async def list_domain_users(self, domain_handle):
try:
user_type = samr.USER_NORMAL_ACCOUNT
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
resp, err = await samr.hSamrEnumerateUsersInDomain(
self.dce,
domain_handle,
user_type,
enumerationContext=enumerationContext)
if err is not None:
if err.error_code != NTStatus.MORE_ENTRIES.value:
raise err
return
resp = err.get_packet()
for user in resp['Buffer']['Buffer']:
user_sid = '%s-%s' % (self.domain_handles[domain_handle],
user['RelativeId'])
yield user['Name'], user_sid, None
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
except Exception as e:
yield None, None, e
async def list_sessions(self, level = 10):
if level not in [1, 10]:
raise Exception('Only levels 1 and 10 implemented!')
level_name = 'Level%s' % level
status = NTStatus.MORE_ENTRIES
resumeHandle = 0
while status == NTStatus.MORE_ENTRIES:
resp, err = await srvs.hNetrSessionEnum(self.dce, '\x00', NULL, level, resumeHandle = resumeHandle)
if err is not None:
if err.error_code != NTStatus.MORE_ENTRIES.value:
raise err
resp = err.get_packet()
if level == 1:
for entry in resp['InfoStruct']['SessionInfo'][level_name]['Buffer']:
username = entry['sesi1_username'][:-1]
ip_addr = entry['sesi1_cname'][:-1]
yield username, ip_addr, None
elif level == 10:
for entry in resp['InfoStruct']['SessionInfo'][level_name]['Buffer']:
username = entry['sesi10_username'][:-1]
ip_addr = entry['sesi10_cname'][:-1]
yield username, ip_addr, None
resumeHandle = resp['ResumeHandle']
status = NTStatus(resp['ErrorCode'])
def from_buffer(buff):
hdr = SMB2Header_ASYNC()
hdr.ProtocolId = buff.read(4)
assert hdr.ProtocolId == b'\xFESMB'
hdr.StructureSize = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
assert hdr.StructureSize == 64
hdr.CreditCharge = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.Status = NTStatus(
int.from_bytes(buff.read(4), byteorder='little', signed=False))
hdr.Command = SMB2Command(
int.from_bytes(buff.read(2), byteorder='little', signed=False))
hdr.Credit = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.Flags = SMB2HeaderFlag(
int.from_bytes(buff.read(4), byteorder='little', signed=False))
hdr.NextCommand = int.from_bytes(buff.read(4),
byteorder='little',
signed=False)
hdr.MessageId = int.from_bytes(buff.read(8),
byteorder='little',
signed=False)
hdr.AsyncId = buff.read(8)
hdr.SessionId = buff.read(8)
hdr.Signature = buff.read(16)
return hdr
async def add_member_to_alias(self, alias_handle, sid):
try:
resp, err = await samr.hSamrAddMemberToAlias(
self.dce, alias_handle, sid)
if err is not None:
if err.error_code != NTStatus.MORE_ENTRIES.value:
raise err
resp = err.get_packet()
status = NTStatus(resp['ErrorCode'])
result = status == NTStatus.SUCCESS
return result, None
except Exception as e:
return None, e
async def list_domains(self): status = NTStatus.MORE_ENTRIES enumerationContext = 0 while status == NTStatus.MORE_ENTRIES: resp, err = await samr.hSamrEnumerateDomainsInSamServer(self.dce, self.handle, enumerationContext = enumerationContext) if err is not None: if err.error_code != NTStatus.MORE_ENTRIES.value: raise err resp = err.get_packet() for domain in resp['Buffer']['Buffer']: yield domain['Name'], None enumerationContext = resp['EnumerationContext'] status = NTStatus(resp['ErrorCode'])
async def list_aliases(self, domain_handle): status = NTStatus.MORE_ENTRIES enumerationContext = 0 while status == NTStatus.MORE_ENTRIES: resp, err = await samr.hSamrEnumerateAliasesInDomain(self.dce, domain_handle, enumerationContext=enumerationContext) if err is not None: if err.error_code != NTStatus.MORE_ENTRIES.value: raise err resp = err.get_packet() for alias in resp['Buffer']['Buffer']: yield alias['Name'] , alias['RelativeId'], None enumerationContext = resp['EnumerationContext'] status = NTStatus(resp['ErrorCode'])
async def enumerate_users(self, domain_handle): status = NTStatus.MORE_ENTRIES enumerationContext = 0 while status == NTStatus.MORE_ENTRIES: resp, err = await samr.hSamrEnumerateUsersInDomain(self.dce, domain_handle, enumerationContext=enumerationContext) if err is not None: if err.error_code != NTStatus.MORE_ENTRIES.value: raise err resp = err.get_packet() for user in resp['Buffer']['Buffer']: user_sid = '%s-%s' % (self.domain_handles[domain_handle], user['RelativeId']) yield user['Name'], user_sid, None enumerationContext = resp['EnumerationContext'] status = NTStatus(resp['ErrorCode'])
async def list_shares(self, level = 1): level_name = 'Level%s' % level status = NTStatus.MORE_ENTRIES resumeHandle = 0 while status == NTStatus.MORE_ENTRIES: resp, err = await srvs.hNetrShareEnum(self.dce, level, resumeHandle = resumeHandle) if err is not None: if err.error_code != NTStatus.MORE_ENTRIES.value: raise err resp = err.get_packet() for entry in resp['InfoStruct']['ShareInfo'][level_name]['Buffer']: yield entry['shi1_netname'][:-1], entry['shi1_type'], entry['shi1_remark'], None resumeHandle = resp['ResumeHandle'] status = NTStatus(resp['ErrorCode'])
async def list_domains(self):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await samr.hSamrEnumerateDomainsInSamServer(self.dce, self.handle, enumerationContext = enumerationContext)
except DCERPCException as e:
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for domain in resp['Buffer']['Buffer']:
yield domain['Name']
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
async def list_domain_groups(self, domain_handle):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await samr.hSamrEnumerateGroupsInDomain(self.dce, domain_handle, enumerationContext=enumerationContext)
except DCERPCException as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for group in resp['Buffer']['Buffer']:
group_sid = '%s-%s' % (self.domain_handles[domain_handle], group['RelativeId'])
yield group['Name'], group_sid
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
async def list_aliases(self, domain_handle):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await samr.hSamrEnumerateAliasesInDomain(self.dce, domain_handle, enumerationContext=enumerationContext)
except DCERPCException as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for alias in resp['Buffer']['Buffer']:
yield (alias['Name'] , alias['RelativeId'])
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
print(status)
async def enumerate_users(self, domain_handle):
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
try:
#userAccountControl=USER_NORMAL_ACCOUNT,
resp = await samr.hSamrEnumerateUsersInDomain(self.dce, domain_handle, enumerationContext=enumerationContext)
except DCERPCException as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for user in resp['Buffer']['Buffer']:
user_sid = '%s-%s' % (self.domain_handles[domain_handle], user['RelativeId'])
yield user['Name'], user_sid
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
async def list_shares(self, level=1):
level_name = 'Level%s' % level
status = NTStatus.MORE_ENTRIES
resumeHandle = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await srvs.hNetrShareEnum(self.dce,
level,
resumeHandle=resumeHandle)
except Exception as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
for entry in resp['InfoStruct']['ShareInfo'][level_name]['Buffer']:
yield entry['shi1_netname'][:-1], entry['shi1_type'], entry[
'shi1_remark']
resumeHandle = resp['ResumeHandle']
status = NTStatus(resp['ErrorCode'])
async def list_domain_groups(self, domain_handle):
try:
status = NTStatus.MORE_ENTRIES
enumerationContext = 0
while status == NTStatus.MORE_ENTRIES:
resp, err = await samr.hSamrEnumerateGroupsInDomain(
self.dce,
domain_handle,
enumerationContext=enumerationContext)
if err is not None:
if err.error_code != NTStatus.MORE_ENTRIES.value:
raise err
resp = err.get_packet()
for group in resp['Buffer']['Buffer']:
group_sid = '%s-%s' % (self.domain_handles[domain_handle],
group['RelativeId'])
yield group['Name'], group_sid, None
enumerationContext = resp['EnumerationContext']
status = NTStatus(resp['ErrorCode'])
except Exception as e:
yield None, None, e
def from_buffer(buff):
hdr = SMBHeader()
hdr.Protocol = buff.read(4)
assert hdr.Protocol == b'\xFFSMB', "SMBv1 Header Magic incorrect!"
hdr.Command = SMBCommand(
int.from_bytes(buff.read(1), byteorder='little', signed=False))
hdr.Status = NTStatus(
int.from_bytes(buff.read(4), byteorder='little', signed=False))
hdr.Flags = SMBHeaderFlagsEnum(
int.from_bytes(buff.read(1), byteorder='little', signed=False))
hdr.Flags2 = SMBHeaderFlags2Enum(
int.from_bytes(buff.read(2), byteorder='little', signed=False))
hdr.PIDHigh = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
if SMBHeaderFlags2Enum.SMB_FLAGS2_SMB_SECURITY_SIGNATURE in hdr.Flags2:
hdr.SecurityFeatures = buff.read(8)
else:
hdr.Signature = buff.read(8)
hdr.Reserved = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.TID = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.PIDLow = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.UID = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
hdr.MessageId = int.from_bytes(buff.read(2),
byteorder='little',
signed=False)
return hdr
async def list_sessions(self, level=10):
if level not in [1, 10]:
raise Exception('Only levels 1 and 10 implemented!')
level_name = 'Level%s' % level
status = NTStatus.MORE_ENTRIES
resumeHandle = 0
while status == NTStatus.MORE_ENTRIES:
try:
resp = await srvs.hNetrSessionEnum(self.dce,
'\x00',
NULL,
level,
resumeHandle=resumeHandle)
except Exception as e:
print(str(e))
if str(e).find('STATUS_MORE_ENTRIES') < 0:
raise
resp = e.get_packet()
if level == 1:
for entry in resp['InfoStruct']['SessionInfo'][level_name][
'Buffer']:
username = entry['sesi1_username'][:-1]
ip_addr = entry['sesi1_cname'][:-1]
yield username, ip_addr
elif level == 10:
for entry in resp['InfoStruct']['SessionInfo'][level_name][
'Buffer']:
username = entry['sesi10_username'][:-1]
ip_addr = entry['sesi10_cname'][:-1]
yield username, ip_addr
resumeHandle = resp['ResumeHandle']
status = NTStatus(resp['ErrorCode'])