本文整理匯總了Python中impacket.dcerpc.v5.samr.hSamrConnect方法的典型用法代碼示例。如果您正苦於以下問題:Python samr.hSamrConnect方法的具體用法?Python samr.hSamrConnect怎麽用?Python samr.hSamrConnect使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類impacket.dcerpc.v5.samr的用法示例。
在下文中一共展示了samr.hSamrConnect方法的14個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: __getLocalAdminSids
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def __getLocalAdminSids(self):
dce = self.__getDceBinding(self.__samrBinding)
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, 'Builtin')
resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId'])
domainHandle = resp['DomainHandle']
resp = samr.hSamrOpenAlias(dce, domainHandle, desiredAccess=MAXIMUM_ALLOWED, aliasId=544)
resp = samr.hSamrGetMembersInAlias(dce, resp['AliasHandle'])
memberSids = []
for member in resp['Members']['Sids']:
memberSids.append(member['SidPointer'].formatCanonical())
dce.disconnect()
return memberSids 示例2: getUserSID
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def getUserSID(self):
stringBinding = r'ncacn_np:%s[\pipe\samr]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, self.__domain)
domainId = resp['DomainId']
resp = samr.hSamrOpenDomain(dce, serverHandle, domainId = domainId)
domainHandle = resp['DomainHandle']
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.__username,))
# Let's pick the relative ID
rid = resp['RelativeIds']['Element'][0]['Data']
logging.info("User SID: %s-%s"% (domainId.formatCanonical(), rid))
return domainId, rid 示例3: connectSamr
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def connectSamr(self, domain):
rpc = transport.DCERPCTransportFactory(self.__stringBindingSamr)
rpc.set_smb_connection(self.__smbConnection)
self.__samr = rpc.get_dce_rpc()
self.__samr.connect()
self.__samr.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(self.__samr)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(self.__samr, serverHandle, domain)
resp = samr.hSamrOpenDomain(self.__samr, serverHandle=serverHandle, domainId=resp['DomainId'])
self.__domainHandle = resp['DomainHandle']
self.__domainName = domain 示例4: test_hSamrConnect
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def test_hSamrConnect(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrConnect(dce)
resp.dump() 示例5: test_hSamrOpenDomain
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def test_hSamrOpenDomain(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrConnect(dce)
SID = 'S-1-5-352321536-2562177771-1589929855-2033349547'
sid = dtypes.RPC_SID()
sid.fromCanonical(SID)
try:
resp = samr.hSamrOpenDomain(dce, serverHandle = resp['ServerHandle'], domainId = sid)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise 示例6: test_hSamrEnumerateDomainsInSamServer
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def test_hSamrEnumerateDomainsInSamServer(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrConnect(dce, desiredAccess = samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN)
resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, resp['ServerHandle'])
resp2.dump()
resp3 = samr.hSamrLookupDomainInSamServer(dce, resp['ServerHandle'],resp2['Buffer']['Buffer'][0]['Name'] )
resp3.dump()
request = samr.SamrOpenDomain()
request['ServerHandle'] = resp['ServerHandle']
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['DomainId'] = resp3['DomainId']
resp4 = dce.request(request)
resp4.dump() 示例7: get_netdomain
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def get_netdomain(self):
resp = samr.hSamrConnect(self._rpc_connection)
server_handle = resp['ServerHandle']
# We first list every domain in the SAM
resp = samr.hSamrEnumerateDomainsInSamServer(self._rpc_connection, server_handle)
results = list()
for domain in resp['Buffer']['Buffer']:
results.append(domain['Name'])
return results 示例8: test_hSamrOpenDomain
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def test_hSamrOpenDomain(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrConnect(dce)
SID = 'S-1-5-352321536-2562177771-1589929855-2033349547'
sid = dtypes.RPC_SID()
sid.fromCanonical(SID)
try:
resp = samr.hSamrOpenDomain(dce, serverHandle = resp['ServerHandle'], domainId = sid)
resp.dump()
except Exception as e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise 示例9: initialize_dce
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def initialize_dce(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
server_handle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, server_handle)
domains = resp['Buffer']['Buffer']
self.log.info('[+] Found domain: {0}'.format(domains[0]['Name']))
resp = samr.hSamrLookupDomainInSamServer(dce, server_handle, domains[0]['Name'])
resp = samr.hSamrOpenDomain(dce, serverHandle=server_handle, domainId=resp['DomainId'])
domain_handle = resp['DomainHandle']
if self.enumerate_groups:
self.log.info('[*] Enumerating all Domain Group RIDs (Group/RID)')
self.enumerate_domain_groups(dce, domain_handle)
elif self.enumerate_users:
self.log.info('[*] Enumerating all Domain Users (RID/Username/Name/Description)')
self.enumerate_domain_users(dce, domain_handle)
elif self.enumerate_pass_policy:
self.log.info('[*] Enumerating domain password policy')
self.enumerate_password_policy(dce, domain_handle)
else:
self.log.info('[*] Enumerating RID {0} in the {1} domain..'.format(self.rid, domains[0]['Name']))
try:
self.enumerate_user_info(dce, domain_handle)
dce.disconnect()
return
except samr.DCERPCSessionError:
self.log.debug('[*] RID is not for a user. Trying again as a group.')
pass
try:
self.enumerate_users_in_group(dce, domain_handle)
except samr.DCERPCSessionError:
self.log.debug('[*] RID is not for a group either')
self.log.info('[-] RID not found')
dce.disconnect() 示例10: __fetchList
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print('Found domain(s):')
for domain in domains:
print(" . %s" % domain['Name'])
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print("Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] ))
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException as e:
logging.critical("Error listing users: %s" % e)
dce.disconnect()
return entries
# Process command-line arguments. 示例11: getDomainMachines
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def getDomainMachines(self):
if self.__kdcHost is not None:
domainController = self.__kdcHost
elif self.__domain is not '':
domainController = self.__domain
else:
raise Exception('A domain is needed!')
logging.info('Getting machine\'s list from %s' % domainController)
rpctransport = transport.SMBTransport(domainController, 445, r'\samr', self.__username, self.__password,
self.__domain, self.__lmhash, self.__nthash, self.__aesKey,
doKerberos=self.__doKerberos, kdcHost = self.__kdcHost)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, samr.USER_WORKSTATION_TRUST_ACCOUNT,
enumerationContext=enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
self.__machinesList.append(user['Name'][:-1])
logging.debug('Machine name - rid: %s - %d'% (user['Name'], user['RelativeId']))
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except Exception as e:
raise e
dce.disconnect() 示例12: __fetchList
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
done = False
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except Exception, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e) 示例13: __fetchList
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
entries = []
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
print 'Found domain(s):'
for domain in domains:
print " . %s" % domain['Name']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext)
except DCERPCException, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId'])
print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )
info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation)
entry = (user['Name'], user['RelativeId'], info['Buffer']['All'])
entries.append(entry)
samr.hSamrCloseHandle(dce, r['UserHandle'])
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except ListUsersException, e:
logging.critical("Error listing users: %s" % e) 示例14: getDomainMachines
# 需要導入模塊: from impacket.dcerpc.v5 import samr [as 別名]
# 或者: from impacket.dcerpc.v5.samr import hSamrConnect [as 別名]
def getDomainMachines(self):
if self.__kdcHost is not None:
domainController = self.__kdcHost
elif self.__domain is not '':
domainController = self.__domain
else:
raise Exception('A domain is needed!')
logging.info('Getting machine\'s list from %s' % domainController)
rpctransport = transport.SMBTransport(domainController, 445, r'\samr', self.__username, self.__password,
self.__domain, self.__lmhash, self.__nthash, self.__aesKey,
doKerberos=self.__doKerberos, kdcHost = self.__kdcHost)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
try:
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle)
domains = resp['Buffer']['Buffer']
logging.info("Looking up users in domain %s" % domains[0]['Name'])
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] )
resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId'])
domainHandle = resp['DomainHandle']
status = STATUS_MORE_ENTRIES
enumerationContext = 0
while status == STATUS_MORE_ENTRIES:
try:
resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, samr.USER_WORKSTATION_TRUST_ACCOUNT,
enumerationContext=enumerationContext)
except DCERPCException, e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
self.__machinesList.append(user['Name'][:-1])
logging.debug('Machine name - rid: %s - %d'% (user['Name'], user['RelativeId']))
enumerationContext = resp['EnumerationContext']
status = resp['ErrorCode']
except Exception, e:
raise e