def run(self): if self.__options.targets is not None: for line in self.__options.targets.readlines(): self.__machinesList.append(line.strip(' \r\n')) else: self.__machinesList.append(self.__options.target) logging.info('Gathering OS architecture for %d machines' % len(self.__machinesList)) logging.info('Socket connect timeout set to %s secs' % self.__options.timeout) for machine in self.__machinesList: try: stringBinding = r'ncacn_ip_tcp:%s[135]' % machine transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(int(self.__options.timeout)) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=self.NDR64Syntax) except DCERPCException as e: if str(e).find('syntaxes_not_supported') >= 0: print('%s is 32-bit' % machine) else: logging.error(str(e)) pass else: print('%s is 64-bit' % machine) dce.disconnect() except Exception as e: #import traceback #traceback.print_exc() logging.error('%s: %s' % (machine, str(e)))
def run(self): if self.__options.targets is not None: for line in self.__options.targets.readlines(): self.__machinesList.append(line.strip(' \r\n')) else: self.__machinesList.append(self.__options.target) logging.info('Gathering OS architecture for %d machines' % len(self.__machinesList)) logging.info('Socket connect timeout set to %s secs' % self.__options.timeout) for machine in self.__machinesList: try: stringBinding = r'ncacn_ip_tcp:%s[135]' % machine transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(int(self.__options.timeout)) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=self.NDR64Syntax) except DCERPCException, e: if str(e).find('syntaxes_not_supported') >= 0: print '%s is 32-bit' % machine else: logging.error(str(e)) pass else: print '%s is 64-bit' % machine dce.disconnect()
def get_arch(self): options = Namespace() options.target = self.target NDR64Syntax = ("71710533-BEBA-4937-8319-B5DBEF9CCC36", "1.0") try: stringBinding = r"ncacn_ip_tcp:%s[135]" % self.target transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(2) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=NDR64Syntax) except DCERPCException as e: if str(e).find("syntaxes_not_supported") >= 0: return 32 else: print(str(e)) pass else: return 64 dce.disconnect() except Exception as e: print(f"{self.target}, {str(e)}") print(f"Failed to determine {self.target} architecture") print("Attempt to proceed with 32 bit procdump") return 32
def DCE(transport, timeout=2): try: t = DCERPCTransportFactory(transport) t.set_connect_timeout(int(timeout)) d = t.get_dce_rpc() d.connect() return d except Exception, e: print('%s: %s' % (transport, str(e)))
def get_os_arch(self): # Credit: https://github.com/byt3bl33d3r/CrackMapExec/blob/master/cme/protocols/smb.py # Credit: https://github.com/SecureAuthCorp/impacket/blob/impacket_0_9_19/examples/getArch.py try: stringBinding = r'ncacn_ip_tcp:{}[135]'.format(self.host) transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(5) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0')) except DCERPCException as e: if str(e).find('syntaxes_not_supported') >= 0: dce.disconnect() return 32 else: dce.disconnect() return 64 except: return 0
def get_os_arch(self, host): try: stringBinding = r'ncacn_ip_tcp:{}[135]'.format(host) transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(5) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0')) except DCERPCException as e: if str(e).find('syntaxes_not_supported') >= 0: dce.disconnect() return 32 else: dce.disconnect() return 64 except Exception as e: print('Error retrieving os arch of {}: {}'.format(host, str(e))) return 0
def get_os_arch(target): try: stringBinding = r'ncacn_ip_tcp:{}[135]'.format(target) transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(5) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0')) except DCERPCException as e: if str(e).find('syntaxes_not_supported') >= 0: return 32 else: pass else: return 64 dce.disconnect() except Exception as e: logging.warning('%sErr with get_os_arch for %s: %s' % (warningRed, target, str(e)))
def get_os_arch(): try: stringBinding = r'ncacn_ip_tcp:{}[135]'.format(ipAddress) transport = DCERPCTransportFactory(stringBinding) transport.set_connect_timeout(5) dce = transport.get_dce_rpc() dce.connect() try: dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0')) except (DCERPCException, e): if str(e).find('syntaxes_not_supported') >= 0: dce.disconnect() return "x32" else: dce.disconnect() return "x64" except Exception as e: logging.debug('Error retrieving os arch of {}: {}'.format( ipAddress, str(e))) return 0