async def connect(self, open = True): rpctransport = SMBTransport(self.connection, filename=r'\svcctl') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(scmr.MSRPC_UUID_SCMR) if open == True: await self.open()
async def connect(self, open=True):
for i in range(2):
try:
rpctransport = SMBTransport(self.connection, filename=r'\samr')
self.dce = rpctransport.get_dce_rpc()
await self.dce.connect()
await self.dce.bind(samr.MSRPC_UUID_SAMR)
if open == True:
await self.open()
except Exception as e:
print(e)
async def connect(self, open = False): for i in range(2): try: rpctransport = SMBTransport(self.connection, filename=r'\winreg') self.dce = rpctransport.get_dce_rpc() await self.dce.connect() await self.dce.bind(rrp.MSRPC_UUID_RRP) if open == True: await self.open() except Exception as e: print(e)
async def filereader_test(connection_string, filename):
target = SMBTarget.from_connection_string(connection_string)
credential = SMBCredential.from_connection_string(connection_string)
spneg = AuthenticatorBuilder.to_spnego_cred(credential, target)
async with SMBConnection(spneg, target) as connection:
await connection.login()
try:
t = SMBDRSUAPI(connection, 'TEST.corp')
await t.connect()
await t.open()
input('open succsess!')
await t.get_user_secrets('victim')
except Exception as e:
import traceback
traceback.print_exc()
print('Error! %s' % e)
return
tmpFileName = os.urandom(4).hex() + '.tmp'
rreg = SMBRemoteRegistryService(connection)
await rreg.save_hive('SAM', tmpFileName)
print('Success! Registry file should be in %s' %
('SYSTEM32\\' + tmpFileName))
await rreg.close()
return
rpctransport = SMBTransport(connection, filename=r'\srvsvc')
dce = rpctransport.get_dce_rpc()
await dce.connect()
await dce.bind(srvs.MSRPC_UUID_SRVS)
resp = await srvs.hNetrShareEnum(dce, 1)
print(resp['InfoStruct']['ShareInfo']['Level1']['Buffer'])
rpctransport = SMBTransport(connection, filename=r'\wkssvc')
dce = rpctransport.get_dce_rpc()
await dce.connect()
await dce.bind(wkst.MSRPC_UUID_WKST)
resp = await wkst.hNetrWkstaUserEnum(dce, 1)
print(resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer'])
rpctransport = SMBTransport(connection, filename=r'\wkssvc')
dce = rpctransport.get_dce_rpc()
await dce.connect()
await dce.bind(wkst.MSRPC_UUID_WKST)
resp = await wkst.hNetrWkstaUserEnum(dce, 1)
print(resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer'])
def DCERPCTransportFactory(stringbinding, connection):
sb = DCERPCStringBinding(stringbinding, connection)
na = sb.get_network_address()
ps = sb.get_protocol_sequence()
if 'ncadg_ip_udp' == ps:
raise Exception('Not Implemented!')
#port = sb.get_endpoint()
#if port:
# return UDPTransport(na, int(port))
#else:
# return UDPTransport(na)
elif 'ncacn_ip_tcp' == ps:
port = sb.get_endpoint()
if port:
return TCPTransport(connection, na, int(port))
else:
return TCPTransport(connection, na)
elif 'ncacn_http' == ps:
raise Exception('Not Implemented!')
#port = sb.get_endpoint()
#if port:
# return HTTPTransport(na, int(port))
#else:
# return HTTPTransport(na)
elif 'ncacn_np' == ps:
named_pipe = sb.get_endpoint()
if named_pipe:
named_pipe = named_pipe[len(r'\pipe'):]
return SMBTransport(connection, na, filename=named_pipe)
else:
return SMBTransport(connection, na)
elif 'ncalocal' == ps:
raise Exception('Not Implemented!')
#named_pipe = sb.get_endpoint()
#return LOCALTransport(filename = named_pipe)
else:
raise DCERPCException("Unknown protocol sequence.")
async def connect(self, open=True):
rpctransport = SMBTransport(self.connection, filename=r'\srvsvc')
self.dce = rpctransport.get_dce_rpc()
await self.dce.connect()
await self.dce.bind(srvs.MSRPC_UUID_SRVS)
async def connect(self, open=True):
rpctransport = SMBTransport(self.connection, filename=r'\lsarpc')
self.dce = rpctransport.get_dce_rpc()
await self.dce.connect()
await self.dce.bind(lsad.MSRPC_UUID_LSAD)