本文整理汇总了Python中impacket.dcerpc.v5.transport.SMBTransport方法的典型用法代码示例。如果您正苦于以下问题:Python transport.SMBTransport方法的具体用法?Python transport.SMBTransport怎么用?Python transport.SMBTransport使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.transport的用法示例。
在下文中一共展示了transport.SMBTransport方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getShares
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def getShares(self):
# Setup up a DCE SMBTransport with the connection already in place
LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost()))
try:
self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(),
self.connection.getRemoteHost(),filename = r'\srvsvc',
smb_connection = self.connection)
dce_srvs = self._rpctransport.get_dce_rpc()
dce_srvs.connect()
dce_srvs.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce_srvs, 1)
return resp['InfoStruct']['ShareInfo']['Level1']
except:
LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost()))
raise 示例2: load_module
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def load_module(self, module):
if int(self.sambaOld) == 1:
module = '\\\PIPE\\' + module
log("Trying to load module %s" % module)
stringbinding = r'ncacn_np:%s[\pipe\%s]' % (self.sambaTarget, module)
sb = transport.DCERPCStringBinding(stringbinding)
na = sb.get_network_address()
rpctransport = transport.SMBTransport(na, filename = module, smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
try:
dce.connect()
return True
except KeyboardInterrupt:
print "Aborted."
sys.exit(0)
except:
log("Error: %s" % str(sys.exc_info()[1]))
return False 示例3: dump
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def dump(self):
# Try all requested protocols until one works.
for protocol in self.protocols:
try:
protodef = PassPolDump.KNOWN_PROTOCOLS[protocol]
port = protodef[1]
except KeyError:
logging.debug("Invalid Protocol '{}'".format(protocol))
logging.debug("Trying protocol {}".format(protocol))
rpctransport = transport.SMBTransport(self.addr, port, r'\samr', self.username, self.password, self.domain,
self.lmhash, self.nthash, self.aesKey, doKerberos = self.doKerberos)
try:
self.fetchList(rpctransport)
except Exception as e:
logging.debug('Protocol failed: {}'.format(e))
else:
# Got a response. No need for further iterations.
self.pretty_print()
break
return self.pass_pol 示例4: isAdmin
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def isAdmin(self):
rpctransport = SMBTransport(self.session.getRemoteHost(), 445, r'\svcctl', smb_connection=self.session)
dce = rpctransport.get_dce_rpc()
try:
dce.connect()
except:
pass
else:
dce.bind(scmr.MSRPC_UUID_SCMR)
try:
# 0xF003F - SC_MANAGER_ALL_ACCESS
# http://msdn.microsoft.com/en-us/library/windows/desktop/ms685981(v=vs.85).aspx
ans = scmr.hROpenSCManagerW(dce,'{}\x00'.format(self.target.hostname),'ServicesActive\x00', 0xF003F)
return "TRUE"
except scmr.DCERPCException as e:
pass
return "FALSE" 示例5: connect
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def connect(self, host, port, user, password, sid):
smbt = transport.SMBTransport(host, int(port), r'\lsarpc', user, password)
dce = smbt.get_dce_rpc()
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
op2 = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
if sid is None:
res = lsad.hLsarQueryInformationPolicy2(dce, op2['PolicyHandle'], lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
sid = res['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
self.sid = sid
self.policy_handle = op2['PolicyHandle']
return DCE_Connection(dce, smbt) 示例6: dump
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def dump(self, SMBClient):
"""Dumps the list of users and shares registered present at
addr. Addr is a valid host name or IP address.
"""
print('\n')
rpctransport = transport.SMBTransport(SMBClient.getRemoteHost(), filename=r'\lsarpc',
smb_connection=SMBClient)
try:
self.__fetchList(rpctransport)
except Exception as e:
print('\n\t[!] Protocol failed: {0}'.format(e))
else:
# Got a response. No need for further iterations.
self.__pretty_print() 示例7: do_info
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def do_info(self, line):
if self.loggedIn is False:
LOG.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major'])
print("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor'])
print("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name'])
print("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment'])
print("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath'])
print("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users']) 示例8: dump
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def dump(self, addr):
"""Dumps the list of users and shares registered present at
addr. Addr is a valid host name or IP address.
"""
logging.info('Retrieving endpoint list from %s' % addr)
# Try all requested protocols until one works.
entries = []
for protocol in self.__protocols:
protodef = SAMRDump.KNOWN_PROTOCOLS[protocol]
port = protodef[1]
logging.info("Trying protocol %s..." % protocol)
rpctransport = transport.SMBTransport(addr, port, r'\samr', self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, doKerberos = self.__doKerberos)
try:
entries = self.__fetchList(rpctransport)
except Exception, e:
logging.critical(str(e))
else:
# Got a response. No need for further iterations.
break
# Display results. 示例9: get_version
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def get_version(self, host):
try:
rpctransport = transport.SMBTransport(self.smbconn[host].getServerName(), self.smbconn[host].getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smbconn[host])
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
info("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major'])
info("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor'])
info("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name'])
info("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment'])
info("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath'])
info("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users'])
except Exception as e:
color('[!] RPC Access denied...oh well')
color('[!]', e)
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
info(exc_type, fname, exc_tb.tb_lineno)
sys.exit() 示例10: dump
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def dump(self, addr):
"""Dumps the list of users and shares registered present at
addr. Addr is a valid host name or IP address.
"""
# Try all requested protocols until one works.
for protocol in self.__protocols:
protodef = SAMRDump.KNOWN_PROTOCOLS[protocol]
port = protodef[1]
rpctransport = transport.SMBTransport(addr, port, r'\samr',self.__username, self.__password)
try:
self.__fetchList(rpctransport)
except Exception as e:
self.logger.debug("PolEnum: Protocol failed: {0}".format(e))
else:
# Got a response. No need for further iterations.
self.__pretty_print()
break 示例11: do_info
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def do_info(self, line):
if self.loggedIn is False:
logging.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print "Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major']
print "Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor']
print "Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name']
print "Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment']
print "Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath']
print "Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users'] 示例12: getShares
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def getShares(self):
# Setup up a DCE SMBTransport with the connection already in place
LOG.info("Requesting shares on %s....." % (self.connection.getRemoteHost()))
try:
self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\srvsvc', smb_connection = self.connection)
dce_srvs = self._rpctransport.get_dce_rpc()
dce_srvs.connect()
dce_srvs.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce_srvs, 1)
return resp['InfoStruct']['ShareInfo']['Level1']
except:
LOG.critical("Error requesting shares on %s, aborting....." % (self.connection.getRemoteHost()))
raise 示例13: openSvcManager
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def openSvcManager(self):
LOG.info("Opening SVCManager on %s....." % self.connection.getRemoteHost())
# Setup up a DCE SMBTransport with the connection already in place
self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\svcctl', smb_connection = self.connection)
self.rpcsvc = self._rpctransport.get_dce_rpc()
self.rpcsvc.connect()
self.rpcsvc.bind(scmr.MSRPC_UUID_SCMR)
try:
resp = scmr.hROpenSCManagerW(self.rpcsvc)
except:
LOG.critical("Error opening SVCManager on %s....." % self.connection.getRemoteHost())
raise Exception('Unable to open SVCManager')
else:
return resp['lpScHandle'] 示例14: listShares
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def listShares(self):
"""
get a list of available shares at the connected target
:return: a list containing dict entries for each share, raises exception if error
"""
# Get the shares through RPC
from impacket.dcerpc.v5 import transport, srvs
rpctransport = transport.SMBTransport(self.getRemoteName(), self.getRemoteHost(), filename=r'\srvsvc',
smb_connection=self)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce, 1)
return resp['InfoStruct']['ShareInfo']['Level1']['Buffer'] 示例15: try_copy_library
# 需要导入模块: from impacket.dcerpc.v5 import transport [as 别名]
# 或者: from impacket.dcerpc.v5.transport import SMBTransport [as 别名]
def try_copy_library(self, lib_name):
rpctransport = transport.SMBTransport(self.smb.getRemoteName(), self.smb.getRemoteHost(),
filename=r'\srvsvc', smb_connection=self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrShareEnum(dce, 2)
l = []
ignore_shares = ["print$", "IPC$"]
for share in resp['InfoStruct']['ShareInfo']['Level2']['Buffer']:
share_name = share['shi2_netname'][:-1]
share_path = self.translate_smb_path(share['shi2_path'][:-1])
l.append([share_name, share_path])
# Randomize the list of shares instead of going from the first to the last
random.shuffle(l)
if len(self.customBinary) < 1:
real_file = self.get_real_library_name()
else:
real_file = self.customBinary
log("Using %s" % real_file)
for share in l:
log("Trying to copy library '%s' to share '%s'" % (lib_name, share))
if self.try_put(share, lib_name, real_file):
log("Done!")
return share[1]
return None