Example #1
0
    def LsarOpenSecret(self,
                       policyHandle,
                       secretName,
                       desiredAccess=0x02000000):
        """
        sets system access account flags for an account object.

        :param HANDLE policyHandle: OpenPolicy2 handle
        :param UNICODE secretName: the name of the secret to open
        :param int desiredAccess: An ACCESS_MASK value that specifies the requested access rights that MUST be granted on the returned PolicyHandle if the request is successful. Check [MS-DTYP], section 2.4.3

        :return: returns the SecretHandle for the opened secret. Call dump() method to see the structure.
        """
        openSecret = LSARPCOpenSecret()
        openSecret['PolicyHandle'] = policyHandle
        rpcUnicodePtr = ndrutils.pRPC_UNICODE_STRING()
        rpcUnicodePtr.setDataLen(secretName)
        rpcUnicode = ndrutils.RPC_UNICODE_STRING()
        rpcUnicode['Data'] = secretName
        openSecret['SecretName'] = str(rpcUnicodePtr) + str(rpcUnicode)
        openSecret['DesiredAccess'] = desiredAccess

        data = self.doRequest(openSecret)
        ans = LSARPCOpenSecretResponse(data)

        return ans
Example #2
0
    def LsarLookupNames2(self, policyHandle, names, lookupLevel=LsapLookupWksta, lookupOptions = 0x0, clientRevision = 0x1):
        """
        translates a batch of security principal names to their SID form

        :param HANDLE policyHandle: OpenPolicy2 handle
        :param UNICODE names: contains the security principal names to translate (only supports one name)
        :param int lookupLevel: Specifies what scopes are to be used during translation, as specified in section 2.2.16 [MS-LSAT]
        :param int lookupOptions: flags that control the lookup operation. For possible values and their meanings, see section 3.1.4.5 [MS-LSAT]
        :param int clientRevision: version of the client, which implies the client's capabilities. For possible values and their meanings, see section 3.1.4.5 [MS-LSAT]

        :return: on successful return, call the dump() method to see its contents
        """
        lookupNames2 = LSARPCLookupNames2()
        lookupNames2['PolicyHandle'] = policyHandle
        lookupNames2['Count'] = 1
        lookupNames2['SizeIs'] = 1
        rpcUnicodePtr = ndrutils.pRPC_UNICODE_STRING()
        rpcUnicodePtr.setDataLen(names)
        rpcUnicode = ndrutils.RPC_UNICODE_STRING()
        rpcUnicode['Data'] = names
        lookupNames2['Names'] = str(rpcUnicodePtr) + str(rpcUnicode)
        lookupNames2['TranslatedSids'] = '\x00'*8
        lookupNames2['LookupOptions'] = lookupOptions
        lookupNames2['LookupLevel'] = lookupLevel
        lookupNames2['MappedCount'] = 0
        lookupNames2['ClientRevision'] = clientRevision

        data = self.doRequest(lookupNames2)
        ans = LSARPCLookupNames2Response(data)

        return ans
Example #3
0
    def LsarRetrievePrivateData(self, policyHandle, keyName):
        """
        retrieves a secret value.

        :param HANDLE policyHandle: OpenPolicy2 handle
        :param UNICODE keyName: the name of the secret to retrieve

        :return: returns a structure with the secret. Call dump() method to see the structure. Raises an exception on error
        You can decrypt the secrets using crypto.decryptSecret(). You will need the sessionKey from the SMBConnection as the key for decryption (getSessionKey()).
        """
        retrievePrivateData = LSARPCRetrievePrivateData()
        retrievePrivateData['PolicyHandle'] = policyHandle
        rpcUnicodePtr = ndrutils.pRPC_UNICODE_STRING()
        rpcUnicodePtr.setDataLen(keyName)
        rpcUnicode = ndrutils.RPC_UNICODE_STRING()
        rpcUnicode['Data'] = keyName
        retrievePrivateData['KeyName'] = str(rpcUnicodePtr) + str(rpcUnicode)

        data = self.doRequest(retrievePrivateData)
        ans = LSARPCRetrievePrivateDataResponse(data)

        return ans
Example #4
0
    def LsarRetrievePrivateData(self, policyHandle, keyName):
        """
        retrieves a secret value.

        :param HANDLE policyHandle: OpenPolicy2 handle
        :param UNICODE keyName: the name of the secret to retrieve

        :return: returns a structure with the secret. Call dump() method to see the structure. Raises an exception on error
        You can decrypt the secrets using crypto.decryptSecret(). You will need the sessionKey from the SMBConnection as the key for decryption (getSessionKey()).
        """
        retrievePrivateData = LSARPCRetrievePrivateData()
        retrievePrivateData['PolicyHandle'] = policyHandle
        rpcUnicodePtr = ndrutils.pRPC_UNICODE_STRING()
        rpcUnicodePtr.setDataLen(keyName)
        rpcUnicode = ndrutils.RPC_UNICODE_STRING()
        rpcUnicode['Data'] = keyName
        retrievePrivateData['KeyName'] = str(rpcUnicodePtr) + str(rpcUnicode)

        data = self.doRequest(retrievePrivateData)
        ans = LSARPCRetrievePrivateDataResponse(data)

        return ans
Example #5
0
    def LsarOpenSecret(self, policyHandle, secretName, desiredAccess=0x02000000):
        """
        sets system access account flags for an account object.

        :param HANDLE policyHandle: OpenPolicy2 handle
        :param UNICODE secretName: the name of the secret to open
        :param int desiredAccess: An ACCESS_MASK value that specifies the requested access rights that MUST be granted on the returned PolicyHandle if the request is successful. Check [MS-DTYP], section 2.4.3

        :return: returns the SecretHandle for the opened secret. Call dump() method to see the structure.
        """
        openSecret = LSARPCOpenSecret()
        openSecret['PolicyHandle'] = policyHandle
        rpcUnicodePtr = ndrutils.pRPC_UNICODE_STRING()
        rpcUnicodePtr.setDataLen(secretName)
        rpcUnicode = ndrutils.RPC_UNICODE_STRING()
        rpcUnicode['Data'] = secretName
        openSecret['SecretName'] = str(rpcUnicodePtr) + str(rpcUnicode)
        openSecret['DesiredAccess'] = desiredAccess

        data = self.doRequest(openSecret)
        ans = LSARPCOpenSecretResponse(data)

        return ans
Example #6
0
    def LsarLookupNames2(self,
                         policyHandle,
                         names,
                         lookupLevel=LsapLookupWksta,
                         lookupOptions=0x0,
                         clientRevision=0x1):
        """
        translates a batch of security principal names to their SID form

        :param HANDLE policyHandle: OpenPolicy2 handle
        :param UNICODE names: contains the security principal names to translate (only supports one name)
        :param int lookupLevel: Specifies what scopes are to be used during translation, as specified in section 2.2.16 [MS-LSAT]
        :param int lookupOptions: flags that control the lookup operation. For possible values and their meanings, see section 3.1.4.5 [MS-LSAT]
        :param int clientRevision: version of the client, which implies the client's capabilities. For possible values and their meanings, see section 3.1.4.5 [MS-LSAT]

        :return: on successful return, call the dump() method to see its contents
        """
        lookupNames2 = LSARPCLookupNames2()
        lookupNames2['PolicyHandle'] = policyHandle
        lookupNames2['Count'] = 1
        lookupNames2['SizeIs'] = 1
        rpcUnicodePtr = ndrutils.pRPC_UNICODE_STRING()
        rpcUnicodePtr.setDataLen(names)
        rpcUnicode = ndrutils.RPC_UNICODE_STRING()
        rpcUnicode['Data'] = names
        lookupNames2['Names'] = str(rpcUnicodePtr) + str(rpcUnicode)
        lookupNames2['TranslatedSids'] = '\x00' * 8
        lookupNames2['LookupOptions'] = lookupOptions
        lookupNames2['LookupLevel'] = lookupLevel
        lookupNames2['MappedCount'] = 0
        lookupNames2['ClientRevision'] = clientRevision

        data = self.doRequest(lookupNames2)
        ans = LSARPCLookupNames2Response(data)

        return ans