def do(self): try: # Connecting to MGMT interface self.__dce.bind(mgmt.MSRPC_UUID_MGMT) # Retrieving interfaces UUIDs from the MGMT interface ifids = mgmt.hinq_if_ids(self.__dce) # If -brute-uuids is set, bruteforcing UUIDs instead of parsing ifids # We must do it after mgmt.hinq_if_ids to prevent a specified account from being locked out if self.__brute_uuids: self.bruteforce_uuids() return uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData()) for index in range(ifids['if_id_vector']['count']) ) # Adding MGMT interface itself uuidtups.add(('AFA8BD80-7D8A-11C9-BEF4-08002B102989', '1.0')) for tup in sorted(uuidtups): self.handle_discovered_tup(tup) except DCERPCException as e: # nca_s_unk_if for Windows SMB # reason_not_specified for Samba 4 # abstract_syntax_not_supported for Samba 3 if str(e).find('nca_s_unk_if') >= 0 or \ str(e).find('reason_not_specified') >= 0 or \ str(e).find('abstract_syntax_not_supported') >= 0: logging.info("MGMT Interface not available, bruteforcing UUIDs. The result may not be complete.\n") self.bruteforce_uuids() else: raise
def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() iid = uuid.uuidtup_to_bin(("afa8bd80-7d8a-11c9-bef4-08002b102989", "1.0")) dce.bind(iid) dcemgmt = mgmt.DCERPCMgmt(dce) ifids = dcemgmt.inq_if_ids() uuidtups = set( uuid.bin_to_uuidtup(ifids.get_if_binuuid(index)) for index in range(ifids.get_ifcount()) ) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): listed = tup in uuidtups dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except dcerpc.Exception, e: resp = dcerpc.MSRPCBindAck(str(e.args[1])) if (resp.getCtxItem(1)['Result'], resp.getCtxItem(1)['Reason']) == (2, 1): listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: print "%r: %s, %s" % ( tup, "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening" )
def main(args): # Init the example's logger theme logger.init() if len(args) != 2: print("usage: ./ifmap.py <host> <port>") return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index] ['Data'].getData()) for index in range(ifids['if_id_vector']['count'])) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.DCERPCException as e: if str(e).find('abstract_syntax_not_supported') >= 0: listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: if tup[0] in epm.KNOWN_PROTOCOLS: print("Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]])) else: print("Procotol: N/A") if uuid.uuidtup_to_bin(tup)[:18] in KNOWN_UUIDS: print("Provider: %s" % (KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]])) else: print("Provider: N/A") print("UUID : %s v%s: %s, %s\n" % (tup[0], tup[1], "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening"))
""".splitlines() if line) uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database) # add the ones from ndrutils k = list(KNOWN_UUIDS.keys())[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] maj, min = struct.unpack("BB", ndruuid[16:]) return uuid + struct.pack("<HH", maj, min) uuid_database.update( uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in list(KNOWN_UUIDS.keys())) def main(args): # Init the example's logger theme logger.init() if len(args) != 2: print("usage: ./ifmap.py <host> <port>") return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port)
def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData()) for index in range(ifids['if_id_vector']['count']) ) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): listed = tup in uuidtups dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.Exception, e: resp = e[1] if (resp['Result'], resp['Reason']) == (2, 1): listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: print "%r: %s, %s" % ( tup, "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening" ) if epm.KNOWN_PROTOCOLS.has_key(tup[0]): print "Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]]) else: print "Procotol: N/A" if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(tup)[:18]): print "Provider: %s" % (ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]]) else: print "Provider: N/A"
fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0 fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0 fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0 ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0 """.splitlines() if line) uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database) # add the ones from ndrutils k = ndrutils.KNOWN_UUIDS.keys()[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] maj, min = struct.unpack("BB", ndruuid[16:]) return uuid + struct.pack("<HH", maj, min) uuid_database.update( uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in ndrutils.KNOWN_UUIDS.keys() ) def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc()
""".splitlines() if line) uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database) # add the ones from ndrutils k = ndrutils.KNOWN_UUIDS.keys()[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] maj, min = struct.unpack("BB", ndruuid[16:]) return uuid + struct.pack("<HH", maj, min) uuid_database.update( uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in ndrutils.KNOWN_UUIDS.keys()) def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port)
def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index] ['Data'].getData()) for index in range(ifids['if_id_vector']['count'])) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): listed = tup in uuidtups dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.Exception, e: resp = e[1] if (resp['Result'], resp['Reason']) == (2, 1): listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: print "%r: %s, %s" % ( tup, "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening") if epm.KNOWN_PROTOCOLS.has_key(tup[0]): print "Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]]) else: print "Procotol: N/A" if ndrutils.KNOWN_UUIDS.has_key(uuid.uuidtup_to_bin(tup)[:18]): print "Provider: %s" % ( ndrutils.KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]]) else: print "Provider: N/A"
def main(args): # Init the example's logger theme logger.init() if len(args) != 2: print("usage: ./ifmap.py <host> <port>") return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = trans.get_dce_rpc() dce.connect() dce.bind(mgmt.MSRPC_UUID_MGMT) ifids = mgmt.hinq_if_ids(dce) uuidtups = set( uuid.bin_to_uuidtup(ifids['if_id_vector']['if_id'][index]['Data'].getData()) for index in range(ifids['if_id_vector']['count']) ) dce.disconnect() probes = uuidtups | uuid_database for tup in sorted(probes): dce.connect() binuuid = uuid.uuidtup_to_bin(tup) try: dce.bind(binuuid) except rpcrt.DCERPCException as e: if str(e).find('abstract_syntax_not_supported') >= 0: listening = False else: raise else: listening = True listed = tup in uuidtups otherversion = any(tup[0] == uuidstr for uuidstr, ver in uuidtups) if listed or listening: if tup[0] in epm.KNOWN_PROTOCOLS: print("Protocol: %s" % (epm.KNOWN_PROTOCOLS[tup[0]])) else: print("Procotol: N/A") if uuid.uuidtup_to_bin(tup)[:18] in KNOWN_UUIDS: print("Provider: %s" % (KNOWN_UUIDS[uuid.uuidtup_to_bin(tup)[:18]])) else: print("Provider: N/A") print("UUID : %s v%s: %s, %s\n" % ( tup[0], tup[1], "listed" if listed else "other version listed" if otherversion else "not listed", "listening" if listening else "not listening" ))
fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0 fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0 fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0 ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0 """.splitlines() if line) uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database) # add the ones from ndrutils k = list(KNOWN_UUIDS.keys())[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] maj, min = struct.unpack("BB", ndruuid[16:]) return uuid + struct.pack("<HH", maj, min) uuid_database.update( uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in list(KNOWN_UUIDS.keys()) ) def main(args): # Init the example's logger theme logger.init() if len(args) != 2: print("usage: ./ifmap.py <host> <port>") return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port)
ec02cae0-b9e0-11d2-be62-0020afeddf63 v1.0 ecec0d70-a603-11d0-96b1-00a0c91ece30 v1.0 ecec0d70-a603-11d0-96b1-00a0c91ece30 v2.0 eff55e30-4ee2-11ce-a3c9-00aa00607271 v1.0 f309ad18-d86a-11d0-a075-00c04fb68820 v0.0 f50aac00-c7f3-428e-a022-a6b71bfb9d43 v1.0 f5cc59b4-4264-101a-8c59-08002b2f8426 v1.1 f5cc5a18-4264-101a-8c59-08002b2f8426 v56.0 f5cc5a7c-4264-101a-8c59-08002b2f8426 v21.0 f6beaff7-1e19-4fbb-9f8f-b89e2018337c v1.0 f930c514-1215-11d3-99a5-00a0c9b61b04 v1.0 fc13257d-5567-4dea-898d-c6f9c48415a0 v1.0 fd7a0523-dc70-43dd-9b2e-9c5ed48225b1 v1.0 fdb3a030-065f-11d1-bb9b-00a024ea5525 v1.0 ffe561b8-bf15-11cf-8c5e-08002bb49649 v2.0 """.splitlines() if line) uuid_database = set((uuidstr.upper(), ver) for (uuidstr, ver) in uuid_database) # add the ones from ndrutils k = list(KNOWN_UUIDS.keys())[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] (maj, min) = struct.unpack('BB', ndruuid[16:]) return uuid + struct.pack('<HH', maj, min) uuid_database.update(uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in list(KNOWN_UUIDS.keys()))
if line ) uuid_database = set((uuidstr.upper(), ver) for uuidstr, ver in uuid_database) # add the ones from ndrutils k = ndrutils.KNOWN_UUIDS.keys()[0] def fix_ndr_uuid(ndruuid): assert len(ndruuid) == 18 uuid = ndruuid[:16] maj, min = struct.unpack("BB", ndruuid[16:]) return uuid + struct.pack("<HH", maj, min) uuid_database.update(uuid.bin_to_uuidtup(fix_ndr_uuid(bin)) for bin in ndrutils.KNOWN_UUIDS.keys()) def main(args): if len(args) != 2: print "usage: ./ifmap.py <host> <port>" return 1 host = args[0] port = int(args[1]) stringbinding = "ncacn_ip_tcp:%s" % host trans = transport.DCERPCTransportFactory(stringbinding) trans.set_dport(port) dce = dcerpc.DCERPC_v5(trans)