def get_dc_name_ext2(self, userlist, verbose): if type(userlist) is list: user_matches=[] for user in userlist: user = str(user.rstrip()) try: hDsrGetDcNameEx2(self.__dce_handler,NULL,f'{user}\x00', 512, NULL, NULL,NULL, 0) except: if verbose: stdout.write(f"[-] '{user}' not found\n") pass else: user_matches.append(user) stdout.write(f"[+] '{user}' found on host\n") if len(user_matches) != 0: stdout.write("[+] Matches:\n") for m in user_matches: stdout.write(m+'\n') else: stdout.write("[-] No matches found\n")
def test_hDsrGetDcNameEx2(self): dce, rpctransport = self.connect() resp = nrpc.hDsrGetDcNameEx2(dce, NULL, 'Administrator\x00', 1 << 9, NULL, NULL, NULL, 0) resp.dump()
rpctransport = transport.DCERPCTransportFactory(stringBinding) if hasattr(rpctransport, 'set_credentials'): rpctransport.set_credentials(creds['username'], creds['password'], creds['domain'], creds['lmhash'], creds['nthash'], creds['aesKey']) dce = rpctransport.get_dce_rpc() print "[*] Connecting to %s" % machineNameOrIp dce.connect() print "[*] DCE binding..." dce.bind(MSRPC_UUID_NRPC) print "[+] Connection and binding succeeded, ready to query" f = open(sys.argv[2]) usernames = f.readlines() f.close() for user in usernames: try: user = user.rstrip() resp = hDsrGetDcNameEx2(dce, NULL, '%s\x00' % user, 512, NULL, NULL, NULL, 0) #resp.dump() except: pass else: print "[+] %s exists" % (user) print "[*] Done " dce.disconnect()