def test_NetrLogonSamLogonEx(self):
dce, rpctransport = self.connect()
request = nrpc.NetrLogonSamLogonEx()
request['LogonServer'] = '\x00'
request['ComputerName'] = self.serverName + '\x00'
request[
'LogonLevel'] = nrpc.NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation
request['LogonInformation'][
'tag'] = nrpc.NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation
request['LogonInformation']['LogonInteractive']['Identity'][
'LogonDomainName'] = self.domain.split('.')[0]
request['LogonInformation']['LogonInteractive']['Identity'][
'ParameterControl'] = 2 + 2**14 + 2**7 + 2**9 + 2**5 + 2**11
request['LogonInformation']['LogonInteractive']['Identity'][
'UserName'] = self.username
request['LogonInformation']['LogonInteractive']['Identity'][
'Workstation'] = ''
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
lmhash = unhexlify(lmhash)
nthash = unhexlify(nthash)
else:
lmhash = ntlm.LMOWFv1(self.password)
nthash = ntlm.NTOWFv1(self.password)
try:
from Cryptodome.Cipher import ARC4
except Exception:
print(
"Warning: You don't have any crypto installed. You need pycryptodomex"
)
print("See https://pypi.org/project/pycryptodomex/")
rc4 = ARC4.new(self.sessionKey)
lmhash = rc4.encrypt(lmhash)
rc4 = ARC4.new(self.sessionKey)
nthash = rc4.encrypt(nthash)
request['LogonInformation']['LogonInteractive'][
'LmOwfPassword'] = lmhash
request['LogonInformation']['LogonInteractive'][
'NtOwfPassword'] = nthash
request[
'ValidationLevel'] = nrpc.NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4
request['ExtraFlags'] = 1
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_INTERNAL_ERROR') < 0:
raise
def test_NetrLogonSamLogonEx(self):
dce, rpctransport = self.connect()
request = nrpc.NetrLogonSamLogonEx()
request['LogonServer'] = '\x00'
request['ComputerName'] = self.serverName + '\x00'
request[
'LogonLevel'] = nrpc.NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation
request['LogonInformation'][
'tag'] = nrpc.NETLOGON_LOGON_INFO_CLASS.NetlogonInteractiveInformation
request['LogonInformation']['LogonInteractive']['Identity'][
'LogonDomainName'] = self.domain
request['LogonInformation']['LogonInteractive']['Identity'][
'ParameterControl'] = 2 + 2**14 + 2**7 + 2**9 + 2**5 + 2**11
request['LogonInformation']['LogonInteractive']['Identity'][
'UserName'] = self.username
request['LogonInformation']['LogonInteractive']['Identity'][
'Workstation'] = ''
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
lmhash = lmhash.decode('hex')
nthash = nthash.decode('hex')
else:
lmhash = ntlm.LMOWFv1(self.password)
nthash = ntlm.NTOWFv1(self.password)
try:
from Crypto.Cipher import ARC4
except Exception:
print "Warning: You don't have any crypto installed. You need PyCrypto"
print "See http://www.pycrypto.org/"
from impacket import crypto
rc4 = ARC4.new(self.sessionKey)
lmhash = rc4.encrypt(lmhash)
rc4 = ARC4.new(self.sessionKey)
nthash = rc4.encrypt(nthash)
request['LogonInformation']['LogonInteractive'][
'LmOwfPassword'] = lmhash
request['LogonInformation']['LogonInteractive'][
'NtOwfPassword'] = nthash
request[
'ValidationLevel'] = nrpc.NETLOGON_VALIDATION_INFO_CLASS.NetlogonValidationSamInfo4
request['ExtraFlags'] = 1
resp = dce.request(request)
resp.dump()