def test_LsarLookupSids2(self): dce, rpctransport, policyHandle = self.connect() request = lsat.LsarLookupNames() request['PolicyHandle'] = policyHandle request['Count'] = 1 name1 = RPC_UNICODE_STRING() name1['Data'] = 'Administrator' request['Names'].append(name1) request['TranslatedSids']['Sids'] = NULL request['LookupLevel'] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta resp = dce.request(request) resp.dump() domainSid = resp['ReferencedDomains']['Domains'][0][ 'Sid'].formatCanonical() request = lsat.LsarLookupSids2() request['PolicyHandle'] = policyHandle sid1 = lsat.LSAPR_SID_INFORMATION() sid1['Sid'].fromCanonical(domainSid + '-500') sid2 = lsat.LSAPR_SID_INFORMATION() sid2['Sid'].fromCanonical(domainSid + '-501') request['SidEnumBuffer']['Entries'] = 2 request['SidEnumBuffer']['SidInfo'].append(sid1) request['SidEnumBuffer']['SidInfo'].append(sid2) request['TranslatedNames']['Names'] = NULL request['LookupLevel'] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta request['LookupOptions'] = 0x00000000 request['ClientRevision'] = 0x00000001 resp = dce.request(request) resp.dump()
def test_LsarLookupSids(self): dce, rpctransport, policyHandle = self.connect() request = lsat.LsarLookupNames() request['PolicyHandle'] = policyHandle request['Count'] = 1 name1 = RPC_UNICODE_STRING() name1['Data'] = 'Administrator' request['Names'].append(name1) request['TranslatedSids']['Sids'] = NULL request['LookupLevel'] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta resp = dce.request(request) resp.dump() domainSid = resp['ReferencedDomains']['Domains'][0][ 'Sid'].formatCanonical() request = lsat.LsarLookupSids() request['PolicyHandle'] = policyHandle for i in range(1000): sid = lsat.LSAPR_SID_INFORMATION() sid['Sid'].fromCanonical(domainSid + '-%d' % (500 + i)) request['SidEnumBuffer']['SidInfo'].append(sid) request['SidEnumBuffer']['Entries'] += 1 request['TranslatedNames']['Names'] = NULL request['LookupLevel'] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta try: resp = dce.request(request) resp.dump() except Exception, e: if str(e).find('STATUS_SOME_NOT_MAPPED') < 0: raise else: resp = e.get_packet() resp.dump()
def test_LsarLookupSids3(self): # not working, I need netlogon here dce, rpctransport, policyHandle = self.connect() request = lsat.LsarLookupNames() request['PolicyHandle'] = policyHandle request['Count'] = 1 name1 = RPC_UNICODE_STRING() name1['Data'] = 'Administrator' request['Names'].append(name1) request['TranslatedSids']['Sids'] = NULL request['LookupLevel'] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta resp = dce.request(request) resp.dump() domainSid = resp['ReferencedDomains']['Domains'][0][ 'Sid'].formatCanonical() request = lsat.LsarLookupSids3() sid1 = lsat.LSAPR_SID_INFORMATION() sid1['Sid'].fromCanonical(domainSid + '-500') sid2 = lsat.LSAPR_SID_INFORMATION() sid2['Sid'].fromCanonical(domainSid + '-501') request['SidEnumBuffer']['Entries'] = 2 request['SidEnumBuffer']['SidInfo'].append(sid1) request['SidEnumBuffer']['SidInfo'].append(sid2) request['TranslatedNames']['Names'] = NULL request['LookupLevel'] = lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta request['LookupOptions'] = 0x00000000 request['ClientRevision'] = 0x00000001 try: resp = dce.request(request) resp.dump() except Exception, e: # The RPC server MUST ensure that the RPC_C_AUTHN_NETLOGON security provider # (as specified in [MS-RPCE] section 2.2.1.1.7) and at least # RPC_C_AUTHN_LEVEL_PKT_INTEGRITY authentication level (as specified in # [MS-RPCE] section 2.2.1.1.8) are used in this RPC message. # Otherwise, the RPC server MUST return STATUS_ACCESS_DENIED. if str(e).find('rpc_s_access_denied') < 0: raise