Python impacket.dcerpc.v5.samr.USER_READ_GENERAL Examples
The following are 30
code examples of impacket.dcerpc.v5.samr.USER_READ_GENERAL().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.samr
, or try the search function
.
Example #1
Source File: test_samr.py From PiBunny with MIT License | 6 votes |
def test_hSamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() resp = samr.hSamrChangePasswordUser(dce, resp0['UserHandle'], '', 'ADMIN') resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #2
Source File: test_samr.py From cracke-dit with MIT License | 6 votes |
def test_hSamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() resp = samr.hSamrChangePasswordUser(dce, resp0['UserHandle'], '', 'ADMIN') resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #3
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
def test_hSamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() resp = samr.hSamrChangePasswordUser(dce, resp0['UserHandle'], '', 'ADMIN') resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #4
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 6 votes |
def test_hSamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() resp = samr.hSamrChangePasswordUser(dce, resp0['UserHandle'], '', 'ADMIN') resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #5
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_hSamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN) resp.dump()
Example #6
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_hSamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN) resp.dump()
Example #7
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_SamrGetGroupsForUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump() request = samr.SamrGetGroupsForUser() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #8
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_hSamrGetGroupsForUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump() resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle']) resp.dump()
Example #9
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_SamrCreateUser2InDomain_SamrDeleteUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp = dce.request(request) resp.dump() request = samr.SamrDeleteUser() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #10
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_SamrGetUserDomainPasswordInformation(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) request = samr.SamrGetUserDomainPasswordInformation() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #11
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_hSamrGetUserDomainPasswordInformation(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp = samr.hSamrGetUserDomainPasswordInformation(dce, resp['UserHandle']) resp.dump()
Example #12
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_SamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() oldPwd = '' oldPwdHashNT = ntlm.NTOWFv1(oldPwd) newPwd = 'ADMIN' newPwdHashNT = ntlm.NTOWFv1(newPwd) newPwdHashLM = ntlm.LMOWFv1(newPwd) from impacket import crypto request = samr.SamrChangePasswordUser() request['UserHandle'] = resp0['UserHandle'] request['LmPresent'] = 0 request['OldLmEncryptedWithNewLm'] = NULL request['NewLmEncryptedWithOldLm'] = NULL request['NtPresent'] = 1 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) request['NtCrossEncryptionPresent'] = 0 request['NewNtEncryptedWithNewLm'] = NULL request['LmCrossEncryptionPresent'] = 1 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) resp = dce.request(request) resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #13
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_SamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump()
Example #14
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_hSamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN) resp.dump()
Example #15
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_SamrGetGroupsForUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump() request = samr.SamrGetGroupsForUser() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #16
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_hSamrGetGroupsForUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump() resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle']) resp.dump()
Example #17
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_SamrCreateUser2InDomain_SamrDeleteUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp = dce.request(request) resp.dump() request = samr.SamrDeleteUser() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #18
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_SamrGetUserDomainPasswordInformation(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) request = samr.SamrGetUserDomainPasswordInformation() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #19
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_hSamrGetUserDomainPasswordInformation(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp = samr.hSamrGetUserDomainPasswordInformation(dce, resp['UserHandle']) resp.dump()
Example #20
Source File: test_samr.py From PiBunny with MIT License | 5 votes |
def test_SamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() oldPwd = '' oldPwdHashNT = ntlm.NTOWFv1(oldPwd) newPwd = 'ADMIN' newPwdHashNT = ntlm.NTOWFv1(newPwd) newPwdHashLM = ntlm.LMOWFv1(newPwd) from impacket import crypto request = samr.SamrChangePasswordUser() request['UserHandle'] = resp0['UserHandle'] request['LmPresent'] = 0 request['OldLmEncryptedWithNewLm'] = NULL request['NewLmEncryptedWithOldLm'] = NULL request['NtPresent'] = 1 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) request['NtCrossEncryptionPresent'] = 0 request['NewNtEncryptedWithNewLm'] = NULL request['LmCrossEncryptionPresent'] = 1 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) resp = dce.request(request) resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #21
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_SamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump()
Example #22
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_hSamrGetGroupsForUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump() resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle']) resp.dump()
Example #23
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_SamrCreateUser2InDomain_SamrDeleteUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp = dce.request(request) resp.dump() request = samr.SamrDeleteUser() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #24
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_SamrGetUserDomainPasswordInformation(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) request = samr.SamrGetUserDomainPasswordInformation() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #25
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_hSamrGetUserDomainPasswordInformation(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp = samr.hSamrGetUserDomainPasswordInformation(dce, resp['UserHandle']) resp.dump()
Example #26
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_SamrChangePasswordUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrCreateUser2InDomain() request['DomainHandle'] = domainHandle request['Name'] = 'testAccount' request['AccountType'] = samr.USER_NORMAL_ACCOUNT request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE #request.dump() resp0 = dce.request(request) resp0.dump() oldPwd = '' oldPwdHashNT = ntlm.NTOWFv1(oldPwd) newPwd = 'ADMIN' newPwdHashNT = ntlm.NTOWFv1(newPwd) newPwdHashLM = ntlm.LMOWFv1(newPwd) from impacket import crypto request = samr.SamrChangePasswordUser() request['UserHandle'] = resp0['UserHandle'] request['LmPresent'] = 0 request['OldLmEncryptedWithNewLm'] = NULL request['NewLmEncryptedWithOldLm'] = NULL request['NtPresent'] = 1 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) request['NtCrossEncryptionPresent'] = 0 request['NewNtEncryptedWithNewLm'] = NULL request['LmCrossEncryptionPresent'] = 1 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) resp = dce.request(request) resp.dump() # Delete the temp user request = samr.SamrDeleteUser() request['UserHandle'] = resp0['UserHandle'] resp = dce.request(request) resp.dump()
Example #27
Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
def test_SamrGetGroupsForUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump() request = samr.SamrGetGroupsForUser() request['UserHandle'] = resp['UserHandle'] resp = dce.request(request) resp.dump()
Example #28
Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
def test_SamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump()
Example #29
Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
def test_SamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() request = samr.SamrOpenUser() request['DomainHandle'] = domainHandle request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT request['UserId'] = samr.DOMAIN_USER_RID_ADMIN resp = dce.request(request) resp.dump()
Example #30
Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
def test_hSamrOpenUser(self): dce, rpctransport, domainHandle = self.connect() resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN) resp.dump()