use']).name)
soFar += SIMULTANEOUS