本文整理汇总了Python中impacket.dcerpc.v5.samr.hSamrLookupDomainInSamServer方法的典型用法代码示例。如果您正苦于以下问题:Python samr.hSamrLookupDomainInSamServer方法的具体用法?Python samr.hSamrLookupDomainInSamServer怎么用?Python samr.hSamrLookupDomainInSamServer使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.samr的用法示例。
在下文中一共展示了samr.hSamrLookupDomainInSamServer方法的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __getLocalAdminSids
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def __getLocalAdminSids(self):
dce = self.__getDceBinding(self.__samrBinding)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, 'Builtin')
resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId'])
domainHandle = resp['DomainHandle']
resp = samr.hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=544)
resp = samr.hSamrGetMembersInAlias(dce, resp['AliasHandle'])
memberSids = []
for member in resp['Members']['Sids']:
memberSids.append(member['SidPointer'].formatCanonical())
dce.disconnect()
return memberSids 示例2: getUserSID
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def getUserSID(self):
stringBinding = r'ncacn_np:%s[\pipe\samr]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, self.__domain)
domainId = resp['DomainId']
resp = samr.hSamrOpenDomain(dce, serverHandle, domainId = domainId)
domainHandle = resp['DomainHandle']
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.__username,))
# Let's pick the relative ID
rid = resp['RelativeIds']['Element'][0]['Data']
logging.info("User SID: %s-%s"% (domainId.formatCanonical(), rid))
return domainId, rid 示例3: connectSamr
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def connectSamr(self, domain):
rpc = transport.DCERPCTransportFactory(self.__stringBindingSamr)
rpc.set_smb_connection(self.__smbConnection)
self.__samr = rpc.get_dce_rpc()
self.__samr.connect()
self.__samr.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(self.__samr)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(self.__samr, serverHandle, domain)
resp = samr.hSamrOpenDomain(self.__samr, serverHandle=serverHandle, domainId=resp['DomainId'])
self.__domainHandle = resp['DomainHandle']
self.__domainName = domain 示例4: test_hSamrEnumerateDomainsInSamServer
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def test_hSamrEnumerateDomainsInSamServer(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrConnect(dce, desiredAccess = samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN)
resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, resp['ServerHandle'])
resp2.dump()
resp3 = samr.hSamrLookupDomainInSamServer(dce, resp['ServerHandle'],resp2['Buffer']['Buffer'][0]['Name'] )
resp3.dump()
request = samr.SamrOpenDomain()
request['ServerHandle'] = resp['ServerHandle']
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['DomainId'] = resp3['DomainId']
resp4 = dce.request(request)
resp4.dump() 示例5: fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def fetchList(self, rpctransport):
dce = DCERPC_v5(rpctransport)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
# Setup Connection
resp = samr.hSamrConnect2(dce)
if resp['ErrorCode'] != 0:
raise Exception('Connect error')
resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle=resp['ServerHandle'],
enumerationContext=0,
preferedMaximumLength=500)
if resp2['ErrorCode'] != 0:
raise Exception('Connect error')
resp3 = samr.hSamrLookupDomainInSamServer(dce, serverHandle=resp['ServerHandle'],
name=resp2['Buffer']['Buffer'][0]['Name'])
if resp3['ErrorCode'] != 0:
raise Exception('Connect error')
resp4 = samr.hSamrOpenDomain(dce, serverHandle=resp['ServerHandle'],
desiredAccess=samr.MAXIMUM_ALLOWED,
domainId=resp3['DomainId'])
if resp4['ErrorCode'] != 0:
raise Exception('Connect error')
self.__domains = resp2['Buffer']['Buffer']
domainHandle = resp4['DomainHandle']
# End Setup
re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation)
self.__min_pass_len = re['Buffer']['Password']['MinPasswordLength'] or "None"
self.__pass_hist_len = re['Buffer']['Password']['PasswordHistoryLength'] or "None"
self.__max_pass_age = convert(int(re['Buffer']['Password']['MaxPasswordAge']['LowPart']), int(re['Buffer']['Password']['MaxPasswordAge']['HighPart']))
self.__min_pass_age = convert(int(re['Buffer']['Password']['MinPasswordAge']['LowPart']), int(re['Buffer']['Password']['MinPasswordAge']['HighPart']))
self.__pass_prop = d2b(re['Buffer']['Password']['PasswordProperties'])
re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation)
self.__rst_accnt_lock_counter = convert(0, re['Buffer']['Lockout']['LockoutObservationWindow'], lockout=True)
self.__lock_accnt_dur = convert(0, re['Buffer']['Lockout']['LockoutDuration'], lockout=True)
self.__accnt_lock_thres = re['Buffer']['Lockout']['LockoutThreshold'] or "None"
re = samr.hSamrQueryInformationDomain2(dce, domainHandle=domainHandle,
domainInformationClass=samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation)
self.__force_logoff_time = convert(re['Buffer']['Logoff']['ForceLogoff']['LowPart'], re['Buffer']['Logoff']['ForceLogoff']['HighPart'])
self.pass_pol = {'min_pass_len': self.__min_pass_len, 'pass_hist_len': self.__pass_hist_len,
'max_pass_age': self.__max_pass_age, 'min_pass_age': self.__min_pass_age,
'pass_prop': self.__pass_prop, 'rst_accnt_lock_counter': self.__rst_accnt_lock_counter,
'lock_accnt_dur': self.__lock_accnt_dur, 'accnt_lock_thres': self.__accnt_lock_thres,
'force_logoff_time': self.__force_logoff_time} 示例6: initialize_dce
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def initialize_dce(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
server_handle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, server_handle)
domains = resp['Buffer']['Buffer']
self.log.info('[+] Found domain: {0}'.format(domains[0]['Name']))
resp = samr.hSamrLookupDomainInSamServer(dce, server_handle, domains[0]['Name'])
resp = samr.hSamrOpenDomain(dce, serverHandle=server_handle, domainId=resp['DomainId'])
domain_handle = resp['DomainHandle']
if self.enumerate_groups:
self.log.info('[*] Enumerating all Domain Group RIDs (Group/RID)')
self.enumerate_domain_groups(dce, domain_handle)
elif self.enumerate_users:
self.log.info('[*] Enumerating all Domain Users (RID/Username/Name/Description)')
self.enumerate_domain_users(dce, domain_handle)
elif self.enumerate_pass_policy:
self.log.info('[*] Enumerating domain password policy')
self.enumerate_password_policy(dce, domain_handle)
else:
self.log.info('[*] Enumerating RID {0} in the {1} domain..'.format(self.rid, domains[0]['Name']))
try:
self.enumerate_user_info(dce, domain_handle)
dce.disconnect()
return
except samr.DCERPCSessionError:
self.log.debug('[*] RID is not for a user. Trying again as a group.')
pass
try:
self.enumerate_users_in_group(dce, domain_handle)
except samr.DCERPCSessionError:
self.log.debug('[*] RID is not for a group either')
self.log.info('[-] RID not found')
dce.disconnect() 示例7: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print('Found domain(s):')
for domain in domains:
print(" . %s" % domain['Name'])
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print("Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] ))
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException as e:
logging.critical("Error listing users: %s" % e)
dce.disconnect()
return entries
# Process command-line arguments. 示例8: getDomainMachines
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def getDomainMachines(self):
if self.__kdcHost is not None:
domainController = self.__kdcHost
elif self.__domain is not '':
domainController = self.__domain
else:
raise Exception('A domain is needed!')
logging.info('Getting machine\'s list from %s' % domainController)
rpctransport = transport.SMBTransport(domainController, 445, r'\samr', self.__username, self.__password,
self.__domain, self.__lmhash, self.__nthash, self.__aesKey,
doKerberos=self.__doKerberos, kdcHost = self.__kdcHost)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, samr.USER_WORKSTATION_TRUST_ACCOUNT,
enumerationContext=enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
self.__machinesList.append(user['Name'][:-1])
logging.debug('Machine name - rid: %s - %d'% (user['Name'], user['RelativeId']))
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except Exception as e:
raise e
dce.disconnect() 示例9: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
done = False
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except Exception, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e) 示例10: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e) 示例11: getDomainMachines
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrLookupDomainInSamServer [as 别名]
def getDomainMachines(self):
if self.__kdcHost is not None:
domainController = self.__kdcHost
elif self.__domain is not '':
domainController = self.__domain
else:
raise Exception('A domain is needed!')
logging.info('Getting machine\'s list from %s' % domainController)
rpctransport = transport.SMBTransport(domainController, 445, r'\samr', self.__username, self.__password,
self.__domain, self.__lmhash, self.__nthash, self.__aesKey,
doKerberos=self.__doKerberos, kdcHost = self.__kdcHost)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, samr.USER_WORKSTATION_TRUST_ACCOUNT,
enumerationContext=enumerationContext)
except DCERPCException, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
self.__machinesList.append(user['Name'][:-1])
logging.debug('Machine name - rid: %s - %d'% (user['Name'], user['RelativeId']))
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except Exception, e:
raise e