当前位置: 首页>>代码示例>>Python>>正文

Python transport.DCERPCTransportFactory方法代码示例

本文整理汇总了Python中impacket.dcerpc.v5.transport.DCERPCTransportFactory方法的典型用法代码示例。如果您正苦于以下问题:Python transport.DCERPCTransportFactory方法的具体用法?Python transport.DCERPCTransportFactory怎么用?Python transport.DCERPCTransportFactory使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在impacket.dcerpc.v5.transport的用法示例。


在下文中一共展示了transport.DCERPCTransportFactory方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: getMachineNameAndDomain

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def getMachineNameAndDomain(self):
        if self.__smbConnection.getServerName() == '':
            # No serverName.. this is either because we're doing Kerberos
            # or not receiving that data during the login process.
            # Let's try getting it through RPC
            rpc = transport.DCERPCTransportFactory(r'ncacn_np:445[\pipe\wkssvc]')
            rpc.set_smb_connection(self.__smbConnection)
            dce = rpc.get_dce_rpc()
            dce.connect()
            dce.bind(wkst.MSRPC_UUID_WKST)
            resp = wkst.hNetrWkstaGetInfo(dce, 100)
            dce.disconnect()
            return resp['WkstaInfo']['WkstaInfo100']['wki100_computername'][:-1], resp['WkstaInfo']['WkstaInfo100'][
                                                                                      'wki100_langroup'][:-1]
        else:
            return self.__smbConnection.getServerName(), self.__smbConnection.getServerDomain()
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:18,代码来源:secretsdump.py

示例2: connect

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect(self, version):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
        dce.connect()
        if version == 1:
            dce.bind(dhcpm.MSRPC_UUID_DHCPSRV, transfer_syntax = self.ts)
        else:
            dce.bind(dhcpm.MSRPC_UUID_DHCPSRV2, transfer_syntax = self.ts)

        return dce, rpctransport
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:21,代码来源:test_dhcpm.py

示例3: connect

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect(self, stringBinding, bindUUID):
        rpctransport = transport.DCERPCTransportFactory(stringBinding )
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
        dce.connect()
        dce.bind(bindUUID, transfer_syntax = self.ts)

        return dce, rpctransport
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:18,代码来源:test_tsch.py

示例4: connect

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect(self):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
        dce.connect()
        dce.bind(rrp.MSRPC_UUID_RRP, transfer_syntax = self.ts)
        resp = rrp.hOpenLocalMachine(dce, MAXIMUM_ALLOWED | rrp.KEY_WOW64_32KEY | rrp.KEY_ENUMERATE_SUB_KEYS)

        return dce, rpctransport, resp['phKey']
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:19,代码来源:test_rrp.py

示例5: connect

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect(self):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        #dce.set_max_fragment_size(32)
        dce.connect()
        if self.__class__.__name__ == 'TCPTransport':
            dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
        dce.bind(scmr.MSRPC_UUID_SCMR)
        #rpc = scmr.DCERPCSvcCtl(dce)
        lpMachineName = 'DUMMY\x00'
        lpDatabaseName = 'ServicesActive\x00'
        desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS | scmr.SC_MANAGER_ENUMERATE_SERVICE
        
        resp = scmr.hROpenSCManagerW(dce,lpMachineName, lpDatabaseName, desiredAccess)
        scHandle = resp['lpScHandle']

        return dce, rpctransport, scHandle
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:27,代码来源:test_scmr.py

示例6: connect2

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect2(self):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding )
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
        #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
        dce.connect()
        dce.bind(drsuapi.MSRPC_UUID_DRSUAPI, transfer_syntax = self.ts)

        return dce, rpctransport
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:19,代码来源:test_drsuapi.py

示例7: get_os_arch

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def get_os_arch(self):
        try:
            stringBinding = r'ncacn_ip_tcp:{}[135]'.format(self.host)
            transport = DCERPCTransportFactory(stringBinding)
            transport.set_connect_timeout(5)
            dce = transport.get_dce_rpc()
            if self.args.kerberos:
                dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
            dce.connect()
            try:
                dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'))
            except (DCERPCException, e):
                if str(e).find('syntaxes_not_supported') >= 0:
                    dce.disconnect()
                    return 32
            else:
                dce.disconnect()
                return 64

        except Exception as e:
            logging.debug('Error retrieving os arch of {}: {}'.format(self.host, str(e)))

        return 0
开发者ID:byt3bl33d3r,项目名称:CrackMapExec,代码行数:25,代码来源:smb.py

示例8: connect

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect(self, version):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
        dce.connect()
        if version == 1:
            dce.bind(even6.MSRPC_UUID_EVEN6, transfer_syntax=self.ts)
        else:
            dce.bind(even6.MSRPC_UUID_EVEN6, transfer_syntax=self.ts)

        return dce, rpctransport
开发者ID:eth0izzle,项目名称:cracke-dit,代码行数:21,代码来源:test_even6.py

示例9: connectDCE

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connectDCE(self, username, password, domain, lm='', nt='', aesKey='', TGT=None, TGS=None, tfragment=0,
                   dceFragment=0,
                   auth_type=RPC_C_AUTHN_WINNT, auth_level=RPC_C_AUTHN_LEVEL_NONE, dceAuth=True, doKerberos=False,
                   bind=epm.MSRPC_UUID_PORTMAP):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)

        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(username, password, domain, lm, nt, aesKey, TGT, TGS)
            rpctransport.set_kerberos(doKerberos, kdcHost=self.machine)

        rpctransport.set_max_fragment_size(tfragment)
        rpctransport.setRemoteName(self.serverName)
        rpctransport.setRemoteHost(self.machine)
        dce = rpctransport.get_dce_rpc()
        dce.set_max_fragment_size(dceFragment)
        if dceAuth is True:
            dce.set_credentials(*(rpctransport.get_credentials()))
        dce.connect()
        dce.set_auth_type(auth_type)
        dce.set_auth_level(auth_level)
        dce.bind(bind)

        return dce
开发者ID:eth0izzle,项目名称:cracke-dit,代码行数:26,代码来源:test_rpcrt.py

示例10: connect

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def connect(self):
        rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
        if len(self.hashes) > 0:
            lmhash, nthash = self.hashes.split(':')
        else:
            lmhash = ''
            nthash = ''
        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
        dce = rpctransport.get_dce_rpc()
        dce.connect()
        dce.bind(lsad.MSRPC_UUID_LSAD, transfer_syntax = self.ts)
        resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsad.POLICY_CREATE_SECRET | DELETE | lsad.POLICY_VIEW_LOCAL_INFORMATION)

        return dce, rpctransport, resp['PolicyHandle']
开发者ID:eth0izzle,项目名称:cracke-dit,代码行数:18,代码来源:test_lsad.py

示例11: get_os_arch

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def get_os_arch(target):
    try:
        stringBinding = r'ncacn_ip_tcp:{}[135]'.format(target)
        transport = DCERPCTransportFactory(stringBinding)
        transport.set_connect_timeout(5)
        dce = transport.get_dce_rpc()
        dce.connect()

        try:
            dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'))
        except DCERPCException as e:
            if str(e).find('syntaxes_not_supported') >= 0:
                return 32
            else:
                pass
        else:
            return 64
        dce.disconnect()
    except Exception as e:
        logging.warning('%sErr with get_os_arch for %s: %s' % (warningRed, target, str(e)))
开发者ID:aas-n,项目名称:spraykatz,代码行数:22,代码来源:Arch.py

示例12: dump

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def dump(self, remote_host):

        logging.info('Attempting to trigger authentication via rprn RPC at %s', remote_host)

        stringbinding = self.KNOWN_PROTOCOLS[self.__port]['bindstr'] % remote_host
        # logging.info('StringBinding %s'%stringbinding)
        rpctransport = transport.DCERPCTransportFactory(stringbinding)
        rpctransport.set_dport(self.__port)

        if self.KNOWN_PROTOCOLS[self.__port]['set_host']:
            rpctransport.setRemoteHost(remote_host)

        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)

        try:
            self.lookup(rpctransport, remote_host)
        except Exception as e:
            if logging.getLogger().level == logging.DEBUG:
                import traceback
                traceback.print_exc()
            logging.critical(str(e))
            raise
开发者ID:dirkjanm,项目名称:krbrelayx,代码行数:26,代码来源:printerbug.py

示例13: get_sid

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def get_sid(self, name):
		self.log.info('[*] Looking up SID for {0}..'.format(name))
		stringbinding = r'ncacn_np:{0}[\pipe\lsarpc]'.format(self.target)
		logging.debug('StringBinding {0}'.format(stringbinding))
		rpctransport = transport.DCERPCTransportFactory(stringbinding)
		rpctransport.set_dport(self.port)
		rpctransport.setRemoteHost(self.target)

		if hasattr(rpctransport, 'set_credentials'):
			rpctransport.set_credentials(self.username, self.password, self.domain)

		dce = rpctransport.get_dce_rpc()
		dce.connect()
		dce.bind(lsat.MSRPC_UUID_LSAT)
		resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsad.POLICY_LOOKUP_NAMES)
		policyHandle = resp['PolicyHandle']
		resp = lsat.hLsarLookupNames(dce, policyHandle, (name,))
		self.rid = resp['TranslatedSids']['Sids'][0]['RelativeId']
		dce.disconnect()
		return
开发者ID:Gilks,项目名称:enumerid,代码行数:22,代码来源:enumerid.py

示例14: play

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def play(self, addr):
        stringbinding = r'ncacn_np:%s[\pipe\atsvc]' % addr
        rpctransport = transport.DCERPCTransportFactory(stringbinding)

        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash,
                                         self.__aesKey)
            rpctransport.set_kerberos(self.__doKerberos, self.__kdcHost)
        try:
            self.doStuff(rpctransport)
        except Exception as e:
            if logging.getLogger().level == logging.DEBUG:
                import traceback
                traceback.print_exc()
            logging.error(e)
            if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') >=0:
                logging.info('When STATUS_OBJECT_NAME_NOT_FOUND is received, try running again. It might work')
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:20,代码来源:atexec.py

示例15: dump

# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import DCERPCTransportFactory [as 别名]
def dump(self, remoteName, remoteHost):

        logging.info('Brute forcing SIDs at %s' % remoteName)

        stringbinding = self.KNOWN_PROTOCOLS[self.__port]['bindstr'] % remoteName
        logging.info('StringBinding %s'%stringbinding)
        rpctransport = transport.DCERPCTransportFactory(stringbinding)
        rpctransport.set_dport(self.__port)

        if self.KNOWN_PROTOCOLS[self.__port]['set_host']:
            rpctransport.setRemoteHost(remoteHost)

        if hasattr(rpctransport, 'set_credentials'):
            # This method exists only for selected protocol sequences.
            rpctransport.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)

        try:
            self.__bruteForce(rpctransport, self.__maxRid)
        except Exception as e:
            if logging.getLogger().level == logging.DEBUG:
                import traceback
                traceback.print_exc()
            logging.critical(str(e))
            raise
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:26,代码来源:lookupsid.py


注:本文中的impacket.dcerpc.v5.transport.DCERPCTransportFactory方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。