def LsarLookupSids3(self, context_handle, sids):
"""
translates a batch of security principal SIDs to their name forms. It also returns the domains that these names are a part of.
:param HANDLE context_handle: OpenPolicy2 handle
:param list sids: list of sids to look information for ([S1, S2 ...])
:return: a structure with a list of translated sids, call dump() to see its contents. Otherwise it raises an error
"""
open_policy = LSARPCLookupSids3()
open_policy['ContextHandle'] = context_handle
open_policy['SidsBuff'] = SIDS_BUFF()
open_policy['SidsBuff']['NumSids'] = len(sids)
open_policy['SidsBuff']['RefID'] = random.randint(1, 65535)
open_policy['SidsBuff']['MaxCount'] = len(sids)
sids_str = ''
sid_items = 0
for sid_i in range(len(sids)):
sid_arr = sids[sid_i].split('-')
_sid = SAMR_RPC_SID_STRUCT()
sid_items += 1
_sid['Count'] = len(sid_arr) - 3
_sid['Sid'] = SAMR_RPC_SID()
_sid['Sid']['Revision'] = int(sid_arr[1])
_sid['Sid']['SubAuthorityCount'] = len(sid_arr) - 3
_sid['Sid'][
'IdentifierAuthority'] = SAMR_RPC_SID_IDENTIFIER_AUTHORITY()
_sid['Sid']['IdentifierAuthority'][
'Value'] = '\x00\x00\x00\x00\x00' + pack('B', int(sid_arr[2]))
sub_auth = ''
for elem in sid_arr[3:]:
sub_auth += pack('<L', int(elem))
_sid['Sid']['SubAuthority'] = sub_auth
sids_str += _sid.getData()
for i in range(0, sid_items):
sids_str = pack('<L', random.randint(1, 65535)) + sids_str
open_policy['SidsBuff']['Sids'] = sids_str
open_policy['TransNames'] = '\x00\x00\x00\x00\x00\x00\x00\x00'
open_policy['LookupLevel'] = 1
open_policy['MappedCount'] = '\x00\x00\x00\x00\x00\x00'
data = self.doRequest(open_policy, checkReturn=0)
packet = LSARPCLookupSidsResponse(data)
return packet
def formatDict(self):
resp = {}
resp['name'] = None
resp['sid'] = None
data = self['Data']
if self['pName'] != 0:
name = ndrutils.NDRStringW(data)
data = data[name['ActualCount'] * 2 + 12:]
if name['ActualCount'] % 2 == 1:
data = data[2:]
resp['name'] = name['Data']
if self['pSid'] != 0:
resp['sid'] = SAMR_RPC_SID(data[4:])
return resp
def LsarLookupSids3(self, context_handle, sids):
'''
This method receives the following parameters:
- Handle(OpenPolicy2 handle)
- list of sids to look information for ([S1, S2 ...])
'''
open_policy = LSARPCLookupSids3()
open_policy['ContextHandle'] = context_handle
open_policy['SidsBuff'] = SIDS_BUFF()
open_policy['SidsBuff']['NumSids'] = len(sids)
open_policy['SidsBuff']['RefID'] = random.randint(1, 65535)
open_policy['SidsBuff']['MaxCount'] = len(sids)
sids_str = ''
sid_items = 0
for sid_i in range(len(sids)):
sid_arr = sids[sid_i].split('-')
_sid = SAMR_RPC_SID_STRUCT()
sid_items += 1
_sid['Count'] = len(sid_arr) - 3
_sid['Sid'] = SAMR_RPC_SID()
_sid['Sid']['Revision'] = int(sid_arr[1])
_sid['Sid']['SubAuthorityCount'] = len(sid_arr) - 3
_sid['Sid'][
'IdentifierAuthority'] = SAMR_RPC_SID_IDENTIFIER_AUTHORITY()
_sid['Sid']['IdentifierAuthority'][
'Value'] = '\x00\x00\x00\x00\x00' + pack('B', int(sid_arr[2]))
sub_auth = ''
for elem in sid_arr[3:]:
sub_auth += pack('<L', int(elem))
_sid['Sid']['SubAuthority'] = sub_auth
sids_str += _sid.getData()
for i in range(0, sid_items):
sids_str = pack('<L', random.randint(1, 65535)) + sids_str
open_policy['SidsBuff']['Sids'] = sids_str
open_policy['TransNames'] = '\x00\x00\x00\x00\x00\x00\x00\x00'
open_policy['LookupLevel'] = 1
open_policy['MappedCount'] = '\x00\x00\x00\x00\x00\x00'
data = self.doRequest(open_policy, checkReturn=0)
packet = LSARPCLookupSidsResponse(data)
return packet
def formatDict(self):
elem_len = []
names_size = []
l_dict = []
sids_resp = self['pSidsRespBuffer']
dom_count = unpack('<L', sids_resp[4:8])[0]
if dom_count == 0:
ptr = 8
else:
ptr = 20
for i in range(dom_count):
elem_len.append(unpack('<H', sids_resp[ptr:ptr + 2])[0])
ptr += 12
for i in range(dom_count):
elem_length = elem_len[i]
ptr += 12
l_dict.append({
'domain':
unpack('%ss' % elem_length,
sids_resp[ptr:ptr + elem_length])[0].decode('utf16')
})
ptr += elem_length + 4 #for the SID Count
if (elem_length / 2) % 2 == 1:
ptr += 2
entry = SAMR_RPC_SID(sids_resp[ptr:])
l_dict[i]['sid'] = entry
ptr += len(entry)
name_count = unpack('<L', sids_resp[ptr:ptr + 4])[0]
ptr += 12
for i in range(name_count):
names_size.append([
unpack('<H', sids_resp[ptr + 4:ptr + 6])[0],
unpack('<H', sids_resp[ptr:ptr + 2])[0],
unpack('<L', sids_resp[ptr + 12:ptr + 16])[0]
])
ptr += 16
for i in range(name_count):
elem_length = names_size[i][0]
sid_type = names_size[i][1]
if elem_length != 0:
act_count = unpack('<L', sids_resp[ptr + 8:ptr + 12])[0]
ptr += 12
name = unpack('%ss' % elem_length,
sids_resp[ptr:ptr +
elem_length])[0].decode('utf16')
else:
act_count = 0
name = ''
ret = l_dict[names_size[i][2]].setdefault('names', [name])
if ret != [name]:
l_dict[names_size[i][2]]['names'].append(name)
ret = l_dict[names_size[i][2]].setdefault('types', [sid_type])
if ret != [sid_type]:
l_dict[names_size[i][2]]['types'].append(sid_type)
ptr += elem_length
if act_count % 2 == 1:
ptr += 2 #Only for odd numbers
return l_dict
def __init__(self, data=None, alignment=0):
SAMR_RPC_SID.__init__(self, data)
def __init__(self, data = None, alignment = 0):
SAMR_RPC_SID.__init__(self, data)