def do(self):
try:
# Connecting to MGMT interface
self.__dce.bind(mgmt.MSRPC_UUID_MGMT)
# Retrieving interfaces UUIDs from the MGMT interface
ifids = mgmt.hinq_if_ids(self.__dce)
# If -brute-uuids is set, bruteforcing UUIDs instead of parsing ifids
# We must do it after mgmt.hinq_if_ids to prevent a specified account from being locked out
if self.__brute_uuids:
self.bruteforce_uuids()
return
uuidtups = set(
uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData())
for index in range(ifids['if_id_vector']['count'])
)
# Adding MGMT interface itself
uuidtups.add(('AFA8BD80-7D8A-11C9-BEF4-08002B102989', '1.0'))
for tup in sorted(uuidtups):
self.handle_discovered_tup(tup)
except DCERPCException as e:
# nca_s_unk_if for Windows SMB
# reason_not_specified for Samba 4
# abstract_syntax_not_supported for Samba 3
if str(e).find('nca_s_unk_if') >= 0 or \
str(e).find('reason_not_specified') >= 0 or \
str(e).find('abstract_syntax_not_supported') >= 0:
logging.info("MGMT Interface not available, bruteforcing UUIDs. The result may not be complete.\n")
self.bruteforce_uuids()
else:
raise
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
dce.connect()
iid = uuid.uuidtup_to_bin(("afa8bd80-7d8a-11c9-bef4-08002b102989", "1.0"))
dce.bind(iid)
dcemgmt = mgmt.DCERPCMgmt(dce)
ifids = dcemgmt.inq_if_ids()
uuidtups = set(
uuid.bin_to_uuidtup(ifids.get_if_binuuid(index))
for index in range(ifids.get_ifcount())
)
dce.disconnect()
probes = uuidtups | uuid_database
for tup in sorted(probes):
listed = tup in uuidtups
dce.connect()
binuuid = uuid.uuidtup_to_bin(tup)
try:
dce.bind(binuuid)
except dcerpc.Exception, e:
resp = dcerpc.MSRPCBindAck(str(e.args[1]))
if (resp.getCtxItem(1)['Result'], resp.getCtxItem(1)['Reason']) == (2, 1):
listening = False
else:
raise
else:
listening = True
listed = tup in uuidtups
otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups)
if listed or listening:
print "%r: %s, %s" % (
tup,
"listed" if listed else "other version listed" if otherversion else "not listed",
"listening" if listening else "not listening"
)
def main(args):
# Init the example's logger theme
logger.init()
if len(args) != 2:
print("usage: ./ifmap.py <host> <port>")
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
dce.connect()
dce.bind(mgmt.MSRPC_UUID_MGMT)
ifids = mgmt.hinq_if_ids(dce)
uuidtups = set(
uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]
['Data'].getData())
for index in range(ifids['if_id_vector']['count']))
dce.disconnect()
probes = uuidtups | uuid_database
for tup in sorted(probes):
dce.connect()
binuuid = uuid.uuidtup_to_bin(tup)
try:
dce.bind(binuuid)
except rpcrt.DCERPCException as e:
if str(e).find('abstract_syntax_not_supported') >= 0:
listening = False
else:
raise
else:
listening = True
listed = tup in uuidtups
otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups)
if listed or listening:
if tup[0] in epm.KNOWN_PROTOCOLS:
print("Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]]))
else:
print("Procotol: N/A")
if uuid.uuidtup_to_bin(tup)[:18] in KNOWN_UUIDS:
print("Provider: %s" %
(KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]]))
else:
print("Provider: N/A")
print("UUID : %s v%s: %s, %s\n" %
(tup[0], tup[1], "listed" if listed else
"other version listed" if otherversion else "not listed",
"listening" if listening else "not listening"))
""".splitlines() if line)
uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database)
# add the ones from ndrutils
k = list(KNOWN_UUIDS.keys())[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
maj, min = struct.unpack("BB", ndruuid[16:])
return uuid + struct.pack("<HH", maj, min)
uuid_database.update(
uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in list(KNOWN_UUIDS.keys()))
def main(args):
# Init the example's logger theme
logger.init()
if len(args) != 2:
print("usage: ./ifmap.py <host> <port>")
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
dce.connect()
dce.bind(mgmt.MSRPC_UUID_MGMT)
ifids = mgmt.hinq_if_ids(dce)
uuidtups = set(
uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData())
for index in range(ifids['if_id_vector']['count'])
)
dce.disconnect()
probes = uuidtups | uuid_database
for tup in sorted(probes):
listed = tup in uuidtups
dce.connect()
binuuid = uuid.uuidtup_to_bin(tup)
try:
dce.bind(binuuid)
except rpcrt.Exception, e:
resp = e[1]
if (resp['Result'], resp['Reason']) == (2, 1):
listening = False
else:
raise
else:
listening = True
listed = tup in uuidtups
otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups)
if listed or listening:
print "%r: %s, %s" % (
tup,
"listed" if listed else "other version listed" if otherversion else "not listed",
"listening" if listening else "not listening"
)
if epm.KNOWN_PROTOCOLS.has_key(tup[0]):
print "Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]])
else:
print "Procotol: N/A"
if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(tup)[:18]):
print "Provider: %s" % (ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]])
else:
print "Provider: N/A"
fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0
fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0
ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0
""".splitlines() if line)
uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database)
# add the ones from ndrutils
k = ndrutils.KNOWN_UUIDS.keys()[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
maj, min = struct.unpack("BB", ndruuid[16:])
return uuid + struct.pack("<HH", maj, min)
uuid_database.update(
uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in ndrutils.KNOWN_UUIDS.keys()
)
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0
fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0
ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0
""".splitlines() if line)
uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database)
# add the ones from ndrutils
k = ndrutils.KNOWN_UUIDS.keys()[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
maj, min = struct.unpack("BB", ndruuid[16:])
return uuid + struct.pack("<HH", maj, min)
uuid_database.update(
uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in ndrutils.KNOWN_UUIDS.keys()
)
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
""".splitlines() if line)
uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database)
# add the ones from ndrutils
k = ndrutils.KNOWN_UUIDS.keys()[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
maj, min = struct.unpack("BB", ndruuid[16:])
return uuid + struct.pack("<HH", maj, min)
uuid_database.update(
uuid.bin_to_uuidtup(fix_ndr_uuid(bin))
for bin in ndrutils.KNOWN_UUIDS.keys())
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
dce.connect()
dce.bind(mgmt.MSRPC_UUID_MGMT)
ifids = mgmt.hinq_if_ids(dce)
uuidtups = set(
uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]
['Data'].getData())
for index in range(ifids['if_id_vector']['count']))
dce.disconnect()
probes = uuidtups | uuid_database
for tup in sorted(probes):
listed = tup in uuidtups
dce.connect()
binuuid = uuid.uuidtup_to_bin(tup)
try:
dce.bind(binuuid)
except rpcrt.Exception, e:
resp = e[1]
if (resp['Result'], resp['Reason']) == (2, 1):
listening = False
else:
raise
else:
listening = True
listed = tup in uuidtups
otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups)
if listed or listening:
print "%r: %s, %s" % (
tup, "listed" if listed else
"other version listed" if otherversion else "not listed",
"listening" if listening else "not listening")
if epm.KNOWN_PROTOCOLS.has_key(tup[0]):
print "Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]])
else:
print "Procotol: N/A"
if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(tup)[:18]):
print "Provider: %s" % (
ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]])
else:
print "Provider: N/A"
def main(args):
# Init the example's logger theme
logger.init()
if len(args) != 2:
print("usage: ./ifmap.py <host> <port>")
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = trans.get_dce_rpc()
dce.connect()
dce.bind(mgmt.MSRPC_UUID_MGMT)
ifids = mgmt.hinq_if_ids(dce)
uuidtups = set(
uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData())
for index in range(ifids['if_id_vector']['count'])
)
dce.disconnect()
probes = uuidtups | uuid_database
for tup in sorted(probes):
dce.connect()
binuuid = uuid.uuidtup_to_bin(tup)
try:
dce.bind(binuuid)
except rpcrt.DCERPCException as e:
if str(e).find('abstract_syntax_not_supported') >= 0:
listening = False
else:
raise
else:
listening = True
listed = tup in uuidtups
otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups)
if listed or listening:
if tup[0] in epm.KNOWN_PROTOCOLS:
print("Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]]))
else:
print("Procotol: N/A")
if uuid.uuidtup_to_bin(tup)[:18] in KNOWN_UUIDS:
print("Provider: %s" % (KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]]))
else:
print("Provider: N/A")
print("UUID : %s v%s: %s, %s\n" % (
tup[0], tup[1],
"listed" if listed else "other version listed" if otherversion else "not listed",
"listening" if listening else "not listening"
))
fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0
fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0
ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0
""".splitlines() if line)
uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database)
# add the ones from ndrutils
k = list(KNOWN_UUIDS.keys())[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
maj, min = struct.unpack("BB", ndruuid[16:])
return uuid + struct.pack("<HH", maj, min)
uuid_database.update(
uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in list(KNOWN_UUIDS.keys())
)
def main(args):
# Init the example's logger theme
logger.init()
if len(args) != 2:
print("usage: ./ifmap.py <host> <port>")
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
ec02cae0-b9e0-11d2-be62-0020afeddf63 v1.0
ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0
ecec0d70-a603-11d0-96b1-00a0c91ece30 v2.0
eff55e30-4ee2-11ce-a3c9-00aa00607271 v1.0
f309ad18-d86a-11d0-a075-00c04fb68820 v0.0
f50aac00-c7f3-428e-a022-a6b71bfb9d43 v1.0
f5cc59b4-4264-101a-8c59-08002b2f8426 v1.1
f5cc5a18-4264-101a-8c59-08002b2f8426 v56.0
f5cc5a7c-4264-101a-8c59-08002b2f8426 v21.0
f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0
f930c514-1215-11d3-99a5-00a0c9b61b04 v1.0
fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0
fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0
fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0
ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0
""".splitlines() if line)
uuid_database = set((uuidstr.upper(), ver) for (uuidstr, ver) in
uuid_database)
# add the ones from ndrutils
k = list(KNOWN_UUIDS.keys())[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
(maj, min) = struct.unpack('BB', ndruuid[16:])
return uuid + struct.pack('<HH', maj, min)
uuid_database.update(uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in
list(KNOWN_UUIDS.keys()))
if line
)
uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database)
# add the ones from ndrutils
k = ndrutils.KNOWN_UUIDS.keys()[0]
def fix_ndr_uuid(ndruuid):
assert len(ndruuid) == 18
uuid = ndruuid[:16]
maj, min = struct.unpack("BB", ndruuid[16:])
return uuid + struct.pack("<HH", maj, min)
uuid_database.update(uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in ndrutils.KNOWN_UUIDS.keys())
def main(args):
if len(args) != 2:
print "usage: ./ifmap.py <host> <port>"
return 1
host = args[0]
port = int(args[1])
stringbinding = "ncacn_ip_tcp:%s" % host
trans = transport.DCERPCTransportFactory(stringbinding)
trans.set_dport(port)
dce = dcerpc.DCERPC_v5(trans)
