def connect(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if len(self.hashes) > 0: lmhash, nthash = self.hashes.split(':') else: lmhash = '' nthash = '' if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) dce = rpctransport.get_dce_rpc() #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) dce.connect() dce.bind(nrpc.MSRPC_UUID_NRPC) resp = nrpc.hNetrServerReqChallenge(dce, NULL, self.serverName + '\x00', '12345678') resp.dump() serverChallenge = resp['ServerChallenge'] if self.hashes == '': ntHash = None else: ntHash = unhexlify(self.hashes.split(':')[1]) self.sessionKey = nrpc.ComputeSessionKeyStrongKey(self.password, '12345678', serverChallenge, ntHash) ppp = nrpc.ComputeNetlogonCredential('12345678', self.sessionKey) try: resp = nrpc.hNetrServerAuthenticate3(dce, NULL, self.username + '\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel,self.serverName + '\x00',ppp, 0x600FFFFF ) resp.dump() except Exception, e: if str(e).find('STATUS_DOWNGRADE_DETECTED') < 0: raise
def test_hNetrServerReqChallenge_hNetrServerAuthenticate3(self): dce, rpctransport = self.connect() resp = nrpc.hNetrServerReqChallenge(dce, NULL, self.serverName + '\x00','12345678' ) resp.dump() serverChallenge = resp['ServerChallenge'] if self.hashes == '': ntHash = None else: ntHash = unhexlify(self.hashes.split(':')[1]) sessionKey = nrpc.ComputeSessionKeyStrongKey(self.password, '12345678', serverChallenge, ntHash) ppp = nrpc.ComputeNetlogonCredential('12345678', sessionKey) resp = nrpc.hNetrServerAuthenticate3(dce, NULL,self.username + '\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel ,self.serverName + '\x00', ppp,0x600FFFFF ) resp.dump()
def connect(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if len(self.hashes) > 0: lmhash, nthash = self.hashes.split(':') else: lmhash = '' nthash = '' if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash) dce = rpctransport.get_dce_rpc() #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) dce.connect() dce.bind(nrpc.MSRPC_UUID_NRPC) resp = nrpc.hNetrServerReqChallenge(dce, NULL, self.serverName + '\x00', '12345678') resp.dump() serverChallenge = resp['ServerChallenge'] if self.hashes == '': ntHash = None else: ntHash = unhexlify(self.hashes.split(':')[1]) self.sessionKey = nrpc.ComputeSessionKeyStrongKey( self.password, '12345678', serverChallenge, ntHash) ppp = nrpc.ComputeNetlogonCredential('12345678', self.sessionKey) try: resp = nrpc.hNetrServerAuthenticate3( dce, NULL, self.username + '\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel, self.serverName + '\x00', ppp, 0x600FFFFF) resp.dump() except Exception, e: if str(e).find('STATUS_DOWNGRADE_DETECTED') < 0: raise
def test_hNetrServerReqChallenge_hNetrServerAuthenticate3(self): dce, rpctransport = self.connect() resp = nrpc.hNetrServerReqChallenge(dce, NULL, self.serverName + '\x00', '12345678') resp.dump() serverChallenge = resp['ServerChallenge'] if self.hashes == '': ntHash = None else: ntHash = unhexlify(self.hashes.split(':')[1]) sessionKey = nrpc.ComputeSessionKeyStrongKey(self.password, '12345678', serverChallenge, ntHash) ppp = nrpc.ComputeNetlogonCredential('12345678', sessionKey) resp = nrpc.hNetrServerAuthenticate3( dce, NULL, self.username + '\x00', nrpc.NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel, self.serverName + '\x00', ppp, 0x600FFFFF) resp.dump()