def test_hDRSCrackNames(self):
dce, rpctransport, hDrs, DsaObjDest = self.connect()
name = 'Administrator'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN
formatDesired = drsuapi.DS_STRING_SID_NAME
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered,
formatDesired, (name, ))
resp.dump()
name = 'CN=NTDS Settings,CN=FREEFLY-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FREEFLY,DC=NET'
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0,
drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME,
drsuapi.DS_NAME_FORMAT.DS_UNIQUE_ID_NAME,
(name, ))
resp.dump()
name = 'CN=NTDS Settings,CN=FREEFLY-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FREEFLY,DC=NET'
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0,
drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME,
drsuapi.DS_STRING_SID_NAME, (name, ))
resp.dump()
name = 'FREEFLY.NET'
#name = ''
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_LIST_ROLES,
drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME,
(name, ))
resp.dump()
def test_hDRSCrackNames(self):
dce, rpctransport, hDrs, DsaObjDest = self.connect()
name = 'Administrator'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN
formatDesired = drsuapi.DS_STRING_SID_NAME
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered,
formatDesired, (name, ))
resp.dump()
name = 'CN=NTDS Settings,CN=DC1-WIN2012,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=%s,DC=%s' % (
self.domain.split('.')[0], self.domain.split('.')[1])
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0,
drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME,
drsuapi.DS_NAME_FORMAT.DS_UNIQUE_ID_NAME,
(name, ))
resp.dump()
name = 'CN=NTDS Settings,CN=DC1-WIN2012,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=%s,DC=%s' % (
self.domain.split('.')[0], self.domain.split('.')[1])
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0,
drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME,
drsuapi.DS_STRING_SID_NAME, (name, ))
resp.dump()
name = self.domain.upper()
#name = ''
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_LIST_ROLES,
drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME,
(name, ))
resp.dump()
def DRSCrackNames(self, formatOffered=drsuapi.DS_NAME_FORMAT.DS_DISPLAY_NAME,
formatDesired=drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, name=''):
if self.__drsr is None:
self.__connectDrds()
resp = drsuapi.hDRSCrackNames(self.__drsr, self.__hDrs, 0, formatOffered, formatDesired, (name,))
return resp
def DRSCrackNames(self, formatOffered=drsuapi.DS_NAME_FORMAT.DS_DISPLAY_NAME,
formatDesired=drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, name=''):
if self.__drsr is None:
self.__connectDrds()
resp = drsuapi.hDRSCrackNames(self.__drsr, self.__hDrs, 0, formatOffered, formatDesired, (name,))
return resp
def test_hDRSCrackNames(self):
dce, rpctransport, hDrs = self.connect()
name = 'Administrator'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN
formatDesired = drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered, formatDesired, (name,))
resp.dump()
name = 'CN=NTDS Settings,CN=FREEFLY-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FREEFLY,DC=NET'
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, drsuapi.DS_NAME_FORMAT.DS_UNIQUE_ID_NAME, (name,))
resp.dump()
name = 'CN=NTDS Settings,CN=FREEFLY-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=FREEFLY,DC=NET'
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, drsuapi.DS_STRING_SID_NAME, (name,))
resp.dump()
def test_hDRSCrackNames(self):
dce, rpctransport, hDrs = self.connect()
name = 'Administrator'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN
formatDesired = drsuapi.DS_USER_PRINCIPAL_NAME_FOR_LOGON
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered, formatDesired, (name,))
resp.dump()
def test_hDRSCrackNames(self):
dce, rpctransport, hDrs, DsaObjDest = self.connect()
name = 'Administrator'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN
formatDesired = drsuapi.DS_STRING_SID_NAME
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered, formatDesired, (name,))
resp.dump()
name = 'CN=NTDS Settings,CN=DC1-WIN2012,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=%s,DC=%s' % (self.domain.split('.')[0],self.domain.split('.')[1])
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, drsuapi.DS_NAME_FORMAT.DS_UNIQUE_ID_NAME, (name,))
resp.dump()
name = 'CN=NTDS Settings,CN=DC1-WIN2012,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=%s,DC=%s' % (self.domain.split('.')[0],self.domain.split('.')[1])
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, drsuapi.DS_STRING_SID_NAME, (name,))
resp.dump()
name = self.domain.upper()
#name = ''
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, drsuapi.DS_LIST_ROLES, drsuapi.DS_NAME_FORMAT.DS_FQDN_1779_NAME, (name,))
resp.dump()
def aaaa_DRSVerifyNames(self):
# Not Yet working
dce, rpctransport, hDrs = self.connect()
name = 'CN=Administrator,CN=Users,DC=FREEFLY,DC=NET'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX
formatDesired = drsuapi.DS_USER_PRINCIPAL_NAME_FOR_LOGON
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered, formatDesired, (name,))
#resp.dump()
request = drsuapi.DRSVerifyNames()
request['hDrs'] = hDrs
request['dwInVersion'] = 1
request['pmsgIn']['tag'] = 1
request['pmsgIn']['V1']['dwFlags'] = drsuapi.DRS_VERIFY_SAM_ACCOUNT_NAMES
request['pmsgIn']['V1']['cNames'] = 1
#pDsName = drsuapi.PDSNAME()
dsName = drsuapi.DSNAME()
dsName['SidLen'] = 0
dsName['Guid'] = drsuapi.NULLGUID
dsName['Sid'] = ''
dsName['NameLen'] = len(name)
dsName['StringName'] = name + '\x00'
dsName['structLen'] = len(dsName.getData())
request['pmsgIn']['V1']['rpNames'].append(dsName)
request['pmsgIn']['V1']['RequiredAttrs']['pAttr'] = NULL
#request['pmsgIn']['V1']['RequiredAttrs']['attrCount'] = 3
#attr = drsuapi.ATTR()
#attr[''] =
#attr[''] =
#attr[''] =
#request['pmsgIn']['V1']['RequiredAttrs']['pAttr'].append(attr)
request['pmsgIn']['V1']['PrefixTable']['pPrefixEntry'] = NULL
#request.dump()
resp = dce.request(request)
for entry in resp['pmsgOut']['V6']['PrefixTableSrc']['pPrefixEntry']:
entry.dump()
def aaaa_DRSVerifyNames(self):
# Not Yet working
dce, rpctransport, hDrs = self.connect()
name = 'CN=Administrator,CN=Users,DC=FREEFLY,DC=NET'
formatOffered = drsuapi.DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX
formatDesired = drsuapi.DS_USER_PRINCIPAL_NAME_FOR_LOGON
resp = drsuapi.hDRSCrackNames(dce, hDrs, 0, formatOffered, formatDesired, (name,))
resp.dump()
request = drsuapi.DRSVerifyNames()
request['hDrs'] = hDrs
request['dwInVersion'] = 1
request['pmsgIn']['tag'] = 1
request['pmsgIn']['V1']['dwFlags'] = drsuapi.DRS_VERIFY_SAM_ACCOUNT_NAMES
request['pmsgIn']['V1']['cNames'] = 1
#pDsName = drsuapi.PDSNAME()
dsName = drsuapi.DSNAME()
dsName['SidLen'] = 0
dsName['Guid'] = drsuapi.NULLGUID
dsName['Sid'] = ''
dsName['NameLen'] = len(name)
dsName['StringName'] = name + '\x00'
dsName['structLen'] = len(dsName.getData())
request['pmsgIn']['V1']['rpNames'].append(dsName)
request['pmsgIn']['V1']['RequiredAttrs']['pAttr'] = NULL
#request['pmsgIn']['V1']['RequiredAttrs']['attrCount'] = 3
#attr = drsuapi.ATTR()
#attr[''] =
#attr[''] =
#attr[''] =
#request['pmsgIn']['V1']['RequiredAttrs']['pAttr'].append(attr)
request['pmsgIn']['V1']['PrefixTable']['pPrefixEntry'] = NULL
request.dump()
resp = dce.request(request)
resp.dump()
def convert_sidtont4(self, sid):
# We get a DRS handle, shamelessly stolen from secretsdump.py
request = drsuapi.DRSBind()
request['puuidClientDsa'] = drsuapi.NTDSAPI_CLIENT_GUID
drs = drsuapi.DRS_EXTENSIONS_INT()
drs['cb'] = len(drs) #- 4
drs['dwFlags'] = drsuapi.DRS_EXT_GETCHGREQ_V6 | drsuapi.DRS_EXT_GETCHGREPLY_V6 | drsuapi.DRS_EXT_GETCHGREQ_V8 | \
drsuapi.DRS_EXT_STRONG_ENCRYPTION
drs['SiteObjGuid'] = drsuapi.NULLGUID
drs['Pid'] = 0
drs['dwReplEpoch'] = 0
drs['dwFlagsExt'] = 0
drs['ConfigObjGUID'] = drsuapi.NULLGUID
drs['dwExtCaps'] = 0xffffffff
request['pextClient']['cb'] = len(drs)
request['pextClient']['rgb'] = list(str(drs))
hdrs = self._rpc_connection.request(request)['phDrs']
resp = drsuapi.hDRSCrackNames(self._rpc_connection, hdrs, 0x0, 11, 2, (sid,))
return resp['pmsgOut']['V1']['pResult']['rItems'][0]['pName']
