def test_packetAes256WINNTPacketPrivacyKerberos(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. lmhash, nthash = self.hashes.split(':') rpctransport.set_credentials(self.username, '', self.domain, '', '', self.aesKey256) rpctransport.set_kerberos(True) dce = rpctransport.get_dce_rpc() dce.connect() #dce.set_credentials(*(rpctransport.get_credentials())) dce.set_auth_type(rpcrt.RPC_C_AUTHN_GSS_NEGOTIATE) dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_PRIVACY) dce.bind(epm.MSRPC_UUID_PORTMAP) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()
def test_lookup(self): dce, rpctransport = self.connect() request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) for entry in resp['entries']: tower = entry['tower']['tower_octet_string'] tower = epm.EPMTower(''.join(tower))
def test_packetWINNTPacketIntegrityKerberos(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain) rpctransport.set_kerberos(True) dce = rpctransport.get_dce_rpc() dce.connect() #dce.set_credentials(*(rpctransport.get_credentials())) dce.set_auth_type(rpcrt.RPC_C_AUTHN_GSS_NEGOTIATE) dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) dce.bind(epm.MSRPC_UUID_PORTMAP) request = epm.ept_lookup() request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS request['object'] = NULL request['Ifid'] = NULL request['vers_option'] = epm.RPC_C_VERS_ALL request['max_ents'] = 499 resp = dce.request(request) resp = dce.request(request) resp.dump() dce.disconnect()