def sendDHCP(self, type, chaddr, hostname = None, ip = None, xid = None,opts = []):
p = DhcpPacket()
opt = [('message-type',type)] + list(opts)
if xid is None:
xid = randint(0,0xffffffff)
if ip:
ip = structure.unpack('!L',socket.inet_aton(ip))[0]
p['ciaddr'] = ip
opt.append(('requested-ip',ip))
if hostname is not None:
for i in range(0,len(hostname),255):
opt.append(('host-name',hostname[i:i+255]))
p['op'] = p.BOOTREQUEST
p['xid'] = xid
p['chaddr'] = chaddr
p['cookie'] = 0x63825363
p['options'] = opt
self.sock.send(str(p))
def recv(self):
finished = False
forceRecv = 0
retAnswer = ''
while not finished:
# At least give me the MSRPCRespHeader, especially important for
# TCP/UDP Transports
self.response_data = self._transport.recv(
forceRecv, count=MSRPCRespHeader._SIZE)
self.response_header = MSRPCRespHeader(self.response_data)
# Ok, there might be situation, especially with large packets, that
# the transport layer didn't send us the full packet's contents
# So we gotta check we received it all
while (len(self.response_data) < self.response_header['frag_len']):
self.response_data += self._transport.recv(
forceRecv,
count=(self.response_header['frag_len'] -
len(self.response_data)))
off = self.response_header.get_header_size()
if self.response_header[
'type'] == MSRPC_FAULT and self.response_header[
'frag_len'] >= off + 4:
status_code = unpack("<L", self.response_data[off:off + 4])[0]
if rpc_status_codes.has_key(status_code):
raise Exception(rpc_status_codes[status_code])
else:
raise Exception('Unknown DCE RPC fault status code: %.8x' %
status_code)
if self.response_header['flags'] & MSRPC_LASTFRAG:
# No need to reassembly DCERPC
finished = True
else:
# Forcing Read Recv, we need more packets!
forceRecv = 1
answer = self.response_data[off:]
auth_len = self.response_header['auth_len']
if auth_len:
auth_len += 8
auth_data = answer[-auth_len:]
sec_trailer = SEC_TRAILER(data=auth_data)
answer = answer[:-auth_len]
if sec_trailer['auth_level'] == RPC_C_AUTHN_LEVEL_PKT_PRIVACY:
if self.__auth_type == RPC_C_AUTHN_WINNT:
if self.__flags & ntlm.NTLMSSP_NTLM2_KEY:
# TODO: FIX THIS, it's not calculating the signature well
# Since I'm not testing it we don't care... yet
answer, signature = ntlm.SEAL(
self.__flags, self.__serverSigningKey,
self.__serverSealingKey, answer, answer,
self.__sequence, self.__serverSealingHandle)
else:
answer, signature = ntlm.SEAL(
self.__flags, self.__serverSigningKey,
self.__serverSealingKey, answer, answer,
self.__sequence, self.__serverSealingHandle)
self.__sequence += 1
else:
if self.__auth_type == RPC_C_AUTHN_WINNT:
ntlmssp = auth_data[12:]
if self.__flags & ntlm.NTLMSSP_NTLM2_KEY:
signature = ntlm.SIGN(self.__flags,
self.__serverSigningKey,
answer, self.__sequence,
self.__serverSealingHandle)
else:
signature = ntlm.SIGN(self.__flags,
self.__serverSigningKey,
ntlmssp, self.__sequence,
self.__serverSealingHandle)
# Yes.. NTLM2 doesn't increment sequence when receiving
# the packet :P
self.__sequence += 1
if sec_trailer['auth_pad_len']:
answer = answer[:-sec_trailer['auth_pad_len']]
retAnswer += answer
return retAnswer
def recv(self):
finished = False
forceRecv = 0
retAnswer = ''
while not finished:
# At least give me the MSRPCRespHeader, especially important for
# TCP/UDP Transports
self.response_data = self._transport.recv(forceRecv, count=MSRPCRespHeader._SIZE)
self.response_header = MSRPCRespHeader(self.response_data)
# Ok, there might be situation, especially with large packets, that
# the transport layer didn't send us the full packet's contents
# So we gotta check we received it all
while ( len(self.response_data) < self.response_header['frag_len'] ):
self.response_data += self._transport.recv(forceRecv, count=(self.response_header['frag_len']-len(self.response_data)))
off = self.response_header.get_header_size()
if self.response_header['type'] == MSRPC_FAULT and self.response_header['frag_len'] >= off+4:
status_code = unpack("<L",self.response_data[off:off+4])[0]
if rpc_status_codes.has_key(status_code):
raise Exception(rpc_status_codes[status_code])
else:
raise Exception('Unknown DCE RPC fault status code: %.8x' % status_code)
if self.response_header['flags'] & MSRPC_LASTFRAG:
# No need to reassembly DCERPC
finished = True
else:
# Forcing Read Recv, we need more packets!
forceRecv = 1
answer = self.response_data[off:]
auth_len = self.response_header['auth_len']
if auth_len:
auth_len += 8
auth_data = answer[-auth_len:]
sec_trailer = SEC_TRAILER(data = auth_data)
answer = answer[:-auth_len]
if sec_trailer['auth_level'] == RPC_C_AUTHN_LEVEL_PKT_PRIVACY:
if self.__auth_type == RPC_C_AUTHN_WINNT:
if self.__flags & ntlm.NTLMSSP_NTLM2_KEY:
# TODO: FIX THIS, it's not calculating the signature well
# Since I'm not testing it we don't care... yet
answer, signature = ntlm.SEAL(self.__flags,
self.__serverSigningKey,
self.__serverSealingKey,
answer,
answer,
self.__sequence,
self.__serverSealingHandle)
else:
answer, signature = ntlm.SEAL(self.__flags,
self.__serverSigningKey,
self.__serverSealingKey,
answer,
answer,
self.__sequence,
self.__serverSealingHandle)
self.__sequence += 1
else:
if self.__auth_type == RPC_C_AUTHN_WINNT:
ntlmssp = auth_data[12:]
if self.__flags & ntlm.NTLMSSP_NTLM2_KEY:
signature = ntlm.SIGN(self.__flags,
self.__serverSigningKey,
answer,
self.__sequence,
self.__serverSealingHandle)
else:
signature = ntlm.SIGN(self.__flags,
self.__serverSigningKey,
ntlmssp,
self.__sequence,
self.__serverSealingHandle)
# Yes.. NTLM2 doesn't increment sequence when receiving
# the packet :P
self.__sequence += 1
if sec_trailer['auth_pad_len']:
answer = answer[:-sec_trailer['auth_pad_len']]
retAnswer += answer
return retAnswer
