def sendDHCP(self, type, chaddr, hostname = None, ip = None, xid = None,opts = []): p = DhcpPacket() opt = [('message-type',type)] + list(opts) if xid is None: xid = randint(0,0xffffffff) if ip: ip = structure.unpack('!L',socket.inet_aton(ip))[0] p['ciaddr'] = ip opt.append(('requested-ip',ip)) if hostname is not None: for i in range(0,len(hostname),255): opt.append(('host-name',hostname[i:i+255])) p['op'] = p.BOOTREQUEST p['xid'] = xid p['chaddr'] = chaddr p['cookie'] = 0x63825363 p['options'] = opt self.sock.send(str(p))
def recv(self): finished = False forceRecv = 0 retAnswer = '' while not finished: # At least give me the MSRPCRespHeader, especially important for # TCP/UDP Transports self.response_data = self._transport.recv( forceRecv, count=MSRPCRespHeader._SIZE) self.response_header = MSRPCRespHeader(self.response_data) # Ok, there might be situation, especially with large packets, that # the transport layer didn't send us the full packet's contents # So we gotta check we received it all while (len(self.response_data) < self.response_header['frag_len']): self.response_data += self._transport.recv( forceRecv, count=(self.response_header['frag_len'] - len(self.response_data))) off = self.response_header.get_header_size() if self.response_header[ 'type'] == MSRPC_FAULT and self.response_header[ 'frag_len'] >= off + 4: status_code = unpack("<L", self.response_data[off:off + 4])[0] if rpc_status_codes.has_key(status_code): raise Exception(rpc_status_codes[status_code]) else: raise Exception('Unknown DCE RPC fault status code: %.8x' % status_code) if self.response_header['flags'] & MSRPC_LASTFRAG: # No need to reassembly DCERPC finished = True else: # Forcing Read Recv, we need more packets! forceRecv = 1 answer = self.response_data[off:] auth_len = self.response_header['auth_len'] if auth_len: auth_len += 8 auth_data = answer[-auth_len:] sec_trailer = SEC_TRAILER(data=auth_data) answer = answer[:-auth_len] if sec_trailer['auth_level'] == RPC_C_AUTHN_LEVEL_PKT_PRIVACY: if self.__auth_type == RPC_C_AUTHN_WINNT: if self.__flags & ntlm.NTLMSSP_NTLM2_KEY: # TODO: FIX THIS, it's not calculating the signature well # Since I'm not testing it we don't care... yet answer, signature = ntlm.SEAL( self.__flags, self.__serverSigningKey, self.__serverSealingKey, answer, answer, self.__sequence, self.__serverSealingHandle) else: answer, signature = ntlm.SEAL( self.__flags, self.__serverSigningKey, self.__serverSealingKey, answer, answer, self.__sequence, self.__serverSealingHandle) self.__sequence += 1 else: if self.__auth_type == RPC_C_AUTHN_WINNT: ntlmssp = auth_data[12:] if self.__flags & ntlm.NTLMSSP_NTLM2_KEY: signature = ntlm.SIGN(self.__flags, self.__serverSigningKey, answer, self.__sequence, self.__serverSealingHandle) else: signature = ntlm.SIGN(self.__flags, self.__serverSigningKey, ntlmssp, self.__sequence, self.__serverSealingHandle) # Yes.. NTLM2 doesn't increment sequence when receiving # the packet :P self.__sequence += 1 if sec_trailer['auth_pad_len']: answer = answer[:-sec_trailer['auth_pad_len']] retAnswer += answer return retAnswer
def recv(self): finished = False forceRecv = 0 retAnswer = '' while not finished: # At least give me the MSRPCRespHeader, especially important for # TCP/UDP Transports self.response_data = self._transport.recv(forceRecv, count=MSRPCRespHeader._SIZE) self.response_header = MSRPCRespHeader(self.response_data) # Ok, there might be situation, especially with large packets, that # the transport layer didn't send us the full packet's contents # So we gotta check we received it all while ( len(self.response_data) < self.response_header['frag_len'] ): self.response_data += self._transport.recv(forceRecv, count=(self.response_header['frag_len']-len(self.response_data))) off = self.response_header.get_header_size() if self.response_header['type'] == MSRPC_FAULT and self.response_header['frag_len'] >= off+4: status_code = unpack("<L",self.response_data[off:off+4])[0] if rpc_status_codes.has_key(status_code): raise Exception(rpc_status_codes[status_code]) else: raise Exception('Unknown DCE RPC fault status code: %.8x' % status_code) if self.response_header['flags'] & MSRPC_LASTFRAG: # No need to reassembly DCERPC finished = True else: # Forcing Read Recv, we need more packets! forceRecv = 1 answer = self.response_data[off:] auth_len = self.response_header['auth_len'] if auth_len: auth_len += 8 auth_data = answer[-auth_len:] sec_trailer = SEC_TRAILER(data = auth_data) answer = answer[:-auth_len] if sec_trailer['auth_level'] == RPC_C_AUTHN_LEVEL_PKT_PRIVACY: if self.__auth_type == RPC_C_AUTHN_WINNT: if self.__flags & ntlm.NTLMSSP_NTLM2_KEY: # TODO: FIX THIS, it's not calculating the signature well # Since I'm not testing it we don't care... yet answer, signature = ntlm.SEAL(self.__flags, self.__serverSigningKey, self.__serverSealingKey, answer, answer, self.__sequence, self.__serverSealingHandle) else: answer, signature = ntlm.SEAL(self.__flags, self.__serverSigningKey, self.__serverSealingKey, answer, answer, self.__sequence, self.__serverSealingHandle) self.__sequence += 1 else: if self.__auth_type == RPC_C_AUTHN_WINNT: ntlmssp = auth_data[12:] if self.__flags & ntlm.NTLMSSP_NTLM2_KEY: signature = ntlm.SIGN(self.__flags, self.__serverSigningKey, answer, self.__sequence, self.__serverSealingHandle) else: signature = ntlm.SIGN(self.__flags, self.__serverSigningKey, ntlmssp, self.__sequence, self.__serverSealingHandle) # Yes.. NTLM2 doesn't increment sequence when receiving # the packet :P self.__sequence += 1 if sec_trailer['auth_pad_len']: answer = answer[:-sec_trailer['auth_pad_len']] retAnswer += answer return retAnswer