本文整理汇总了Python中impacket.dcerpc.v5.samr.hSamrOpenUser方法的典型用法代码示例。如果您正苦于以下问题:Python samr.hSamrOpenUser方法的具体用法?Python samr.hSamrOpenUser怎么用?Python samr.hSamrOpenUser使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.samr的用法示例。
在下文中一共展示了samr.hSamrOpenUser方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_hSamrSetSecurityObject
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def test_hSamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION)
resp.dump()
try:
resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] )
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise 示例2: test_hSamrSetSecurityObject
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def test_hSamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION)
resp.dump()
try:
resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] )
resp.dump()
except Exception as e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
resp = samr.hSamrCloseHandle(dce, userHandle)
resp.dump() 示例3: test_hSamrOpenUser
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def test_hSamrOpenUser(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN)
resp.dump() 示例4: test_SamrSetSecurityObject
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def test_SamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
request = samr.SamrQuerySecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
request = samr.SamrSetSecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
request['SecurityDescriptor'] = resp['SecurityDescriptor']
#request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise 示例5: test_SamrSetSecurityObject
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def test_SamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
request = samr.SamrQuerySecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
request = samr.SamrSetSecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
request['SecurityDescriptor'] = resp['SecurityDescriptor']
#request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
resp = samr.hSamrCloseHandle(dce, userHandle)
resp.dump() 示例6: enumerate_user_info
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def enumerate_user_info(self, dce, domain_handle):
# Most of this method was built using logic from samrdump.py
user_request = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, self.rid)
self.log.info('[*] User RID detected. Enumerating information on user..\n')
info = samr.hSamrQueryInformationUser(dce, user_request['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation)
user = info['Buffer']['All']
pass_last_set = self.expiration_check(user, 'PasswordLastSet')
account_expires = self.expiration_check(user, 'AccountExpires')
pass_expires = self.expiration_check(user, 'PasswordMustChange')
pass_can_change = self.expiration_check(user, 'PasswordCanChange')
last_logon = self.expiration_check(user, 'LastLogon')
account_active = self.attribute_bool(user, samr.USER_ACCOUNT_DISABLED)
user_may_change_pass = self.attribute_bool(user, samr.USER_CHANGE_PASSWORD)
password_required = self.attribute_bool(user, samr.USER_PASSWORD_NOT_REQUIRED)
workstations_allowed = user['WorkStations']
if workstations_allowed == '':
workstations_allowed = 'All'
self.log.info('User name\t\t\t{0}'.format(user['UserName']))
self.log.info('User RID\t\t\t{0}'.format(user['UserId']))
self.log.info('Full Name\t\t\t{0}'.format(user['FullName']))
self.log.info('Comment\t\t\t\t{0}'.format(user['AdminComment']))
self.log.info("User's Comment\t\t\t\t{0}".format(user['UserComment']))
self.log.info('Country/region code\t\t{0}'.format(user['CountryCode']))
self.log.info('Account active\t\t\t{0}'.format(account_active))
self.log.info('Account expires\t\t\t{0}\n'.format(account_expires))
self.log.info('Password last set\t\t{0}'.format(pass_last_set))
self.log.info('Password expires\t\t{0}'.format(pass_expires))
self.log.info('Password changeable\t\t{0}'.format(pass_can_change))
self.log.info('Password required\t\t{0}'.format(password_required))
self.log.info('Bad Password Count\t\t{0}'.format(user['BadPasswordCount']))
self.log.info('User may change password\t{0}\n'.format(user_may_change_pass))
self.log.info('Workstations allowed\t\t{0}'.format(workstations_allowed))
self.log.info('Logon script\t\t\t\t{0}'.format(user['ScriptPath']))
self.log.info('User profile\t\t\t\t{0}'.format(user['ProfilePath']))
self.log.info('Home directory\t\t\t{0}'.format(user['HomeDirectory']))
self.log.info('Home directory drive\t\t{0}\n'.format(user['HomeDirectoryDrive']))
self.log.info('Group Memberships')
group_rids = samr.hSamrGetGroupsForUser(dce, user_request['UserHandle'])['Groups']['Groups']
for i, group_rid in enumerate(group_rids):
group_rid = group_rids[i]['RelativeId']
group_request = samr.hSamrOpenGroup(dce, domain_handle, samr.MAXIMUM_ALLOWED, group_rid)
group_info = samr.hSamrQueryInformationGroup(dce, group_request['GroupHandle'])
group_name = group_info['Buffer']['General']['Name']
group_comment = group_info['Buffer']['General']['AdminComment']
self.log.info('Name: {0}\nDesc: {1}\n'.format(group_name, group_comment))
samr.hSamrCloseHandle(dce, user_request['UserHandle'])
samr.hSamrCloseHandle(dce, group_request['GroupHandle']) 示例7: enumerate_users_in_group
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def enumerate_users_in_group(self, dce, domain_handle):
request = samr.SamrOpenGroup()
request['DomainHandle'] = domain_handle
request['DesiredAccess'] = samr.MAXIMUM_ALLOWED
request['GroupId'] = self.rid
try:
resp = dce.request(request)
except samr.DCERPCSessionError:
raise
request = samr.SamrGetMembersInGroup()
request['GroupHandle'] = resp['GroupHandle']
resp = dce.request(request)
self.log.info('[*] Group RID detected. Enumerating users/hosts in group..\n')
try:
rids = resp['Members']['Members']
except AttributeError:
self.log.info('[-] No users in group')
return
mutex = Lock()
for rid in rids:
try:
resp = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, rid['Data'])
rid_data = samr.hSamrQueryInformationUser2(dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation)
except samr.DCERPCSessionError as e:
# Occasionally an ACCESS_DENIED is rasied even though the user has permissions?
# Other times a STATUS_NO_SUCH_USER is raised when a rid apparently doesn't exist, even though it reported back as existing.
self.log.debug(e)
continue
if self.fqdn:
rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '') + '.' + self.fqdn
else:
rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '')
samr.hSamrCloseHandle(dce, resp['UserHandle'])
if self.dns_lookup:
# Threading because DNS lookups are slow
t = Thread(target=self.get_ip, args=(rid_data, mutex,))
t.start()
else:
self.log.info(rid_data)
self.data.append(rid_data) 示例8: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print('Found domain(s):')
for domain in domains:
print(" . %s" % domain['Name'])
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print("Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] ))
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException as e:
logging.critical("Error listing users: %s" % e)
dce.disconnect()
return entries
# Process command-line arguments. 示例9: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
done = False
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except Exception, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e) 示例10: __fetchList
# 需要导入模块: from impacket.dcerpc.v5 import samr [as 别名]
# 或者: from impacket.dcerpc.v5.samr import hSamrOpenUser [as 别名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e)