def do_password(self, line): if self.loggedIn is False: LOG.error("Not logged in") return from getpass import getpass newPassword = getpass("New Password:") rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\samr', smb_connection = self.smb) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) samr.hSamrUnicodeChangePasswordUser2(dce, b'\x00', self.username, self.password, newPassword, self.lmhash, self.nthash) self.password = newPassword self.lmhash = None self.nthash = None
def do_password(self, line): if self.loggedIn is False: LOG.error("Not logged in") return from getpass import getpass newPassword = getpass("New Password:") rpctransport = transport.SMBTransport(self.smb.getRemoteHost(), filename = r'\samr', smb_connection = self.smb) dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) samr.hSamrUnicodeChangePasswordUser2(dce, '\x00', self.username, self.password, newPassword, self.lmhash, self.nthash) self.password = newPassword self.lmhash = None self.nthash = None
def hSamrUnicodeChangePasswordUser2(self): try: resp = samr.hSamrUnicodeChangePasswordUser2(self.dce, '\x00', self.username, self.oldPassword, self.newPassword, self.oldPwdHashLM, self.oldPwdHashNT) except Exception as e: if 'STATUS_PASSWORD_RESTRICTION' in str(e): logging.critical('Some password update rule has been violated. For example, the password may not meet length criteria.') else: raise e else: if resp['ErrorCode'] == 0: logging.info('Password was changed successfully.') else: logging.error('Non-zero return code, something weird happened.') resp.dump()
def hSamrUnicodeChangePasswordUser2(self): try: resp = samr.hSamrUnicodeChangePasswordUser2( self.dce, '\x00', self.userName, self.oldPwd, self.newPwd, self.oldPwdHashLM, self.oldPwdHashNT) except Exception as e: if 'STATUS_WRONG_PASSWORD' in str(e): print('[-] Current SMB password is not correct.') elif 'STATUS_PASSWORD_RESTRICTION' in str(e): print( '[-] Some password update rule has been violated. For example, the password may not meet length criteria.' ) else: raise e else: if resp['ErrorCode'] == 0: print('[+] Password was changed successfully.') else: print('[?] Non-zero return code, something weird happened.') resp.dump()
def hSamrUnicodeChangePasswordUser2(username, currpass, newpass, target): dce = connect(target) try: resp = samr.hSamrUnicodeChangePasswordUser2(dce, '\x00', username, currpass, newpass) except Exception as e: if 'STATUS_WRONG_PASSWORD' in str(e): print('[-] Current SMB password is not correct.') elif 'STATUS_PASSWORD_RESTRICTION' in str(e): print( '[-] Some password update rule has been violated. For example, the password may not meet length criteria.' ) else: raise e else: if resp['ErrorCode'] == 0: print('[+] Password was changed successfully.') else: print('[?] Non-zero return code, something weird happened.') resp.dump()