def run(self):
if self.__options.targets is not None:
for line in self.__options.targets.readlines():
self.__machinesList.append(line.strip(' \r\n'))
else:
self.__machinesList.append(self.__options.target)
logging.info('Gathering OS architecture for %d machines' % len(self.__machinesList))
logging.info('Socket connect timeout set to %s secs' % self.__options.timeout)
for machine in self.__machinesList:
try:
stringBinding = r'ncacn_ip_tcp:%s[135]' % machine
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(int(self.__options.timeout))
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=self.NDR64Syntax)
except DCERPCException as e:
if str(e).find('syntaxes_not_supported') >= 0:
print('%s is 32-bit' % machine)
else:
logging.error(str(e))
pass
else:
print('%s is 64-bit' % machine)
dce.disconnect()
except Exception as e:
#import traceback
#traceback.print_exc()
logging.error('%s: %s' % (machine, str(e)))
def run(self):
if self.__options.targets is not None:
for line in self.__options.targets.readlines():
self.__machinesList.append(line.strip(' \r\n'))
else:
self.__machinesList.append(self.__options.target)
logging.info('Gathering OS architecture for %d machines' % len(self.__machinesList))
logging.info('Socket connect timeout set to %s secs' % self.__options.timeout)
for machine in self.__machinesList:
try:
stringBinding = r'ncacn_ip_tcp:%s[135]' % machine
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(int(self.__options.timeout))
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=self.NDR64Syntax)
except DCERPCException, e:
if str(e).find('syntaxes_not_supported') >= 0:
print '%s is 32-bit' % machine
else:
logging.error(str(e))
pass
else:
print '%s is 64-bit' % machine
dce.disconnect()
def get_arch(self):
options = Namespace()
options.target = self.target
NDR64Syntax = ("71710533-BEBA-4937-8319-B5DBEF9CCC36", "1.0")
try:
stringBinding = r"ncacn_ip_tcp:%s[135]" % self.target
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(2)
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=NDR64Syntax)
except DCERPCException as e:
if str(e).find("syntaxes_not_supported") >= 0:
return 32
else:
print(str(e))
pass
else:
return 64
dce.disconnect()
except Exception as e:
print(f"{self.target}, {str(e)}")
print(f"Failed to determine {self.target} architecture")
print("Attempt to proceed with 32 bit procdump")
return 32
def DCE(transport, timeout=2):
try:
t = DCERPCTransportFactory(transport)
t.set_connect_timeout(int(timeout))
d = t.get_dce_rpc()
d.connect()
return d
except Exception, e:
print('%s: %s' % (transport, str(e)))
def get_os_arch(self):
# Credit: https://github.com/byt3bl33d3r/CrackMapExec/blob/master/cme/protocols/smb.py
# Credit: https://github.com/SecureAuthCorp/impacket/blob/impacket_0_9_19/examples/getArch.py
try:
stringBinding = r'ncacn_ip_tcp:{}[135]'.format(self.host)
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(5)
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'))
except DCERPCException as e:
if str(e).find('syntaxes_not_supported') >= 0:
dce.disconnect()
return 32
else:
dce.disconnect()
return 64
except:
return 0
def get_os_arch(self, host):
try:
stringBinding = r'ncacn_ip_tcp:{}[135]'.format(host)
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(5)
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'))
except DCERPCException as e:
if str(e).find('syntaxes_not_supported') >= 0:
dce.disconnect()
return 32
else:
dce.disconnect()
return 64
except Exception as e:
print('Error retrieving os arch of {}: {}'.format(host, str(e)))
return 0
def get_os_arch(target):
try:
stringBinding = r'ncacn_ip_tcp:{}[135]'.format(target)
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(5)
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP,
transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36',
'1.0'))
except DCERPCException as e:
if str(e).find('syntaxes_not_supported') >= 0:
return 32
else:
pass
else:
return 64
dce.disconnect()
except Exception as e:
logging.warning('%sErr with get_os_arch for %s: %s' %
(warningRed, target, str(e)))
def get_os_arch():
try:
stringBinding = r'ncacn_ip_tcp:{}[135]'.format(ipAddress)
transport = DCERPCTransportFactory(stringBinding)
transport.set_connect_timeout(5)
dce = transport.get_dce_rpc()
dce.connect()
try:
dce.bind(MSRPC_UUID_PORTMAP,
transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36',
'1.0'))
except (DCERPCException, e):
if str(e).find('syntaxes_not_supported') >= 0:
dce.disconnect()
return "x32"
else:
dce.disconnect()
return "x64"
except Exception as e:
logging.debug('Error retrieving os arch of {}: {}'.format(
ipAddress, str(e)))
return 0
