github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/examples/opdump.py

github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/examples/opdump.py (about)

     1  #!/usr/bin/env python
     2  """opdump - scan for operations on a given DCERPC interface
     3  
     4  Usage: opdump.py hostname port interface version
     5  
     6  This binds to the given hostname:port and DCERPC interface. Then, it tries to
     7  call each of the first 256 operation numbers in turn and reports the outcome
     8  of each call.
     9  
    10  This will generate a burst of TCP connections to the given host:port!
    11  
    12  Example:
    13  $ ./opdump.py 10.0.0.30 135 99FCFEC4-5260-101B-BBCB-00AA0021347A 0.0
    14  op 0 (0x00): rpc_x_bad_stub_data
    15  op 1 (0x01): rpc_x_bad_stub_data
    16  op 2 (0x02): rpc_x_bad_stub_data
    17  op 3 (0x03): success
    18  op 4 (0x04): rpc_x_bad_stub_data
    19  ops 5-255: nca_s_op_rng_error
    20  
    21  rpc_x_bad_stub_data, rpc_s_access_denied, and success generally means there's an
    22  operation at that number.
    23  
    24  Author: Catalin Patulea <cat@vv.carleton.ca>
    25  """
    26  from __future__ import division
    27  from __future__ import print_function
    28  import sys
    29  
    30  from impacket.examples import logger
    31  from impacket import uuid
    32  from impacket.dcerpc.v5 import transport
    33  
    34  
    35  def main(args):
    36    if len(args) != 4:
    37      print("usage: opdump.py hostname port interface version")
    38      return 1
    39  
    40    host, port, interface, version = args[0],  int(args[1]), args[2], args[3]
    41  
    42    stringbinding = "ncacn_ip_tcp:%s" % host
    43    trans = transport.DCERPCTransportFactory(stringbinding)
    44    trans.set_dport(port)
    45  
    46    results = []
    47    for i in range(256):
    48      dce = trans.get_dce_rpc()
    49      dce.connect()
    50  
    51      iid = uuid.uuidtup_to_bin((interface, version))
    52      dce.bind(iid)
    53  
    54      dce.call(i, "")
    55      try:
    56        dce.recv()
    57      except Exception as e:
    58        result = str(e)
    59      else:
    60        result = "success"
    61  
    62      dce.disconnect()
    63  
    64      results.append(result)
    65  
    66    # trim duplicate suffixes from the back
    67    suffix = results[-1]
    68    while results and results[-1] == suffix:
    69      results.pop()
    70  
    71    for i, result in enumerate(results):
    72      print("op %d (0x%02x): %s" % (i, i, result))
    73  
    74    print("ops %d-%d: %s" % (len(results), 255, suffix))
    75  
    76  if __name__ == "__main__":
    77    # Init the example's logger theme
    78    logger.init()
    79    sys.exit(main(sys.argv[1:]))