def test_1(self):
# Direct connection to ncacn_http service, RPC over HTTP v1
# No authentication
stringbinding = 'ncacn_http:%s' % self.machine
rpctransport = transport.DCERPCTransportFactory(stringbinding)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(epm.MSRPC_UUID_PORTMAP)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 10
dce.request(request)
dce.disconnect()
# Reconnecting
dce.connect()
dce.bind(epm.MSRPC_UUID_PORTMAP)
dce.request(request)
dce.disconnect()
def test_packetAes256WINNTPacketPrivacyKerberos(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
lmhash, nthash = self.hashes.split(':')
rpctransport.set_credentials(self.username, '', self.domain, '',
'', self.aesKey256)
rpctransport.set_kerberos(True)
dce = rpctransport.get_dce_rpc()
dce.connect()
#dce.set_credentials(*(rpctransport.get_credentials()))
dce.set_auth_type(rpcrt.RPC_C_AUTHN_GSS_NEGOTIATE)
dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.bind(epm.MSRPC_UUID_PORTMAP)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
resp = dce.request(request)
resp.dump()
dce.disconnect()
def test_WINNTPacketIntegrity(self):
dce = self.connectDCE(self.username, self.password, self.domain, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY,
dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
dce.disconnect()
def test_WINNTPacketIntegrity(self):
dce = self.connectDCE(self.username, self.password, self.domain, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY,
dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
dce.disconnect()
def test_dceFragmentation(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=1, dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
dce.disconnect()
def test_dceTransportFragmentation(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, tfragment=1, dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
dce.disconnect()
def test_HashesWINNTPacketPrivacy(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
dce.disconnect()
def test_dceFragmentationWINNTPacketIntegrity(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=1,
auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
dce.disconnect()
def test_dceFragmentationWINNTPacketIntegrity(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceFragment=1,
auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
dce.disconnect()
def test_HashesWINNTPacketPrivacy(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
dceAuth=True, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
dce.disconnect()
def test_lookup(self):
dce, rpctransport = self.connect()
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
for entry in resp['entries']:
tower = entry['tower']['tower_octet_string']
epm.EPMTower(b''.join(tower))
def test_KerberosPacketPrivacy(self):
dce = self.connectDCE(self.username, self.password, self.domain, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE,
auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY, dceAuth=True, doKerberos=True)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
resp = dce.request(request)
resp.dump()
dce.disconnect()
def test_KerberosPacketPrivacy(self):
dce = self.connectDCE(self.username, self.password, self.domain, auth_type=RPC_C_AUTHN_GSS_NEGOTIATE,
auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY, dceAuth=True, doKerberos=True)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
resp = dce.request(request)
resp.dump()
dce.disconnect()
def test_lookup(self):
dce, rpctransport = self.connect()
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
for entry in resp['entries']:
tower = entry['tower']['tower_octet_string']
epm.EPMTower(b''.join(tower))
def test_Aes256KerberosPacketIntegrity(self):
dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey256,
auth_type=RPC_C_AUTHN_GSS_NEGOTIATE, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY,
dceAuth=True, doKerberos=True)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
resp = dce.request(request)
resp.dump()
dce.disconnect()
def test_Aes256KerberosPacketIntegrity(self):
dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey256,
auth_type=RPC_C_AUTHN_GSS_NEGOTIATE, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY,
dceAuth=True, doKerberos=True)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
resp = dce.request(request)
resp.dump()
dce.disconnect()
def test_AnonWINNTPacketPrivacy(self):
# With SMB Transport this will fail with STATUS_ACCESS_DENIED
try:
dce = self.connectDCE('', '', '', auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY,dceAuth=False, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
dce.request(request)
dce.disconnect()
except Exception as e:
if not (str(e).find('STATUS_ACCESS_DENIED') >=0 and self.stringBinding.find('ncacn_np') >=0):
raise
def test_AnonWINNTPacketPrivacy(self):
# With SMB Transport this will fail with STATUS_ACCESS_DENIED
try:
dce = self.connectDCE('', '', '', auth_level=RPC_C_AUTHN_LEVEL_PKT_PRIVACY,dceAuth=False, doKerberos=False)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
dce.disconnect()
except Exception, e:
if not (str(e).find('STATUS_ACCESS_DENIED') >=0 and self.stringBinding.find('ncacn_np') >=0):
raise
def test_packetWINNTPacketIntegrityKerberos(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password, self.domain)
rpctransport.set_kerberos(True)
dce = rpctransport.get_dce_rpc()
dce.connect()
#dce.set_credentials(*(rpctransport.get_credentials()))
dce.set_auth_type(rpcrt.RPC_C_AUTHN_GSS_NEGOTIATE)
dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.bind(epm.MSRPC_UUID_PORTMAP)
request = epm.ept_lookup()
request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS
request['object'] = NULL
request['Ifid'] = NULL
request['vers_option'] = epm.RPC_C_VERS_ALL
request['max_ents'] = 499
resp = dce.request(request)
resp = dce.request(request)
resp.dump()
dce.disconnect()
