github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_epm.py (about) 1 ############################################################################### 2 # Tested so far: 3 # 4 # Not yet: 5 # 6 # Shouldn't dump errors against a win7 7 # 8 ################################################################################ 9 from __future__ import division 10 from __future__ import print_function 11 import unittest 12 try: 13 import ConfigParser 14 except ImportError: 15 import configparser as ConfigParser 16 17 from impacket.dcerpc.v5 import transport 18 from impacket.dcerpc.v5 import epm 19 from impacket.dcerpc.v5.ndr import NULL 20 from impacket.uuid import string_to_bin, uuidtup_to_bin 21 22 23 class EPMTests(unittest.TestCase): 24 def connect(self): 25 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 26 if len(self.hashes) > 0: 27 lmhash, nthash = self.hashes.split(':') 28 else: 29 lmhash = '' 30 nthash = '' 31 if hasattr(rpctransport, 'set_credentials'): 32 # This method exists only for selected protocol sequences. 33 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 34 dce = rpctransport.get_dce_rpc() 35 dce.connect() 36 dce.bind(epm.MSRPC_UUID_PORTMAP, transfer_syntax = self.ts) 37 38 return dce, rpctransport 39 40 def rtesthept_map(self): 41 MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) 42 epm.hept_map(self.machine,MSRPC_UUID_SAMR) 43 epm.hept_map(self.machine, MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 44 MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0')) 45 epm.hept_map(self.machine,MSRPC_UUID_ATSVC) 46 MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0')) 47 epm.hept_map(self.machine,MSRPC_UUID_SCMR, protocol = 'ncacn_ip_tcp') 48 49 def test_lookup(self): 50 dce, rpctransport = self.connect() 51 request = epm.ept_lookup() 52 request['inquiry_type'] = epm.RPC_C_EP_ALL_ELTS 53 request['object'] = NULL 54 request['Ifid'] = NULL 55 request['vers_option'] = epm.RPC_C_VERS_ALL 56 request['max_ents'] = 499 57 58 resp = dce.request(request) 59 for entry in resp['entries']: 60 tower = entry['tower']['tower_octet_string'] 61 epm.EPMTower(b''.join(tower)) 62 #print tower['Floors'][0] 63 #print tower['Floors'][1] 64 65 def test_hlookup(self): 66 resp = epm.hept_lookup(self.machine) 67 #for entry in resp: 68 # print epm.PrintStringBinding(entry['tower']['Floors'], self.machine) 69 MSRPC_UUID_SAMR = uuidtup_to_bin(('12345778-1234-ABCD-EF00-0123456789AC', '1.0')) 70 epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SAMR) 71 MSRPC_UUID_ATSVC = uuidtup_to_bin(('1FF70682-0A51-30E8-076D-740BE8CEE98B', '1.0')) 72 epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_ATSVC) 73 MSRPC_UUID_SCMR = uuidtup_to_bin(('367ABB81-9844-35F1-AD32-98F038001003', '2.0')) 74 epm.hept_lookup(self.machine, inquiry_type = epm.RPC_C_EP_MATCH_BY_IF, ifId = MSRPC_UUID_SCMR) 75 76 def test_map(self): 77 dce, rpctransport = self.connect() 78 tower = epm.EPMTower() 79 interface = epm.EPMRPCInterface() 80 interface['InterfaceUUID'] = string_to_bin('12345778-1234-ABCD-EF00-0123456789AC') 81 interface['MajorVersion'] = 1 82 interface['MinorVersion'] = 0 83 84 dataRep = epm.EPMRPCDataRepresentation() 85 dataRep['DataRepUuid'] = string_to_bin('8a885d04-1ceb-11c9-9fe8-08002b104860') 86 dataRep['MajorVersion'] = 2 87 dataRep['MinorVersion'] = 0 88 89 protId = epm.EPMProtocolIdentifier() 90 protId['ProtIdentifier'] = 0xb 91 92 pipeName = epm.EPMPipeName() 93 pipeName['PipeName'] = b'\x00' 94 95 portAddr = epm.EPMPortAddr() 96 portAddr['IpPort'] = 0 97 98 hostAddr = epm.EPMHostAddr() 99 import socket 100 hostAddr['Ip4addr'] = socket.inet_aton('0.0.0.0') 101 102 hostName = epm.EPMHostName() 103 hostName['HostName'] = b'\x00' 104 105 tower['NumberOfFloors'] = 5 106 tower['Floors'] = interface.getData() + dataRep.getData() + protId.getData() + portAddr.getData() + hostAddr.getData() 107 request = epm.ept_map() 108 request['max_towers'] = 4 109 request['map_tower']['tower_length'] = len(tower) 110 request['map_tower']['tower_octet_string'] = tower.getData() 111 resp = dce.request(request) 112 resp.dump() 113 114 class SMBTransport(EPMTests): 115 def setUp(self): 116 EPMTests.setUp(self) 117 configFile = ConfigParser.ConfigParser() 118 configFile.read('dcetests.cfg') 119 self.username = configFile.get('SMBTransport', 'username') 120 self.domain = configFile.get('SMBTransport', 'domain') 121 self.serverName = configFile.get('SMBTransport', 'servername') 122 self.password = configFile.get('SMBTransport', 'password') 123 self.machine = configFile.get('SMBTransport', 'machine') 124 self.hashes = configFile.get('SMBTransport', 'hashes') 125 self.stringBinding = r'ncacn_np:%s[\pipe\epmapper]' % self.machine 126 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 127 128 class TCPTransport(EPMTests): 129 def setUp(self): 130 EPMTests.setUp(self) 131 configFile = ConfigParser.ConfigParser() 132 configFile.read('dcetests.cfg') 133 self.username = configFile.get('TCPTransport', 'username') 134 self.domain = configFile.get('TCPTransport', 'domain') 135 self.serverName = configFile.get('TCPTransport', 'servername') 136 self.password = configFile.get('TCPTransport', 'password') 137 self.machine = configFile.get('TCPTransport', 'machine') 138 self.hashes = configFile.get('TCPTransport', 'hashes') 139 self.stringBinding = r'ncacn_ip_tcp:%s[135]' % self.machine 140 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 141 142 class SMBTransport64(EPMTests): 143 def setUp(self): 144 EPMTests.setUp(self) 145 configFile = ConfigParser.ConfigParser() 146 configFile.read('dcetests.cfg') 147 self.username = configFile.get('SMBTransport', 'username') 148 self.domain = configFile.get('SMBTransport', 'domain') 149 self.serverName = configFile.get('SMBTransport', 'servername') 150 self.password = configFile.get('SMBTransport', 'password') 151 self.machine = configFile.get('SMBTransport', 'machine') 152 self.hashes = configFile.get('SMBTransport', 'hashes') 153 self.stringBinding = r'ncacn_np:%s[\pipe\epmapper]' % self.machine 154 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 155 156 class TCPTransport64(EPMTests): 157 def setUp(self): 158 EPMTests.setUp(self) 159 configFile = ConfigParser.ConfigParser() 160 configFile.read('dcetests.cfg') 161 self.username = configFile.get('TCPTransport', 'username') 162 self.domain = configFile.get('TCPTransport', 'domain') 163 self.serverName = configFile.get('TCPTransport', 'servername') 164 self.password = configFile.get('TCPTransport', 'password') 165 self.machine = configFile.get('TCPTransport', 'machine') 166 self.hashes = configFile.get('TCPTransport', 'hashes') 167 self.stringBinding = r'ncacn_ip_tcp:%s[135]' % self.machine 168 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 169 170 171 # Process command-line arguments. 172 if __name__ == '__main__': 173 import sys 174 if len(sys.argv) > 1: 175 testcase = sys.argv[1] 176 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 177 else: 178 #suite = unittest.TestLoader().loadTestsFromTestCase(TCPTransport64) 179 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 180 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport)) 181 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 182 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport64)) 183 unittest.TextTestRunner(verbosity=1).run(suite)