Python impacket.dcerpc.v5.dcom.wmi.CLSID_WbemLevel1Login() Examples
The following are 30
code examples of impacket.dcerpc.v5.dcom.wmi.CLSID_WbemLevel1Login().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.dcom.wmi
, or try the search function
.
.
Example #1
| Source File: test_wmi.py From PiBunny with MIT License | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #2
| Source File: test_wmi.py From cracke-dit with MIT License | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #3
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #4
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
#classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
classes = [ 'Win32_Service']
for classn in classes:
print("Reading %s " % classn)
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception as e:
if str(e).find('S_FALSE') < 0:
print(e)
else:
done = True
pass
except Exception as e:
if str(e).find('S_FALSE') < 0:
print(e)
dcom.disconnect()
Example #5
| Source File: dump.py From Exchange2domain with MIT License | 5 votes |
|
def __wmiExec(self, command):
# Convert command to wmi exec friendly format
command = command.replace('%COMSPEC%', 'cmd.exe')
username, password, domain, lmhash, nthash, aesKey, _, _ = self.__smbConnection.getCredentials()
dcom = DCOMConnection(self.__smbConnection.getRemoteHost(), username, password, domain, lmhash, nthash, aesKey,
oxidResolver=False, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
win32Process.Create(command, '\\', None)
dcom.disconnect()
Example #6
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_EstablishPosition(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.EstablishPosition()
print resp
dcom.disconnect()
Example #7
| Source File: secretsdump.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def __wmiExec(self, command):
# Convert command to wmi exec friendly format
command = command.replace('%COMSPEC%', 'cmd.exe')
username, password, domain, lmhash, nthash, aesKey, _, _ = self.__smbConnection.getCredentials()
dcom = DCOMConnection(self.__smbConnection.getRemoteHost(), username, password, domain, lmhash, nthash, aesKey,
oxidResolver=False, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
win32Process.Create(command, '\\', None)
dcom.disconnect()
Example #8
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def tes_activation(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLoginClientID)
dcom.disconnect()
Example #9
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_EstablishPosition(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.EstablishPosition()
print(resp)
dcom.disconnect()
Example #10
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_RequestChallenge(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.RequestChallenge()
print(resp)
except Exception as e:
if str(e).find('WBEM_E_NOT_SUPPORTED') < 0:
dcom.disconnect()
raise
dcom.disconnect()
Example #11
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_NTLMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
print(resp)
dcom.disconnect()
Example #12
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def tes_IWbemServices_OpenNamespace(self):
# Not working
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./ROOT', NULL, NULL)
try:
resp = iWbemServices.OpenNamespace('__Namespace')
print(resp)
except Exception as e:
dcom.disconnect()
raise
dcom.disconnect()
Example #13
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemServices_GetObject(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
iWbemLevel1Login.RemRelease()
classObject,_ = iWbemServices.GetObject('Win32_Process')
dcom.disconnect()
Example #14
| Source File: dump.py From CVE-2019-1040 with MIT License | 5 votes |
|
def __wmiExec(self, command):
# Convert command to wmi exec friendly format
command = command.replace('%COMSPEC%', 'cmd.exe')
username, password, domain, lmhash, nthash, aesKey, _, _ = self.__smbConnection.getCredentials()
dcom = DCOMConnection(self.__smbConnection.getRemoteHost(), username, password, domain, lmhash, nthash, aesKey,
oxidResolver=False, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
win32Process.Create(command, '\\', None)
dcom.disconnect()
Example #15
| Source File: wmi.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
|
def create_wmi_con(self, namespace='root\\cimv2'):
self.dcom = DCOMConnection(self.host, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = self.dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
self.wmi_con = iWbemLevel1Login.NTLMLogin('\\\\{}\\{}'.format(self.host, namespace), NULL, NULL)
Example #16
| Source File: wmiexec.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
|
def create_wmi_con(self):
self.dcom = DCOMConnection(self.host, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = self.dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices = iWbemLevel1Login.NTLMLogin('\\\\{}\\root\\cimv2'.format(self.host), NULL, NULL)
iWbemLevel1Login.RemRelease()
self.win32Process, _ = iWbemServices.GetObject('Win32_Process')
Example #17
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def tes_activation(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLoginClientID)
dcom.disconnect()
Example #18
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemLevel1Login_EstablishPosition(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.EstablishPosition()
print resp
dcom.disconnect()
Example #19
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemLevel1Login_RequestChallenge(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.RequestChallenge()
print resp
except Exception, e:
if str(e).find('WBEM_E_NOT_SUPPORTED') < 0:
dcom.disconnect()
raise
Example #20
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemLevel1Login_WBEMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.WBEMLogin()
print resp
except Exception, e:
if str(e).find('E_NOTIMPL') < 0:
dcom.disconnect()
raise
Example #21
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def tes_IWbemServices_OpenNamespace(self):
# Not working
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./ROOT', NULL, NULL)
try:
resp = iWbemServices.OpenNamespace('__Namespace')
print resp
except Exception, e:
dcom.disconnect()
raise
Example #22
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemServices_GetObject(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
iWbemLevel1Login.RemRelease()
classObject,_ = iWbemServices.GetObject('Win32_Process')
dcom.disconnect()
Example #23
| Source File: wmiexec_delete.py From spraykatz with MIT License | 5 votes |
|
def run(self, addr, osArch='64'):
dcom = DCOMConnection(addr, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, oxidResolver=True, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)
try:
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices=iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
self.shell = RemoteShell(self.__share, win32Process, self.__smbConnection)
# Delete Procdump
cmd = "del procdump%s.exe" % (osArch)
logging.info("%s Deleting ProcDump on %s..." % (debugBlue, addr))
if logging.getLogger().getEffectiveLevel() > 10:
with suppress_std():
self.shell.onecmd(cmd)
else:
self.shell.onecmd(cmd)
# Delete Dumps
cmd = "del SPRAY_*.dmp"
logging.info("%s Deleting dumps on %s..." % (debugBlue, addr))
if logging.getLogger().getEffectiveLevel() > 10:
with suppress_std():
self.shell.onecmd(cmd)
else:
self.shell.onecmd(cmd)
finally:
if self.__smbConnection is not None:
self.__smbConnection.logoff()
dcom.disconnect()
sys.stdout.flush()
Example #24
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def tes_activation(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLoginClientID)
dcom.disconnect()
Example #25
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_RequestChallenge(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.RequestChallenge()
print resp
except Exception, e:
if str(e).find('WBEM_E_NOT_SUPPORTED') < 0:
dcom.disconnect()
raise
Example #26
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_WBEMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.WBEMLogin()
print resp
except Exception, e:
if str(e).find('E_NOTIMPL') < 0:
dcom.disconnect()
raise
Example #27
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_NTLMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
print resp
dcom.disconnect()
Example #28
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemServices_GetObject(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
iWbemLevel1Login.RemRelease()
classObject,_ = iWbemServices.GetObject('Win32_Process')
dcom.disconnect()
Example #29
| Source File: wmi.py From lsassy with MIT License | 5 votes |
|
def _getwin32process(self):
if self.conn.kerberos:
self.log.debug("Trying to authenticate using kerberos ticket")
else:
self.log.debug("Trying to authenticate using : {}\\{}:{}".format(
self.conn.domain_name,
self.conn.username,
self.conn.password)
)
try:
self.dcom = DCOMConnection(
self.conn.hostname,
self.conn.username,
self.conn.password,
self.conn.domain_name,
self.conn.lmhash,
self.conn.nthash,
self.conn.aesKey,
oxidResolver=True,
doKerberos=self.conn.kerberos,
kdcHost=self.conn.dc_ip
)
iInterface = self.dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login, wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
self.iWbemServices = iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
self.win32Process, _ = self.iWbemServices.GetObject('Win32_Process')
except KeyboardInterrupt as e:
self.dcom.disconnect()
raise KeyboardInterrupt(e)
except Exception as e:
raise Exception("WMIEXEC not supported on host %s : %s" % (self.conn.hostname, e))
Example #30
| Source File: wmi_exec.py From MultiProxies with GNU General Public License v3.0 | 5 votes |
|
def run(self, addr):
if self.__noOutput is False:
smbConnection = SMBConnection(addr, addr)
smbConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
dialect = smbConnection.getDialect()
if dialect == SMB_DIALECT:
color.echo("[*] SMBv1 dialect used", GREEN)
elif dialect == SMB2_DIALECT_002:
color.echo("[*] SMBv2.0 dialect used", GREEN)
elif dialect == SMB2_DIALECT_21:
color.echo("[*] SMBv2.1 dialect used", GREEN)
else:
color.echo("[*] SMBv3.0 dialect used", GREEN)
else:
smbConnection = None
dcom = DCOMConnection(addr, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, oxidResolver = True)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
try:
self.shell = RemoteShell(self.__share, win32Process, smbConnection)
if self.__command != ' ':
self.shell.onecmd(self.__command)
else:
self.shell.cmdloop()
except (Exception, KeyboardInterrupt), e:
#import traceback
#traceback.print_exc()
if smbConnection is not None:
smbConnection.logoff()
dcom.disconnect()
sys.stdout.flush()
