def _test_netlogon(self, name, pwd, status, checkFunction): def isLastExpectedMessage(msg): return ( msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["authDescription"] == "ServerAuthenticate" and msg["Authentication"]["status"] == status) machine_creds = Credentials() machine_creds.guess(self.get_loadparm()) machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) machine_creds.set_password(pwd) machine_creds.set_username(name + "$") try: netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm(), machine_creds) self.fail("NTSTATUSError not raised") except NTSTATUSError: pass messages = self.waitForMessages(isLastExpectedMessage) checkFunction(messages)
def _test_netlogon(self, binding, checkFunction): def isLastExpectedMessage(msg): return ( msg["type"] == "Authorization" and msg["Authorization"]["serviceDescription"] == "DCE/RPC" and msg["Authorization"]["authType"] == "schannel" and msg["Authorization"]["transportProtection"] == "SEAL") if binding: binding = "[schannel,%s]" % binding else: binding = "[schannel]" machine_creds = Credentials() machine_creds.guess(self.get_loadparm()) machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) machine_creds.set_password(self.machinepass) machine_creds.set_username(self.netbios_name + "$") netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding, self.get_loadparm(), machine_creds) messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn) checkFunction(messages)
def netlogon(self): server = os.environ["SERVER"] host = os.environ["SERVER_IP"] lp = self.get_loadparm() credentials = self.get_credentials() session = system_session() ldb = SamDB(url="ldap://%s" % host, session_info=session, credentials=credentials, lp=lp) machine_pass = samba.generate_random_password(32, 32) machine_name = MACHINE_NAME machine_dn = "cn=%s,%s" % (machine_name, ldb.domain_dn()) delete_force(ldb, machine_dn) utf16pw = ('"%s"' % get_string(machine_pass)).encode('utf-16-le') ldb.add({ "dn": machine_dn, "objectclass": "computer", "sAMAccountName": "%s$" % machine_name, "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), "unicodePwd": utf16pw }) machine_creds = Credentials() machine_creds.guess(lp) machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) machine_creds.set_kerberos_state(DONT_USE_KERBEROS) machine_creds.set_password(machine_pass) machine_creds.set_username(machine_name + "$") machine_creds.set_workstation(machine_name) netlogon.netlogon("ncacn_ip_tcp:%s[schannel,seal]" % server, lp, machine_creds) delete_force(ldb, machine_dn)
def retrieve_netlogon_info_2(domain, function_code, data): try: netr_pipe = netlogon.netlogon(domain.binding, domain.parm, domain.creds) result = netr_pipe.netr_LogonControl2Ex(logon_server=None, function_code=function_code, level=2, data=data ) return result except RuntimeError, (num, message): raise assess_dcerpc_exception(num=num, message=message)
def retrieve_netlogon_info_2(domain, function_code, data): try: netr_pipe = netlogon.netlogon(domain.binding, domain.parm, domain.creds) result = netr_pipe.netr_LogonControl2Ex( logon_server=None, function_code=function_code, level=2, data=data) return result except RuntimeError, (num, message): raise assess_dcerpc_exception(num=num, message=message)
def _call_get_dc_name(self, domain=None, domain_guid=None, site_name=None, ex2=False, flags=0): if self.netlogon_conn is None: self.netlogon_conn = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) if ex2: return self.netlogon_conn.netr_DsRGetDCNameEx2( self.server, None, 0, domain, domain_guid, site_name, flags) else: return self.netlogon_conn.netr_DsRGetDCNameEx( self.server, domain, domain_guid, site_name, flags)
def _call_get_dc_name(self, domain=None, domain_guid=None, site_name=None, ex2=False, flags=0): if self.netlogon_conn is None: self.netlogon_conn = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) if ex2: return self.netlogon_conn.netr_DsRGetDCNameEx2(self.server, None, 0, domain, domain_guid, site_name, flags) else: return self.netlogon_conn.netr_DsRGetDCNameEx(self.server, domain, domain_guid, site_name, flags)
def test_netlogon_password_HMAC_MD5(self): """Logon failure that exercises the "HMAC-MD5" passwordType path. """ def isLastExpectedMessage(msg): return (msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["authDescription"] == "ServerAuthenticate" and msg["Authentication"]["passwordType"] == "HMAC-MD5") c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) creds = netlogon.netr_Credential() c.netr_ServerReqChallenge(self.server, self.netbios_name, creds) try: c.netr_ServerAuthenticate3(self.server, self.netbios_name, SEC_CHAN_WKSTA, self.netbios_name, creds, NETLOGON_NEG_STRONG_KEYS) except NTSTATUSError: pass self.waitForMessages(isLastExpectedMessage)
def test_netlogon_password_HMAC_MD5(self): """Logon failure that exercises the "HMAC-MD5" passwordType path. """ def isLastExpectedMessage(msg): return ( msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["authDescription"] == "ServerAuthenticate" and msg["Authentication"]["passwordType"] == "HMAC-MD5") c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) creds = netlogon.netr_Credential() c.netr_ServerReqChallenge(self.server, self.netbios_name, creds) try: c.netr_ServerAuthenticate3(self.server, self.netbios_name, SEC_CHAN_WKSTA, self.netbios_name, creds, NETLOGON_NEG_STRONG_KEYS) except NTSTATUSError: pass self.waitForMessages(isLastExpectedMessage)
def test_netlogon_password_DES(self): """Logon failure that exercises the "DES" passwordType path. """ def isLastExpectedMessage(msg): return ( msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "NETLOGON" and msg["Authentication"]["authDescription"] == "ServerAuthenticate" and msg["Authentication"]["passwordType"] == "DES" and msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON and msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK) c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm()) creds = netlogon.netr_Credential() c.netr_ServerReqChallenge(self.server, self.netbios_name, creds) try: c.netr_ServerAuthenticate3(self.server, self.netbios_name, SEC_CHAN_WKSTA, self.netbios_name, creds, 0) except NTSTATUSError: pass self.waitForMessages(isLastExpectedMessage)
def _test_netlogon(self, binding, checkFunction): def isLastExpectedMessage(msg): return (msg["type"] == "Authorization" and msg["Authorization"]["serviceDescription"] == "DCE/RPC" and msg["Authorization"]["authType"] == "schannel" and msg["Authorization"]["transportProtection"] == "SEAL") if binding: binding = "[schannel,%s]" % binding else: binding = "[schannel]" machine_creds = Credentials() machine_creds.guess(self.get_loadparm()) machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) machine_creds.set_password(self.machinepass) machine_creds.set_username(self.netbios_name + "$") netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding, self.get_loadparm(), machine_creds) messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn) checkFunction(messages)
def get_netlogon_connection(self): return netlogon.netlogon( "ncacn_ip_tcp:%s[schannel,seal]" % self.server, self.lp, self.machine_creds)
def _test_samlogon(self, binding, creds, checkFunction): def isLastExpectedMessage(msg): return ( msg["type"] == "Authentication" and msg["Authentication"]["serviceDescription"] == "SamLogon" and msg["Authentication"]["authDescription"] == "network" and msg["Authentication"]["passwordType"] == "NTLMv2" and (msg["Authentication"]["eventId"] == EVT_ID_SUCCESSFUL_LOGON) and (msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)) if binding: binding = "[schannel,%s]" % binding else: binding = "[schannel]" utf16pw = text_type('"' + self.machinepass + '"').encode('utf-16-le') self.ldb.add({ "dn": self.samlogon_dn, "objectclass": "computer", "sAMAccountName": "%s$" % self.netbios_name, "userAccountControl": str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD), "unicodePwd": utf16pw}) machine_creds = Credentials() machine_creds.guess(self.get_loadparm()) machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA) machine_creds.set_password(self.machinepass) machine_creds.set_username(self.netbios_name + "$") netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding, self.get_loadparm(), machine_creds) challenge = b"abcdefgh" target_info = ntlmssp.AV_PAIR_LIST() target_info.count = 3 domainname = ntlmssp.AV_PAIR() domainname.AvId = ntlmssp.MsvAvNbDomainName domainname.Value = self.domain computername = ntlmssp.AV_PAIR() computername.AvId = ntlmssp.MsvAvNbComputerName computername.Value = self.netbios_name eol = ntlmssp.AV_PAIR() eol.AvId = ntlmssp.MsvAvEOL target_info.pair = [domainname, computername, eol] target_info_blob = ndr_pack(target_info) response = creds.get_ntlm_response(flags=CLI_CRED_NTLMv2_AUTH, challenge=challenge, target_info=target_info_blob) netr_flags = 0 logon_level = netlogon.NetlogonNetworkTransitiveInformation logon = samba.dcerpc.netlogon.netr_NetworkInfo() logon.challenge = [x if isinstance(x,int) else ord(x) for x in challenge] logon.nt = netlogon.netr_ChallengeResponse() logon.nt.length = len(response["nt_response"]) logon.nt.data = [x if isinstance(x,int) else ord(x) for x in response["nt_response"]] logon.identity_info = samba.dcerpc.netlogon.netr_IdentityInfo() (username, domain) = creds.get_ntlm_username_domain() logon.identity_info.domain_name.string = domain logon.identity_info.account_name.string = username logon.identity_info.workstation.string = creds.get_workstation() validation_level = samba.dcerpc.netlogon.NetlogonValidationSamInfo4 result = netlogon_conn.netr_LogonSamLogonEx( os.environ["SERVER"], machine_creds.get_workstation(), logon_level, logon, validation_level, netr_flags) (validation, authoritative, netr_flags_out) = result messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn) checkFunction(messages)
def communicate(td): td.init_lsa_pipe(td.info['dc']) netr_pipe = netlogon.netlogon(td.binding, td.parm, td.creds) domains = netr_pipe.netr_DsrEnumerateDomainTrusts(td.binding, 1) return domains
def get_netlogon_connection(self): return netlogon.netlogon("ncacn_np:%s[seal]" % self.server, self.lp, self.creds)
def get_netlogon_connection(self): return netlogon.netlogon("ncacn_ip_tcp:%s[schannel,seal]" % self.server, self.lp, self.machine_creds)