def generateResponse(self):
request = self.requestData
responseData = kmsBase.generateKmsResponseData(request['pduData'], self.config)
envelopeLength = len(responseData)
response = MSRPCRespHeader()
response['ver_major'] = request['ver_major']
response['ver_minor'] = request['ver_minor']
response['type'] = self.packetType['response']
response['flags'] = self.packetFlags['firstFrag'] | self.packetFlags['lastFrag']
response['representation'] = request['representation']
response['call_id'] = request['call_id']
response['alloc_hint'] = envelopeLength
response['ctx_id'] = request['ctx_id']
response['cancel_count'] = 0
response['pduData'] = responseData
shell_message(nshell = 17)
logging.debug("RPC Message Response: \n%s\n" % justify(response.dump(print_to_stdout = False)))
logging.debug("RPC Message Response Bytes: \n%s\n" % justify(binascii.b2a_hex(str(response))))
return response
def generateResponse(self): request = self.requestData responseData = kmsBase.generateKmsResponseData(request['pduData'], self.config) envelopeLength = len(responseData) response = MSRPCRespHeader() response['ver_major'] = request['ver_major'] response['ver_minor'] = request['ver_minor'] response['type'] = self.packetType['response'] response['flags'] = self.packetFlags['firstFrag'] | self.packetFlags['lastFrag'] response['representation'] = request['representation'] response['call_id'] = request['call_id'] response['alloc_hint'] = envelopeLength response['ctx_id'] = request['ctx_id'] response['cancel_count'] = 0 response['pduData'] = responseData if self.config['debug']: print "RPC Message Response:", response.dump() print "RPC Message Response Bytes:", binascii.b2a_hex(str(response)) return response
def generateResponse(self):
request = self.requestData
responseData = kmsBase.generateKmsResponseData(request['pduData'],
self.config)
envelopeLength = len(responseData)
response = MSRPCRespHeader()
response['ver_major'] = request['ver_major']
response['ver_minor'] = request['ver_minor']
response['type'] = self.packetType['response']
response['flags'] = self.packetFlags['firstFrag'] | self.packetFlags[
'lastFrag']
response['representation'] = request['representation']
response['call_id'] = request['call_id']
response['alloc_hint'] = envelopeLength
response['ctx_id'] = request['ctx_id']
response['cancel_count'] = 0
response['pduData'] = responseData
logging.debug("RPC Message Response: %s" % response.dump())
logging.debug("RPC Message Response Bytes: %s" %
binascii.b2a_hex(str(response)))
return response
def generateResponse(self, request):
responseData = kmsBase.generateKmsResponseData(request['pduData'],
self.config)
envelopeLength = len(responseData)
response = MSRPCRespHeader()
response['ver_major'] = request['ver_major']
response['ver_minor'] = request['ver_minor']
response['type'] = self.packetType['response']
response['flags'] = self.packetFlags['firstFrag'] | self.packetFlags[
'lastFrag']
response['representation'] = request['representation']
response['call_id'] = request['call_id']
response['alloc_hint'] = envelopeLength
response['ctx_id'] = request['ctx_id']
response['cancel_count'] = 0
response['pduData'] = responseData
shell_message(nshell=17)
response = byterize(response)
logger.debug("RPC Message Response: \n%s\n" %
justify(response.dump(print_to_stdout=False)))
logger.debug("RPC Message Response Bytes: \n%s\n" % justify(
binascii.b2a_hex(str(response).encode('latin-1')).decode('utf-8')))
return response
def generateResponse(self, request):
responseData = kmsBase.generateKmsResponseData(request['pduData'],
self.config)
envelopeLength = len(responseData)
response = MSRPCRespHeader()
response['ver_major'] = request['ver_major']
response['ver_minor'] = request['ver_minor']
response['type'] = self.packetType['response']
response['flags'] = self.packetFlags['firstFrag'] | self.packetFlags[
'lastFrag']
response['representation'] = request['representation']
response['call_id'] = request['call_id']
response['alloc_hint'] = envelopeLength
response['ctx_id'] = request['ctx_id']
response['cancel_count'] = 0
response['pduData'] = responseData
if self.config['debug']:
print("RPC Message Response:", response.dump())
print("RPC Message Response Bytes:",
binascii.b2a_hex(response.__bytes__()))
return response
def main():
parser = argparse.ArgumentParser()
parser.add_argument("ip",
action="store",
help="The IP address or hostname of the KMS host.",
type=str)
parser.add_argument(
"port",
nargs="?",
action="store",
default=1688,
help=
"The port the KMS service is listening on. The default is \"1688\".",
type=int)
parser.add_argument("-m",
"--mode",
dest="mode",
choices=[
"WindowsVista", "Windows7", "Windows8",
"Windows81", "Windows10", "Office2010",
"Office2013", "Office2016"
],
default="Windows7")
parser.add_argument(
"-c",
"--cmid",
dest="cmid",
default=None,
help=
"Use this flag to manually specify a CMID to use. If no CMID is specified, a random CMID will be generated.",
type=str)
parser.add_argument(
"-n",
"--name",
dest="machineName",
default=None,
help=
"Use this flag to manually specify an ASCII machineName to use. If no machineName is specified, a random machineName will be generated.",
type=str)
parser.add_argument("-v",
"--verbose",
dest="verbose",
action="store_const",
const=True,
default=False,
help="Use this flag to enable verbose output.")
parser.add_argument(
"-d",
"--debug",
dest="debug",
action="store_const",
const=True,
default=False,
help="Use this flag to enable debug output. Implies \"-v\".")
config.update(vars(parser.parse_args()))
checkConfig()
config['call_id'] = 1
if config['debug']:
config['verbose'] = True
updateConfig()
try:
socket.inet_pton(socket.AF_INET6, config['ip'])
except OSError:
s = socket.socket()
else:
s = socket.socket(socket.AF_INET6)
print("Connecting to %s on port %d..." % (config['ip'], config['port']))
s.connect((config['ip'], config['port']))
if config['verbose']:
print("Connection successful!")
binder = rpcBind.handler(None, config)
RPC_Bind = bytes(binder.generateRequest())
if config['verbose']:
print("Sending RPC bind request...")
s.send(RPC_Bind)
try:
bindResponse = s.recv(1024)
except socket.error as e:
if e.errno == errno.ECONNRESET:
print("Error: Connection reset by peer. Exiting...")
sys.exit()
else:
raise
if bindResponse == '' or not bindResponse:
print("No data received! Exiting...")
sys.exit()
packetType = MSRPCHeader(bindResponse)['type']
if packetType == rpcBase.packetType['bindAck']:
if config['verbose']:
print("RPC bind acknowledged.")
kmsRequest = createKmsRequest()
requester = rpcRequest.handler(kmsRequest, config)
s.send(bytes(requester.generateRequest()))
response = s.recv(1024)
if config['debug']:
print("Response:", binascii.b2a_hex(response))
parsed = MSRPCRespHeader(response)
kmsData = readKmsResponse(parsed['pduData'], kmsRequest, config)
kmsResp = kmsData['response']
try:
hwid = kmsData['hwid']
print("KMS Host HWID:", binascii.b2a_hex(hwid).upper())
except KeyError:
pass
print("KMS Host ePID:", kmsResp['kmsEpid'])
print("KMS Host Current Client Count:", kmsResp['currentClientCount'])
print("KMS VL Activation Interval:", kmsResp['vLActivationInterval'])
print("KMS VL Renewal Interval:", kmsResp['vLRenewalInterval'])
elif packetType == rpcBase.packetType['bindNak']:
print(MSRPCBindNak(bindResponse).dump())
sys.exit()
else:
print("Something went wrong.")
sys.exit()
def main():
parser = argparse.ArgumentParser()
parser.add_argument("ip",
action="store",
help='The IP address or hostname of the KMS server.',
type=str)
parser.add_argument(
"port",
nargs="?",
action="store",
default=1688,
help=
'The port the KMS service is listening on. The default is \"1688\".',
type=int)
parser.add_argument(
"-m",
"--mode",
dest="mode",
choices=[
"WindowsVista", "Windows7", "Windows8", "Windows81", "Windows10",
"Office2010", "Office2013", "Office2016"
],
default="Windows7",
help=
'Use this flag to manually specify a Microsoft product for testing the server. The default is \"Windows81\".',
type=str)
parser.add_argument(
"-c",
"--cmid",
dest="cmid",
default=None,
help=
'Use this flag to manually specify a CMID to use. If no CMID is specified, a random CMID will be generated.',
type=str)
parser.add_argument(
"-n",
"--name",
dest="machineName",
default=None,
help=
'Use this flag to manually specify an ASCII machineName to use. If no machineName is specified,\
a random machineName will be generated.',
type=str)
parser.add_argument(
"-v",
"--loglevel",
dest="loglevel",
action="store",
default="ERROR",
choices=["CRITICAL", "ERROR", "WARNING", "INFO", "DEBUG"],
help='Use this flag to set a Loglevel. The default is \"ERROR\".',
type=str)
parser.add_argument(
"-f",
"--logfile",
dest="logfile",
action="store",
default=os.path.dirname(os.path.abspath(__file__)) +
"/py3kms_client.log",
help=
'Use this flag to set an output Logfile. The default is \"pykms_client.log\".',
type=str)
config.update(vars(parser.parse_args()))
logging.basicConfig(level=config['loglevel'],
format='%(asctime)s %(levelname)-8s %(message)s',
datefmt='%a, %d %b %Y %H:%M:%S',
filename=config['logfile'],
filemode='w')
checkConfig()
config['call_id'] = 1
updateConfig()
s = socket.socket()
logging.info("Connecting to %s on port %d..." %
(config['ip'], config['port']))
s.connect((config['ip'], config['port']))
logging.info("Connection successful !")
binder = rpcBind.handler(None, config)
RPC_Bind = str(binder.generateRequest()).encode('latin-1') #*2to3*
logging.info("Sending RPC bind request...")
shell_message(nshell=[-1, 1])
s.send(RPC_Bind)
try:
shell_message(nshell=[-4, 7])
bindResponse = s.recv(1024)
except socket.error as e: #*2to3*
if e[0] == 104:
logging.error("Connection reset by peer. Exiting...")
sys.exit()
else:
raise
if bindResponse == '' or not bindResponse:
logging.error("No data received ! Exiting...")
sys.exit()
packetType = MSRPCHeader(bindResponse)['type']
if packetType == rpcBase.packetType['bindAck']:
logging.info("RPC bind acknowledged.")
shell_message(nshell=8)
kmsRequest = createKmsRequest()
requester = rpcRequest.handler(kmsRequest, config)
s.send(str(requester.generateRequest()).encode('latin-1')) #*2to3*
shell_message(nshell=[-1, 12])
response = s.recv(1024)
logging.debug(
"Response: \n%s\n" %
justify(binascii.b2a_hex(response).decode('latin-1'))) #*2to3*
shell_message(nshell=[-4, 20])
parsed = MSRPCRespHeader(response)
kmsData = readKmsResponse(parsed['pduData'], kmsRequest, config)
kmsResp = kmsData['response']
try:
hwid = kmsData['hwid']
except:
hwid = None
logging.info(
"KMS Host ePID: %s" %
kmsResp['kmsEpid'].encode('utf-8').decode('utf-16le')) #*2to3*
if hwid is not None:
logging.info("KMS Host HWID: %s" % binascii.b2a_hex(
hwid.encode('latin-1')).upper().decode('utf-8')) #*2to3*
logging.info("KMS Host Current Client Count: %s" %
kmsResp['currentClientCount'])
logging.info("KMS VL Activation Interval: %s" %
kmsResp['vLActivationInterval'])
logging.info("KMS VL Renewal Interval: %s" %
kmsResp['vLRenewalInterval'])
shell_message(nshell=21)
elif packetType == rpcBase.packetType['bindNak']:
logging.info(
justify(MSRPCBindNak(bindResponse).dump(print_to_stdout=False)))
sys.exit()
else:
logging.critical("Something went wrong.")
sys.exit()
raise
if bindResponse == '' or not bindResponse:
logging.error("No data received ! Exiting...")
sys.exit()
packetType = MSRPCHeader(bindResponse)['type']
if packetType == rpcBase.packetType['bindAck']:
logging.info("RPC bind acknowledged.")
shell_message(nshell = 8)
kmsRequest = createKmsRequest()
requester = rpcRequest.handler(kmsRequest, config)
s.send(str(requester.generateRequest()))
shell_message(nshell = [-1, 12])
response = s.recv(1024)
logging.debug("Response: \n%s\n" % justify(binascii.b2a_hex(response)))
shell_message(nshell = [-4, 20])
parsed = MSRPCRespHeader(response)
kmsData = readKmsResponse(parsed['pduData'], kmsRequest, config)
kmsResp = kmsData['response']
try:
hwid = kmsData['hwid']
except:
hwid = None
logging.info("KMS Host ePID: %s" % kmsResp['kmsEpid'].decode('utf-16le').encode('utf-8'))
if hwid is not None:
logging.info("KMS Host HWID: %s" % binascii.b2a_hex(hwid).upper())
logging.info("KMS Host Current Client Count: %s" % kmsResp['currentClientCount'])
logging.info("KMS VL Activation Interval: %s" % kmsResp['vLActivationInterval'])
logging.info("KMS VL Renewal Interval: %s" % kmsResp['vLRenewalInterval'])
shell_message(nshell = 21)