本文整理匯總了Python中impacket.dcerpc.v5.lsat.hLsarLookupSids方法的典型用法代碼示例。如果您正苦於以下問題:Python lsat.hLsarLookupSids方法的具體用法?Python lsat.hLsarLookupSids怎麽用?Python lsat.hLsarLookupSids使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類impacket.dcerpc.v5.lsat的用法示例。
在下文中一共展示了lsat.hLsarLookupSids方法的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: test_hLsarLookupSids
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def test_hLsarLookupSids(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsat.hLsarLookupNames(dce, policyHandle, ('Administrator',))
resp.dump()
domainSid = resp['ReferencedDomains']['Domains'][0]['Sid'].formatCanonical()
sids = list()
for i in range(1000):
sids.append(domainSid + '-%d' % (500+i))
try:
resp = lsat.hLsarLookupSids(dce, policyHandle, sids )
resp.dump()
except Exception, e:
if str(e).find('STATUS_SOME_NOT_MAPPED') < 0:
raise
else:
resp = e.get_packet()
resp.dump() 示例2: test_hLsarLookupSids
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def test_hLsarLookupSids(self):
dce, rpctransport, policyHandle = self.connect()
resp = lsat.hLsarLookupNames(dce, policyHandle, ('Administrator',))
resp.dump()
domainSid = resp['ReferencedDomains']['Domains'][0]['Sid'].formatCanonical()
sids = list()
for i in range(1000):
sids.append(domainSid + '-%d' % (500+i))
try:
resp = lsat.hLsarLookupSids(dce, policyHandle, sids )
resp.dump()
except Exception as e:
if str(e).find('STATUS_SOME_NOT_MAPPED') < 0:
raise
else:
resp = e.get_packet()
resp.dump() 示例3: execute
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def execute(self, host, port='139', user='', password='', sid=None, rid=None, persistent='1'):
fp, _ = self.bind(host, port, user, password, sid)
if rid:
sid = '%s-%s' % (self.sid, rid)
else:
sid = self.sid
try:
res = lsat.hLsarLookupSids(fp, self.policy_handle, [sid], lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
code, names = 0, []
for n, item in enumerate(res['TranslatedNames']['Names']):
names.append("%s\\%s (%s)" % (res['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'], SID_NAME_USE.enumItems(item['Use']).name[7:]))
except lsat.DCERPCSessionError:
code, names = 1, ['unknown'] # STATUS_NONE_MAPPED
if persistent == '0':
self.reset()
return self.Response(code, ', '.join(names))
# }}}
# POP {{{ 示例4: __resolveSids
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def __resolveSids(self, sids):
dce = self.__getDceBinding(self.__lsaBinding)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for n, item in enumerate(resp['TranslatedNames']['Names']):
names.append(u"{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'].encode('utf-16-le'), item['Name']))
dce.disconnect()
return names 示例5: getParentSidAndAdminName
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def getParentSidAndAdminName(self, parentDC, creds):
if self.__doKerberos is True:
# In Kerberos we need the target's name
machineNameOrIp = self.getDNSMachineName(gethostbyname(parentDC))
logging.debug('%s is %s' % (gethostbyname(parentDC), machineNameOrIp))
else:
machineNameOrIp = gethostbyname(parentDC)
logging.debug('Calling LSAT hLsarQueryInformationPolicy2()')
stringBinding = r'ncacn_np:%s[\pipe\lsarpc]' % machineNameOrIp
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(creds['username'], creds['password'], creds['domain'], creds['lmhash'],
creds['nthash'], creds['aesKey'])
rpctransport.set_kerberos(self.__doKerberos)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(MSRPC_UUID_LSAT)
resp = hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = hLsarQueryInformationPolicy2(dce, policyHandle, POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
# Now that we have the Sid, let's get the Administrator's account name
sids = list()
sids.append(domainSid+'-500')
resp = hLsarLookupSids(dce, policyHandle, sids, LSAP_LOOKUP_LEVEL.LsapLookupWksta)
adminName = resp['TranslatedNames']['Names'][0]['Name']
return domainSid, adminName 示例6: __resolveSids
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def __resolveSids(self, sids):
dce = self.__getDceBinding(self.__lsaBinding)
dce.connect()
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsat.hLsarLookupSids(dce, policyHandle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
names = []
for n, item in enumerate(resp['TranslatedNames']['Names']):
names.append("{}\\{}".format(resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'].encode('utf-16-le'), item['Name']))
dce.disconnect()
return names 示例7: __bruteForce
# 需要導入模塊: from impacket.dcerpc.v5 import lsat [as 別名]
# 或者: from impacket.dcerpc.v5.lsat import hLsarLookupSids [as 別名]
def __bruteForce(self, rpctransport, maxRid):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
# Want encryption? Uncomment next line
# But make SIMULTANEOUS variable <= 100
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY)
# Want fragmentation? Uncomment next line
#dce.set_max_fragment_size(32)
dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
policyHandle = resp['PolicyHandle']
resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
domainSid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()
soFar = 0
SIMULTANEOUS = 1000
for j in range(maxRid/SIMULTANEOUS+1):
if (maxRid - soFar) / SIMULTANEOUS == 0:
sidsToCheck = (maxRid - soFar) % SIMULTANEOUS
else:
sidsToCheck = SIMULTANEOUS
if sidsToCheck == 0:
break
sids = list()
for i in xrange(soFar, soFar+sidsToCheck):
sids.append(domainSid + '-%d' % i)
try:
lsat.hLsarLookupSids(dce, policyHandle, sids,lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
except DCERPCException, e:
if str(e).find('STATUS_NONE_MAPPED') >= 0:
soFar += SIMULTANEOUS
continue
elif str(e).find('STATUS_SOME_NOT_MAPPED') >= 0:
resp = e.get_packet()
else:
raise
for n, item in enumerate(resp['TranslatedNames']['Names']):
if item['Use'] != SID_NAME_USE.SidTypeUnknown:
print "%d: %s\\%s (%s)" % (
soFar + n, resp['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'],
SID_NAME_USE.enumItems(item['Use']).name)
soFar += SIMULTANEOUS