# Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # import binascii import random from nebulousAD.modimpacket import nt_errors from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, ULONG from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket.structure import Structure MSRPC_UUID_MIMIKATZ = uuidtup_to_bin( ('17FC11E9-C258-4B8D-8D07-2F4125156244', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if nt_errors.ERROR_MESSAGES.has_key(key): error_msg_short = nt_errors.ERROR_MESSAGES[key][0] error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] return 'Mimikatz SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'Mimikatz SessionError: unknown error code: 0x%x' % self.error_code
# so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray, NDRUniConformantVaryingArray from nebulousAD.modimpacket.dcerpc.v5.epm import PRPC_IF_ID from nebulousAD.modimpacket.dcerpc.v5.dtypes import ULONG, DWORD_ARRAY, ULONGLONG from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket import nt_errors MSRPC_UUID_MGMT = uuidtup_to_bin(('afa8bd80-7d8a-11c9-bef4-08002b102989','1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__( self ): key = self.error_code if nt_errors.ERROR_MESSAGES.has_key(key): error_msg_short = nt_errors.ERROR_MESSAGES[key][0] error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] return 'MGMT SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: return 'MGMT SessionError: unknown error code: 0x%x' % self.error_code ################################################################################
# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from nebulousAD.modimpacket import system_errors from nebulousAD.modimpacket.dcerpc.v5.dtypes import LPWSTR, ULONG, NULL, DWORD, BOOL, BYTE, LPDWORD, WORD from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray, NDRPOINTER, NDRSTRUCT, NDRENUM, NDRUNION from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket.dcerpc.v5.enum import Enum from nebulousAD.modimpacket.uuid import uuidtup_to_bin MSRPC_UUID_DHCPSRV = uuidtup_to_bin( ('6BFFD098-A112-3610-9833-46C3F874532D', '1.0')) MSRPC_UUID_DHCPSRV2 = uuidtup_to_bin( ('5B821720-F63B-11D0-AAD2-00C04FC324DB', '1.0')) class DCERPCSessionError(DCERPCException): ERROR_MESSAGES = { 0x00004E2D: ("ERROR_DHCP_JET_ERROR", "An error occurred while accessing the DHCP server database."), 0x00004E25: ("ERROR_DHCP_SUBNET_NOT_PRESENT", "The specified IPv4 subnet does not exist."), 0x00004E54: ("ERROR_DHCP_SUBNET_EXISTS", "The IPv4 scope parameters are incorrect. Either the IPv4 scope already" " exists, corresponding to the SubnetAddress and SubnetMask members of "
from nebulousAD.modimpacket.structure import Structure from nebulousAD.modimpacket.uuid import uuidtup_to_bin, string_to_bin from nebulousAD.modimpacket.dcerpc.v5.enum import Enum from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket.krb5 import crypto from pyasn1.type import univ from pyasn1.codec.ber import decoder try: from Cryptodome.Cipher import ARC4, DES except Exception: LOG.critical( "Warning: You don't have any crypto installed. You need pycryptodomex") LOG.critical("See https://pypi.org/project/pycryptodomex/") MSRPC_UUID_DRSUAPI = uuidtup_to_bin( ('E3514235-4B06-11D1-AB04-00C04FC2DCD2', '4.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if hresult_errors.ERROR_MESSAGES.has_key(key): error_msg_short = hresult_errors.ERROR_MESSAGES[key][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1] return 'DRSR SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) elif system_errors.ERROR_MESSAGES.has_key(key & 0xffff): error_msg_short = system_errors.ERROR_MESSAGES[key & 0xffff][0]
# # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from struct import unpack, pack from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantVaryingArray, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, UUID, ULONG, LPULONG, BOOLEAN, SECURITY_INFORMATION, PFILETIME, \ RPC_UNICODE_STRING, FILETIME, NULL, MAXIMUM_ALLOWED, OWNER_SECURITY_INFORMATION, PWCHAR, PRPC_UNICODE_STRING from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket import system_errors, LOG from nebulousAD.modimpacket.uuid import uuidtup_to_bin MSRPC_UUID_RRP = uuidtup_to_bin( ('338CD001-2244-31F1-AAAA-900038001003', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if system_errors.ERROR_MESSAGES.has_key(key): error_msg_short = system_errors.ERROR_MESSAGES[key][0] error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] return 'RRP SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'RRP SessionError: unknown error code: 0x%x' % self.error_code
# Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, LPWSTR, UCHAR, ULONG, LPDWORD, NULL from nebulousAD.modimpacket import hresult_errors from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException MSRPC_UUID_ATSVC = uuidtup_to_bin( ('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if hresult_errors.ERROR_MESSAGES.has_key(key): error_msg_short = hresult_errors.ERROR_MESSAGES[key][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1] return 'TSCH SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
# Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # # ToDo: # [ ] 2.2.2 Client-Side-Wrapped Secret from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, NTSTATUS, GUID, RPC_SID, NULL from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket import system_errors from nebulousAD.modimpacket.uuid import uuidtup_to_bin, string_to_bin from nebulousAD.modimpacket.structure import Structure MSRPC_UUID_BKRP = uuidtup_to_bin( ('3dde7c30-165d-11d1-ab8f-00805f14db40', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if system_errors.ERROR_MESSAGES.has_key(key): error_msg_short = system_errors.ERROR_MESSAGES[key][0] error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] return 'BKRP SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'BKRP SessionError: unknown error code: 0x%x' % self.error_code
# so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRPOINTER, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR, NULL, GUID, PSYSTEMTIME, SYSTEMTIME from nebulousAD.modimpacket.structure import Structure from nebulousAD.modimpacket import system_errors, hresult_errors from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException MSRPC_UUID_TSCHS = uuidtup_to_bin( ('86D35949-83C9-4044-B424-DB363231FD0C', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if hresult_errors.ERROR_MESSAGES.has_key(key): error_msg_short = hresult_errors.ERROR_MESSAGES[key][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1] return 'TSCH SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) elif system_errors.ERROR_MESSAGES.has_key(key & 0xffff): error_msg_short = system_errors.ERROR_MESSAGES[key & 0xffff][0]
# Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import DWORD, LPWSTR, ULONG, WSTR, NULL from nebulousAD.modimpacket import hresult_errors from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException MSRPC_UUID_SASEC = uuidtup_to_bin( ('378E52B0-C0A9-11CF-822D-00AA0051E40F', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if hresult_errors.ERROR_MESSAGES.has_key(key): error_msg_short = hresult_errors.ERROR_MESSAGES[key][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[key][1] return 'TSCH SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'TSCH SessionError: unknown error code: 0x%x' % self.error_code
# Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from __future__ import division from __future__ import print_function from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDR, NDRPOINTERNULL, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import ULONG, LPWSTR, RPC_UNICODE_STRING, LPSTR, NTSTATUS, NULL, PRPC_UNICODE_STRING, PULONG, USHORT, PRPC_SID, LPBYTE from nebulousAD.modimpacket.dcerpc.v5.lsad import PRPC_UNICODE_STRING_ARRAY from nebulousAD.modimpacket.structure import Structure from nebulousAD.modimpacket import nt_errors from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException MSRPC_UUID_EVEN = uuidtup_to_bin( ('82273FDC-E32A-18C3-3F78-827929DC23EA', '0.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if key in nt_errors.ERROR_MESSAGES: error_msg_short = nt_errors.ERROR_MESSAGES[key][0] error_msg_verbose = nt_errors.ERROR_MESSAGES[key][1] return 'EVEN SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'EVEN SessionError: unknown error code: 0x%x' % self.error_code
# Best way to learn how to use these calls is to grab the protocol standard # so you understand what the call does, and then read the test case located # at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC # # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from nebulousAD.modimpacket import system_errors from nebulousAD.modimpacket.dcerpc.v5.dtypes import WSTR, DWORD, LPWSTR, ULONG, LARGE_INTEGER, WORD, BYTE from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray, NDRUniVaryingArray, NDRSTRUCT from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket.uuid import uuidtup_to_bin MSRPC_UUID_EVEN6 = uuidtup_to_bin( ('F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if system_errors.ERROR_MESSAGES.has_key(key): error_msg_short = system_errors.ERROR_MESSAGES[key][0] error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] return 'EVEN6 SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'EVEN6 SessionError: unknown error code: 0x%x' % self.error_code
# Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from struct import unpack, pack from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDRSTRUCT, NDRUNION, NDRPOINTER, NDRUniConformantVaryingArray, NDRUniConformantArray from nebulousAD.modimpacket.dcerpc.v5.dtypes import ULONGLONG, UINT, USHORT, LPWSTR, DWORD, UUID, ULONG, LPULONG, BOOLEAN, SECURITY_INFORMATION, PFILETIME, \ RPC_UNICODE_STRING, FILETIME, NULL, MAXIMUM_ALLOWED, OWNER_SECURITY_INFORMATION, PWCHAR, PRPC_UNICODE_STRING from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException from nebulousAD.modimpacket import system_errors, LOG from nebulousAD.modimpacket.uuid import uuidtup_to_bin MSRPC_UUID_RPRN = uuidtup_to_bin( ('12345678-1234-ABCD-EF00-0123456789AB', '1.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): key = self.error_code if key in system_errors.ERROR_MESSAGES: error_msg_short = system_errors.ERROR_MESSAGES[key][0] error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] return 'RPRN SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'RPRN SessionError: unknown error code: 0x%x' % self.error_code
# # Some calls have helper functions, which makes it even easier to use. # They are located at the end of this file. # Helper functions start with "h"<name of the call>. # There are test cases for them too. # from struct import pack, unpack from nebulousAD.modimpacket import system_errors from nebulousAD.modimpacket.uuid import uuidtup_to_bin from nebulousAD.modimpacket.dcerpc.v5.ndr import NDRCALL, NDR, NDRSTRUCT, NDRPOINTER, NDRPOINTERNULL, NDRUniConformantArray, NDRUNION from nebulousAD.modimpacket.dcerpc.v5.dtypes import NULL, DWORD, LPWSTR, ULONG, BOOL, LPBYTE, ULONGLONG, PGUID, USHORT, LPDWORD, WSTR, \ GUID, PBOOL, WIDESTR from nebulousAD.modimpacket.dcerpc.v5.rpcrt import DCERPCException MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0')) class DCERPCSessionError(DCERPCException): def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__( self ): key = self.error_code if system_errors.ERROR_MESSAGES.has_key(key): error_msg_short = system_errors.ERROR_MESSAGES[key][0] error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] return 'SCMR SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: return 'SCMR SessionError: unknown error code: 0x%x' % self.error_code ################################################################################