def get_entity(dce, domain_handle, samr_obj): resp = samr.hSamrOpenUser(dce, domain_handle, userId=samr_obj['RelativeId']) info = samr.hSamrQueryInformationUser2( dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) user = User(samr_obj['Name'], samr_obj['RelativeId'], info['Buffer']['All']) samr.hSamrCloseHandle(dce, resp['UserHandle']) return user
def __fetchlist(self, rpctransport): dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] self.log.info('[+] Found domain: {0}'.format(domains[0]['Name'])) self.log.info("[*] Enumerating RID {0} in the {1} domain..\n".format(self.rid, domains[0]['Name'])) resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, domains[0]['Name']) resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId']) domainHandle = resp['DomainHandle'] request = samr.SamrOpenGroup() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.MAXIMUM_ALLOWED request['GroupId'] = self.rid try: resp = dce.request(request) except samr.DCERPCSessionError: raise request = samr.SamrGetMembersInGroup() request['GroupHandle'] = resp['GroupHandle'] resp = dce.request(request) rids = resp.fields['Members'].fields['Data'].fields['Members'].fields['Data'].fields['Data'] mutex = Lock() for rid in rids: try: resp = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, rid.fields['Data']) rid_data = samr.hSamrQueryInformationUser2(dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) except samr.DCERPCSessionError as e: # Occasionally an ACCESS_DENIED is rasied even though the user has permissions? # Other times a STATUS_NO_SUCH_USER is raised when a rid apparently doesn't exist, even though it reported back as existing. self.log.debug(e) continue if self.fqdn: rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '') + '.' + self.fqdn else: rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '') samr.hSamrCloseHandle(dce, resp['UserHandle']) if self.dns_lookup: # Threading because DNS lookups are slow t = Thread(target=self.get_ip, args=(rid_data, mutex,)) t.start() else: self.log.info(rid_data) self.data.append(rid_data) dce.disconnect()
def enumerate_users_in_group(self, dce, domain_handle): request = samr.SamrOpenGroup() request['DomainHandle'] = domain_handle request['DesiredAccess'] = samr.MAXIMUM_ALLOWED request['GroupId'] = self.rid try: resp = dce.request(request) except samr.DCERPCSessionError: raise request = samr.SamrGetMembersInGroup() request['GroupHandle'] = resp['GroupHandle'] resp = dce.request(request) self.log.info( '[*] Group RID detected. Enumerating users/hosts in group..\n') try: rids = resp['Members']['Members'] except AttributeError: self.log.info('[-] No users in group') return mutex = Lock() for rid in rids: try: resp = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, rid['Data']) rid_data = samr.hSamrQueryInformationUser2( dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) except samr.DCERPCSessionError as e: # Occasionally an ACCESS_DENIED is rasied even though the user has permissions? # Other times a STATUS_NO_SUCH_USER is raised when a rid apparently doesn't exist, even though it reported back as existing. self.log.debug(e) continue if self.fqdn: rid_data = rid_data['Buffer']['All']['UserName'].replace( '$', '') + '.' + self.fqdn else: rid_data = rid_data['Buffer']['All']['UserName'].replace( '$', '') samr.hSamrCloseHandle(dce, resp['UserHandle']) if self.dns_lookup: # Threading because DNS lookups are slow t = Thread(target=self.get_ip, args=( rid_data, mutex, )) t.start() else: self.log.info(rid_data) self.data.append(rid_data)
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() entries = [] dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) try: resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] print('Found domain(s):') for domain in domains: print(" . %s" % domain['Name']) logging.info("Looking up users in domain %s" % domains[0]['Name']) resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] ) resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId']) domainHandle = resp['DomainHandle'] status = STATUS_MORE_ENTRIES enumerationContext = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId']) print("Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] )) info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (user['Name'], user['RelativeId'], info['Buffer']['All']) entries.append(entry) samr.hSamrCloseHandle(dce, r['UserHandle']) enumerationContext = resp['EnumerationContext'] status = resp['ErrorCode'] except ListUsersException as e: logging.critical("Error listing users: %s" % e) dce.disconnect() return entries
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() entries = [] dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) try: resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] print 'Found domain(s):' for domain in domains: print " . %s" % domain['Name'] print "Looking up users in domain %s" % domains[0]['Name'] resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] ) resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId']) domainHandle = resp['DomainHandle'] done = False status = STATUS_MORE_ENTRIES enumerationContext = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext) except Exception, e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: r = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, user['RelativeId']) print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] ) info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (user['Name'], user['RelativeId'], info['Buffer']['All']) entries.append(entry) samr.hSamrCloseHandle(dce, r['UserHandle']) enumerationContext = resp['EnumerationContext'] status = resp['ErrorCode'] except ListUsersException, e: print "Error listing users: %s" % e
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() entries = [] dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) try: resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] print 'Found domain(s):' for domain in domains: print " . %s" % domain['Name'] print "Looking up users in domain %s" % domains[0]['Name'] resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle,domains[0]['Name'] ) resp = samr.hSamrOpenDomain(dce, serverHandle = serverHandle, domainId = resp['DomainId']) domainHandle = resp['DomainHandle'] done = False status = STATUS_MORE_ENTRIES enumerationContext = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle, enumerationContext = enumerationContext) except Exception, e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: r = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, user['RelativeId']) print "Found user: %s, uid = %d" % (user['Name'], user['RelativeId'] ) info = samr.hSamrQueryInformationUser2(dce, r['UserHandle'],samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (user['Name'], user['RelativeId'], info['Buffer']['All']) entries.append(entry) samr.hSamrCloseHandle(dce, r['UserHandle']) enumerationContext = resp['EnumerationContext'] status = resp['ErrorCode'] except ListUsersException, e: print "Error listing users: %s" % e
def list_users(self, remote_name, remote_host): """ List users :param remote_name: (string) remote name to use in rpc connection string :param remote_host: (string) remote host to connect to :return: (list) List of users found, each item contains (userName, RelativeId, UserAllInfo) """ # Create an DCE/RPC session rpc_transport = self.__set_rpc_connection(remote_name, remote_host) dce = self.__dce_connect(rpc_transport) entries = [] try: # Obtain domain handle domain_handle = self.__obtain_domain_handle(dce) status = STATUS_MORE_ENTRIES enumeration_context = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain( dce, domain_handle, enumerationContext=enumeration_context) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise ListUsersException(e) for user in resp['Buffer']['Buffer']: # Get user information for each user r = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, user['RelativeId']) info = samr.hSamrQueryInformationUser2( dce, r['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (user['Name'], user['RelativeId'], info['Buffer']['All']) entries.append(entry) samr.hSamrCloseHandle(dce, r['UserHandle']) enumeration_context = resp['EnumerationContext'] status = resp['ErrorCode'] except ListUsersException as e: logging.critical("Error listing users: %s" % e) dce.disconnect() return entries
def __fetchList(self, rpctransport): dce = rpctransport.get_dce_rpc() entries = [] dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) try: resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] print('Found domain(s):') for domain in domains: print(" . %s" % domain['Name']) logging.info("Looking up users in domain %s" % domains[0]['Name']) resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, domains[0]['Name']) resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId']) domainHandle = resp['DomainHandle'] status = STATUS_MORE_ENTRIES enumerationContext = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain( dce, domainHandle, enumerationContext=enumerationContext) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId']) print("Found user: %s, uid = %d" % (user['Name'], user['RelativeId'])) info = samr.hSamrQueryInformationUser2( dce, r['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (user['Name'], user['RelativeId'], info['Buffer']['All']) entries.append(entry) samr.hSamrCloseHandle(dce, r['UserHandle']) enumerationContext = resp['EnumerationContext'] status = resp['ErrorCode'] except ListUsersException as e: logging.critical("Error listing users: %s" % e) dce.disconnect() return entries
class SAMRGroupDump: def __init__(self, username, password, domain, target, rid, dns_lookup, output): self.username = username self.password = password self.domain = domain self.port = 445 self.target = target self.rid = rid self.dns_lookup = dns_lookup self.log = logging.getLogger('') self.output_file = "" self.data = [] if output: if not (output).endswith(".txt"): output += ".txt" self.output_file = output @classmethod def from_args(cls, args): return cls(args.username, args.password, args.domain, args.target, args.rid, args.dns_lookup, args.output) def dump(self): self.log.info('[*] Retrieving endpoint list from {0}'.format( self.target)) stringbinding = r'ncacn_np:{0}[\pipe\samr]'.format(self.target) logging.debug('StringBinding {0}'.format(stringbinding)) rpctransport = transport.DCERPCTransportFactory(stringbinding) rpctransport.set_dport(self.port) rpctransport.setRemoteHost(self.target) if hasattr(rpctransport, 'set_credentials'): rpctransport.set_credentials(self.username, self.password, self.domain) self.__fetchlist(rpctransport) def __fetchlist(self, rpctransport): dce = rpctransport.get_dce_rpc() dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] self.log.info('[+] Found domain: {0}'.format(domains[0]['Name'])) self.log.info("[*] Enumerating RID {0} in the {1} domain..\n".format( self.rid, domains[0]['Name'])) resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, domains[0]['Name']) resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId']) domainHandle = resp['DomainHandle'] request = samr.SamrOpenGroup() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.MAXIMUM_ALLOWED request['GroupId'] = self.rid try: resp = dce.request(request) except Exception, e: if 'STATUS_NO_SUCH_DOMAIN' in str(e): raise request = samr.SamrGetMembersInGroup() request['GroupHandle'] = resp['GroupHandle'] resp = dce.request(request) domain_computers = resp.fields['Members'].fields['Data'].fields[ 'Members'].fields['Data'].fields['Data'] mutex = Lock() for host in domain_computers: resp = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, host.fields['Data']) rid_data = samr.hSamrQueryInformationUser2( dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '') samr.hSamrCloseHandle(dce, resp['UserHandle']) if self.dns_lookup: # Threading because DNS lookups are slow t = Thread(target=self.get_ip, args=( rid_data, mutex, )) t.start() else: self.log.info(rid_data) self.data.append(rid_data) dce.disconnect()
def fetchList(self, rpctransport): dce = DCERPC_v5(rpctransport) dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) # Setup Connection resp = samr.hSamrConnect2(dce) if resp['ErrorCode'] != 0: raise Exception('Connect error') resp2 = samr.hSamrEnumerateDomainsInSamServer( dce, serverHandle=resp['ServerHandle'], enumerationContext=0, preferedMaximumLength=500) if resp2['ErrorCode'] != 0: raise Exception('Connect error') resp3 = samr.hSamrLookupDomainInSamServer( dce, serverHandle=resp['ServerHandle'], name=resp2['Buffer']['Buffer'][0]['Name']) if resp3['ErrorCode'] != 0: raise Exception('Connect error') resp4 = samr.hSamrOpenDomain(dce, serverHandle=resp['ServerHandle'], desiredAccess=samr.MAXIMUM_ALLOWED, domainId=resp3['DomainId']) if resp4['ErrorCode'] != 0: raise Exception('Connect error') self.__domains = resp2['Buffer']['Buffer'] domainHandle = resp4['DomainHandle'] # End Setup status = STATUS_MORE_ENTRIES enumerationContext = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain( dce, domainHandle, enumerationContext=enumerationContext) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: self.logger.error('Error enumerating domain user(s)') break resp = e.get_packet() self.logger.success('Enumerated domain user(s)') for user in resp['Buffer']['Buffer']: r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId']) info = samr.hSamrQueryInformationUser2( dce, r['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) (username, uid, info_user) = (user['Name'], user['RelativeId'], info['Buffer']['All']) self.logger.highlight('{}\\{:<30} {}'.format( self.domain, user['Name'], info_user['AdminComment'])) self.users.append(user['Name']) samr.hSamrCloseHandle(dce, r['UserHandle']) enumerationContext = resp['EnumerationContext'] status = resp['ErrorCode'] dce.disconnect()
def __samr_users(self, usrdomain=None): ''' Enumerate users on the system ''' self.__samr_domains(True) encoding = sys.getdefaultencoding() for domain_name, domain in self.domains_dict.items(): if usrdomain and usrdomain.upper() != domain_name.upper(): continue logger.info('Looking up users in domain %s' % domain_name) resp = samr.hSamrLookupDomainInSamServer(self.__dce, self.__mgr_handle, domain_name) resp = samr.hSamrOpenDomain(self.__dce, serverHandle=self.__mgr_handle, domainId=resp['DomainId']) self.__domain_context_handle = resp['DomainHandle'] status = STATUS_MORE_ENTRIES enum_context = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain( self.__dce, self.__domain_context_handle, enumerationContext=enum_context) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: r = samr.hSamrOpenUser(self.__dce, self.__domain_context_handle, samr.MAXIMUM_ALLOWED, user['RelativeId']) logger.debug('Found user %s (UID: %d)' % (user['Name'], user['RelativeId'])) info = samr.hSamrQueryInformationUser2( self.__dce, r['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (user['Name'], user['RelativeId'], info['Buffer']['All']) self.users_list.add(entry) samr.hSamrCloseHandle(self.__dce, r['UserHandle']) enum_context = resp['EnumerationContext'] status = resp['ErrorCode'] if self.users_list: num = len(self.users_list) logger.info('Retrieved %d user%s' % (num, 's' if num > 1 else '')) else: logger.info('No users enumerated') for entry in self.users_list: user, uid, info = entry print(user) print(' User ID: %d' % uid) print(' Group ID: %d' % info['PrimaryGroupId']) if info['UserAccountControl'] & samr.USER_ACCOUNT_DISABLED: account_disabled = 'True' else: account_disabled = 'False' print(' Enabled: %s' % account_disabled) try: print(' Logon count: %d' % info['LogonCount']) except ValueError: pass lastLogon = (info['LastLogon']['HighPart'] << 32) + info['LastLogon']['LowPart'] if lastLogon == 0: lastLogon = '<never>' else: lastLogon = str( datetime.fromtimestamp(self.getUnixTime(lastLogon))) try: print(' Last Logon: %s' % lastLogon) except ValueError: pass lastLogoff = (info['LastLogoff']['HighPart'] << 32) + info['LastLogoff']['LowPart'] if lastLogoff == 0: lastLogoff = '<never>' else: lastLogoff = str( datetime.fromtimestamp(self.getUnixTime(lastLogoff))) try: print(' Last Logoff: %s' % lastLogoff) except ValueError: pass pwdLastSet = (info['PasswordLastSet']['HighPart'] << 32) + info['PasswordLastSet']['LowPart'] if pwdLastSet == 0: pwdLastSet = '<never>' else: pwdLastSet = str( datetime.fromtimestamp(self.getUnixTime(pwdLastSet))) try: print(' Last password set: %s' % pwdLastSet) except ValueError: pass if info['PasswordExpired'] == 0: password_expired = 'False' elif info['PasswordExpired'] == 1: password_expired = 'True' try: print(' Password expired: %s' % password_expired) except ValueError: pass if info['UserAccountControl'] & samr.USER_DONT_EXPIRE_PASSWORD: dont_expire = 'True' else: dont_expire = 'False' try: print(' Password does not expire: %s' % dont_expire) except ValueError: pass pwdCanChange = (info['PasswordCanChange']['HighPart'] << 32) + info['PasswordCanChange']['LowPart'] if pwdCanChange == 0: pwdCanChange = '<never>' else: pwdCanChange = str( datetime.fromtimestamp(self.getUnixTime(pwdCanChange))) try: print(' Password can change: %s' % pwdCanChange) except ValueError: pass try: pwdMustChange = ( info['PasswordMustChange']['HighPart'] << 32) + info['PasswordMustChange']['LowPart'] if pwdMustChange == 0: pwdMustChange = '<never>' else: pwdMustChange = str( datetime.fromtimestamp( self.getUnixTime(pwdMustChange))) except: pwdMustChange = '<never>' try: print(' Password must change: %s' % pwdMustChange) except ValueError: pass try: print(' Bad password count: %d' % info['BadPasswordCount']) except ValueError: pass try: print(' Full name: %s' % info['FullName']) except ValueError: pass try: print(' Home directory: %s' % info['HomeDirectory']) except ValueError: pass try: print(' Home directory drive: %s' % info['HomeDirectoryDrive']) except ValueError: pass try: print(' Script path: %s' % info['ScriptPath']) except ValueError: pass try: print(' Profile path: %s' % info['ProfilePath']) except ValueError: pass try: print(' Admin comment: %s' % info['AdminComment']) except ValueError: pass try: print(' Workstations: %s' % info['WorkStations']) except ValueError: pass try: print(' User comment: %s' % info['UserComment']) except ValueError: pass self.users_list = set()
def __fetchUserList(self, rpctransport): dce = rpctransport.get_dce_rpc() domain = None entries = [] dce.connect() dce.bind(samr.MSRPC_UUID_SAMR) try: resp = samr.hSamrConnect(dce) serverHandle = resp['ServerHandle'] resp = samr.hSamrEnumerateDomainsInSamServer(dce, serverHandle) domains = resp['Buffer']['Buffer'] domain = domains[0]['Name'] resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, domains[0]['Name']) resp = samr.hSamrOpenDomain(dce, serverHandle=serverHandle, domainId=resp['DomainId']) domainHandle = resp['DomainHandle'] status = STATUS_MORE_ENTRIES enumerationContext = 0 while status == STATUS_MORE_ENTRIES: try: resp = samr.hSamrEnumerateUsersInDomain( dce, domainHandle, enumerationContext=enumerationContext) except DCERPCException as e: if str(e).find('STATUS_MORE_ENTRIES') < 0: raise resp = e.get_packet() for user in resp['Buffer']['Buffer']: try: r = samr.hSamrOpenUser(dce, domainHandle, samr.MAXIMUM_ALLOWED, user['RelativeId']) info = samr.hSamrQueryInformationUser2( dce, r['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation) entry = (domain, user['Name'], user['RelativeId'], info['Buffer']['All']) yield entry samr.hSamrCloseHandle(dce, r['UserHandle']) except DCERPCSessionError: pass enumerationContext = resp['EnumerationContext'] status = resp['ErrorCode'] except ListUsersException as e: print("Error listing users: %s" % e) dce.disconnect()