def from_buffer(buff): hdr = SMB2Header_ASYNC() hdr.ProtocolId = buff.read(4) assert hdr.ProtocolId == b'\xFESMB' hdr.StructureSize = int.from_bytes(buff.read(2), byteorder='little', signed = False) assert hdr.StructureSize == 64 hdr.CreditCharge = int.from_bytes(buff.read(2), byteorder='little', signed = False) hdr.Status = NTStatus(int.from_bytes(buff.read(4), byteorder='little', signed = False)) hdr.Command = SMB2Command(int.from_bytes(buff.read(2), byteorder='little', signed = False)) hdr.Credit = int.from_bytes(buff.read(2), byteorder='little', signed = False) hdr.Flags = SMB2HeaderFlag(int.from_bytes(buff.read(4), byteorder='little', signed = False)) hdr.NextCommand = int.from_bytes(buff.read(4), byteorder='little', signed = False) hdr.MessageId = int.from_bytes(buff.read(8), byteorder='little', signed = False) hdr.AsyncId = buff.read(8) hdr.SessionId = buff.read(8) hdr.Signature = buff.read(16) return hdr
async def list_domains(self): status = NTStatus.MORE_ENTRIES enumerationContext = 0 while status == NTStatus.MORE_ENTRIES: try: resp = await samr.hSamrEnumerateDomainsInSamServer( self.dce, self.handle, enumerationContext=enumerationContext) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for domain in resp['Buffer']['Buffer']: yield domain['Name'] enumerationContext = resp['EnumerationContext'] status = NTStatus(resp['ErrorCode'])
async def list_shares(self, level = 1): level_name = 'Level%s' % level status = NTStatus.MORE_ENTRIES resumeHandle = 0 while status == NTStatus.MORE_ENTRIES: try: resp = await srvs.hNetrShareEnum(self.dce, level, resumeHandle = resumeHandle) except Exception as e: print(str(e)) if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() input(resp.dump()) for entry in resp['InfoStruct']['ShareInfo'][level_name]['Buffer']: yield entry['shi1_netname'][:-1], entry['shi1_type'], entry['shi1_remark'] resumeHandle = resp['ResumeHandle'] status = NTStatus(resp['ErrorCode'])
async def list_domain_groups(self, domain_handle): status = NTStatus.MORE_ENTRIES enumerationContext = 0 while status == NTStatus.MORE_ENTRIES: try: resp = await samr.hSamrEnumerateGroupsInDomain( self.dce, domain_handle, enumerationContext=enumerationContext) except DCERPCException as e: print(str(e)) if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for group in resp['Buffer']['Buffer']: group_sid = '%s-%s' % (self.domain_handles[domain_handle], group['RelativeId']) yield group['Name'], group_sid enumerationContext = resp['EnumerationContext'] status = NTStatus(resp['ErrorCode'])
async def list_sessions(self, level = 10): level_name = 'Level%s' % level status = NTStatus.MORE_ENTRIES resumeHandle = 0 while status == NTStatus.MORE_ENTRIES: try: resp = await srvs.hNetrSessionEnum(self.dce, '\x00', NULL, level, resumeHandle = resumeHandle) except Exception as e: print(str(e)) if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for entry in resp['InfoStruct']['SessionInfo'][level_name]['Buffer']: username = entry['sesi10_username'][:-1] ip_addr = entry['sesi10_cname'][:-1] yield username, ip_addr resumeHandle = resp['ResumeHandle'] status = NTStatus(resp['ErrorCode'])
async def enumerate_users(self, domain_handle): status = NTStatus.MORE_ENTRIES enumerationContext = 0 while status == NTStatus.MORE_ENTRIES: try: #userAccountControl=USER_NORMAL_ACCOUNT, resp = await samr.hSamrEnumerateUsersInDomain( self.dce, domain_handle, enumerationContext=enumerationContext) except DCERPCException as e: print(str(e)) if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: user_sid = '%s-%s' % (self.domain_handles[domain_handle], user['RelativeId']) yield user['Name'], user_sid enumerationContext = resp['EnumerationContext'] status = NTStatus(resp['ErrorCode'])
def from_buffer(buff): hdr = SMBHeader() hdr.Protocol = buff.read(4) assert hdr.Protocol == b'\xFFSMB', "SMBv1 Header Magic incorrect!" hdr.Command = SMBCommand( int.from_bytes(buff.read(1), byteorder='little', signed=False)) hdr.Status = NTStatus( int.from_bytes(buff.read(4), byteorder='little', signed=False)) hdr.Flags = SMBHeaderFlagsEnum( int.from_bytes(buff.read(1), byteorder='little', signed=False)) hdr.Flags2 = SMBHeaderFlags2Enum( int.from_bytes(buff.read(2), byteorder='little', signed=False)) hdr.PIDHigh = int.from_bytes(buff.read(2), byteorder='little', signed=False) if SMBHeaderFlags2Enum.SMB_FLAGS2_SMB_SECURITY_SIGNATURE in hdr.Flags2: hdr.SecurityFeatures = buff.read(8) else: hdr.Signature = buff.read(8) hdr.Reserved = int.from_bytes(buff.read(2), byteorder='little', signed=False) hdr.TID = int.from_bytes(buff.read(2), byteorder='little', signed=False) hdr.PIDLow = int.from_bytes(buff.read(2), byteorder='little', signed=False) hdr.UID = int.from_bytes(buff.read(2), byteorder='little', signed=False) hdr.MID = int.from_bytes(buff.read(2), byteorder='little', signed=False) return hdr