Python impacket.dcerpc.v5.dcomrt.DCOMConnection() Examples
The following are 30
code examples of impacket.dcerpc.v5.dcomrt.DCOMConnection().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.dcomrt
, or try the search function
.
.
Example #1
| Source File: test_wmi.py From PiBunny with MIT License | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #2
| Source File: test_wmi.py From cracke-dit with MIT License | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #3
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
#classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
classes = [ 'Win32_Service']
for classn in classes:
print("Reading %s " % classn)
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception as e:
if str(e).find('S_FALSE') < 0:
print(e)
else:
done = True
pass
except Exception as e:
if str(e).find('S_FALSE') < 0:
print(e)
dcom.disconnect()
Example #4
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #5
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemServices_GetObject(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
iWbemLevel1Login.RemRelease()
classObject,_ = iWbemServices.GetObject('Win32_Process')
dcom.disconnect()
Example #6
| Source File: test_dcomrt.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_RemRelease(self):
dcom = dcomrt.DCOMConnection(self.machine, self.username, self.password, self.domain)
iInterface = dcom.CoCreateInstanceEx(comev.CLSID_EventSystem, comev.IID_IEventSystem)
iEventSystem = comev.IEventSystem(iInterface)
iEventSystem.RemRelease()
dcom.disconnect()
Example #7
| Source File: wmiexec_delete.py From spraykatz with MIT License | 5 votes |
|
def run(self, addr, osArch='64'):
dcom = DCOMConnection(addr, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, oxidResolver=True, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)
try:
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices=iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
self.shell = RemoteShell(self.__share, win32Process, self.__smbConnection)
# Delete Procdump
cmd = "del procdump%s.exe" % (osArch)
logging.info("%s Deleting ProcDump on %s..." % (debugBlue, addr))
if logging.getLogger().getEffectiveLevel() > 10:
with suppress_std():
self.shell.onecmd(cmd)
else:
self.shell.onecmd(cmd)
# Delete Dumps
cmd = "del SPRAY_*.dmp"
logging.info("%s Deleting dumps on %s..." % (debugBlue, addr))
if logging.getLogger().getEffectiveLevel() > 10:
with suppress_std():
self.shell.onecmd(cmd)
else:
self.shell.onecmd(cmd)
finally:
if self.__smbConnection is not None:
self.__smbConnection.logoff()
dcom.disconnect()
sys.stdout.flush()
Example #8
| Source File: test_dcomrt.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_RemQueryInterface(self):
dcom = dcomrt.DCOMConnection(self.machine, self.username, self.password, self.domain)
iInterface = dcom.CoCreateInstanceEx(comev.CLSID_EventSystem, comev.IID_IEventSystem)
iEventSystem = comev.IEventSystem(iInterface)
iEventSystem.RemQueryInterface(1, (comev.IID_IEventSystem,))
dcom.disconnect()
Example #9
| Source File: test_dcomrt.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_RemRelease(self):
dcom = dcomrt.DCOMConnection(self.machine, self.username, self.password, self.domain)
iInterface = dcom.CoCreateInstanceEx(comev.CLSID_EventSystem, comev.IID_IEventSystem)
iEventSystem = comev.IEventSystem(iInterface)
iEventSystem.RemRelease()
dcom.disconnect()
Example #10
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def tes_activation(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLoginClientID)
dcom.disconnect()
Example #11
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_EstablishPosition(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.EstablishPosition()
print(resp)
dcom.disconnect()
Example #12
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_WBEMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.WBEMLogin()
print(resp)
except Exception as e:
if str(e).find('E_NOTIMPL') < 0:
dcom.disconnect()
raise
dcom.disconnect()
Example #13
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_NTLMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
print(resp)
dcom.disconnect()
Example #14
| Source File: test_wmi.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def tes_IWbemServices_OpenNamespace(self):
# Not working
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./ROOT', NULL, NULL)
try:
resp = iWbemServices.OpenNamespace('__Namespace')
print(resp)
except Exception as e:
dcom.disconnect()
raise
dcom.disconnect()
Example #15
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemLevel1Login_NTLMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
print resp
dcom.disconnect()
Example #16
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemServices_GetObject(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
iWbemLevel1Login.RemRelease()
classObject,_ = iWbemServices.GetObject('Win32_Process')
dcom.disconnect()
Example #17
| Source File: wmi.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
|
def create_wmi_con(self, namespace='root\\cimv2'):
self.dcom = DCOMConnection(self.host, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = self.dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
self.wmi_con = iWbemLevel1Login.NTLMLogin('\\\\{}\\{}'.format(self.host, namespace), NULL, NULL)
Example #18
| Source File: wmiexec.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
|
def create_wmi_con(self):
self.dcom = DCOMConnection(self.host, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = self.dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices = iWbemLevel1Login.NTLMLogin('\\\\{}\\root\\cimv2'.format(self.host), NULL, NULL)
iWbemLevel1Login.RemRelease()
self.win32Process, _ = iWbemServices.GetObject('Win32_Process')
Example #19
| Source File: test_dcomrt.py From PiBunny with MIT License | 5 votes |
|
def test_RemQueryInterface(self):
dcom = dcomrt.DCOMConnection(self.machine, self.username, self.password, self.domain)
iInterface = dcom.CoCreateInstanceEx(comev.CLSID_EventSystem, comev.IID_IEventSystem)
iEventSystem = comev.IEventSystem(iInterface)
iEventSystem.RemQueryInterface(1, (comev.IID_IEventSystem,))
dcom.disconnect()
Example #20
| Source File: test_dcomrt.py From PiBunny with MIT License | 5 votes |
|
def test_RemRelease(self):
dcom = dcomrt.DCOMConnection(self.machine, self.username, self.password, self.domain)
iInterface = dcom.CoCreateInstanceEx(comev.CLSID_EventSystem, comev.IID_IEventSystem)
iEventSystem = comev.IEventSystem(iInterface)
iEventSystem.RemRelease()
dcom.disconnect()
Example #21
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def tes_IWbemServices_OpenNamespace(self):
# Not working
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('//./ROOT', NULL, NULL)
try:
resp = iWbemServices.OpenNamespace('__Namespace')
print resp
except Exception, e:
dcom.disconnect()
raise
Example #22
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def tes_activation(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLoginClientID)
dcom.disconnect()
Example #23
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemLevel1Login_EstablishPosition(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.EstablishPosition()
print resp
dcom.disconnect()
Example #24
| Source File: test_wmi.py From PiBunny with MIT License | 5 votes |
|
def test_IWbemLevel1Login_WBEMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.WBEMLogin()
print resp
except Exception, e:
if str(e).find('E_NOTIMPL') < 0:
dcom.disconnect()
raise
Example #25
| Source File: test_wmi.py From cracke-dit with MIT License | 5 votes |
|
def test_IWbemServices_GetObject(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
iWbemLevel1Login.RemRelease()
classObject,_ = iWbemServices.GetObject('Win32_Process')
dcom.disconnect()
Example #26
| Source File: test_dcomrt.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_RemQueryInterface(self):
dcom = dcomrt.DCOMConnection(self.machine, self.username, self.password, self.domain)
iInterface = dcom.CoCreateInstanceEx(comev.CLSID_EventSystem, comev.IID_IEventSystem)
iEventSystem = comev.IEventSystem(iInterface)
iEventSystem.RemQueryInterface(1, (comev.IID_IEventSystem,))
dcom.disconnect()
Example #27
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def tes_activation(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLoginClientID)
dcom.disconnect()
Example #28
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_EstablishPosition(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.EstablishPosition()
print resp
dcom.disconnect()
Example #29
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_RequestChallenge(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
try:
resp = iWbemLevel1Login.RequestChallenge()
print resp
except Exception, e:
if str(e).find('WBEM_E_NOT_SUPPORTED') < 0:
dcom.disconnect()
raise
Example #30
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_IWbemLevel1Login_NTLMLogin(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
resp = iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
print resp
dcom.disconnect()
