def sendBindType1(self, iface_uuid, auth_data): bind = MSRPCBind() item = CtxItem() item['AbstractSyntax'] = iface_uuid item['TransferSyntax'] = self.transfer_syntax item['ContextID'] = 0 item['TransItems'] = 1 bind.addCtxItem(item) packet = MSRPCHeader() packet['type'] = rpcrt.MSRPC_BIND packet['pduData'] = bind.getData() packet['call_id'] = 0 sec_trailer = SEC_TRAILER() sec_trailer['auth_type'] = RPC_C_AUTHN_WINNT sec_trailer['auth_level'] = RPC_C_AUTHN_LEVEL_CONNECT sec_trailer['auth_ctx_id'] = 79231 pad = (4 - (len(packet.get_packet()) % 4)) % 4 if pad != 0: packet['pduData'] += b'\xFF' * pad sec_trailer['auth_pad_len'] = pad packet['sec_trailer'] = sec_trailer packet['auth_data'] = auth_data self._transport.send(packet.get_packet()) s = self._transport.recv() if s != 0: resp = MSRPCHeader(s) else: return 0 #mmm why not None? if resp['type'] == rpcrt.MSRPC_BINDACK or resp['type'] == rpcrt.MSRPC_ALTERCTX_R: bindResp = MSRPCBindAck(resp.getData()) elif resp['type'] == rpcrt.MSRPC_BINDNAK or resp['type'] == rpcrt.MSRPC_FAULT: if resp['type'] == rpcrt.MSRPC_FAULT: resp = MSRPCRespHeader(resp.getData()) status_code = unpack('<L', resp['pduData'][:4])[0] else: resp = MSRPCBindNak(resp['pduData']) status_code = resp['RejectedReason'] if status_code in rpc_status_codes: raise DCERPCException(error_code = status_code) elif status_code in rpc_provider_reason: raise DCERPCException("Bind context rejected: %s" % rpc_provider_reason[status_code]) else: raise DCERPCException('Unknown DCE RPC fault status code: %.8x' % status_code) else: raise DCERPCException('Unknown DCE RPC packet type received: %d' % resp['type']) self.set_max_tfrag(bindResp['max_rfrag']) return bindResp
def __init__(self, error_string=None, proxy_error=None): rpc_error_code = None if proxy_error is not None: try: search = self.parser.search(proxy_error) rpc_error_code = int(search.group(1), 16) except: error_string += ': ' + proxy_error DCERPCException.__init__(self, error_string, rpc_error_code)
def DCERPCTransportFactory(stringbinding): sb = DCERPCStringBinding(stringbinding) na = sb.get_network_address() ps = sb.get_protocol_sequence() if 'ncadg_ip_udp' == ps: port = sb.get_endpoint() if port: return UDPTransport(na, int(port)) else: return UDPTransport(na) elif 'ncacn_ip_tcp' == ps: port = sb.get_endpoint() if port: return TCPTransport(na, int(port)) else: return TCPTransport(na) elif 'ncacn_http' == ps: port = sb.get_endpoint() if port: return HTTPTransport(na, int(port)) else: return HTTPTransport(na) elif 'ncacn_np' == ps: named_pipe = sb.get_endpoint() if named_pipe: named_pipe = named_pipe[len(r'\pipe'):] return SMBTransport(na, filename = named_pipe) else: return SMBTransport(na) elif 'ncalocal' == ps: named_pipe = sb.get_endpoint() return LOCALTransport(filename = named_pipe) else: raise DCERPCException("Unknown protocol sequence.")
def connect(self): TCPTransport.connect(self) self.get_socket().send('RPC_CONNECT ' + self.getRemoteHost() + ':593 HTTP/1.0\r\n\r\n') data = self.get_socket().recv(8192) if data[10:13] != '200': raise DCERPCException("Service not supported.")
def connect(self): try: af, socktype, proto, canonname, sa = socket.getaddrinfo(self.get_dip(), self.get_dport(), 0, socket.SOCK_DGRAM)[0] self.__socket = socket.socket(af, socktype, proto) self.__socket.settimeout(self.get_connect_timeout()) except socket.error, msg: self.__socket = None raise DCERPCException("Could not connect: %s" % msg)
def connect(self): af, socktype, proto, canonname, sa = socket.getaddrinfo(self.getRemoteHost(), self.get_dport(), 0, socket.SOCK_STREAM)[0] self.__socket = socket.socket(af, socktype, proto) try: self.__socket.settimeout(self.get_connect_timeout()) self.__socket.connect(sa) except socket.error as msg: self.__socket.close() raise DCERPCException("Could not connect: %s" % msg) return 1
def connect(self): if self._useRpcProxy == False: # Connecting directly to the ncacn_http port # # Here we using RPC over HTTPv1 instead complex RPC over HTTP v2 syntax # RPC over HTTP v2 here can be implemented in the future self._version = RPC_OVER_HTTP_v1 TCPTransport.connect(self) # Reading legacy server response data = self.get_socket().recv(8192) if data != b'ncacn_http/1.0': raise DCERPCException("%s:%s service is not ncacn_http" % (self.__remoteName, self.__dstport)) else: RPCProxyClient.connect(self)
def set_stringbinding(self, set_stringbinding): DCERPCTransport.set_stringbinding(self, set_stringbinding) if self._stringbinding.is_option_set("RpcProxy"): self.rpc_proxy_init() rpcproxy = self._stringbinding.get_option("RpcProxy").split(":") if rpcproxy[1] == '443': self.set_rpc_proxy_url('https://%s/rpc/rpcproxy.dll' % rpcproxy[0]) elif rpcproxy[1] == '80': self.set_rpc_proxy_url('http://%s/rpc/rpcproxy.dll' % rpcproxy[0]) else: # 2.1.2.1 # RPC over HTTP always uses port 80 for HTTP traffic and port 443 for HTTPS traffic. # But you can use set_rpc_proxy_url method to set any URL / query you want. raise DCERPCException("RPC Proxy port must be 80 or 443")
def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet)
def get_socket(self): if self._useRpcProxy == False: return TCPTransport.get_socket(self) else: raise DCERPCException( "This method is not supported for RPC Proxy connections")