當前位置: 首頁>>代碼示例>>Python>>正文


Python SAPRoutedStreamSocket.get_nisocket方法代碼示例

本文整理匯總了Python中pysap.SAPRouter.SAPRoutedStreamSocket.get_nisocket方法的典型用法代碼示例。如果您正苦於以下問題:Python SAPRoutedStreamSocket.get_nisocket方法的具體用法?Python SAPRoutedStreamSocket.get_nisocket怎麽用?Python SAPRoutedStreamSocket.get_nisocket使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在pysap.SAPRouter.SAPRoutedStreamSocket的用法示例。


在下文中一共展示了SAPRoutedStreamSocket.get_nisocket方法的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: do_connect

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
    def do_connect(self, args):
        """ Initiate the connection to the Message Server service. The
        connection is registered using the client_string runtime option. """

        # Create the socket connection
        try:
            self.connection = SAPRoutedStreamSocket.get_nisocket(self.options.remote_host,
                                                                 self.options.remote_port,
                                                                 self.options.route_string,
                                                                 base_cls=SAPMS)
        except SocketError as e:
            self._error("Error connecting with the Message Server")
            self._error(str(e))
            return

        self._print("Attached to %s / %d" % (self.options.remote_host, self.options.remote_port))

        # Send MS_LOGIN_2 packet
        p = SAPMS(flag=0x00, iflag=0x08, toname=self.runtimeoptions["client_string"],
                  fromname=self.runtimeoptions["client_string"])

        self._debug("Sending login packet")
        response = self.connection.sr(p)[SAPMS]

        if response.errorno == 0:
            self.runtimeoptions["server_string"] = response.fromname
            self._debug("Login performed, server string: %s" % response.fromname)
            self._print("pysap's Message Server monitor, connected to %s / %d" % (self.options.remote_host,
                                                                                  self.options.remote_port))
            self.connected = True
        else:
            if response.errorno in ms_errorno_values:
                self._error("Error performing login: %s" % ms_errorno_values[response.errorno])
            else:
                self._error("Unknown error performing login: %d" % response.errorno)
開發者ID:,項目名稱:,代碼行數:37,代碼來源:

示例2: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing IGS ZIPPER interpreter on %s:%d" % (options.remote_host,
                                                           options.remote_port))
    # open input file
    try:
        with open(options.file_input, 'rb') as f:
            file_input_content=f.read()
    except IOError:
        print("[!] Error reading %s file." % options.file_input)
        exit(2)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPIGS)

    # the xml request for zipper interpreter
    xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
    xml += '<FILE name="{}" '.format(options.file_input)
    xml += 'path="{}" '.format(options.file_path)
    xml += 'size="{}"/>'.format(len(file_input_content))
    xml += '</FILES></COMPRESS></REQUEST>'

    # create tables descriptions
    # table with xml content
    table_xml = SAPIGSTable.add_entry('XMLDESC', 1, len(xml), 1,
                                      'XMLDESC', len(xml)
                                      )
    # table with file content
    table_file = SAPIGSTable.add_entry('FILE1', 1, len(file_input_content), 1,
                                       'FILE1', len(file_input_content)
                                       )

    # get the futur offset where table entries begin
    offset = (len(table_xml) + len(table_file))

    # filling tables
    content_xml = xml
    content_file = file_input_content

    # total size of packet
    # total_size need to be a multiple of 1024
    total_size = offset + 244 # 244 IGS header size
    total_size += 1023
    total_size -= (total_size % 1024)

    # Put all together
    p = SAPIGS(function='ZIPPER', listener='L', offset_content=str(offset), packet_size=str(total_size))
    p = p / table_xml / table_file / content_xml / content_file

    # Send the IGS packet
    print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
    conn.send(p)
    print("[*] File sent.")
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:62,代碼來源:igs_rfc_zipper.py

示例3: send_crash

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def send_crash(host, port, item, verbose, route=None):
    # Create the connection to the SAP Netweaver server
    if verbose:
        print("[*] Sending crash")
    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(host, port, route, base_cls=SAPEnqueue)
    conn.send(item)
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:9,代碼來源:enqueue_dos_exploit.py

示例4: route_test

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def route_test(rhost, rport, thost, tport, talk_mode, router_version):

    print("[*] Routing connections to %s:%s" % (thost, tport))

    # Build the route to the target host passing through the SAP Router
    route = [SAPRouterRouteHop(hostname=rhost,
                               port=rport),
             SAPRouterRouteHop(hostname=thost,
                               port=tport)]

    # Try to connect to the target host using the routed stream socket
    try:
        conn = SAPRoutedStreamSocket.get_nisocket(route=route,
                                                  talk_mode=talk_mode,
                                                  router_version=router_version)
        conn.close()
        status = 'open'

    # If an SAPRouteException is raised, the route was denied or an error
    # occurred with the SAP router
    except SAPRouteException:
        status = 'denied'

    # Another error occurred on the server (e.g. timeout), mark the target as error
    except Exception:
        status = 'error'

    return status
開發者ID:aolihu,項目名稱:pysap,代碼行數:30,代碼來源:router_scanner.py

示例5: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(
        options.remote_host, options.remote_port, options.route_string, base_cls=SAPMS
    )
    print("[*] Connected to the message server %s:%d" % (options.remote_host, options.remote_port))

    client_string = options.client

    # Send MS_LOGIN_2 packet
    p = SAPMS(flag=0x00, iflag=0x08, toname=client_string, fromname=client_string)

    print("[*] Sending login packet")
    response = conn.sr(p)[SAPMS]

    print("[*] Login performed, server string: %s" % response.fromname)

    print("[*] Listening to server messages")
    try:
        while True:
            # Send MS_SERVER_LST packet
            response = conn.recv()[SAPMS]

            print("[*] Message received !")
            response.show()

    except SocketError:
        print("[*] Connection error")
    except KeyboardInterrupt:
        print("[*] Cancelled by the user")
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:37,代碼來源:ms_listener.py

示例6: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    domain = ms_domain_values_inv[options.domain]

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPMS)
    print("[*] Connected to the message server %s:%d" % (options.remote_host, options.remote_port))

    client_string = options.client

    # Send MS_LOGIN_2 packet
    p = SAPMS(flag=0x00, iflag=0x08, domain=domain, toname=client_string, fromname=client_string)

    print("[*] Sending login packet")
    response = conn.sr(p)[SAPMS]

    print("[*] Login performed, server string: %s" % response.fromname)

    # Sends a message to another client
    p = SAPMS(flag=0x02, iflag=0x01, domain=domain, toname=options.target, fromname=client_string, opcode=1)
    p /= Raw(options.message)

    print("[*] Sending packet to: %s" % options.target)
    conn.send(p)
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:33,代碼來源:ms_messager.py

示例7: test_saproutedstreamsocket_getnisocket

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
    def test_saproutedstreamsocket_getnisocket(self):
        """Test SAPRoutedStreamSocket get nisocket class method"""
        self.start_server(SAPRouterServerTestHandler)

        # Test using a complete route
        route = [SAPRouterRouteHop(hostname=self.test_address,
                                   port=self.test_port),
                 SAPRouterRouteHop(hostname="10.0.0.1",
                                   port="3200")]
        self.client = SAPRoutedStreamSocket.get_nisocket(route=route,
                                                         router_version=40)

        packet = self.client.sr(self.test_string)
        self.assertIn(SAPNI, packet)
        self.assertEqual(packet[SAPNI].length, len(self.test_string) + 4)
        self.assertEqual(unpack("!I", packet[SAPNI].payload.load[:4]), (len(self.test_string), ))
        self.assertEqual(packet[SAPNI].payload.load[4:], self.test_string)

        # Test using a route and a target host/port
        route = [SAPRouterRouteHop(hostname=self.test_address,
                                   port=self.test_port)]
        self.client = SAPRoutedStreamSocket.get_nisocket("10.0.0.1",
                                                         "3200",
                                                         route=route,
                                                         router_version=40)

        packet = self.client.sr(self.test_string)
        self.assertIn(SAPNI, packet)
        self.assertEqual(packet[SAPNI].length, len(self.test_string) + 4)
        self.assertEqual(unpack("!I", packet[SAPNI].payload.load[:4]), (len(self.test_string), ))
        self.assertEqual(packet[SAPNI].payload.load[4:], self.test_string)

        # Test using a route string
        route = "/H/%s/S/%s/H/10.0.0.1/S/3200" % (self.test_address,
                                                  self.test_port)
        self.client = SAPRoutedStreamSocket.get_nisocket(route=route,
                                                         router_version=40)

        packet = self.client.sr(self.test_string)
        self.assertIn(SAPNI, packet)
        self.assertEqual(packet[SAPNI].length, len(self.test_string) + 4)
        self.assertEqual(unpack("!I", packet[SAPNI].payload.load[:4]), (len(self.test_string), ))
        self.assertEqual(packet[SAPNI].payload.load[4:], self.test_string)

        self.client.close()
        self.stop_server()
開發者ID:,項目名稱:,代碼行數:48,代碼來源:

示例8: connect

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
 def connect(self):
     """Creates a :class:`SAPNIStreamSocket` connection to the host/port. If a route
     was specified, connect to the target Diag server through the SAP Router.
     """
     self._connection = SAPRoutedStreamSocket.get_nisocket(self.host,
                                                           self.port,
                                                           self.route,
                                                           base_cls=SAPDiag)
開發者ID:HPxpat,項目名稱:pysap,代碼行數:10,代碼來源:SAPDiagClient.py

示例9: do_connect

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
    def do_connect(self, args):
        """ Initiate the connection to the Gateway service. The connection is
        registered using the client_string runtime option. """

        # Create the socket connection
        try:
            self.connection = SAPRoutedStreamSocket.get_nisocket(self.options.remote_host,
                                                                 self.options.remote_port,
                                                                 self.options.route_string,
                                                                 base_cls=SAPRFC)
        except SocketError as e:
            self._error("Error connecting with the Gateway service")
            self._error(str(e))
            return

        self._print("Attached to %s / %d" % (self.options.remote_host, self.options.remote_port))
開發者ID:HPxpat,項目名稱:pysap,代碼行數:18,代碼來源:rfc_monitor.py

示例10: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing IGS ZIPPER interpreter on %s:%d" % (options.remote_host,
                                                           options.remote_port))
    # open input file
    try:
        with open(options.file_input, 'rb') as f:
            file_input_content = f.read()
    except IOError:
        print("[!] Error reading %s file." % options.file_input)
        exit(2)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              talk_mode=1)

    # the xml request for zipper interpreter
    xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
    xml += '<FILE name="%s" ' % (options.file_input)
    xml += 'path="%s" ' % (options.file_path)
    xml += 'size="%s"/>' % (len(file_input_content))
    xml += '</FILES></COMPRESS></REQEST>'

    # http request type multipart/form-data
    files = {"xml": ("xml", xml), "zipme": ("zipme", file_input_content)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'ZIPPER', files)

    # Send/Receive request
    print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
    conn.send(p)
    print("[*] Response :")
    response = conn.recv(1024)
    response.show()

    # Extract zip from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print("http://%s:%d%s" % (options.remote_host,
                                      options.remote_port,
                                      url.split('"')[1]))
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:49,代碼來源:igs_http_zipper.py

示例11: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing XXE over IGS XMLCHART on http://%s:%d" % (options.remote_host,
                                                                 options.remote_port))

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              talk_mode=1)

    # XML Data content
    data = '''<?xml version="1.0" encoding="utf-8"?>
              <ChartData>
                <Categories>
                  <Category>Fus Ro Dah</Category>
                </Categories>
                <Series label="bla">
                  <Point><Value type="y">42</Value></Point>
                </Series>
              </ChartData>'''

    # http POST request type multipart/form-data
    files = {'data': ('data', data)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'XMLCHART', files)

    # Send/Receive request
    print("[*] Send request to IGS...")
    conn.send(p)
    print("[*] Response :")
    response = conn.recv(1024)
    response.show()

    # Extract picture from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print("http://%s:%d%s" % (options.remote_host,
                                      options.remote_port,
                                      url.split('"')[1]))
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:46,代碼來源:igs_http_xmlchart.py

示例12: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPMS)
    print("[*] Connected to the message server %s:%d" % (options.remote_host, options.remote_port))

    client_string = options.client

    # Send MS_LOGIN_2 packet
    p = SAPMS(flag=0x00, iflag=0x08, toname=client_string, fromname=client_string)

    print("[*] Sending login packet:")
    response = conn.sr(p)[SAPMS]

    print("[*] Login OK, Server string: %s" % response.fromname)
    server_string = response.fromname

    # Send a Dump Info packet for each possible Dump
    for i in ms_dump_command_values.keys():

        # Skip MS_DUMP_MSADM and MS_DUMP_COUNTER commands as the info
        # is included in other dump commands
        if i in [1, 12]:
            continue

        p = SAPMS(flag=0x02, iflag=0x01, toname=server_string,
                  fromname=client_string, opcode=0x1e, dump_dest=0x02,
                  dump_command=i)

        print("[*] Sending dump info", ms_dump_command_values[i])
        response = conn.sr(p)[SAPMS]

        if (response.opcode_error != 0):
            print("Error:", ms_opcode_error_values[response.opcode_error])
        print(response.opcode_value)
開發者ID:,項目名稱:,代碼行數:44,代碼來源:

示例13: client_mode

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def client_mode(options):
    """"Implements the niping client running mode

    :param options: option set from the command line
    :type options: Values
    """

    times = []
    p = Raw("EYECATCHER" + "\x00" * (options.buffer_size - 10))

    try:
        # Establish the connection
        conn = SAPRoutedStreamSocket.get_nisocket(options.host, options.port, options.route_string)
        print("")
        print(datetime.today().ctime())
        print("connect to server o.k.")

        # Send the messages
        for i in range(options.loops):

            # Send the packet and grab the response
            start_time = datetime.now()
            r = conn.sr(p)
            end_time = datetime.now()

            # Check the response
            if str(r.payload) != str(p):
                print("[-] Response on message {} differs".format(i))

            # Calculate and record the elapsed time
            times.append(end_time - start_time)

        # Close the connection properly
        conn.send(Raw())
        conn.close()

    except SocketError:
        print("[*] Connection error")
    except KeyboardInterrupt:
        print("[*] Cancelled by the user")

    if times:
        print("")
        print(datetime.today().ctime())
        print("send and receive {} messages (len {})".format(len(times), options.buffer_size))

        # Calculate the stats
        times = [x.total_seconds() * 1000 for x in times]
        times_min = min(times)
        times_max = max(times)
        times_avg = float(sum(times)) / max(len(times), 1)
        times_tr = float(options.buffer_size * len(times)) / float(sum(times))

        times2 = [x for x in times if x not in [times_min, times_max]]
        times2_avg = float(sum(times2)) / max(len(times2), 1)
        times2_tr = float(options.buffer_size * len(times2)) / float(sum(times2))

        # Print the stats
        print("")
        print("------- times -----")
        print("avg  {:8.3f} ms".format(times_avg))
        print("max  {:8.3f} ms".format(times_max))
        print("min  {:8.3f} ms".format(times_min))
        print("tr   {:8.3f} kB/s".format(times_tr))

        print("excluding max and min:")
        print("av2  {:8.3f} ms".format(times2_avg))
        print("tr2  {:8.3f} kB/s".format(times2_tr))
        print("")
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:71,代碼來源:router_niping.py

示例14: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    # initiate the connection :
    print("[*] Initiate connection to message server %s:%d" % (options.remote_host, options.remote_port))
    try:
        conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                                  options.remote_port,
                                                  options.route_string,
                                                  base_cls=SAPMS)
    except Exception as e:
        print(e)
        print ("Error during MS connection. Is internal ms port %d reachable ?" % options.remote_port)
    else:
        print ("[*] Connected. I check parameters...")
        client_string = options.client
        # Send MS_LOGIN_2 packet
        p = SAPMS(flag=0x00, iflag=0x08, toname=client_string, fromname=client_string)
        print("[*] Sending login packet:")
        response = conn.sr(p)[SAPMS]
        print("[*] Login OK, Server string: %s\n" % response.fromname)
        server_string = response.fromname

        try:
            with open(options.file_param) as list_param:
                for line in list_param.readlines():
                    line = line.strip()

                    # Check for comments or empty lines
                    if len(line) == 0 or line.startswith("#"):
                        continue

                    # Get parameters, check type and expected value
                    # param2c = the SAP parameter to check
                    # check_type = EQUAL, SUP, INF, REGEX, <none>
                    # value2c = the expect value for 'ok' status
                    (param2c, check_type, value2c) = line.split(':')
                    status = '[!]'

                    # create request
                    adm = SAPMSAdmRecord(opcode=0x1, parameter=param2c)
                    p = SAPMS(toname=server_string, fromname=client_string, version=4, flag=0x04, iflag=0x05,
                              adm_records=[adm])

                    # send request
                    respond = conn.sr(p)[SAPMS]
                    value = respond.adm_records[0].parameter.replace(respond.adm_records[0].parameter.split('=')[0] +
                                                                     '=', '')

                    # Verify if value match with expected value
                    if value == '':
                        value = 'NOT_EXIST'
                        status = '[ ]'
                    elif check_type == 'EQUAL':
                        if value.upper() == str(value2c).upper():
                            status = '[+]'
                    elif check_type == 'NOTEQUAL':
                        if value.upper() != str(value2c).upper():
                            status = '[+]'
                    elif check_type == 'REGEX':
                        if re.match(value2c.upper(), value.upper()) and value2c != 'NOT_EXIST':
                            status = '[+]'
                    elif check_type == 'SUP':
                        if float(value) >= float(value2c):
                            status = '[+]'
                    elif check_type == 'INF':
                        if float(value) <= float(value2c):
                            status = '[+]'
                    else:
                            status = '[ ]'

                    # display result
                    print ("%s %s = %s" % (status, param2c, value))

        except IOError:
            print("Error reading parameters file !")
            exit(0)
        except ValueError:
            print("Invalid parameters file format or access denied!")
            exit(0)
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:85,代碼來源:ms_dump_param.py

示例15: main

# 需要導入模塊: from pysap.SAPRouter import SAPRoutedStreamSocket [as 別名]
# 或者: from pysap.SAPRouter.SAPRoutedStreamSocket import get_nisocket [as 別名]
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    domain = ms_domain_values_inv[options.domain]

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPMS)
    print("[*] Connected to the message server %s:%d" % (options.remote_host, options.remote_port))

    # Set release information
    prop = SAPMSProperty(id=7, release="720", patchno=70, supplvl=0, platform=0)
    p = SAPMS(flag=0x01, iflag=0x01, domain=domain, toname="MSG_SERVER", fromname=options.client, opcode=0x43, property=prop)
    print("[*] Setting release information")
    conn.send(p)

    # Perform the login enabling the DIA+BTC+ICM services
    p = SAPMS(flag=0x08, iflag=0x08, msgtype=0x89, domain=domain, toname="-", fromname=options.client)
    print("[*] Sending login packet")
    conn.sr(p)[SAPMS]
    print("[*] Login performed")

    # Changing the status to starting
    p = SAPMS(flag=0x01, iflag=0x09, msgtype=0x05, domain=domain, toname="-", fromname=options.client)
    print("[*] Changing server's status to starting")
    conn.send(p)

    # Set IP address
    p = SAPMS(flag=0x01, iflag=0x01, domain=domain, toname="MSG_SERVER", fromname=options.client, opcode=0x06,
              opcode_version=0x01, change_ip_addressv4=options.logon_address)
    print("[*] Setting IP address")
    response = conn.sr(p)[SAPMS]
    print("[*] IP address set")
    response.show()

    # Set logon information
    l = SAPMSLogon(type=2, port=3200, address=options.logon_address, host=options.client, misc="LB=3")
    p = SAPMS(flag=0x01, iflag=0x01, msgtype=0x01, domain=domain, toname="MSG_SERVER", fromname=options.client,
              opcode=0x2b, logon=l)
    print("[*] Setting logon information")
    response = conn.sr(p)[SAPMS]
    print("[*] Logon information set")
    response.show()

    # Set the IP Address property
    prop = SAPMSProperty(client=options.client, id=0x03, address=options.logon_address)
    p = SAPMS(flag=0x02, iflag=0x01, domain=domain, toname="-", fromname=options.client,
              opcode=0x43, property=prop)
    print("[*] Setting IP address property")
    response = conn.sr(p)[SAPMS]
    print("[*] IP Address property set")
    response.show()

    # Changing the status to active
    p = SAPMS(flag=0x01, iflag=0x09, msgtype=0x01, domain=domain, toname="-", fromname=options.client)
    print("[*] Changing server's status to active")
    conn.send(p)

    # Wait for connections
    try:
        while True:
            response = conn.recv()[SAPMS]
            response.show()

    except KeyboardInterrupt:
        print("[*] Cancelled by the user !")

    # Send MS_LOGOUT packet
    p = SAPMS(flag=0x00, iflag=0x04, domain=domain, toname="MSG_SERVER", fromname=options.client)
    print("[*] Sending logout packet")
    conn.send(p)
開發者ID:CoreSecurity,項目名稱:pysap,代碼行數:78,代碼來源:ms_impersonator.py


注:本文中的pysap.SAPRouter.SAPRoutedStreamSocket.get_nisocket方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。