def get_dc_name_ext2(self, userlist, verbose):
if type(userlist) is list:
user_matches=[]
for user in userlist:
user = str(user.rstrip())
try:
hDsrGetDcNameEx2(self.__dce_handler,NULL,f'{user}\x00', 512, NULL, NULL,NULL, 0)
except:
if verbose:
stdout.write(f"[-] '{user}' not found\n")
pass
else:
user_matches.append(user)
stdout.write(f"[+] '{user}' found on host\n")
if len(user_matches) != 0:
stdout.write("[+] Matches:\n")
for m in user_matches:
stdout.write(m+'\n')
else:
stdout.write("[-] No matches found\n")
def test_hDsrGetDcNameEx2(self):
dce, rpctransport = self.connect()
resp = nrpc.hDsrGetDcNameEx2(dce, NULL, 'Administrator\x00', 1 << 9, NULL, NULL, NULL, 0)
resp.dump()
def test_hDsrGetDcNameEx2(self):
dce, rpctransport = self.connect()
resp = nrpc.hDsrGetDcNameEx2(dce, NULL, 'Administrator\x00', 1 << 9, NULL, NULL, NULL, 0)
resp.dump()
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(creds['username'], creds['password'],
creds['domain'], creds['lmhash'],
creds['nthash'], creds['aesKey'])
dce = rpctransport.get_dce_rpc()
print "[*] Connecting to %s" % machineNameOrIp
dce.connect()
print "[*] DCE binding..."
dce.bind(MSRPC_UUID_NRPC)
print "[+] Connection and binding succeeded, ready to query"
f = open(sys.argv[2])
usernames = f.readlines()
f.close()
for user in usernames:
try:
user = user.rstrip()
resp = hDsrGetDcNameEx2(dce, NULL, '%s\x00' % user, 512, NULL, NULL,
NULL, 0)
#resp.dump()
except:
pass
else:
print "[+] %s exists" % (user)
print "[*] Done "
dce.disconnect()