github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/examples/getArch.py (about)

     1  #!/usr/bin/env python
     2  # SECUREAUTH LABS. Copyright 2018 SecureAuth Corporation. All rights reserved.
     3  #
     4  # This software is provided under under a slightly modified version
     5  # of the Apache Software License. See the accompanying LICENSE file
     6  # for more information.
     7  #
     8  #
     9  # Author:
    10  #  beto (@agsolino)
    11  #
    12  # Description:
    13  #   This script will connect against a target (or list of targets) machine/s and gather the OS architecture type
    14  #   installed.
    15  #   The trick has been discovered many years ago and is actually documented by Microsoft here:
    16  #     https://msdn.microsoft.com/en-us/library/cc243948.aspx#Appendix_A_53
    17  #   and doesn't require any authentication at all.
    18  #
    19  #   Have in mind this trick will *not* work if the target system is running Samba. Don't know what happens with macOS.
    20  #
    21  # Reference for:
    22  #  RPCRT, NDR
    23  #
    24  from __future__ import division
    25  from __future__ import print_function
    26  import argparse
    27  import logging
    28  import sys
    29  
    30  from impacket import version
    31  from impacket.examples import logger
    32  from impacket.dcerpc.v5.rpcrt import DCERPCException
    33  from impacket.dcerpc.v5.transport import DCERPCTransportFactory
    34  from impacket.dcerpc.v5.epm import MSRPC_UUID_PORTMAP
    35  
    36  
    37  class TARGETARCH:
    38      def __init__(self, options):
    39          self.__machinesList = list()
    40          self.__options = options
    41          self.NDR64Syntax = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0')
    42  
    43      def run(self):
    44          if self.__options.targets is not None:
    45              for line in self.__options.targets.readlines():
    46                  self.__machinesList.append(line.strip(' \r\n'))
    47          else:
    48              self.__machinesList.append(self.__options.target)
    49  
    50          logging.info('Gathering OS architecture for %d machines' % len(self.__machinesList))
    51          logging.info('Socket connect timeout set to %s secs' % self.__options.timeout)
    52  
    53          for machine in self.__machinesList:
    54              try:
    55                  stringBinding = r'ncacn_ip_tcp:%s[135]' % machine
    56                  transport = DCERPCTransportFactory(stringBinding)
    57                  transport.set_connect_timeout(int(self.__options.timeout))
    58                  dce = transport.get_dce_rpc()
    59                  dce.connect()
    60                  try:
    61                      dce.bind(MSRPC_UUID_PORTMAP, transfer_syntax=self.NDR64Syntax)
    62                  except DCERPCException as e:
    63                      if str(e).find('syntaxes_not_supported') >= 0:
    64                          print('%s is 32-bit' % machine)
    65                      else:
    66                          logging.error(str(e))
    67                          pass
    68                  else:
    69                      print('%s is 64-bit' % machine)
    70  
    71                  dce.disconnect()
    72              except Exception as e:
    73                  #import traceback
    74                  #traceback.print_exc()
    75                  logging.error('%s: %s' % (machine, str(e)))
    76  
    77  # Process command-line arguments.
    78  if __name__ == '__main__':
    79      # Init the example's logger theme
    80      logger.init()
    81      print(version.BANNER)
    82  
    83      parser = argparse.ArgumentParser(add_help = True, description = "Gets the target system's OS architecture version")
    84      parser.add_argument('-target', action='store', help='<targetName or address>')
    85      parser.add_argument('-targets', type=argparse.FileType('r'), help='input file with targets system to query Arch '
    86                          'from (one per line). ')
    87      parser.add_argument('-timeout', action='store', default='2', help='socket timeout out when connecting to the target (default 2 sec)')
    88      parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
    89  
    90      if len(sys.argv)==1:
    91          parser.print_help()
    92          sys.exit(1)
    93  
    94      options = parser.parse_args()
    95  
    96      if options.target is None and options.targets is None:
    97          logging.error('You have to specify a target!')
    98          sys.exit(1)
    99  
   100      if options.debug is True:
   101          logging.getLogger().setLevel(logging.DEBUG)
   102      else:
   103          logging.getLogger().setLevel(logging.INFO)
   104  
   105      try:
   106          getArch = TARGETARCH(options)
   107          getArch.run()
   108      except (Exception, KeyboardInterrupt) as e:
   109          if logging.getLogger().level == logging.DEBUG:
   110              import traceback
   111              traceback.print_exc()
   112          logging.error(str(e))
   113      sys.exit(0)