def do(self): try: # Connecting to MGMT interface self.__dce.bind(mgmt.MSRPC_UUID_MGMT) # Retrieving interfaces UUIDs from the MGMT interface ifids = mgmt.hinq_if_ids(self.__dce) # If -brute-uuids is set, bruteforcing UUIDs instead of parsing ifids # We must do it after mgmt.hinq_if_ids to prevent a specified account from being locked out if self.__brute_uuids: self.bruteforce_uuids() return uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData()) for index in range(ifids['if_id_vector']['count']) ) # Adding MGMT interface itself uuidtups.add(('AFA8BD80-7D8A-11C9-BEF4-08002B102989', '1.0')) for tup in sorted(uuidtups): self.handle_discovered_tup(tup) except DCERPCException as e: # nca_s_unk_if for Windows SMB # reason_not_specified for Samba 4 # abstract_syntax_not_supported for Samba 3 if str(e).find('nca_s_unk_if') >= 0 or \ str(e).find('reason_not_specified') >= 0 or \ str(e).find('abstract_syntax_not_supported') >= 0: logging.info("MGMT Interface not available, bruteforcing UUIDs. The result may not be complete.\n") self.bruteforce_uuids() else: raise
def main(args): # Init the example's logger theme logger.init() if len(args) != 2: print("usage: ./ifmap.py <host> <port>") return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index] ['Data'].getData()) for index in range(ifids['if_id_vector']['count'])) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.DCERPCException as e: if str(e).find('abstract_syntax_not_supported') >= 0: listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: if tup[0] in epm.KNOWN_PROTOCOLS: print("Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]])) else: print("Procotol: N/A") if uuid.uuidtup_to_bin(tup)[:18] in KNOWN_UUIDS: print("Provider: %s" % (KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]])) else: print("Provider: N/A") print("UUID : %s v%s: %s, %s\n" % (tup[0], tup[1], "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening"))
def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData()) for index in range(ifids['if_id_vector']['count']) ) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): listed = tup in uuidtups dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.Exception, e: resp = e[1] if (resp['Result'], resp['Reason']) == (2, 1): listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: print "%r: %s, %s" % ( tup, "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening" ) if epm.KNOWN_PROTOCOLS.has_key(tup[0]): print "Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]]) else: print "Procotol: N/A" if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(tup)[:18]): print "Provider: %s" % (ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]]) else: print "Provider: N/A"
def test_hinq_if_ids(self): dce, transport = self.connect() resp = mgmt.hinq_if_ids(dce) resp.dump()
def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index] ['Data'].getData()) for index in range(ifids['if_id_vector']['count'])) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): listed = tup in uuidtups dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.Exception, e: resp = e[1] if (resp['Result'], resp['Reason']) == (2, 1): listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: print "%r: %s, %s" % ( tup, "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening") if epm.KNOWN_PROTOCOLS.has_key(tup[0]): print "Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]]) else: print "Procotol: N/A" if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(tup)[:18]): print "Provider: %s" % ( ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]]) else: print "Provider: N/A"
def main(args): # Init the example's logger theme logger.init() if len(args) != 2: print("usage: ./ifmap.py <host> <port>") return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData()) for index in range(ifids['if_id_vector']['count']) ) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.DCERPCException as e: if str(e).find('abstract_syntax_not_supported') >= 0: listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: if tup[0] in epm.KNOWN_PROTOCOLS: print("Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]])) else: print("Procotol: N/A") if uuid.uuidtup_to_bin(tup)[:18] in KNOWN_UUIDS: print("Provider: %s" % (KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]])) else: print("Provider: N/A") print("UUID : %s v%s: %s, %s\n" % ( tup[0], tup[1], "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening" ))