def from_buffer(buff): hdr = SMB2Header_ASYNC() hdr.ProtocolId = buff.read(4) assert hdr.ProtocolId == b'\xFESMB' hdr.StructureSize = int.from_bytes(buff.read(2), byteorder='little', signed = False) assert hdr.StructureSize == 64 hdr.CreditCharge = int.from_bytes(buff.read(2), byteorder='little', signed = False) hdr.Status = NTStatus(int.from_bytes(buff.read(4), byteorder='little', signed = False)) hdr.Command = SMB2Command(int.from_bytes(buff.read(2), byteorder='little', signed = False)) hdr.Credit = int.from_bytes(buff.read(2), byteorder='little', signed = False) hdr.Flags = SMB2HeaderFlag(int.from_bytes(buff.read(4), byteorder='little', signed = False)) hdr.NextCommand = int.from_bytes(buff.read(4), byteorder='little', signed = False) hdr.MessageId = int.from_bytes(buff.read(8), byteorder='little', signed = False) hdr.AsyncId = buff.read(8) hdr.SessionId = buff.read(8) hdr.Signature = buff.read(16) return hdr
async def list_domains(self):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await samr.hSamrEnumerateDomainsInSamServer(
self.dce,
self.handle,
enumerationContext=enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for domain in resp['Buffer']['Buffer']:
yield domain['Name']
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
async def list_shares(self, level = 1):
level_name = 'Level%s' % level
status = NTStatus.MORE_ENTRIES
resumeHandle = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await srvs.hNetrShareEnum(self.dce, level, resumeHandle = resumeHandle)
except Exception as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
input(resp.dump())
for entry in resp['InfoStruct']['ShareInfo'][level_name]['Buffer']:
yield entry['shi1_netname'][:-1], entry['shi1_type'], entry['shi1_remark']
resumeHandle = resp['ResumeHandle']
status = NTStatus(resp['ErrorCode'])
async def list_domain_groups(self, domain_handle):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await samr.hSamrEnumerateGroupsInDomain(
self.dce,
domain_handle,
enumerationContext=enumerationContext)
except DCERPCException as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for group in resp['Buffer']['Buffer']:
group_sid = '%s-%s' % (self.domain_handles[domain_handle],
group['RelativeId'])
yield group['Name'], group_sid
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
async def list_sessions(self, level = 10):
level_name = 'Level%s' % level
status = NTStatus.MORE_ENTRIES
resumeHandle = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await srvs.hNetrSessionEnum(self.dce, '\x00', NULL, level, resumeHandle = resumeHandle)
except Exception as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for entry in resp['InfoStruct']['SessionInfo'][level_name]['Buffer']:
username = entry['sesi10_username'][:-1]
ip_addr = entry['sesi10_cname'][:-1]
yield username, ip_addr
resumeHandle = resp['ResumeHandle']
status = NTStatus(resp['ErrorCode'])
async def enumerate_users(self, domain_handle):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
#userAccountControl=USER_NORMAL_ACCOUNT,
resp = await samr.hSamrEnumerateUsersInDomain(
self.dce,
domain_handle,
enumerationContext=enumerationContext)
except DCERPCException as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
user_sid = '%s-%s' % (self.domain_handles[domain_handle],
user['RelativeId'])
yield user['Name'], user_sid
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
def from_buffer(buff):
hdr = SMBHeader()
hdr.Protocol = buff.read(4)
assert hdr.Protocol == b'\xFFSMB', "SMBv1 Header Magic incorrect!"
hdr.Command = SMBCommand(
int.from_bytes(buff.read(1), byteorder='little', signed=False))
hdr.Status = NTStatus(
int.from_bytes(buff.read(4), byteorder='little', signed=False))
hdr.Flags = SMBHeaderFlagsEnum(
int.from_bytes(buff.read(1), byteorder='little', signed=False))
hdr.Flags2 = SMBHeaderFlags2Enum(
int.from_bytes(buff.read(2), byteorder='little', signed=False))
hdr.PIDHigh = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
if SMBHeaderFlags2Enum.SMB_FLAGS2_SMB_SECURITY_SIGNATURE in hdr.Flags2:
hdr.SecurityFeatures = buff.read(8)
else:
hdr.Signature = buff.read(8)
hdr.Reserved = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.TID = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.PIDLow = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.UID = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.MID = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
return hdr