Пример #1
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    domain = ms_domain_values_inv[options.domain]

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPMS)
    print("[*] Connected to the message server %s:%d" %
          (options.remote_host, options.remote_port))

    client_string = options.client

    # Send MS_LOGIN_2 packet
    p = SAPMS(flag=0x00,
              iflag=0x08,
              domain=domain,
              toname=client_string,
              fromname=client_string)

    print("[*] Sending login packet:")
    response = conn.sr(p)[SAPMS]

    print("[*] Login OK, Server string: %s" % response.fromname)
    server_string = response.fromname

    # Send a Dump Info packet for each possible Dump
    for i in ms_dump_command_values.keys():

        # Skip MS_DUMP_MSADM and MS_DUMP_COUNTER commands as the info
        # is included in other dump commands
        if i in [1, 12]:
            continue

        p = SAPMS(flag=0x02,
                  iflag=0x01,
                  domain=domain,
                  toname=server_string,
                  fromname=client_string,
                  opcode=0x1e,
                  dump_dest=0x02,
                  dump_command=i)

        print("[*] Sending dump info", ms_dump_command_values[i])
        response = conn.sr(p)[SAPMS]

        if response.opcode_error != 0:
            print("Error:", ms_opcode_error_values[response.opcode_error])
        print(response.opcode_value)
Пример #2
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPMS)
    print("[*] Connected to the message server %s:%d" % (options.remote_host, options.remote_port))

    client_string = options.client

    # Send MS_LOGIN_2 packet
    p = SAPMS(flag=0x00, iflag=0x08, toname=client_string, fromname=client_string)

    print("[*] Sending login packet:")
    response = conn.sr(p)[SAPMS]

    print("[*] Login OK, Server string: %s" % response.fromname)
    server_string = response.fromname

    # Send a Dump Info packet for each possible Dump
    for i in ms_dump_command_values.keys():

        # Skip MS_DUMP_MSADM and MS_DUMP_COUNTER commands as the info
        # is included in other dump commands
        if i in [1, 12]:
            continue

        p = SAPMS(flag=0x02, iflag=0x01, toname=server_string,
                  fromname=client_string, opcode=0x1e, dump_dest=0x02,
                  dump_command=i)

        print("[*] Sending dump info", ms_dump_command_values[i])
        response = conn.sr(p)[SAPMS]

        if (response.opcode_error != 0):
            print("Error:", ms_opcode_error_values[response.opcode_error])
        print(response.opcode_value)