github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_even.py (about) 1 ############################################################################### 2 # Tested so far: 3 # 4 # ElfrOpenBELW 5 # hElfrOpenBELW 6 # ElfrOpenELW 7 # hElfrOpenELW 8 # ElfrRegisterEventSourceW 9 # hElfrRegisterEventSourceW 10 # 11 # Not yet: 12 # 13 # Shouldn't dump errors against a win7 14 # 15 ################################################################################ 16 from __future__ import division 17 from __future__ import print_function 18 import unittest 19 20 from six.moves import configparser 21 22 from impacket.dcerpc.v5 import even 23 from impacket.dcerpc.v5 import transport 24 from impacket.dcerpc.v5.dtypes import NULL 25 26 27 class RRPTests(unittest.TestCase): 28 def connect(self): 29 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 30 if len(self.hashes) > 0: 31 lmhash, nthash = self.hashes.split(':') 32 else: 33 lmhash = '' 34 nthash = '' 35 if hasattr(rpctransport, 'set_credentials'): 36 # This method exists only for selected protocol sequences. 37 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 38 dce = rpctransport.get_dce_rpc() 39 #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) 40 dce.connect() 41 dce.bind(even.MSRPC_UUID_EVEN, transfer_syntax = self.ts) 42 43 return dce, rpctransport 44 45 def test_ElfrOpenBELW(self): 46 dce, rpctransport = self.connect() 47 request = even.ElfrOpenBELW() 48 request['UNCServerName'] = NULL 49 request['BackupFileName'] = '\\??\\BETO' 50 request['MajorVersion'] = 1 51 request['MinorVersion'] = 1 52 try: 53 resp = dce.request(request) 54 except Exception as e: 55 if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') < 0: 56 raise 57 resp = e.get_packet() 58 resp.dump() 59 60 def test_hElfrOpenBELW(self): 61 dce, rpctransport = self.connect() 62 try: 63 resp = even.hElfrOpenBELW(dce, '\\??\\BETO') 64 except Exception as e: 65 if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') < 0: 66 raise 67 resp = e.get_packet() 68 resp.dump() 69 70 def test_ElfrOpenELW(self): 71 dce, rpctransport = self.connect() 72 request = even.ElfrOpenELW() 73 request['UNCServerName'] = NULL 74 request['ModuleName'] = 'Security' 75 request['RegModuleName'] = '' 76 request['MajorVersion'] = 1 77 request['MinorVersion'] = 1 78 resp = dce.request(request) 79 resp.dump() 80 81 def test_hElfrOpenELW(self): 82 dce, rpctransport = self.connect() 83 resp = even.hElfrOpenELW(dce, 'Security', '') 84 resp.dump() 85 86 def test_ElfrRegisterEventSourceW(self): 87 dce, rpctransport = self.connect() 88 request = even.ElfrRegisterEventSourceW() 89 request['UNCServerName'] = NULL 90 request['ModuleName'] = 'Security' 91 request['RegModuleName'] = '' 92 request['MajorVersion'] = 1 93 request['MinorVersion'] = 1 94 try: 95 resp = dce.request(request) 96 resp.dump() 97 except Exception as e: 98 if str(e).find('STATUS_ACCESS_DENIED') < 0: 99 raise 100 101 def test_hElfrRegisterEventSourceW(self): 102 dce, rpctransport = self.connect() 103 try: 104 resp = even.hElfrRegisterEventSourceW(dce, 'Security', '') 105 resp.dump() 106 except Exception as e: 107 if str(e).find('STATUS_ACCESS_DENIED') < 0: 108 raise 109 110 def test_ElfrReadELW(self): 111 dce, rpctransport = self.connect() 112 resp = even.hElfrOpenELW(dce, 'Security', '') 113 resp.dump() 114 request = even.ElfrReadELW() 115 request['LogHandle'] = resp['LogHandle'] 116 request['ReadFlags'] = even.EVENTLOG_SEQUENTIAL_READ | even.EVENTLOG_FORWARDS_READ 117 request['RecordOffset'] = 0 118 request['NumberOfBytesToRead'] = even.MAX_BATCH_BUFF 119 resp = dce.request(request) 120 resp.dump() 121 122 def test_hElfrReadELW(self): 123 dce, rpctransport = self.connect() 124 resp = even.hElfrOpenELW(dce, 'Security', '') 125 resp.dump() 126 resp = even.hElfrReadELW(dce, resp['LogHandle'],even.EVENTLOG_SEQUENTIAL_READ | even.EVENTLOG_FORWARDS_READ,0, even.MAX_BATCH_BUFF ) 127 resp.dump() 128 129 def test_ElfrClearELFW(self): 130 dce, rpctransport = self.connect() 131 resp = even.hElfrOpenELW(dce, 'Security', '') 132 resp.dump() 133 request = even.ElfrClearELFW() 134 request['LogHandle'] = resp['LogHandle'] 135 request['BackupFileName'] = '\\??\\c:\\beto2' 136 try: 137 resp = dce.request(request) 138 resp.dump() 139 except Exception as e: 140 if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: 141 raise 142 143 def test_hElfrClearELFW(self): 144 dce, rpctransport = self.connect() 145 resp = even.hElfrOpenELW(dce, 'Security', '') 146 resp.dump() 147 try: 148 resp = even.hElfrClearELFW(dce, resp['LogHandle'], '\\??\\c:\\beto2') 149 resp.dump() 150 except Exception as e: 151 if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: 152 raise 153 154 def test_ElfrBackupELFW(self): 155 dce, rpctransport = self.connect() 156 resp = even.hElfrOpenELW(dce, 'Security', '') 157 resp.dump() 158 request = even.ElfrBackupELFW() 159 request['LogHandle'] = resp['LogHandle'] 160 request['BackupFileName'] = '\\??\\c:\\beto2' 161 try: 162 resp = dce.request(request) 163 resp.dump() 164 except Exception as e: 165 if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: 166 raise 167 168 def test_hElfrBackupELFW(self): 169 dce, rpctransport = self.connect() 170 resp = even.hElfrOpenELW(dce, 'Security', '') 171 resp.dump() 172 try: 173 resp = even.hElfrBackupELFW(dce, resp['LogHandle'], '\\??\\c:\\beto2') 174 resp.dump() 175 except Exception as e: 176 if str(e).find('STATUS_OBJECT_NAME_INVALID') < 0: 177 raise 178 179 def test_ElfrReportEventW(self): 180 dce, rpctransport = self.connect() 181 resp = even.hElfrOpenELW(dce, 'Security', '') 182 resp.dump() 183 request = even.ElfrReportEventW() 184 request['LogHandle'] = resp['LogHandle'] 185 request['Time'] = 5000000 186 request['EventType'] = even.EVENTLOG_ERROR_TYPE 187 request['EventCategory'] = 0 188 request['EventID'] = 7037 189 request['ComputerName'] = 'MYCOMPUTER!' 190 request['NumStrings'] = 1 191 request['DataSize'] = 0 192 request['UserSID'].fromCanonical('S-1-2-5-21') 193 nn = even.PRPC_UNICODE_STRING() 194 nn['Data'] = 'HOLA BETUSSS' 195 request['Strings'].append(nn) 196 request['Data'] = NULL 197 request['Flags'] = 0 198 request['RecordNumber'] = NULL 199 request['TimeWritten'] = NULL 200 try: 201 resp = dce.request(request) 202 resp.dump() 203 except Exception as e: 204 if str(e).find('STATUS_ACCESS_DENIED') < 0: 205 raise 206 207 class SMBTransport(RRPTests): 208 def setUp(self): 209 RRPTests.setUp(self) 210 configFile = configparser.ConfigParser() 211 configFile.read('dcetests.cfg') 212 self.username = configFile.get('SMBTransport', 'username') 213 self.domain = configFile.get('SMBTransport', 'domain') 214 self.serverName = configFile.get('SMBTransport', 'servername') 215 self.password = configFile.get('SMBTransport', 'password') 216 self.machine = configFile.get('SMBTransport', 'machine') 217 self.hashes = configFile.get('SMBTransport', 'hashes') 218 self.stringBinding = r'ncacn_np:%s[\PIPE\eventlog]' % self.machine 219 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 220 221 class SMBTransport64(RRPTests): 222 def setUp(self): 223 RRPTests.setUp(self) 224 configFile = configparser.ConfigParser() 225 configFile.read('dcetests.cfg') 226 self.username = configFile.get('SMBTransport', 'username') 227 self.domain = configFile.get('SMBTransport', 'domain') 228 self.serverName = configFile.get('SMBTransport', 'servername') 229 self.password = configFile.get('SMBTransport', 'password') 230 self.machine = configFile.get('SMBTransport', 'machine') 231 self.hashes = configFile.get('SMBTransport', 'hashes') 232 self.stringBinding = r'ncacn_np:%s[\PIPE\eventlog]' % self.machine 233 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 234 235 # Process command-line arguments. 236 if __name__ == '__main__': 237 import sys 238 if len(sys.argv) > 1: 239 testcase = sys.argv[1] 240 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 241 else: 242 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 243 #suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 244 unittest.TextTestRunner(verbosity=1).run(suite)