def test_dceAuth(self):
dce = self.connectDCE(self.username,
self.password,
self.domain,
dceAuth=True)
epm.hept_lookup(self.machine)
dce.disconnect()
def test_dceAuthHasHashes(self):
dce = self.connectDCE(self.username,
'',
self.domain,
self.lmhash,
self.nthash,
dceAuth=True)
epm.hept_lookup(self.machine)
dce.disconnect()
def test_hlookup(self):
resp = epm.hept_lookup(self.machine)
#for entry in resp:
# print epm.PrintStringBinding(entry['tower']['Floors'], self.machine)
MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SAMR)
MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0'))
resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_ATSVC)
MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0'))
resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SCMR)
def test_dceAuthHasHashes(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username,
'',
self.domain,
lmhash,
nthash,
dceAuth=True)
epm.hept_lookup(self.machine)
dce.disconnect()
def test_hlookup(self):
resp = epm.hept_lookup(self.machine)
#for entry in resp:
# print epm.PrintStringBinding(entry['tower']['Floors'], self.machine)
MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SAMR)
MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0'))
resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_ATSVC)
MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0'))
resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SCMR)
def test_dceAuthHasAes256Kerberos(self):
dce = self.connectDCE(self.username,
'',
self.domain,
'',
'',
self.aes_key_256,
dceAuth=True,
doKerberos=True)
epm.hept_lookup(self.machine)
dce.disconnect()
def test_hlookup(self):
epm.hept_lookup(self.machine)
MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0'))
epm.hept_lookup(self.machine, inquiry_type=epm.RPC_C_EP_MATCH_BY_IF, ifId=MSRPC_UUID_SAMR)
MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0'))
epm.hept_lookup(self.machine, inquiry_type=epm.RPC_C_EP_MATCH_BY_IF, ifId=MSRPC_UUID_ATSVC)
MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0'))
epm.hept_lookup(self.machine, inquiry_type=epm.RPC_C_EP_MATCH_BY_IF, ifId=MSRPC_UUID_SCMR)
def test_dceAuthKerberos(self):
dce = self.connectDCE(self.username,
self.password,
self.domain,
dceAuth=True,
doKerberos=True)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_dceAuthHasAes128Kerberos(self):
dce = self.connectDCE(self.username,
'',
self.domain,
'',
'',
self.aesKey128,
dceAuth=True,
doKerberos=True)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_dceAuth(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password, self.domain)
dce = rpctransport.get_dce_rpc()
dce.set_credentials(*(rpctransport.get_credentials()))
dce.connect()
dce.bind(epm.MSRPC_UUID_PORTMAP)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_dceAuth(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password,
self.domain)
dce = rpctransport.get_dce_rpc()
dce.set_credentials(*(rpctransport.get_credentials()))
dce.connect()
dce.bind(epm.MSRPC_UUID_PORTMAP)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
# dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY)
# dce.bind(epm.MSRPC_UUID_PORTMAP)
# rpcepm = epm.DCERPCEpm(dce)
resp = epm.hept_lookup(None, dce=dce)
dce.disconnect()
return resp
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
# dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY)
# dce.bind(epm.MSRPC_UUID_PORTMAP)
# rpcepm = epm.DCERPCEpm(dce)
resp = epm.hept_lookup(None, dce=dce)
dce.disconnect()
return resp
def test_dceAuthHasHashesKerberos(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
lmhash, nthash = self.hashes.split(':')
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, '', self.domain, lmhash, nthash)
rpctransport.set_kerberos(True)
dce = rpctransport.get_dce_rpc()
dce.set_credentials(*(rpctransport.get_credentials()))
dce.connect()
dce.bind(epm.MSRPC_UUID_PORTMAP)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_dceAuthHasHashesKerberos(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
lmhash, nthash = self.hashes.split(':')
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, '', self.domain,
lmhash, nthash)
rpctransport.set_kerberos(True)
dce = rpctransport.get_dce_rpc()
dce.set_credentials(*(rpctransport.get_credentials()))
dce.connect()
dce.bind(epm.MSRPC_UUID_PORTMAP)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_packetAnonWINNTPacketPrivacy(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
lmhash, nthash = self.hashes.split(':')
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_max_fragment_size(1)
dce.connect()
dce.set_auth_type(rpcrt.RPC_C_AUTHN_WINNT)
dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.bind(epm.MSRPC_UUID_PORTMAP)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_packetAnonWINNTPacketPrivacy(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if hasattr(rpctransport, 'set_credentials'):
lmhash, nthash = self.hashes.split(':')
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password,
self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_max_fragment_size(1)
dce.connect()
dce.set_auth_type(rpcrt.RPC_C_AUTHN_WINNT)
dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
dce.bind(epm.MSRPC_UUID_PORTMAP)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
#dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY)
#dce.bind(epm.MSRPC_UUID_PORTMAP)
#rpcepm = epm.DCERPCEpm(dce)
if str(self.__stringbinding) != str(rpctransport.get_stringbinding()):
logging.debug('StringBinding has been changed to %s' %
rpctransport.get_stringbinding())
resp = epm.hept_lookup(None, dce=dce)
dce.disconnect()
return resp
def send_EPM_Lookup_request(remote_host, remote_port):
protocols = {
135: 'ncacn_ip_tcp:%s' % remote_host,
139: 'ncacn_np:%s[\pipe\epmapper]' % remote_host,
445: 'ncacn_np:%s[\pipe\epmapper]' % remote_host
}
bindstr = protocols[remote_port]
rpctransport = transport.DCERPCTransportFactory(bindstr)
rpctransport.set_dport(remote_port)
# rpctransport.setRemoteHost(remote_host)
dce = rpctransport.get_dce_rpc()
dce.connect()
entries = epm.hept_lookup(None, dce=dce)
dce.disconnect()
return entries
def test_dceAuthHasHashesKerberos(self):
lmhash, nthash = self.hashes.split(':')
dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceAuth=True, doKerberos=True)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def __fetchList(self):
entries = []
resp = epm.hept_lookup(self.trans.getRemoteName())
self.__rpc_disconnect()
return resp
def test_dceAuth(self):
dce = self.connectDCE(self.username, self.password, self.domain, dceAuth=True)
epm.hept_lookup(self.machine)
dce.disconnect()
def __fetchList(self, rpctransport):
dce = rpctransport.get_dce_rpc()
dce.connect()
resp = epm.hept_lookup(None, dce=dce)
dce.disconnect()
return resp
def test_dceAuthHasAes256Kerberos(self):
dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey256, dceAuth=True, doKerberos=True)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
def test_dceAuthKerberos(self):
dce = self.connectDCE(self.username, self.password, self.domain, dceAuth=True, doKerberos=True)
resp = epm.hept_lookup(self.machine)
dce.disconnect()
