Python impacket.dcerpc.v5.samr.hSamrLookupNamesInDomain() Examples
The following are 14
code examples of impacket.dcerpc.v5.samr.hSamrLookupNamesInDomain().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.samr
, or try the search function
.
.
Example #1
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION)
resp.dump()
try:
resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] )
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
Example #2
| Source File: test_samr.py From cracke-dit with MIT License | 6 votes |
|
def test_hSamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION)
resp.dump()
try:
resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] )
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
Example #3
| Source File: goldenPac.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def getUserSID(self):
stringBinding = r'ncacn_np:%s[\pipe\samr]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, self.__domain)
domainId = resp['DomainId']
resp = samr.hSamrOpenDomain(dce, serverHandle, domainId = domainId)
domainHandle = resp['DomainHandle']
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.__username,))
# Let's pick the relative ID
rid = resp['RelativeIds']['Element'][0]['Data']
logging.info("User SID: %s-%s"% (domainId.formatCanonical(), rid))
return domainId, rid
Example #4
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def test_hSamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION)
resp.dump()
try:
resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] )
resp.dump()
except Exception as e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
resp = samr.hSamrCloseHandle(dce, userHandle)
resp.dump()
Example #5
| Source File: goldenPac.py From PiBunny with MIT License | 6 votes |
|
def getUserSID(self):
stringBinding = r'ncacn_np:%s[\pipe\samr]' % self.__kdcHost
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(self.__username,self.__password, self.__domain, self.__lmhash, self.__nthash)
dce = rpctransport.get_dce_rpc()
dce.connect()
dce.bind(samr.MSRPC_UUID_SAMR)
resp = samr.hSamrConnect(dce)
serverHandle = resp['ServerHandle']
resp = samr.hSamrLookupDomainInSamServer(dce, serverHandle, self.__domain)
domainId = resp['DomainId']
resp = samr.hSamrOpenDomain(dce, serverHandle, domainId = domainId)
domainHandle = resp['DomainHandle']
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.__username,))
# Let's pick the relative ID
rid = resp['RelativeIds']['Element'][0]['Data']
logging.info("User SID: %s-%s"% (domainId.formatCanonical(), rid))
return domainId, rid
Example #6
| Source File: test_samr.py From PiBunny with MIT License | 6 votes |
|
def test_hSamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION)
resp.dump()
try:
resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] )
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
Example #7
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrLookupNamesInDomain(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, ('Administrator','Guest'))
resp.dump()
Example #8
| Source File: test_samr.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_SamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
request = samr.SamrQuerySecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
request = samr.SamrSetSecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
request['SecurityDescriptor'] = resp['SecurityDescriptor']
#request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
Example #9
| Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
|
def test_hSamrLookupNamesInDomain(self):
dce, rpctransport, domainHandle = self.connect()
try:
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, ('Administrator','Guest'))
resp.dump()
except Exception, e:
if str(e).find('STATUS_MORE_ENTRIES') >=0:
pass
e.get_packet().dump()
Example #10
| Source File: test_samr.py From cracke-dit with MIT License | 5 votes |
|
def test_SamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
request = samr.SamrQuerySecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
request = samr.SamrSetSecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
request['SecurityDescriptor'] = resp['SecurityDescriptor']
#request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
Example #11
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_hSamrLookupNamesInDomain(self):
dce, rpctransport, domainHandle = self.connect()
try:
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, ('Administrator','Guest'))
resp.dump()
except Exception as e:
if str(e).find('STATUS_MORE_ENTRIES') >=0:
pass
e.get_packet().dump()
Example #12
| Source File: test_samr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_SamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
request = samr.SamrQuerySecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
request = samr.SamrSetSecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
request['SecurityDescriptor'] = resp['SecurityDescriptor']
#request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception as e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
resp = samr.hSamrCloseHandle(dce, userHandle)
resp.dump()
Example #13
| Source File: test_samr.py From PiBunny with MIT License | 5 votes |
|
def test_hSamrLookupNamesInDomain(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, ('Administrator','Guest'))
resp.dump()
Example #14
| Source File: test_samr.py From PiBunny with MIT License | 5 votes |
|
def test_SamrSetSecurityObject(self):
dce, rpctransport, domainHandle = self.connect()
resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,))
resp.dump()
resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data'])
resp.dump()
userHandle = resp['UserHandle']
request = samr.SamrQuerySecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
request = samr.SamrSetSecurityObject()
request['ObjectHandle'] = userHandle
request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION
request['SecurityDescriptor'] = resp['SecurityDescriptor']
#request.dump()
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0:
raise
