Python impacket.dcerpc.v5.samr.SamrOpenGroup() Examples
The following are 28
code examples of impacket.dcerpc.v5.samr.SamrOpenGroup().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.samr
, or try the search function
.
.
Example #1
| Source File: test_samr.py From cracke-dit with MIT License | 6 votes |
|
def test_SamrAddMemberToGroup_SamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #2
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def test_SamrGetMembersInGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
request = samr.SamrGetMembersInGroup()
request['GroupHandle'] = resp['GroupHandle']
resp = dce.request(request)
resp.dump()
Example #3
| Source File: test_samr.py From PiBunny with MIT License | 6 votes |
|
def test_SamrOpenGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #4
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def test_SamrOpenGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = 'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #5
| Source File: test_samr.py From PiBunny with MIT License | 6 votes |
|
def test_SamrAddMemberToGroup_SamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #6
| Source File: test_samr.py From cracke-dit with MIT License | 6 votes |
|
def test_SamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
request = samr.SamrSetMemberAttributesOfGroup()
request['GroupHandle'] = resp['GroupHandle']
request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN
request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT
resp = dce.request(request)
resp.dump()
Example #7
| Source File: test_samr.py From PiBunny with MIT License | 6 votes |
|
def test_hSamrAddMemberToGroup_hSamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #8
| Source File: test_samr.py From cracke-dit with MIT License | 6 votes |
|
def test_hSamrAddMemberToGroup_hSamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #9
| Source File: test_samr.py From cracke-dit with MIT License | 6 votes |
|
def test_SamrOpenGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #10
| Source File: test_samr.py From PiBunny with MIT License | 6 votes |
|
def test_SamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
request = samr.SamrSetMemberAttributesOfGroup()
request['GroupHandle'] = resp['GroupHandle']
request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN
request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT
resp = dce.request(request)
resp.dump()
Example #11
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_SamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
request = samr.SamrSetMemberAttributesOfGroup()
request['GroupHandle'] = resp['GroupHandle']
request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN
request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT
resp = dce.request(request)
resp.dump()
Example #12
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSamrAddMemberToGroup_hSamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #13
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_SamrAddMemberToGroup_SamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #14
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_SamrOpenGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #15
| Source File: test_samr.py From PiBunny with MIT License | 5 votes |
|
def test_SamrGetMembersInGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #16
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_SamrQueryInformationGroup_SamrSetInformationGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.GROUP_ALL_ACCESS
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp0 = dce.request(request)
resp0.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #17
| Source File: test_samr.py From PiBunny with MIT License | 5 votes |
|
def test_hSamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
resp = samr.hSamrSetMemberAttributesOfGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT)
resp.dump()
Example #18
| Source File: test_samr.py From PiBunny with MIT License | 5 votes |
|
def test_SamrQueryInformationGroup_SamrSetInformationGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.GROUP_ALL_ACCESS
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp0 = dce.request(request)
resp0.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #19
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = 'BETO\x00'
dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
resp = samr.hSamrSetMemberAttributesOfGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT)
resp.dump()
Example #20
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrGetMembersInGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
resp = samr.hSamrGetMembersInGroup(dce, resp['GroupHandle'])
resp.dump()
Example #21
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrAddMemberToGroup_hSamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = 'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
try:
resp2 = samr.hSamrRemoveMemberFromGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN)
resp2.dump()
except Exception as e:
if str(e).find('STATUS_MEMBERS_PRIMARY_GROUP') < 0:
raise
try:
resp2= samr.hSamrAddMemberToGroup(dce, resp['GroupHandle'] ,samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT)
resp2.dump()
except Exception as e:
if str(e).find('STATUS_MEMBER_IN_GROUP') < 0:
raise
Example #22
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_SamrAddMemberToGroup_SamrRemoveMemberFromGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = 'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
request = samr.SamrRemoveMemberFromGroup()
request['GroupHandle'] = resp['GroupHandle']
request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN
try:
resp2 = dce.request(request)
resp2.dump()
except Exception as e:
if str(e).find('STATUS_MEMBERS_PRIMARY_GROUP') < 0:
raise
request = samr.SamrAddMemberToGroup()
request['GroupHandle'] = resp['GroupHandle']
request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN
request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT
try:
resp2 = dce.request(request)
resp2.dump()
except Exception as e:
if str(e).find('STATUS_MEMBER_IN_GROUP') < 0:
raise
Example #23
| Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
|
def test_hSamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
resp = samr.hSamrSetMemberAttributesOfGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT)
resp.dump()
Example #24
| Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
|
def test_SamrGetMembersInGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #25
| Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
|
def test_SamrQueryInformationGroup_SamrSetInformationGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = samr.GROUP_ALL_ACCESS
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp0 = dce.request(request)
resp0.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #26
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrSetMemberAttributesOfGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrConnect()
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['ServerName'] = u'BETO\x00'
resp = dce.request(request)
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
resp = dce.request(request)
resp = samr.hSamrSetMemberAttributesOfGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT)
resp.dump()
Example #27
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_SamrGetMembersInGroup(self):
dce, rpctransport, domainHandle = self.connect()
request = samr.SamrOpenGroup()
request['DomainHandle'] = domainHandle
request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED
request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0:
raise
Example #28
| Source File: enumerid.py From enumerid with BSD 3-Clause "New" or "Revised" License | 4 votes |
|
def enumerate_users_in_group(self, dce, domain_handle):
request = samr.SamrOpenGroup()
request['DomainHandle'] = domain_handle
request['DesiredAccess'] = samr.MAXIMUM_ALLOWED
request['GroupId'] = self.rid
try:
resp = dce.request(request)
except samr.DCERPCSessionError:
raise
request = samr.SamrGetMembersInGroup()
request['GroupHandle'] = resp['GroupHandle']
resp = dce.request(request)
self.log.info('[*] Group RID detected. Enumerating users/hosts in group..\n')
try:
rids = resp['Members']['Members']
except AttributeError:
self.log.info('[-] No users in group')
return
mutex = Lock()
for rid in rids:
try:
resp = samr.hSamrOpenUser(dce, domain_handle, samr.MAXIMUM_ALLOWED, rid['Data'])
rid_data = samr.hSamrQueryInformationUser2(dce, resp['UserHandle'], samr.USER_INFORMATION_CLASS.UserAllInformation)
except samr.DCERPCSessionError as e:
# Occasionally an ACCESS_DENIED is rasied even though the user has permissions?
# Other times a STATUS_NO_SUCH_USER is raised when a rid apparently doesn't exist, even though it reported back as existing.
self.log.debug(e)
continue
if self.fqdn:
rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '') + '.' + self.fqdn
else:
rid_data = rid_data['Buffer']['All']['UserName'].replace('$', '')
samr.hSamrCloseHandle(dce, resp['UserHandle'])
if self.dns_lookup:
# Threading because DNS lookups are slow
t = Thread(target=self.get_ip, args=(rid_data, mutex,))
t.start()
else:
self.log.info(rid_data)
self.data.append(rid_data)
