def _test_netlogon(self, name, pwd, status, checkFunction):
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "NETLOGON" and
msg["Authentication"]["authDescription"] ==
"ServerAuthenticate" and
msg["Authentication"]["status"] == status)
machine_creds = Credentials()
machine_creds.guess(self.get_loadparm())
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_password(pwd)
machine_creds.set_username(name + "$")
try:
netlogon.netlogon("ncalrpc:[schannel]",
self.get_loadparm(),
machine_creds)
self.fail("NTSTATUSError not raised")
except NTSTATUSError:
pass
messages = self.waitForMessages(isLastExpectedMessage)
checkFunction(messages)
def _test_netlogon(self, binding, checkFunction):
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authorization" and
msg["Authorization"]["serviceDescription"] == "DCE/RPC" and
msg["Authorization"]["authType"] == "schannel" and
msg["Authorization"]["transportProtection"] == "SEAL")
if binding:
binding = "[schannel,%s]" % binding
else:
binding = "[schannel]"
machine_creds = Credentials()
machine_creds.guess(self.get_loadparm())
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_password(self.machinepass)
machine_creds.set_username(self.netbios_name + "$")
netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding,
self.get_loadparm(),
machine_creds)
messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn)
checkFunction(messages)
def netlogon(self):
server = os.environ["SERVER"]
host = os.environ["SERVER_IP"]
lp = self.get_loadparm()
credentials = self.get_credentials()
session = system_session()
ldb = SamDB(url="ldap://%s" % host,
session_info=session,
credentials=credentials,
lp=lp)
machine_pass = samba.generate_random_password(32, 32)
machine_name = MACHINE_NAME
machine_dn = "cn=%s,%s" % (machine_name, ldb.domain_dn())
delete_force(ldb, machine_dn)
utf16pw = ('"%s"' % get_string(machine_pass)).encode('utf-16-le')
ldb.add({
"dn":
machine_dn,
"objectclass":
"computer",
"sAMAccountName":
"%s$" % machine_name,
"userAccountControl":
str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
"unicodePwd":
utf16pw
})
machine_creds = Credentials()
machine_creds.guess(lp)
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_kerberos_state(DONT_USE_KERBEROS)
machine_creds.set_password(machine_pass)
machine_creds.set_username(machine_name + "$")
machine_creds.set_workstation(machine_name)
netlogon.netlogon("ncacn_ip_tcp:%s[schannel,seal]" % server, lp,
machine_creds)
delete_force(ldb, machine_dn)
def retrieve_netlogon_info_2(domain, function_code, data):
try:
netr_pipe = netlogon.netlogon(domain.binding, domain.parm, domain.creds)
result = netr_pipe.netr_LogonControl2Ex(logon_server=None,
function_code=function_code,
level=2,
data=data
)
return result
except RuntimeError, (num, message):
raise assess_dcerpc_exception(num=num, message=message)
def retrieve_netlogon_info_2(domain, function_code, data):
try:
netr_pipe = netlogon.netlogon(domain.binding, domain.parm,
domain.creds)
result = netr_pipe.netr_LogonControl2Ex(
logon_server=None,
function_code=function_code,
level=2,
data=data)
return result
except RuntimeError, (num, message):
raise assess_dcerpc_exception(num=num, message=message)
def _call_get_dc_name(self,
domain=None,
domain_guid=None,
site_name=None,
ex2=False,
flags=0):
if self.netlogon_conn is None:
self.netlogon_conn = netlogon.netlogon("ncalrpc:[schannel]",
self.get_loadparm())
if ex2:
return self.netlogon_conn.netr_DsRGetDCNameEx2(
self.server, None, 0, domain, domain_guid, site_name, flags)
else:
return self.netlogon_conn.netr_DsRGetDCNameEx(
self.server, domain, domain_guid, site_name, flags)
def _call_get_dc_name(self, domain=None, domain_guid=None,
site_name=None, ex2=False, flags=0):
if self.netlogon_conn is None:
self.netlogon_conn = netlogon.netlogon("ncalrpc:[schannel]",
self.get_loadparm())
if ex2:
return self.netlogon_conn.netr_DsRGetDCNameEx2(self.server,
None, 0,
domain,
domain_guid,
site_name,
flags)
else:
return self.netlogon_conn.netr_DsRGetDCNameEx(self.server,
domain,
domain_guid,
site_name,
flags)
def test_netlogon_password_HMAC_MD5(self):
"""Logon failure that exercises the "HMAC-MD5" passwordType path.
"""
def isLastExpectedMessage(msg):
return (msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "NETLOGON"
and msg["Authentication"]["authDescription"]
== "ServerAuthenticate"
and msg["Authentication"]["passwordType"] == "HMAC-MD5")
c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
creds = netlogon.netr_Credential()
c.netr_ServerReqChallenge(self.server, self.netbios_name, creds)
try:
c.netr_ServerAuthenticate3(self.server, self.netbios_name,
SEC_CHAN_WKSTA, self.netbios_name,
creds, NETLOGON_NEG_STRONG_KEYS)
except NTSTATUSError:
pass
self.waitForMessages(isLastExpectedMessage)
def test_netlogon_password_HMAC_MD5(self):
"""Logon failure that exercises the "HMAC-MD5" passwordType path.
"""
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "NETLOGON" and
msg["Authentication"]["authDescription"] ==
"ServerAuthenticate" and
msg["Authentication"]["passwordType"] == "HMAC-MD5")
c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
creds = netlogon.netr_Credential()
c.netr_ServerReqChallenge(self.server, self.netbios_name, creds)
try:
c.netr_ServerAuthenticate3(self.server,
self.netbios_name,
SEC_CHAN_WKSTA,
self.netbios_name,
creds,
NETLOGON_NEG_STRONG_KEYS)
except NTSTATUSError:
pass
self.waitForMessages(isLastExpectedMessage)
def test_netlogon_password_DES(self):
"""Logon failure that exercises the "DES" passwordType path.
"""
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authentication"
and msg["Authentication"]["serviceDescription"] == "NETLOGON"
and msg["Authentication"]["authDescription"]
== "ServerAuthenticate"
and msg["Authentication"]["passwordType"] == "DES" and
msg["Authentication"]["eventId"] == EVT_ID_UNSUCCESSFUL_LOGON
and msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK)
c = netlogon.netlogon("ncalrpc:[schannel]", self.get_loadparm())
creds = netlogon.netr_Credential()
c.netr_ServerReqChallenge(self.server, self.netbios_name, creds)
try:
c.netr_ServerAuthenticate3(self.server, self.netbios_name,
SEC_CHAN_WKSTA, self.netbios_name,
creds, 0)
except NTSTATUSError:
pass
self.waitForMessages(isLastExpectedMessage)
def _test_netlogon(self, binding, checkFunction):
def isLastExpectedMessage(msg):
return (msg["type"] == "Authorization"
and msg["Authorization"]["serviceDescription"] == "DCE/RPC"
and msg["Authorization"]["authType"] == "schannel"
and msg["Authorization"]["transportProtection"] == "SEAL")
if binding:
binding = "[schannel,%s]" % binding
else:
binding = "[schannel]"
machine_creds = Credentials()
machine_creds.guess(self.get_loadparm())
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_password(self.machinepass)
machine_creds.set_username(self.netbios_name + "$")
netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding,
self.get_loadparm(), machine_creds)
messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn)
checkFunction(messages)
def get_netlogon_connection(self):
return netlogon.netlogon(
"ncacn_ip_tcp:%s[schannel,seal]" % self.server, self.lp,
self.machine_creds)
def _test_samlogon(self, binding, creds, checkFunction):
def isLastExpectedMessage(msg):
return (
msg["type"] == "Authentication" and
msg["Authentication"]["serviceDescription"] == "SamLogon" and
msg["Authentication"]["authDescription"] == "network" and
msg["Authentication"]["passwordType"] == "NTLMv2" and
(msg["Authentication"]["eventId"] ==
EVT_ID_SUCCESSFUL_LOGON) and
(msg["Authentication"]["logonType"] == EVT_LOGON_NETWORK))
if binding:
binding = "[schannel,%s]" % binding
else:
binding = "[schannel]"
utf16pw = text_type('"' + self.machinepass + '"').encode('utf-16-le')
self.ldb.add({
"dn": self.samlogon_dn,
"objectclass": "computer",
"sAMAccountName": "%s$" % self.netbios_name,
"userAccountControl":
str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
"unicodePwd": utf16pw})
machine_creds = Credentials()
machine_creds.guess(self.get_loadparm())
machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
machine_creds.set_password(self.machinepass)
machine_creds.set_username(self.netbios_name + "$")
netlogon_conn = netlogon.netlogon("ncalrpc:%s" % binding,
self.get_loadparm(),
machine_creds)
challenge = b"abcdefgh"
target_info = ntlmssp.AV_PAIR_LIST()
target_info.count = 3
domainname = ntlmssp.AV_PAIR()
domainname.AvId = ntlmssp.MsvAvNbDomainName
domainname.Value = self.domain
computername = ntlmssp.AV_PAIR()
computername.AvId = ntlmssp.MsvAvNbComputerName
computername.Value = self.netbios_name
eol = ntlmssp.AV_PAIR()
eol.AvId = ntlmssp.MsvAvEOL
target_info.pair = [domainname, computername, eol]
target_info_blob = ndr_pack(target_info)
response = creds.get_ntlm_response(flags=CLI_CRED_NTLMv2_AUTH,
challenge=challenge,
target_info=target_info_blob)
netr_flags = 0
logon_level = netlogon.NetlogonNetworkTransitiveInformation
logon = samba.dcerpc.netlogon.netr_NetworkInfo()
logon.challenge = [x if isinstance(x,int) else ord(x) for x in challenge]
logon.nt = netlogon.netr_ChallengeResponse()
logon.nt.length = len(response["nt_response"])
logon.nt.data = [x if isinstance(x,int) else ord(x) for x in response["nt_response"]]
logon.identity_info = samba.dcerpc.netlogon.netr_IdentityInfo()
(username, domain) = creds.get_ntlm_username_domain()
logon.identity_info.domain_name.string = domain
logon.identity_info.account_name.string = username
logon.identity_info.workstation.string = creds.get_workstation()
validation_level = samba.dcerpc.netlogon.NetlogonValidationSamInfo4
result = netlogon_conn.netr_LogonSamLogonEx(
os.environ["SERVER"],
machine_creds.get_workstation(),
logon_level, logon,
validation_level, netr_flags)
(validation, authoritative, netr_flags_out) = result
messages = self.waitForMessages(isLastExpectedMessage, netlogon_conn)
checkFunction(messages)
def communicate(td):
td.init_lsa_pipe(td.info['dc'])
netr_pipe = netlogon.netlogon(td.binding, td.parm, td.creds)
domains = netr_pipe.netr_DsrEnumerateDomainTrusts(td.binding, 1)
return domains
def get_netlogon_connection(self):
return netlogon.netlogon("ncacn_np:%s[seal]" % self.server, self.lp,
self.creds)
def get_netlogon_connection(self):
return netlogon.netlogon("ncacn_ip_tcp:%s[schannel,seal]" % self.server,
self.lp,
self.machine_creds)
