def test_1(self): # Direct connection to ncacn_http service, RPC over HTTP v1 # No authentication stringbinding = 'ncacn_http:%s' % self.machine rpctransport = transport.DCERPCTransportFactory(stringbinding) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(epm.MSRPC_UUID_PORTMAP) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 10 dce.request(request) dce.disconnect() # Reconnecting dce.connect() dce.bind(epm.MSRPC_UUID_PORTMAP) dce.request(request) dce.disconnect()
def test_packetAes256WINNTPacketPrivacyKerberos(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. lmhash, nthash = self.hashes.split(':') rpctransport.set_credentials(self.username, '', self.domain, '', '', self.aesKey256) rpctransport.set_kerberos(True) dce = rpctransport.get_dce_rpc() dce.connect() #dce.set_credentials(*(rpctransport.get_credentials())) dce.set_auth_type(rpcrt.RPC_C_AUTHN_GSS_NEGOTIATE) dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_PRIVACY) dce.bind(epm.MSRPC_UUID_PORTMAP) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()
def test_WINNTPacketIntegrity(self): dce = self.connectDCE(self.username, self.password, self.domain, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) dce.disconnect()
def test_WINNTPacketIntegrity(self): dce = self.connectDCE(self.username, self.password, self.domain, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) dce.disconnect()
def test_dceFragmentation(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=1, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) dce.disconnect()
def test_dceTransportFragmentation(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, tfragment=1, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) dce.disconnect()
def test_HashesWINNTPacketPrivacy(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) dce.disconnect()
def test_dceFragmentationWINNTPacketIntegrity(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=1, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) dce.disconnect()
def test_dceFragmentationWINNTPacketIntegrity(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=1, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) dce.disconnect()
def test_HashesWINNTPacketPrivacy(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY, dceAuth=True, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) dce.disconnect()
def test_lookup(self): dce, rpctransport = self.connect() request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) for entry in resp['entries']: tower = entry['tower']['tower_octet_string'] epm.EPMTower(b''.join(tower))
def test_KerberosPacketPrivacy(self): dce = self.connectDCE(self.username, self.password, self.domain, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE, auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY, dceAuth=True, doKerberos=True) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()
def test_KerberosPacketPrivacy(self): dce = self.connectDCE(self.username, self.password, self.domain, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE, auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY, dceAuth=True, doKerberos=True) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()
def test_Aes256KerberosPacketIntegrity(self): dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey256, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=True) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()
def test_Aes256KerberosPacketIntegrity(self): dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey256, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=True) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()
def test_AnonWINNTPacketPrivacy(self): # With SMB Transport this will fail with STATUS_ACCESS_DENIED try: dce = self.connectDCE('', '', '', auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY,dceAuth=False, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 dce.request(request) dce.disconnect() except Exception as e: if not (str(e).find('STATUS_ACCESS_DENIED') >=0 and self.stringBinding.find('ncacn_np') >=0): raise
def test_AnonWINNTPacketPrivacy(self): # With SMB Transport this will fail with STATUS_ACCESS_DENIED try: dce = self.connectDCE('', '', '', auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY,dceAuth=False, doKerberos=False) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) dce.disconnect() except Exception, e: if not (str(e).find('STATUS_ACCESS_DENIED') >=0 and self.stringBinding.find('ncacn_np') >=0): raise
def test_packetWINNTPacketIntegrityKerberos(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain) rpctransport.set_kerberos(True) dce = rpctransport.get_dce_rpc() dce.connect() #dce.set_credentials(*(rpctransport.get_credentials())) dce.set_auth_type(rpcrt.RPC_C_AUTHN_GSS_NEGOTIATE) dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) dce.bind(epm.MSRPC_UUID_PORTMAP) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()