Python impacket.dcerpc.v5.wkst.hNetrWkstaUserEnum() Examples
The following are 9
code examples of impacket.dcerpc.v5.wkst.hNetrWkstaUserEnum().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.wkst
, or try the search function
.
Example #1
Source File: rpc.py From ActiveReign with GNU General Public License v3.0 | 6 votes |
def get_netloggedon(self): self.loggedon = {} self.create_rpc_con(r'\wkssvc') try: resp = wkst.hNetrWkstaUserEnum(self.rpc_connection, 1) except DCERPCException as e: return list() results = list() for wksta_user in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']: self.loggedon[wksta_user['wkui1_username'].strip('\x00')] = { 'domain' : wksta_user['wkui1_logon_domain'].strip('\x00'), 'logon_srv' : wksta_user['wkui1_logon_server'].strip('\x00'), 'user' : wksta_user['wkui1_username'].strip('\x00'), } self.rpc_connection.disconnect()
Example #2
Source File: test_wkst.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_hNetrWkstaUserEnum(self): dce, rpctransport = self.connect() resp = wkst.hNetrWkstaUserEnum(dce, 0) resp.dump() resp = wkst.hNetrWkstaUserEnum(dce, 1) resp.dump()
Example #3
Source File: net.py From pywerview with GNU General Public License v3.0 | 5 votes |
def get_netloggedon(self): try: resp = wkst.hNetrWkstaUserEnum(self._rpc_connection, 1) except DCERPCException: return list() results = list() for wksta_user in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']: results.append(rpcobj.WkstaUser(wksta_user)) return results # TODO: if self._target_computer == self._domain_controller, check that # self._domain_controller is indeed a domain controller
Example #4
Source File: test_wkst.py From cracke-dit with MIT License | 5 votes |
def test_hNetrWkstaUserEnum(self): dce, rpctransport = self.connect() resp = wkst.hNetrWkstaUserEnum(dce, 0) resp.dump() resp = wkst.hNetrWkstaUserEnum(dce, 1) resp.dump()
Example #5
Source File: test_wkst.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_hNetrWkstaUserEnum(self): dce, rpctransport = self.connect() resp = wkst.hNetrWkstaUserEnum(dce, 0) resp.dump() resp = wkst.hNetrWkstaUserEnum(dce, 1) resp.dump()
Example #6
Source File: computer.py From BloodHound.py with MIT License | 5 votes |
def rpc_get_loggedon(self): """ Query logged on users via RPC. Requires admin privs """ binding = r'ncacn_np:%s[\PIPE\wkssvc]' % self.addr loggedonusers = set() dce = self.dce_rpc_connect(binding, wkst.MSRPC_UUID_WKST) if dce is None: logging.warning('Connection failed: %s', binding) return try: # 1 means more detail, including the domain resp = wkst.hNetrWkstaUserEnum(dce, 1) for record in resp['UserInfo']['WkstaUserInfo']['Level1']['Buffer']: # Skip computer accounts if record['wkui1_username'][-2] == '$': continue # Skip sessions for local accounts if record['wkui1_logon_domain'][:-1].upper() == self.samname.upper(): continue domain = record['wkui1_logon_domain'][:-1].upper() domain_entry = self.ad.get_domain_by_name(domain) if domain_entry is not None: domain = ADUtils.ldap2domain(domain_entry['attributes']['distinguishedName']) logging.debug('Found logged on user at %s: %s@%s' % (self.hostname, record['wkui1_username'][:-1], domain)) loggedonusers.add((record['wkui1_username'][:-1], domain)) except DCERPCException as e: if 'rpc_s_access_denied' in str(e): logging.debug('Access denied while enumerating LoggedOn on %s, probably no admin privs', self.hostname) else: logging.debug('Exception connecting to RPC: %s', e) except Exception as e: if 'connection reset' in str(e): logging.debug('Connection was reset: %s', e) else: raise e dce.disconnect() return list(loggedonusers)
Example #7
Source File: netview.py From PiBunny with MIT License | 5 votes |
def getLoggedIn(self, target): if self.__targets[target]['Admin'] is False: return if self.__targets[target]['WKST'] is None: stringWkstBinding = r'ncacn_np:%s[\PIPE\wkssvc]' % target rpctransportWkst = transport.DCERPCTransportFactory(stringWkstBinding) if hasattr(rpctransportWkst, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransportWkst.set_credentials(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey) rpctransportWkst.set_kerberos(self.__doKerberos, self.__kdcHost) dce = rpctransportWkst.get_dce_rpc() dce.connect() dce.bind(wkst.MSRPC_UUID_WKST) self.__maxConnections -= 1 else: dce = self.__targets[target]['WKST'] try: resp = wkst.hNetrWkstaUserEnum(dce,1) except Exception, e: if str(e).find('Broken pipe') >= 0: # The connection timed-out. Let's try to bring it back next round self.__targets[target]['WKST'] = None self.__maxConnections += 1 return elif str(e).upper().find('ACCESS_DENIED'): # We're not admin, bye dce.disconnect() self.__maxConnections += 1 self.__targets[target]['Admin'] = False return else: raise
Example #8
Source File: test_wkst.py From PiBunny with MIT License | 5 votes |
def test_hNetrWkstaUserEnum(self): dce, rpctransport = self.connect() resp = wkst.hNetrWkstaUserEnum(dce, 0) resp.dump() resp = wkst.hNetrWkstaUserEnum(dce, 1) resp.dump()
Example #9
Source File: smb.py From Vibe with MIT License | 4 votes |
def sessions(self, targets): for target in targets: users = [] try: target_computer = target self._create_rpc_connection(target_computer) print target_computer print "-----------------" smb = SMBConnection('*SMBSERVER', target_computer, sess_port=445, timeout=5) smb.login(self._user, self._password, self._domain) try: sess = wkst.hNetrWkstaUserEnum(self._rpc_connection, 1) except DCERPCException, e: users = [] print colors.RD + " [-]" + colors.NRM + " User does not have access" continue for wksta_user in sess['UserInfo']['WkstaUserInfo']['Level1']['Buffer']: userName = wksta_user['wkui1_username'][:-1] logonDomain = wksta_user['wkui1_logon_domain'][:-1] if "$" in userName: pass else: user = '%s\%s' % (logonDomain, userName) if user in users: pass else: users.append(user) print " Currently Logged On" print " -------------------" for user in users: print " " + colors.GRN + "[+] " + colors.NRM + user del users share = 'C$' path = '\\Users\\*' read = smb.listPath(share, path) print "\n Users Who Have Logged On" print " -------------------------" for r in read: if r.get_longname() == "Public" or r.get_longname() == "All Users" or r.get_longname() == "Default" or r.get_longname() == "Default User" or r.get_longname() == "." or r.get_longname() == "..": pass else: if r.is_directory(): print colors.GRN + " [+] " + colors.NRM + r.get_longname() + " lastlogon: " + time.ctime(float(r.get_mtime_epoch())) except UnboundLocalError as e: print target users = [] print e print colors.RD + " [-] " + colors.NRM + "User does not have access" continue