def get_version(self, host):
try:
rpctransport = transport.SMBTransport(
self.smbconn[host].getServerName(),
self.smbconn[host].getRemoteHost(),
filename=r'\srvsvc',
smb_connection=self.smbconn[host])
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print "Version Major: %d" % resp['InfoStruct']['ServerInfo102'][
'sv102_version_major']
print "Version Minor: %d" % resp['InfoStruct']['ServerInfo102'][
'sv102_version_minor']
print "Server Name: %s" % resp['InfoStruct']['ServerInfo102'][
'sv102_name']
print "Server Comment: %s" % resp['InfoStruct']['ServerInfo102'][
'sv102_comment']
print "Server UserPath: %s" % resp['InfoStruct']['ServerInfo102'][
'sv102_userpath']
print "Simultaneous Users: %d" % resp['InfoStruct'][
'ServerInfo102']['sv102_users']
except Exception as e:
print '[!] RPC Access denied...oh well'
print '[!]', e
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
print(exc_type, fname, exc_tb.tb_lineno)
sys.exit()
def get_version(self, host):
try:
rpctransport = transport.SMBTransport(
self.smbconn[host].getServerName(),
self.smbconn[host].getRemoteHost(),
filename=r"\srvsvc",
smb_connection=self.smbconn[host],
)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print "Version Major: %d" % resp["InfoStruct"]["ServerInfo102"]["sv102_version_major"]
print "Version Minor: %d" % resp["InfoStruct"]["ServerInfo102"]["sv102_version_minor"]
print "Server Name: %s" % resp["InfoStruct"]["ServerInfo102"]["sv102_name"]
print "Server Comment: %s" % resp["InfoStruct"]["ServerInfo102"]["sv102_comment"]
print "Server UserPath: %s" % resp["InfoStruct"]["ServerInfo102"]["sv102_userpath"]
print "Simultaneous Users: %d" % resp["InfoStruct"]["ServerInfo102"]["sv102_users"]
except Exception as e:
print "[!] RPC Access denied...oh well"
print "[!]", e
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
print (exc_type, fname, exc_tb.tb_lineno)
sys.exit()
def info(self, display=True):
self.smb_transport('srvsvc')
self.__dce = self.trans.get_dce_rpc()
self.__dce.bind(srvs.MSRPC_UUID_SRVS)
try:
self.__resp = srvs.hNetrServerGetInfo(self.__dce, 102)
except rpcrt.DCERPCException, _:
# traceback.print_exc()
logger.warning('Unable to query server information')
return None
def do_info(self, line):
if self.loggedIn is False:
LOG.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major'])
print("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor'])
print("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name'])
print("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment'])
print("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath'])
print("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users'])
def do_info(self, line):
if self.loggedIn is False:
LOG.error("Not logged in")
return
rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smb)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
print(("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major']))
print(("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor']))
print(("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name']))
print(("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment']))
print(("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath']))
print(("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users']))
def get_version(self, host):
try:
rpctransport = transport.SMBTransport(self.smbconn[host].getServerName(), self.smbconn[host].getRemoteHost(), filename = r'\srvsvc', smb_connection = self.smbconn[host])
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
info("Version Major: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_major'])
info("Version Minor: %d" % resp['InfoStruct']['ServerInfo102']['sv102_version_minor'])
info("Server Name: %s" % resp['InfoStruct']['ServerInfo102']['sv102_name'])
info("Server Comment: %s" % resp['InfoStruct']['ServerInfo102']['sv102_comment'])
info("Server UserPath: %s" % resp['InfoStruct']['ServerInfo102']['sv102_userpath'])
info("Simultaneous Users: %d" % resp['InfoStruct']['ServerInfo102']['sv102_users'])
except Exception as e:
color('[!] RPC Access denied...oh well')
color('[!]', e)
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
info(exc_type, fname, exc_tb.tb_lineno)
sys.exit()
def info(self, display=True):
self.smb_transport('srvsvc')
self.__dce = self.trans.get_dce_rpc()
self.__dce.bind(srvs.MSRPC_UUID_SRVS)
try:
self.__resp = srvs.hNetrServerGetInfo(self.__dce, 102)
except rpcrt.DCERPCException as _:
# traceback.print_exc()
logger.warning('Unable to query server information')
return None
self.__dce.disconnect()
DataStore.server_os = self.smb.getServerOS()
DataStore.server_name = self.smb.getServerName()
DataStore.server_domain = self.smb.getServerDomain()
DataStore.server_host = self.smb.getRemoteHost()
DataStore.user_path = self.__resp['InfoStruct']['ServerInfo102']['sv102_userpath']
DataStore.version_major = self.__resp['InfoStruct']['ServerInfo102']['sv102_version_major']
DataStore.version_minor = self.__resp['InfoStruct']['ServerInfo102']['sv102_version_minor']
if display:
print('Operating system: %s' % self.smb.getServerOS())
print('Netbios name: %s' % self.smb.getServerName())
print('Domain: %s' % self.smb.getServerDomain())
print('SMB dialect: %s' % check_dialect(self.smb.getDialect()))
print('NTLMv2 support: %s' % self.smb.doesSupportNTLMv2())
print('UserPath: %s' % DataStore.user_path)
print('Simultaneous users: %d' % self.__resp['InfoStruct']['ServerInfo102']['sv102_users'])
print('Version major: %d' % DataStore.version_major)
print('Version minor: %d' % DataStore.version_minor)
print('Comment: %s' % self.__resp['InfoStruct']['ServerInfo102']['sv102_comment'] or '')
# TODO: uncomment when SMBConnection will have a wrapper
# getServerTime() method for both SMBv1,2,3
# print 'Time: %s' % self.smb.get_server_time()
return self.__resp
def test_hNetrServerGetInfo(self):
dce, rpctransport = self.connect()
resp = srvs.hNetrServerGetInfo(dce, 100)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 101)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 102)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 103)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 502)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 503)
def test_hNetrServerGetInfo(self):
dce, rpctransport = self.connect()
resp = srvs.hNetrServerGetInfo(dce, 100)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 101)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 102)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 103)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 502)
#resp.dump()
resp = srvs.hNetrServerGetInfo(dce, 503)
def getDCEInfo(self):
"""information on the DCE/RPC connection
"""
if self.bConnected is False:
return
rpctransport = transport.SMBTransport(self.smbClient.getRemoteHost(),
filename=r'\srvsvc',
smb_connection=self.smbClient)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(srvs.MSRPC_UUID_SRVS)
resp = srvs.hNetrServerGetInfo(dce, 102)
r = {
"platform_id": resp['InfoStruct']['ServerInfo102']['sv102_platform_id'],
"name": str(resp['InfoStruct']['ServerInfo102']['sv102_name'].replace('\x00', '')),
"major": resp['InfoStruct']['ServerInfo102']['sv102_version_major'],
"minor": resp['InfoStruct']['ServerInfo102']['sv102_version_minor'],
"type": resp['InfoStruct']['ServerInfo102']['sv102_type'],
"comment": str(resp['InfoStruct']['ServerInfo102']['sv102_comment'].replace('\x00', '')),
"simultaneous_users": resp['InfoStruct']['ServerInfo102']['sv102_users'],
"disc": resp['InfoStruct']['ServerInfo102']['sv102_disc'],
"hidden": resp['InfoStruct']['ServerInfo102']['sv102_hidden'],
"announce": resp['InfoStruct']['ServerInfo102']['sv102_announce'],
"anndelta": resp['InfoStruct']['ServerInfo102']['sv102_anndelta'],
"licenses": resp['InfoStruct']['ServerInfo102']['sv102_licenses'],
"user_path": str(resp['InfoStruct']['ServerInfo102']['sv102_userpath'].replace('\x00', ''))
}
self.dceInfo = r
del rpctransport
del dce
del resp
return r