github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_dhcpm.py (about) 1 ############################################################################### 2 # Tested so far: 3 # 4 # DhcpGetClientInfoV4 5 # DhcpV4GetClientInfo 6 # 7 # Not yet: 8 # 9 # 10 ################################################################################ 11 12 from __future__ import division 13 from __future__ import print_function 14 15 import socket 16 import struct 17 import unittest 18 19 from six.moves import configparser 20 21 from impacket.dcerpc.v5 import epm, dhcpm 22 from impacket.dcerpc.v5 import transport 23 from impacket.dcerpc.v5.dtypes import NULL 24 from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY 25 26 27 class DHCPMTests(unittest.TestCase): 28 def connect(self, version): 29 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 30 if len(self.hashes) > 0: 31 lmhash, nthash = self.hashes.split(':') 32 else: 33 lmhash = '' 34 nthash = '' 35 if hasattr(rpctransport, 'set_credentials'): 36 # This method exists only for selected protocol sequences. 37 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 38 dce = rpctransport.get_dce_rpc() 39 dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 40 #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) 41 dce.connect() 42 if version == 1: 43 dce.bind(dhcpm.MSRPC_UUID_DHCPSRV, transfer_syntax = self.ts) 44 else: 45 dce.bind(dhcpm.MSRPC_UUID_DHCPSRV2, transfer_syntax = self.ts) 46 47 return dce, rpctransport 48 49 def test_DhcpV4GetClientInfo(self): 50 dce, rpctransport = self.connect(2) 51 request = dhcpm.DhcpV4GetClientInfo() 52 request['ServerIpAddress'] = NULL 53 54 request['SearchInfo']['SearchType'] = dhcpm.DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress 55 request['SearchInfo']['SearchInfo']['tag'] = dhcpm.DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress 56 ip = struct.unpack("!I", socket.inet_aton(self.machine))[0] 57 request['SearchInfo']['SearchInfo']['ClientIpAddress'] = ip 58 59 #request['SearchInfo']['SearchType'] = 2 60 #request['SearchInfo']['SearchInfo']['tag'] = 2 61 #ip = netaddr.IPAddress('172.16.123.10') 62 #request['SearchInfo']['SearchInfo']['ClientName'] = 'PEPONA\0' 63 64 request.dump() 65 try: 66 resp = dce.request(request) 67 resp.dump() 68 except Exception as e: 69 # For now we'e failing. This is not supported in W2k8r2 70 if str(e).find('nca_s_op_rng_error') >= 0: 71 pass 72 73 def test_DhcpGetClientInfoV4(self): 74 dce, rpctransport = self.connect(1) 75 request = dhcpm.DhcpGetClientInfoV4() 76 request['ServerIpAddress'] = NULL 77 78 request['SearchInfo']['SearchType'] = dhcpm.DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress 79 request['SearchInfo']['SearchInfo']['tag'] = dhcpm.DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress 80 ip = struct.unpack("!I", socket.inet_aton(self.machine))[0] 81 request['SearchInfo']['SearchInfo']['ClientIpAddress'] = ip 82 83 request.dump() 84 try: 85 resp = dce.request(request) 86 except Exception as e: 87 if str(e).find('ERROR_DHCP_JET_ERROR') >=0: 88 pass 89 else: 90 resp.dump() 91 92 def test_hDhcpGetClientInfoV4(self): 93 dce, rpctransport = self.connect(1) 94 95 ip = struct.unpack("!I", socket.inet_aton(self.machine))[0] 96 try: 97 resp = dhcpm.hDhcpGetClientInfoV4(dce, dhcpm.DHCP_SEARCH_INFO_TYPE.DhcpClientIpAddress, ip) 98 except Exception as e: 99 if str(e).find('ERROR_DHCP_JET_ERROR') >=0: 100 pass 101 else: 102 resp.dump() 103 104 try: 105 resp = dhcpm.hDhcpGetClientInfoV4(dce, dhcpm.DHCP_SEARCH_INFO_TYPE.DhcpClientName, 'PEPA\x00') 106 resp.dump() 107 except Exception as e: 108 if str(e).find('0x4e2d') >= 0: 109 pass 110 111 def test_hDhcpEnumSubnetClientsV5(self): 112 113 dce, rpctransport = self.connect(2) 114 115 try: 116 resp = dhcpm.hDhcpEnumSubnetClientsV5(dce) 117 except Exception as e: 118 if str(e).find('ERROR_NO_MORE_ITEMS') >=0: 119 pass 120 else: 121 raise 122 else: 123 resp.dump() 124 125 def test_hDhcpGetOptionValueV5(self): 126 dce, rpctransport = self.connect(2) 127 netId = self.machine.split('.')[:-1] 128 netId.append('0') 129 print('.'.join(netId)) 130 subnet_id = struct.unpack("!I", socket.inet_aton('.'.join(netId)))[0] 131 try: 132 resp = dhcpm.hDhcpGetOptionValueV5(dce,3, 133 dhcpm.DHCP_FLAGS_OPTION_DEFAULT, NULL, NULL, 134 dhcpm.DHCP_OPTION_SCOPE_TYPE.DhcpSubnetOptions, 135 subnet_id) 136 except Exception as e: 137 if str(e).find('ERROR_DHCP_SUBNET_NOT_PRESENT') >=0: 138 pass 139 else: 140 raise 141 else: 142 resp.dump() 143 144 class SMBTransport(DHCPMTests): 145 def setUp(self): 146 DHCPMTests.setUp(self) 147 configFile = configparser.ConfigParser() 148 configFile.read('dcetests.cfg') 149 self.username = configFile.get('SMBTransport', 'username') 150 self.domain = configFile.get('SMBTransport', 'domain') 151 self.serverName = configFile.get('SMBTransport', 'servername') 152 self.password = configFile.get('SMBTransport', 'password') 153 self.machine = configFile.get('SMBTransport', 'machine') 154 self.hashes = configFile.get('SMBTransport', 'hashes') 155 self.stringBinding = r'ncacn_np:%s[\PIPE\dhcpserver]' % self.machine 156 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 157 158 class SMBTransport64(DHCPMTests): 159 def setUp(self): 160 DHCPMTests.setUp(self) 161 configFile = configparser.ConfigParser() 162 configFile.read('dcetests.cfg') 163 self.username = configFile.get('SMBTransport', 'username') 164 self.domain = configFile.get('SMBTransport', 'domain') 165 self.serverName = configFile.get('SMBTransport', 'servername') 166 self.password = configFile.get('SMBTransport', 'password') 167 self.machine = configFile.get('SMBTransport', 'machine') 168 self.hashes = configFile.get('SMBTransport', 'hashes') 169 self.stringBinding = r'ncacn_np:%s[\PIPE\dhcpserver]' % self.machine 170 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 171 172 class TCPTransport(DHCPMTests): 173 def setUp(self): 174 DHCPMTests.setUp(self) 175 configFile = configparser.ConfigParser() 176 configFile.read('dcetests.cfg') 177 self.username = configFile.get('TCPTransport', 'username') 178 self.domain = configFile.get('TCPTransport', 'domain') 179 self.serverName = configFile.get('TCPTransport', 'servername') 180 self.password = configFile.get('TCPTransport', 'password') 181 self.machine = configFile.get('TCPTransport', 'machine') 182 self.hashes = configFile.get('TCPTransport', 'hashes') 183 self.stringBinding = epm.hept_map(self.machine, dhcpm.MSRPC_UUID_DHCPSRV2, protocol = 'ncacn_ip_tcp') 184 #self.stringBinding = epm.hept_map(self.machine, dhcpm.MSRPC_UUID_DHCPSRV, protocol = 'ncacn_ip_tcp') 185 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 186 187 class TCPTransport64(DHCPMTests): 188 def setUp(self): 189 DHCPMTests.setUp(self) 190 configFile = configparser.ConfigParser() 191 configFile.read('dcetests.cfg') 192 self.username = configFile.get('TCPTransport', 'username') 193 self.domain = configFile.get('TCPTransport', 'domain') 194 self.serverName = configFile.get('TCPTransport', 'servername') 195 self.password = configFile.get('TCPTransport', 'password') 196 self.machine = configFile.get('TCPTransport', 'machine') 197 self.hashes = configFile.get('TCPTransport', 'hashes') 198 self.stringBinding = epm.hept_map(self.machine, dhcpm.MSRPC_UUID_DHCPSRV2, protocol = 'ncacn_ip_tcp') 199 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 200 201 202 # Process command-line arguments. 203 if __name__ == '__main__': 204 import sys 205 if len(sys.argv) > 1: 206 testcase = sys.argv[1] 207 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 208 else: 209 suite = unittest.TestLoader().loadTestsFromTestCase(TCPTransport) 210 #suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport64)) 211 unittest.TextTestRunner(verbosity=1).run(suite)