return result
-
def string_to_sid(string):
"""Convert a string SID to a Python dictionary SID. Throws a
ValueError if the SID string was badly formed."""
return sid
-
def call_fn(fn, pipe, args):
"""Wrap up a RPC call and throw an exception is an error was returned."""
raise dcerpc.NTSTATUS(result, dcerpc.nt_errstr(result));
return result;
-
-
+
class SamrHandle:
def __init__(self, pipe, handle):
r.data_in.sdbuf = sdbuf
call_fn(dcerpc.dcerpc_samr_SetSecurity, self.pipe, r)
-
class ConnectHandle(SamrHandle):
return r.data_out.info
+ def SetBootKeyInformation(self, unknown1, unknown2, unknown3):
+
+ r = dcerpc.samr_GetBootKeyInformation()
+ r.data_in.connect_handle = self.handle
+ r.data_in.unknown1 = unknown1
+ r.data_in.unknown2 = unknown2
+ r.data_in.unknown3 = unknown3
+
+ call_fn(dcerpc.dcerpc_samr_SetBootKeyInformation, self.pipe, r)
+
class DomainHandle(SamrHandle):
def QueryDomainInfo(self, level = 2):
call_fn(dcerpc.dcerpc_samr_LookupNames, self.pipe, r)
- return ([dcerpc.uint32_array_getitem(r.data_out.rids.ids, i) for i in range(r.data_out.rids.count)],
- [dcerpc.uint32_array_getitem(r.data_out.types.ids, i) for i in range(r.data_out.types.count)])
+ return ([dcerpc.uint32_array_getitem(r.data_out.rids.ids, i)
+ for i in range(r.data_out.rids.count)],
+ [dcerpc.uint32_array_getitem(r.data_out.types.ids, i)
+ for i in range(r.data_out.types.count)])
def CreateDomainGroup(self, domain_name, access_mask = 0x02000000):
return getattr(r.data_out.info, 'info%d' % level)
+ def GetBootKeyInformation(self):
+
+ r = dcerpc.samr_GetBootKeyInformation()
+ r.data_in.domain_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_GetBootKeyInformation, self.pipe, r)
+
+ return r.data_out.unknown
+
+ def SetBootKeyInformation(self):
+
+ r = dcerpc.samr_GetBootKeyInformation()
+ r.data_in.domain_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_GetBootKeyInformation, self.pipe, r)
+
+ def TestPrivateFunctionsDomain(self):
+
+ r = dcerpc.samr_TestPrivateFunctionsDomain()
+ r.data_in.domain_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_TestPrivateFunctionsDomain, self.pipe, r)
class UserHandle(SamrHandle):
return r.data_out.info
+ def GetGroupsForUser(self):
+
+ r = dcerpc.samr_GetGroupsForUser()
+ r.data_in.user_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_GetGroupsForUser, self.pipe, r)
+
+ rid_types = [dcerpc.samr_RidType_array_getitem(r.data_out.rids.rid, x)
+ for x in range(r.data_out.rids.count)]
+
+ return [(x.rid, x.type) for x in rid_types]
+
+ def TestPrivateFunctionsUser(self):
+
+ r = dcerpc.samr_TestPrivateFunctionsUser()
+ r.data_in.user_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_TestPrivateFunctionsUser, self.pipe, r)
+
class GroupHandle(SamrHandle):
- pass
-
+ def QueryGroupInfo(self, level):
+
+ r = dcerpc.samr_QueryGroupInfo()
+ r.data_in.group_handle = self.handle
+ r.data_in.level = level
+
+ call_fn(dcerpc.dcerpc_samr_QueryGroupInfo, self.pipe, r)
+
+ return r.data_out.info
+
+ def SetGroupInfo(self, level, info):
+
+ r = dcerpc.samr_SetGroupInfo()
+ r.data_in.group_handle = self.handle
+ r.data_in.level = level
+ r.data_in.info = info
+
+ call_fn(dcerpc.dcerpc_samr_SetGroupInfo, self.pipe, r)
+
+ def QueryGroupMember(self):
+
+ r = dcerpc.samr_QueryGroupMember()
+ r.data_in.group_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_QueryGroupMember, self.pipe, r)
+
+ return [(dcerpc.uint32_array_getitem(r.data_out.rids.rids, x),
+ dcerpc.uint32_array_getitem(r.data_out.rids.unknown, x))
+ for x in range(r.data_out.rids.count)]
+
class AliasHandle(SamrHandle):
def DeleteDomAlias(self):
call_fn(dcerpc.dcerpc_samr_AddMultipleMembersToAlias, self.pipe, r)
+ def GetMembersInAlias(self):
+
+ r = dcerpc.samr_GetMembersInAlias()
+ r.data_in.alias_handle = self.handle
+
+ call_fn(dcerpc.dcerpc_samr_GetMembersInAlias, self.pipe, r)
+
+ return [
+ sid_to_string(
+ dcerpc.lsa_SidPtr_array_getitem(r.data_out.sids.sids, x).sid)
+ for x in range(r.data_out.sids.num_sids)]
+
def Connect(pipe, access_mask = 0x02000000):
r = dcerpc.samr_Connect()
return ConnectHandle(pipe, r.data_out.connect_handle)
-
def Connect2(pipe, system_name = '', access_mask = 0x02000000):
"""Connect to the SAMR pipe."""
return ConnectHandle(pipe, r.data_out.connect_handle)
-
def Connect3(pipe, system_name = '', access_mask = 0x02000000):
r = dcerpc.samr_Connect3()
return ConnectHandle(pipe, r.data_out.connect_handle)
-# QueryGroupInfo
-# SetGroupInfo
# AddGroupMember
# DeleteDomainGroup
# DeleteGroupMember
-# QueryGroupMember
# SetMemberAttributesofGroup
# AddAliasMember
# DeleteAliasMember
# GetMembersinAlias
# SetUserInfo
# ChangePasswordUser
-# GetGroupsForUser
# GetDisplayEnumerationIndex
-# TestPrivateFunctionsDomain
-# TestPrivateFunctionsUser
# RemoveMemberFromForeignDomain
# GetDisplayEnumerationIndex2
# RemoveMultipleMembersFromAlias
# OemChangePasswordUser2
# ChangePasswordUser2
# SetUserInfo2
-# SetBootKeyInformation
-# GetBootKeyInformation
# ChangePasswordUser3
# SetDsrmPassword
# ValidatePassword
if arg[0] != 0xc0000003L: # NT_STATUS_INVALID_INFO_CLASS
raise
+ # GetGroupsForUser()
+
+ user_handle.GetGroupsForUser()
+
+ # TestPrivateFunctionsUser()
+
+ try:
+ user_handle.TestPrivateFunctionsUser()
+ except dcerpc.NTSTATUS, arg:
+ if arg[0] != 0xC0000002L:
+ raise
+
def test_GroupHandle(group_handle):
# QuerySecurity()/SetSecurity()
group_handle.SetSecurity(group_handle.QuerySecurity())
+ # QueryGroupInfo()
+
+ for level in [1, 2, 3, 4, 5]:
+ info = group_handle.QueryGroupInfo(level)
+
+ # TODO: SetGroupinfo()
+
+ # QueryGroupMember()
+
+ group_handle.QueryGroupMember()
+
def test_AliasHandle(alias_handle):
# QuerySecurity()/SetSecurity()
alias_handle.SetSecurity(alias_handle.QuerySecurity())
+ print alias_handle.GetMembersInAlias()
+
def test_DomainHandle(name, sid, domain_handle):
print 'testing %s (%s)' % (name, sid)
# CreateDomainGroup
# GetAliasMembership
+ # GetBootKeyInformation()
+
+ try:
+ domain_handle.GetBootKeyInformation()
+ except dcerpc.NTSTATUS, arg:
+ pass
+
+ # TestPrivateFunctionsDomain()
+
+ try:
+ domain_handle.TestPrivateFunctionsDomain()
+ except dcerpc.NTSTATUS, arg:
+ if arg[0] != 0xC0000002L:
+ raise
+
def test_ConnectHandle(connect_handle):
print 'testing connect handle'