Example #1
0
    def bind(self, packet, bind):
        # Standard NDR Representation
        NDRSyntax = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0')
        resp = dcerpc.MSRPCBindAck()

        resp['type'] = dcerpc.MSRPC_BINDACK
        resp['flags'] = packet['flags']
        resp['frag_len'] = 0
        resp['auth_len'] = 0
        resp['auth_data'] = ''
        resp['call_id'] = packet['call_id']
        resp['max_tfrag'] = bind['max_tfrag']
        resp['max_rfrag'] = bind['max_rfrag']
        resp['assoc_group'] = 0x1234
        resp['SecondaryAddrLen'] = 4
        resp['SecondaryAddr'] = '135'
        resp['Pad'] = 'A' * ((4 - (
            (resp["SecondaryAddrLen"] + dcerpc.MSRPCBindAck._SIZE) % 4)) % 4)
        resp['ctx_num'] = 0

        data = bind['ctx_items']
        ctx_items = ''
        for i in range(bind['ctx_num']):
            result = dcerpc.MSRPC_CONT_RESULT_USER_REJECT
            item = dcerpc.CtxItem(data)
            data = data[len(item):]

            # First we check the Transfer Syntax is NDR32, what we support
            #print "Trying to bind to: %s %s / %s %s" % (bin_to_uuidtup(item['AbstractSyntax']) + bin_to_uuidtup(item['TransferSyntax'])),

            if item['TransferSyntax'] == uuidtup_to_bin(NDRSyntax):
                # Now Check if the interface is what we listen
                reason = 1  # Default, Abstract Syntax not supported
                for i in self.__listenUUIDS:
                    if item['AbstractSyntax'] == i:
                        # Match, we accept the bind request
                        reason = 0
                        self.__boundUUID = i
            else:
                # Fail the bind request for this context
                reason = 2  # Transfer Syntax not supported
            if reason == 0:
                result = dcerpc.MSRPC_CONT_RESULT_ACCEPT
                #print "... OK!"
            #else:
            #   print "... ERROR!"

            resp['ctx_num'] += 1
            itemResult = dcerpc.CtxItemResult()
            itemResult['Result'] = result
            itemResult['Reason'] = reason
            itemResult['TransferSyntax'] = uuidtup_to_bin(NDRSyntax)
            ctx_items += str(itemResult)

        resp['ctx_items'] = ctx_items
        resp['frag_len'] = len(str(resp))

        self.__clientSock.send(str(resp))
        return None
Example #2
0
def main(args):
  if len(args) != 2:
    print "usage: ./ifmap.py <host> <port>"
    return 1

  host = args[0]
  port = int(args[1])

  stringbinding = "ncacn_ip_tcp:%s" % host
  trans = transport.DCERPCTransportFactory(stringbinding)
  trans.set_dport(port)

  dce = trans.get_dce_rpc()
  dce.connect()

  iid = uuid.uuidtup_to_bin(("afa8bd80-7d8a-11c9-bef4-08002b102989", "1.0"))
  dce.bind(iid)

  dcemgmt = mgmt.DCERPCMgmt(dce)
  ifids = dcemgmt.inq_if_ids()

  uuidtups = set(
    uuid.bin_to_uuidtup(ifids.get_if_binuuid(index))
    for index in range(ifids.get_ifcount())
  )

  dce.disconnect()

  probes = uuidtups | uuid_database

  for tup in sorted(probes):
    listed = tup in uuidtups

    dce.connect()

    binuuid = uuid.uuidtup_to_bin(tup)
    try:
      dce.bind(binuuid)
    except dcerpc.Exception, e:
      resp = dcerpc.MSRPCBindAck(str(e.args[1]))
      if (resp.getCtxItem(1)['Result'], resp.getCtxItem(1)['Reason']) == (2, 1):
        listening = False
      else:
        raise
    else:
      listening = True

    listed = tup in uuidtups
    otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups)
    if listed or listening:
      print "%r: %s, %s" % (
        tup,
        "listed" if listed else "other version listed" if otherversion else "not listed",
        "listening" if listening else "not listening"
      )