github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/examples/getArch.py (about) 1 #!/usr/bin/env python 2 # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved. 3 # 4 # This software is provided under under a slightly modified version 5 # of the Apache Software License. See the accompanying LICENSE file 6 # for more information. 7 # 8 # 9 # Author: 10 # beto (@agsolino) 11 # 12 # Description: 13 # This script will connect against a target (or list of targets) machine/s and gather the OS architecture type 14 # installed. 15 # The trick has been discovered many years ago and is actually documented by Microsoft here: 16 # https://msdn.microsoft.com/en-us/library/cc243948.aspx#Appendix_A_53 17 # and doesn't require any authentication at all. 18 # 19 # Have in mind this trick will *not* work if the target system is running Samba. Don't know what happens with macOS. 20 # 21 # Reference for: 22 # RPCRT, NDR 23 # 24 from __future__ import division 25 from __future__ import print_function 26 import argparse 27 import logging 28 import sys 29 30 from impacket import version 31 from impacket.examples import logger 32 from impacket.dcerpc.v5.rpcrt import DCERPCException 33 from impacket.dcerpc.v5.transport import DCERPCTransportFactory 34 from impacket.dcerpc.v5.epm import MSRPC_UUID_PORTMAP 35 36 37 class TARGETARCH: 38 def __init__(self, options): 39 self.__machinesList = list() 40 self.__options = options 41 self.NDR64Syntax = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 42 43 def run(self): 44 if self.__options.targets is not None: 45 for line in self.__options.targets.readlines(): 46 self.__machinesList.append(line.strip(' \r\n')) 47 else: 48 self.__machinesList.append(self.__options.target) 49 50 logging.info('Gathering OS architecture for %d machines' % len(self.__machinesList)) 51 logging.info('Socket connect timeout set to %s secs' % self.__options.timeout) 52 53 for machine in self.__machinesList: 54 try: 55 stringBinding = r'ncacn_ip_tcp:%s[135]' % machine 56 transport = DCERPCTransportFactory(stringBinding) 57 transport.set_connect_timeout(int(self.__options.timeout)) 58 dce = transport.get_dce_rpc() 59 dce.connect() 60 try: 61 dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=self.NDR64Syntax) 62 except DCERPCException as e: 63 if str(e).find('syntaxes_not_supported') >= 0: 64 print('%s is 32-bit' % machine) 65 else: 66 logging.error(str(e)) 67 pass 68 else: 69 print('%s is 64-bit' % machine) 70 71 dce.disconnect() 72 except Exception as e: 73 #import traceback 74 #traceback.print_exc() 75 logging.error('%s: %s' % (machine, str(e))) 76 77 # Process command-line arguments. 78 if __name__ == '__main__': 79 # Init the example's logger theme 80 logger.init() 81 print(version.BANNER) 82 83 parser = argparse.ArgumentParser(add_help = True, description = "Gets the target system's OS architecture version") 84 parser.add_argument('-target', action='store', help='<targetName or address>') 85 parser.add_argument('-targets', type=argparse.FileType('r'), help='input file with targets system to query Arch ' 86 'from (one per line). ') 87 parser.add_argument('-timeout', action='store', default='2', help='socket timeout out when connecting to the target (default 2 sec)') 88 parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON') 89 90 if len(sys.argv)==1: 91 parser.print_help() 92 sys.exit(1) 93 94 options = parser.parse_args() 95 96 if options.target is None and options.targets is None: 97 logging.error('You have to specify a target!') 98 sys.exit(1) 99 100 if options.debug is True: 101 logging.getLogger().setLevel(logging.DEBUG) 102 else: 103 logging.getLogger().setLevel(logging.INFO) 104 105 try: 106 getArch = TARGETARCH(options) 107 getArch.run() 108 except (Exception, KeyboardInterrupt) as e: 109 if logging.getLogger().level == logging.DEBUG: 110 import traceback 111 traceback.print_exc() 112 logging.error(str(e)) 113 sys.exit(0)