def test_dceAuth(self): dce = self.connectDCE(self.username, self.password, self.domain, dceAuth=True) epm.hept_lookup(self.machine) dce.disconnect()
def test_dceAuthHasHashes(self): dce = self.connectDCE(self.username, '', self.domain, self.lmhash, self.nthash, dceAuth=True) epm.hept_lookup(self.machine) dce.disconnect()
def test_hlookup(self): resp = epm.hept_lookup(self.machine) #for entry in resp: # print epm.PrintStringBinding(entry['tower']['Floors'], self.machine) MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SAMR) MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0')) resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_ATSVC) MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0')) resp = epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SCMR)
def test_dceAuthHasHashes(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceAuth=True) epm.hept_lookup(self.machine) dce.disconnect()
def test_dceAuthHasAes256Kerberos(self): dce = self.connectDCE(self.username, '', self.domain, '', '', self.aes_key_256, dceAuth=True, doKerberos=True) epm.hept_lookup(self.machine) dce.disconnect()
def test_hlookup(self): epm.hept_lookup(self.machine) MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) epm.hept_lookup(self.machine, inquiry_type=epm.RPC_C_EP_MATCH_BY_IF, ifId=MSRPC_UUID_SAMR) MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0')) epm.hept_lookup(self.machine, inquiry_type=epm.RPC_C_EP_MATCH_BY_IF, ifId=MSRPC_UUID_ATSVC) MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0')) epm.hept_lookup(self.machine, inquiry_type=epm.RPC_C_EP_MATCH_BY_IF, ifId=MSRPC_UUID_SCMR)
def test_dceAuthKerberos(self): dce = self.connectDCE(self.username, self.password, self.domain, dceAuth=True, doKerberos=True) resp = epm.hept_lookup(self.machine) dce.disconnect()
def test_dceAuthHasAes128Kerberos(self): dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey128, dceAuth=True, doKerberos=True) resp = epm.hept_lookup(self.machine) dce.disconnect()
def test_dceAuth(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain) dce = rpctransport.get_dce_rpc() dce.set_credentials(*(rpctransport.get_credentials())) dce.connect() dce.bind(epm.MSRPC_UUID_PORTMAP) resp = epm.hept_lookup(self.machine) dce.disconnect()
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() dce.connect() # dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) # dce.bind(epm.MSRPC_UUID_PORTMAP) # rpcepm = epm.DCERPCEpm(dce) resp = epm.hept_lookup(None, dce=dce) dce.disconnect() return resp
def test_dceAuthHasHashesKerberos(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): lmhash, nthash = self.hashes.split(':') # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, '', self.domain, lmhash, nthash) rpctransport.set_kerberos(True) dce = rpctransport.get_dce_rpc() dce.set_credentials(*(rpctransport.get_credentials())) dce.connect() dce.bind(epm.MSRPC_UUID_PORTMAP) resp = epm.hept_lookup(self.machine) dce.disconnect()
def test_packetAnonWINNTPacketPrivacy(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if hasattr(rpctransport, 'set_credentials'): lmhash, nthash = self.hashes.split(':') # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash) dce = rpctransport.get_dce_rpc() #dce.set_max_fragment_size(1) dce.connect() dce.set_auth_type(rpcrt.RPC_C_AUTHN_WINNT) dce.set_auth_level(rpcrt.RPC_C_AUTHN_LEVEL_PKT_PRIVACY) dce.bind(epm.MSRPC_UUID_PORTMAP) resp = epm.hept_lookup(self.machine) dce.disconnect()
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() dce.connect() #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) #dce.bind(epm.MSRPC_UUID_PORTMAP) #rpcepm = epm.DCERPCEpm(dce) if str(self.__stringbinding) != str(rpctransport.get_stringbinding()): logging.debug('StringBinding has been changed to %s' % rpctransport.get_stringbinding()) resp = epm.hept_lookup(None, dce=dce) dce.disconnect() return resp
def send_EPM_Lookup_request(remote_host, remote_port): protocols = { 135: 'ncacn_ip_tcp:%s' % remote_host, 139: 'ncacn_np:%s[\pipe\epmapper]' % remote_host, 445: 'ncacn_np:%s[\pipe\epmapper]' % remote_host } bindstr = protocols[remote_port] rpctransport = transport.DCERPCTransportFactory(bindstr) rpctransport.set_dport(remote_port) # rpctransport.setRemoteHost(remote_host) dce = rpctransport.get_dce_rpc() dce.connect() entries = epm.hept_lookup(None, dce=dce) dce.disconnect() return entries
def test_dceAuthHasHashesKerberos(self): lmhash, nthash = self.hashes.split(':') dce = self.connectDCE(self.username, '', self.domain, lmhash, nthash, dceAuth=True, doKerberos=True) resp = epm.hept_lookup(self.machine) dce.disconnect()
def __fetchList(self): entries = [] resp = epm.hept_lookup(self.trans.getRemoteName()) self.__rpc_disconnect() return resp
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() dce.connect() resp = epm.hept_lookup(None, dce=dce) dce.disconnect() return resp
def test_dceAuthHasAes256Kerberos(self): dce = self.connectDCE(self.username, '', self.domain, '', '', self.aesKey256, dceAuth=True, doKerberos=True) resp = epm.hept_lookup(self.machine) dce.disconnect()