本文整理汇总了Python中impacket.dcerpc.v5.wkst.hNetrWkstaUserEnum方法的典型用法代码示例。如果您正苦于以下问题:Python wkst.hNetrWkstaUserEnum方法的具体用法?Python wkst.hNetrWkstaUserEnum怎么用?Python wkst.hNetrWkstaUserEnum使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.wkst的用法示例。
在下文中一共展示了wkst.hNetrWkstaUserEnum方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_netloggedon
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import hNetrWkstaUserEnum [as 别名]
def get_netloggedon(self):
self.loggedon = {}
self.create_rpc_con(r'\wkssvc')
try:
resp = wkst.hNetrWkstaUserEnum(self.rpc_connection, 1)
except DCERPCException as e:
return list()
results = list()
for wksta_user in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']:
self.loggedon[wksta_user['wkui1_username'].strip('\x00')] = {
'domain' : wksta_user['wkui1_logon_domain'].strip('\x00'),
'logon_srv' : wksta_user['wkui1_logon_server'].strip('\x00'),
'user' : wksta_user['wkui1_username'].strip('\x00'),
}
self.rpc_connection.disconnect() 示例2: test_hNetrWkstaUserEnum
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import hNetrWkstaUserEnum [as 别名]
def test_hNetrWkstaUserEnum(self):
dce, rpctransport = self.connect()
resp = wkst.hNetrWkstaUserEnum(dce, 0)
resp.dump()
resp = wkst.hNetrWkstaUserEnum(dce, 1)
resp.dump() 示例3: get_netloggedon
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import hNetrWkstaUserEnum [as 别名]
def get_netloggedon(self):
try:
resp = wkst.hNetrWkstaUserEnum(self._rpc_connection, 1)
except DCERPCException:
return list()
results = list()
for wksta_user in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']:
results.append(rpcobj.WkstaUser(wksta_user))
return results
# TODO: if self._target_computer == self._domain_controller, check that
# self._domain_controller is indeed a domain controller 示例4: rpc_get_loggedon
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import hNetrWkstaUserEnum [as 别名]
def rpc_get_loggedon(self):
"""
Query logged on users via RPC.
Requires admin privs
"""
binding = r'ncacn_np:%s[\PIPE\wkssvc]' % self.addr
loggedonusers = set()
dce = self.dce_rpc_connect(binding, wkst.MSRPC_UUID_WKST)
if dce is None:
logging.warning('Connection failed: %s', binding)
return
try:
# 1 means more detail, including the domain
resp = wkst.hNetrWkstaUserEnum(dce, 1)
for record in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']:
# Skip computer accounts
if record['wkui1_username'][-2] == '$':
continue
# Skip sessions for local accounts
if record['wkui1_logon_domain'][:-1].upper() == self.samname.upper():
continue
domain = record['wkui1_logon_domain'][:-1].upper()
domain_entry = self.ad.get_domain_by_name(domain)
if domain_entry is not None:
domain = ADUtils.ldap2domain(domain_entry['attributes']['distinguishedName'])
logging.debug('Found logged on user at %s: %s@%s' % (self.hostname, record['wkui1_username'][:-1], domain))
loggedonusers.add((record['wkui1_username'][:-1], domain))
except DCERPCException as e:
if 'rpc_s_access_denied' in str(e):
logging.debug('Access denied while enumerating LoggedOn on %s, probably no admin privs', self.hostname)
else:
logging.debug('Exception connecting to RPC: %s', e)
except Exception as e:
if 'connection reset' in str(e):
logging.debug('Connection was reset: %s', e)
else:
raise e
dce.disconnect()
return list(loggedonusers) 示例5: getLoggedIn
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import hNetrWkstaUserEnum [as 别名]
def getLoggedIn(self, target):
if self.__targets[target]['Admin'] is False:
return
if self.__targets[target]['WKST'] is None:
stringWkstBinding = r'ncacn_np:%s[\PIPE\wkssvc]' % target
rpctransportWkst = transport.DCERPCTransportFactory(stringWkstBinding)
if hasattr(rpctransportWkst, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransportWkst.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash,
self.__nthash, self.__aesKey)
rpctransportWkst.set_kerberos(self.__doKerberos, self.__kdcHost)
dce = rpctransportWkst.get_dce_rpc()
dce.connect()
dce.bind(wkst.MSRPC_UUID_WKST)
self.__maxConnections -= 1
else:
dce = self.__targets[target]['WKST']
try:
resp = wkst.hNetrWkstaUserEnum(dce,1)
except Exception, e:
if str(e).find('Broken pipe') >= 0:
# The connection timed-out. Let's try to bring it back next round
self.__targets[target]['WKST'] = None
self.__maxConnections += 1
return
elif str(e).upper().find('ACCESS_DENIED'):
# We're not admin, bye
dce.disconnect()
self.__maxConnections += 1
self.__targets[target]['Admin'] = False
return
else:
raise 示例6: sessions
# 需要导入模块: from impacket.dcerpc.v5 import wkst [as 别名]
# 或者: from impacket.dcerpc.v5.wkst import hNetrWkstaUserEnum [as 别名]
def sessions(self, targets):
for target in targets:
users = []
try:
target_computer = target
self._create_rpc_connection(target_computer)
print target_computer
print "-----------------"
smb = SMBConnection('*SMBSERVER', target_computer, sess_port=445, timeout=5)
smb.login(self._user, self._password, self._domain)
try:
sess = wkst.hNetrWkstaUserEnum(self._rpc_connection, 1)
except DCERPCException, e:
users = []
print colors.RD + " [-]" + colors.NRM + " User does not have access"
continue
for wksta_user in sess['UserInfo']['WkstaUserInfo']['Level1']['Buffer']:
userName = wksta_user['wkui1_username'][:-1]
logonDomain = wksta_user['wkui1_logon_domain'][:-1]
if "$" in userName:
pass
else:
user = '%s\%s' % (logonDomain, userName)
if user in users:
pass
else:
users.append(user)
print " Currently Logged On"
print " -------------------"
for user in users:
print " " + colors.GRN + "[+] " + colors.NRM + user
del users
share = 'C$'
path = '\\Users\\*'
read = smb.listPath(share, path)
print "\n Users Who Have Logged On"
print " -------------------------"
for r in read:
if r.get_longname() == "Public" or r.get_longname() == "All Users" or r.get_longname() == "Default" or r.get_longname() == "Default User" or r.get_longname() == "." or r.get_longname() == "..":
pass
else:
if r.is_directory():
print colors.GRN + " [+] " + colors.NRM + r.get_longname() + " lastlogon: " + time.ctime(float(r.get_mtime_epoch()))
except UnboundLocalError as e:
print target
users = []
print e
print colors.RD + " [-] " + colors.NRM + "User does not have access"
continue