def doSAMRAdd(self, rpctransport):
dce = rpctransport.get_dce_rpc()
servHandle = None
domainHandle = None
userHandle = None
try:
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
samrConnectResponse = samr.hSamrConnect5(
dce, '\\\\%s\x00' % self.__target,
samr.SAM_SERVER_ENUMERATE_DOMAINS
| samr.SAM_SERVER_LOOKUP_DOMAIN)
servHandle = samrConnectResponse['ServerHandle']
samrEnumResponse = samr.hSamrEnumerateDomainsInSamServer(
dce, servHandle)
domains = samrEnumResponse['Buffer']['Buffer']
domainsWithoutBuiltin = list(
filter(lambda x: x['Name'].lower() != 'builtin', domains))
if len(domainsWithoutBuiltin) > 1:
domain = list(
filter(lambda x: x['Name'].lower() == self.__domainNetbios,
domains))
if len(domain) != 1:
logging.critical(
"This server provides multiple domains and '%s' isn't one of them.",
self.__domainNetbios)
logging.critical("Available domain(s):")
for domain in domains:
logging.error(" * %s" % domain['Name'])
logging.critical(
"Consider using -domain-netbios argument to specify which one you meant."
)
raise Exception()
else:
selectedDomain = domain[0]['Name']
else:
selectedDomain = domainsWithoutBuiltin[0]['Name']
samrLookupDomainResponse = samr.hSamrLookupDomainInSamServer(
dce, servHandle, selectedDomain)
domainSID = samrLookupDomainResponse['DomainId']
if logging.getLogger().level == logging.DEBUG:
logging.info("Opening domain %s..." % selectedDomain)
samrOpenDomainResponse = samr.hSamrOpenDomain(
dce, servHandle, samr.DOMAIN_LOOKUP | samr.DOMAIN_CREATE_USER,
domainSID)
domainHandle = samrOpenDomainResponse['DomainHandle']
if self.__noAdd or self.__delete:
try:
checkForUser = samr.hSamrLookupNamesInDomain(
dce, domainHandle, [self.__computerName])
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000073:
raise Exception("Account %s not found in domain %s!" %
(self.__computerName, selectedDomain))
else:
raise
userRID = checkForUser['RelativeIds']['Element'][0]
if self.__delete:
access = samr.DELETE
message = "delete"
else:
access = samr.USER_FORCE_PASSWORD_CHANGE
message = "set password for"
try:
openUser = samr.hSamrOpenUser(dce, domainHandle, access,
userRID)
userHandle = openUser['UserHandle']
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000022:
raise Exception(
"User %s doesn't have right to %s %s!" %
(self.__username, message, self.__computerName))
else:
raise
else:
if self.__computerName is not None:
try:
checkForUser = samr.hSamrLookupNamesInDomain(
dce, domainHandle, [self.__computerName])
raise Exception(
"Account %s already exists! If you just want to set a password, use -no-add."
% self.__computerName)
except samr.DCERPCSessionError as e:
if e.error_code != 0xc0000073:
raise
else:
foundUnused = False
while not foundUnused:
self.__computerName = self.generateComputerName()
try:
checkForUser = samr.hSamrLookupNamesInDomain(
dce, domainHandle, [self.__computerName])
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000073:
foundUnused = True
else:
raise
try:
createUser = samr.hSamrCreateUser2InDomain(
dce,
domainHandle,
self.__computerName,
samr.USER_WORKSTATION_TRUST_ACCOUNT,
samr.USER_FORCE_PASSWORD_CHANGE,
)
except samr.DCERPCSessionError as e:
if e.error_code == 0xc0000022:
raise Exception(
"User %s doesn't have right to create a machine account!"
% self.__username)
elif e.error_code == 0xc00002e7:
raise Exception("User %s machine quota exceeded!" %
self.__username)
else:
raise
userHandle = createUser['UserHandle']
if self.__delete:
samr.hSamrDeleteUser(dce, userHandle)
logging.info("Successfully deleted %s." % self.__computerName)
userHandle = None
else:
samr.hSamrSetPasswordInternal4New(dce, userHandle,
self.__computerPassword)
if self.__noAdd:
logging.info(
"Successfully set password of %s to %s." %
(self.__computerName, self.__computerPassword))
else:
logging.info(
"Successfully added machine account %s with password %s."
% (self.__computerName, self.__computerPassword))
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.critical(str(e))
finally:
if userHandle is not None:
samr.hSamrCloseHandle(dce, userHandle)
if domainHandle is not None:
samr.hSamrCloseHandle(dce, domainHandle)
if servHandle is not None:
samr.hSamrCloseHandle(dce, servHandle)
dce.disconnect()
def delete(dce, domain_handle, uniq_id):
entity_handel = samr.hSamrOpenUser(dce, domain_handle,
userId=uniq_id)['UserHandle']
samr.hSamrDeleteUser(dce, entity_handel)