# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
import binascii
import random
from nebulousAD.modimpacket import nt_errors
from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, ULONG
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket.structure import Structure
MSRPC_UUID_MIMIKATZ = uuidtup_to_bin(
('17FC11E9-C258-4B8D-8D07-2F4125156244', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if nt_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
return 'Mimikatz SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'Mimikatz SessionError: unknown error code: 0x%x' % self.error_code
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray, NDRUniConformantVaryingArray
from nebulousAD.modimpacket.dcerpc.v5.epm import PRPC_IF_ID
from nebulousAD.modimpacket.dcerpc.v5.dtypes import ULONG, DWORD_ARRAY, ULONGLONG
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket import nt_errors
MSRPC_UUID_MGMT = uuidtup_to_bin(('afa8bd80-7d8a-11c9-bef4-08002b102989','1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__( self ):
key = self.error_code
if nt_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
return 'MGMT SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
else:
return 'MGMT SessionError: unknown error code: 0x%x' % self.error_code
################################################################################
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from nebulousAD.modimpacket import system_errors
from nebulousAD.modimpacket.dcerpc.v5.dtypes import LPWSTR, ULONG, NULL, DWORD, BOOL, BYTE, LPDWORD, WORD
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray, NDRPOINTER, NDRSTRUCT, NDRENUM, NDRUNION
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket.dcerpc.v5.enum import Enum
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
MSRPC_UUID_DHCPSRV = uuidtup_to_bin(
('6BFFD098-A112-3610-9833-46C3F874532D', '1.0'))
MSRPC_UUID_DHCPSRV2 = uuidtup_to_bin(
('5B821720-F63B-11D0-AAD2-00C04FC324DB', '1.0'))
class DCERPCSessionError(DCERPCException):
ERROR_MESSAGES = {
0x00004E2D:
("ERROR_DHCP_JET_ERROR",
"An error occurred while accessing the DHCP server database."),
0x00004E25: ("ERROR_DHCP_SUBNET_NOT_PRESENT",
"The specified IPv4 subnet does not exist."),
0x00004E54:
("ERROR_DHCP_SUBNET_EXISTS",
"The IPv4 scope parameters are incorrect. Either the IPv4 scope already"
" exists, corresponding to the SubnetAddress and SubnetMask members of "
from nebulousAD.modimpacket.structure import Structure
from nebulousAD.modimpacket.uuid import uuidtup_to_bin, string_to_bin
from nebulousAD.modimpacket.dcerpc.v5.enum import Enum
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket.krb5 import crypto
from pyasn1.type import univ
from pyasn1.codec.ber import decoder
try:
from Cryptodome.Cipher import ARC4, DES
except Exception:
LOG.critical(
"Warning: You don't have any crypto installed. You need pycryptodomex")
LOG.critical("See https://pypi.org/project/pycryptodomex/")
MSRPC_UUID_DRSUAPI = uuidtup_to_bin(
('E3514235-4B06-11D1-AB04-00C04FC2DCD2', '4.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if hresult_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
return 'DRSR SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
elif system_errors.ERROR_MESSAGES.has_key(key & 0xffff):
error_msg_short = system_errors.ERROR_MESSAGES[key & 0xffff][0]
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from struct import unpack, pack
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantVaryingArray, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, UUID, ULONG, LPULONG, BOOLEAN, SECURITY_INFORMATION, PFILETIME, \
RPC_UNICODE_STRING, FILETIME, NULL, MAXIMUM_ALLOWED, OWNER_SECURITY_INFORMATION, PWCHAR, PRPC_UNICODE_STRING
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket import system_errors, LOG
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
MSRPC_UUID_RRP = uuidtup_to_bin(
('338CD001-2244-31F1-AAAA-900038001003', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if system_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return 'RRP SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'RRP SessionError: unknown error code: 0x%x' % self.error_code
# Best way to learn how to use these calls is to grab the protocol standard
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, LPWSTR, UCHAR, ULONG, LPDWORD, NULL
from nebulousAD.modimpacket import hresult_errors
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
MSRPC_UUID_ATSVC = uuidtup_to_bin(
('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if hresult_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
return 'TSCH SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
# ToDo:
# [ ] 2.2.2 Client-Side-Wrapped Secret
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, NTSTATUS, GUID, RPC_SID, NULL
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket import system_errors
from nebulousAD.modimpacket.uuid import uuidtup_to_bin, string_to_bin
from nebulousAD.modimpacket.structure import Structure
MSRPC_UUID_BKRP = uuidtup_to_bin(
('3dde7c30-165d-11d1-ab8f-00805f14db40', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if system_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return 'BKRP SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'BKRP SessionError: unknown error code: 0x%x' % self.error_code
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR, NULL, GUID, PSYSTEMTIME, SYSTEMTIME
from nebulousAD.modimpacket.structure import Structure
from nebulousAD.modimpacket import system_errors, hresult_errors
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
MSRPC_UUID_TSCHS = uuidtup_to_bin(
('86D35949-83C9-4044-B424-DB363231FD0C', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if hresult_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
return 'TSCH SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
elif system_errors.ERROR_MESSAGES.has_key(key & 0xffff):
error_msg_short = system_errors.ERROR_MESSAGES[key & 0xffff][0]
# Best way to learn how to use these calls is to grab the protocol standard
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR, NULL
from nebulousAD.modimpacket import hresult_errors
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
MSRPC_UUID_SASEC = uuidtup_to_bin(
('378E52B0-C0A9-11CF-822D-00AA0051E40F', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if hresult_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = hresult_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1]
return 'TSCH SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from __future__ import division
from __future__ import print_function
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDR, NDRPOINTERNULL, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import ULONG, LPWSTR, RPC_UNICODE_STRING, LPSTR, NTSTATUS, NULL, PRPC_UNICODE_STRING, PULONG, USHORT, PRPC_SID, LPBYTE
from nebulousAD.modimpacket.dcerpc.v5.lsad import PRPC_UNICODE_STRING_ARRAY
from nebulousAD.modimpacket.structure import Structure
from nebulousAD.modimpacket import nt_errors
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
MSRPC_UUID_EVEN = uuidtup_to_bin(
('82273FDC-E32A-18C3-3F78-827929DC23EA', '0.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if key in nt_errors.ERROR_MESSAGES:
error_msg_short = nt_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1]
return 'EVEN SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'EVEN SessionError: unknown error code: 0x%x' % self.error_code
# Best way to learn how to use these calls is to grab the protocol standard
# so you understand what the call does, and then read the test case located
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from nebulousAD.modimpacket import system_errors
from nebulousAD.modimpacket.dcerpc.v5.dtypes import WSTR, DWORD, LPWSTR, ULONG, LARGE_INTEGER, WORD, BYTE
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray, NDRUniVaryingArray, NDRSTRUCT
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
MSRPC_UUID_EVEN6 = uuidtup_to_bin(
('F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if system_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return 'EVEN6 SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'EVEN6 SessionError: unknown error code: 0x%x' % self.error_code
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from struct import unpack, pack
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantVaryingArray, NDRUniConformantArray
from nebulousAD.modimpacket.dcerpc.v5.dtypes import ULONGLONG, UINT, USHORT, LPWSTR, DWORD, UUID, ULONG, LPULONG, BOOLEAN, SECURITY_INFORMATION, PFILETIME, \
RPC_UNICODE_STRING, FILETIME, NULL, MAXIMUM_ALLOWED, OWNER_SECURITY_INFORMATION, PWCHAR, PRPC_UNICODE_STRING
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
from nebulousAD.modimpacket import system_errors, LOG
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
MSRPC_UUID_RPRN = uuidtup_to_bin(
('12345678-1234-ABCD-EF00-0123456789AB', '1.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__(self):
key = self.error_code
if key in system_errors.ERROR_MESSAGES:
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return 'RPRN SessionError: code: 0x%x - %s - %s' % (
self.error_code, error_msg_short, error_msg_verbose)
else:
return 'RPRN SessionError: unknown error code: 0x%x' % self.error_code
#
# Some calls have helper functions, which makes it even easier to use.
# They are located at the end of this file.
# Helper functions start with "h"<name of the call>.
# There are test cases for them too.
#
from struct import pack, unpack
from nebulousAD.modimpacket import system_errors
from nebulousAD.modimpacket.uuid import uuidtup_to_bin
from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRPOINTER, NDRPOINTERNULL, NDRUniConformantArray, NDRUNION
from nebulousAD.modimpacket.dcerpc.v5.dtypes import NULL, DWORD, LPWSTR, ULONG, BOOL, LPBYTE, ULONGLONG, PGUID, USHORT, LPDWORD, WSTR, \
GUID, PBOOL, WIDESTR
from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException
MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0'))
class DCERPCSessionError(DCERPCException):
def __init__(self, error_string=None, error_code=None, packet=None):
DCERPCException.__init__(self, error_string, error_code, packet)
def __str__( self ):
key = self.error_code
if system_errors.ERROR_MESSAGES.has_key(key):
error_msg_short = system_errors.ERROR_MESSAGES[key][0]
error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
return 'SCMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
else:
return 'SCMR SessionError: unknown error code: 0x%x' % self.error_code
################################################################################
