Exemplo n.º 1
0
    def encrypt_body(self, body):
        # get original length of body. wrap will encrypt in place
        orig_len = len(body)
        # encode before sending to wrap func
        ebody = base64.b64encode(body)
        # wrap it up
        try:
            rc, pad_len = kerberos.authGSSClientWrapIov(self._context, ebody, 1)
            if rc is not kerberos.AUTH_GSS_COMPLETE:
                log.debug("Unable to encrypt message body")
                return
        except AttributeError:
            # must be on centos 5, encryption not possible
            return body
        except kerberos.GSSError as e:
            msg = e.args[1][0]
            raise Exception(msg)

        # get wrapped request which is in b64 encoding
        ewrap = kerberos.authGSSClientResponse(self._context)
        # decode wrapped request
        payload = bytes(base64.b64decode(ewrap))
        # add carriage returns to body
        body = _BODY.replace('\n', '\r\n')
        body = bytes(body.format(original_length=orig_len + pad_len, emsg=payload))
        return body
Exemplo n.º 2
0
    def encrypt_body(self, body):
        # get original length of body. wrap will encrypt in place
        orig_len = len(body)
        # encode before sending to wrap func
        ebody = base64.b64encode(body)
        # wrap it up
        try:
            rc,pad_len = kerberos.authGSSClientWrapIov(self._context,ebody,1)
            if rc is not kerberos.AUTH_GSS_COMPLETE:
                log.debug("Unable to encrypt message body")
                return
        except AttributeError:
            # must be on centos 5, encryption not possible
            return body
        except kerberos.GSSError as e:
            msg = e.args[1][0]
            raise Exception(msg)

        # get wrapped request which is in b64 encoding
        ewrap = kerberos.authGSSClientResponse(self._context)
        # decode wrapped request
        payload = bytes(base64.b64decode(ewrap))
        # add carriage returns to body
        body = _BODY.replace('\n','\r\n')
        body = bytes(body.format(original_length=orig_len+pad_len,emsg=payload))
        return body
Exemplo n.º 3
0
# load request template and create payload
path = os.path.join(os.path.dirname(os.path.abspath(__file__)),
                    'enumerate.xml')
with open(path) as f:
    request_template = _XML_WHITESPACE_PATTERN.sub('><', f.read()).strip()

payload = request_template.format(resource_uri=DEFAULT_RESOURCE_URI, wql=query)
payload_xml = xml.dom.minidom.parseString(payload)
pretty_xml_as_string = payload_xml.toprettyxml(indent="  ")
print(
    "Enumeration payload before encryption:\n{0}".format(pretty_xml_as_string))
req = bytes(payload)

orig_len = len(payload)
ereq = base64.b64encode(payload)
rc, pad_len = kerberos.authGSSClientWrapIov(context, ereq, 1)
ewrap = kerberos.authGSSClientResponse(context)
wrapped_req = bytes(base64.b64decode(ewrap))
body = _BODY.replace('\n', '\r\n')
body = bytes(body.format(original_length=orig_len + pad_len, emsg=wrapped_req))
print_body = ''.join([i if isprint(i) else '.' for i in body])
print("Enumeration payload after encryption:\n{0}".format(print_body))

resp = s.request('POST', url, headers=k_headers, data=body)
if resp.status_code == httplib.FORBIDDEN:
    logging.error("Forbidden: Check WinRM port and version")
elif resp.status_code == httplib.UNAUTHORIZED:
    logging.error("Unauthorized: Check username and password")
elif resp.status_code == httplib.OK:
    logging.debug("HTTP OK!  Query Sent")
    print("HTTP OK!  Query Sent")
Exemplo n.º 4
0
    print("Authenticated {0}".format(kerberos.authGSSClientUserName(context)))

# load request template and create payload
path = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'enumerate.xml')
with open(path) as f:
    request_template = _XML_WHITESPACE_PATTERN.sub('><', f.read()).strip()

payload = request_template.format(resource_uri=DEFAULT_RESOURCE_URI,wql=query)
payload_xml = xml.dom.minidom.parseString(payload)
pretty_xml_as_string = payload_xml.toprettyxml(indent="  ")
print("Enumeration payload before encryption:\n{0}".format(pretty_xml_as_string))
req = bytes(payload)

orig_len = len(payload)
ereq = base64.b64encode(payload)
rc,pad_len = kerberos.authGSSClientWrapIov(context,ereq,1)
ewrap = kerberos.authGSSClientResponse(context)
wrapped_req = bytes(base64.b64decode(ewrap))
body = _BODY.replace('\n','\r\n')
body = bytes(body.format(original_length=orig_len+pad_len,emsg=wrapped_req))
print_body = ''.join([i if isprint(i) else '.' for i in body])
print("Enumeration payload after encryption:\n{0}".format(print_body))

resp = s.request('POST', url, headers=k_headers,data=body)
if resp.status_code == httplib.FORBIDDEN:
    logging.error(
        "Forbidden: Check WinRM port and version")
elif resp.status_code == httplib.UNAUTHORIZED:
    logging.error(
        "Unauthorized: Check username and password")
elif resp.status_code == httplib.OK: