github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_lsad.py (about) 1 ############################################################################### 2 # Tested so far: 3 # LsarOpenPolicy2 4 # LsarOpenPolicy 5 # LsarQueryInformationPolicy2 6 # LsarQueryInformationPolicy 7 # LsarQueryDomainInformationPolicy 8 # LsarEnumerateAccounts 9 # LsarEnumerateAccountsWithUserRight 10 # LsarEnumerateTrustedDomainsEx 11 # LsarEnumerateTrustedDomains 12 # LsarOpenAccount 13 # LsarClose 14 # LsarCreateAccount 15 # LsarDeleteObject 16 # LsarEnumeratePrivilegesAccount 17 # LsarGetSystemAccessAccount 18 # LsarSetSystemAccessAccount 19 # LsarAddPrivilegesToAccount 20 # LsarRemovePrivilegesFromAccount 21 # LsarEnumerateAccountRights 22 # LsarAddAccountRights 23 # LsarRemoveAccountRights 24 # LsarCreateSecret 25 # LsarOpenSecret 26 # LsarSetSecret 27 # LsarQuerySecret 28 # LsarRetrievePrivateData 29 # LsarStorePrivateData 30 # LsarEnumeratePrivileges 31 # LsarLookupPrivilegeValue 32 # LsarLookupPrivilegeName 33 # LsarLookupPrivilegeDisplayName 34 # LsarQuerySecurityObject 35 # LsarSetSecurityObject 36 # LsarQueryForestTrustInformation 37 # LsarSetInformationPolicy 38 # LsarSetInformationPolicy2 39 # 40 # Not yet: 41 # 42 # Shouldn't dump errors against a win7 43 # 44 ################################################################################ 45 from __future__ import division 46 from __future__ import print_function 47 import unittest 48 try: 49 import ConfigParser 50 except ImportError: 51 import configparser as ConfigParser 52 53 from impacket.dcerpc.v5 import transport, lsad 54 from impacket.dcerpc.v5.ndr import NULL 55 from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED, RPC_UNICODE_STRING, DELETE 56 from impacket.structure import hexdump 57 58 class LSADTests(unittest.TestCase): 59 def connect(self): 60 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 61 if len(self.hashes) > 0: 62 lmhash, nthash = self.hashes.split(':') 63 else: 64 lmhash = '' 65 nthash = '' 66 if hasattr(rpctransport, 'set_credentials'): 67 # This method exists only for selected protocol sequences. 68 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 69 dce = rpctransport.get_dce_rpc() 70 dce.connect() 71 dce.bind(lsad.MSRPC_UUID_LSAD, transfer_syntax = self.ts) 72 resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsad.POLICY_CREATE_SECRET | DELETE | lsad.POLICY_VIEW_LOCAL_INFORMATION) 73 74 return dce, rpctransport, resp['PolicyHandle'] 75 76 def test_LsarOpenPolicy(self): 77 dce, rpctransport, policyHandle = self.connect() 78 request = lsad.LsarOpenPolicy() 79 request['SystemName'] = NULL 80 request['ObjectAttributes']['RootDirectory'] = NULL 81 request['ObjectAttributes']['ObjectName'] = NULL 82 request['ObjectAttributes']['SecurityDescriptor'] = NULL 83 request['ObjectAttributes']['SecurityQualityOfService'] = NULL 84 request['DesiredAccess'] = MAXIMUM_ALLOWED 85 resp = dce.request(request) 86 resp.dump() 87 88 def test_hLsarOpenPolicy(self): 89 dce, rpctransport, policyHandle = self.connect() 90 resp = lsad.hLsarOpenPolicy(dce) 91 resp.dump() 92 93 def test_LsarQueryInformationPolicy2(self): 94 dce, rpctransport, policyHandle = self.connect() 95 request = lsad.LsarQueryInformationPolicy2() 96 request['PolicyHandle'] = policyHandle 97 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditLogInformation 98 resp = dce.request(request) 99 resp.dump() 100 101 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation 102 resp = dce.request(request) 103 resp.dump() 104 105 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation 106 resp = dce.request(request) 107 resp.dump() 108 109 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPdAccountInformation 110 resp = dce.request(request) 111 resp.dump() 112 113 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation 114 resp = dce.request(request) 115 resp.dump() 116 117 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation 118 resp = dce.request(request) 119 resp.dump() 120 121 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation 122 resp = dce.request(request) 123 resp.dump() 124 125 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation 126 resp = dce.request(request) 127 resp.dump() 128 129 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt 130 resp = dce.request(request) 131 resp.dump() 132 133 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation 134 resp = dce.request(request) 135 resp.dump() 136 137 def test_hLsarQueryInformationPolicy2(self): 138 dce, rpctransport, policyHandle = self.connect() 139 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditLogInformation) 140 resp.dump() 141 142 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation) 143 resp.dump() 144 145 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation) 146 resp.dump() 147 148 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyPdAccountInformation) 149 resp.dump() 150 151 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation) 152 resp.dump() 153 154 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation) 155 resp.dump() 156 157 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation) 158 resp.dump() 159 160 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation) 161 resp.dump() 162 163 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt) 164 resp.dump() 165 166 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation) 167 resp.dump() 168 169 def test_LsarQueryInformationPolicy(self): 170 dce, rpctransport, policyHandle = self.connect() 171 request = lsad.LsarQueryInformationPolicy() 172 request['PolicyHandle'] = policyHandle 173 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditLogInformation 174 resp = dce.request(request) 175 resp.dump() 176 177 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation 178 resp = dce.request(request) 179 resp.dump() 180 181 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation 182 resp = dce.request(request) 183 resp.dump() 184 185 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPdAccountInformation 186 resp = dce.request(request) 187 resp.dump() 188 189 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation 190 resp = dce.request(request) 191 resp.dump() 192 193 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation 194 resp = dce.request(request) 195 resp.dump() 196 197 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation 198 resp = dce.request(request) 199 resp.dump() 200 201 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation 202 resp = dce.request(request) 203 resp.dump() 204 205 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt 206 resp = dce.request(request) 207 resp.dump() 208 209 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation 210 resp = dce.request(request) 211 resp.dump() 212 213 def test_hLsarQueryInformationPolicy(self): 214 dce, rpctransport, policyHandle = self.connect() 215 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditLogInformation) 216 resp.dump() 217 218 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation) 219 resp.dump() 220 221 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation) 222 resp.dump() 223 224 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyPdAccountInformation) 225 resp.dump() 226 227 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation) 228 resp.dump() 229 230 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyLsaServerRoleInformation) 231 resp.dump() 232 233 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyReplicaSourceInformation) 234 resp.dump() 235 236 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformation) 237 resp.dump() 238 239 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyDnsDomainInformationInt) 240 resp.dump() 241 242 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyLocalAccountDomainInformation) 243 resp.dump() 244 245 def test_LsarQueryDomainInformationPolicy(self): 246 dce, rpctransport, policyHandle = self.connect() 247 request = lsad.LsarQueryDomainInformationPolicy() 248 request['PolicyHandle'] = policyHandle 249 request['InformationClass'] = lsad.POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation 250 try: 251 resp = dce.request(request) 252 resp.dump() 253 except Exception as e: 254 if str(e).find('STATUS_INVALID_PARAMETER') < 0: 255 raise 256 257 request['InformationClass'] = lsad.POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation 258 try: 259 resp = dce.request(request) 260 resp.dump() 261 except Exception as e: 262 if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') < 0: 263 raise 264 265 request['InformationClass'] = lsad.POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation 266 try: 267 resp = dce.request(request) 268 resp.dump() 269 except Exception as e: 270 if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') < 0: 271 raise 272 273 def test_hLsarQueryDomainInformationPolicy(self): 274 dce, rpctransport, policyHandle = self.connect() 275 try: 276 resp = lsad.hLsarQueryDomainInformationPolicy(dce, policyHandle, lsad.POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainQualityOfServiceInformation) 277 resp.dump() 278 except Exception as e: 279 if str(e).find('STATUS_INVALID_PARAMETER') < 0: 280 raise 281 282 try: 283 resp = lsad.hLsarQueryDomainInformationPolicy(dce, policyHandle, lsad.POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainEfsInformation) 284 resp.dump() 285 except Exception as e: 286 if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') < 0: 287 raise 288 289 try: 290 resp = lsad.hLsarQueryDomainInformationPolicy(dce, policyHandle, lsad.POLICY_DOMAIN_INFORMATION_CLASS.PolicyDomainKerberosTicketInformation) 291 resp.dump() 292 except Exception as e: 293 if str(e).find('STATUS_OBJECT_NAME_NOT_FOUND') < 0: 294 raise 295 296 def test_LsarEnumerateAccounts(self): 297 dce, rpctransport, policyHandle = self.connect() 298 request = lsad.LsarEnumerateAccounts() 299 request['PolicyHandle'] = policyHandle 300 request['PreferedMaximumLength'] = 0xffffffff 301 resp = dce.request(request) 302 resp.dump() 303 #for i in range(resp['EnumerationBuffer']['EntriesRead']): 304 # print resp['EnumerationBuffer']['Information'][i]['Sid'].formatCanonical() 305 306 def test_hLsarEnumerateAccounts(self): 307 dce, rpctransport, policyHandle = self.connect() 308 resp = lsad.hLsarEnumerateAccounts(dce, policyHandle) 309 resp.dump() 310 #for i in range(resp['EnumerationBuffer']['EntriesRead']): 311 # print resp['EnumerationBuffer']['Information'][i]['Sid'].formatCanonical() 312 313 def test_LsarEnumerateAccountsWithUserRight(self): 314 dce, rpctransport, policyHandle = self.connect() 315 request = lsad.LsarEnumerateAccountsWithUserRight() 316 request['PolicyHandle'] = policyHandle 317 request['UserRight'] = 'SeSystemtimePrivilege' 318 resp = dce.request(request) 319 resp.dump() 320 321 def test_hLsarEnumerateAccountsWithUserRight(self): 322 dce, rpctransport, policyHandle = self.connect() 323 resp = lsad.hLsarEnumerateAccountsWithUserRight(dce,policyHandle, 'SeSystemtimePrivilege') 324 resp.dump() 325 326 def test_LsarEnumerateTrustedDomainsEx(self): 327 dce, rpctransport, policyHandle = self.connect() 328 request = lsad.LsarEnumerateTrustedDomainsEx() 329 request['PolicyHandle'] = policyHandle 330 request['EnumerationContext'] = 0 331 request['PreferedMaximumLength'] = 0xffffffff 332 try: 333 resp = dce.request(request) 334 resp.dump() 335 except Exception as e: 336 if str(e).find('STATUS_NO_MORE_ENTRIES') < 0: 337 raise 338 339 def test_hLsarEnumerateTrustedDomainsEx(self): 340 dce, rpctransport, policyHandle = self.connect() 341 try: 342 resp = lsad.hLsarEnumerateTrustedDomainsEx(dce, policyHandle) 343 resp.dump() 344 except Exception as e: 345 if str(e).find('STATUS_NO_MORE_ENTRIES') < 0: 346 raise 347 348 def test_LsarEnumerateTrustedDomains(self): 349 dce, rpctransport, policyHandle = self.connect() 350 request = lsad.LsarEnumerateTrustedDomains() 351 request['PolicyHandle'] = policyHandle 352 request['EnumerationContext'] = 0 353 request['PreferedMaximumLength'] = 0xffffffff 354 try: 355 resp = dce.request(request) 356 resp.dump() 357 except Exception as e: 358 if str(e).find('STATUS_NO_MORE_ENTRIES') < 0: 359 raise 360 361 def test_hLsarEnumerateTrustedDomains(self): 362 dce, rpctransport, policyHandle = self.connect() 363 try: 364 resp = lsad.hLsarEnumerateTrustedDomains(dce, policyHandle) 365 resp.dump() 366 except Exception as e: 367 if str(e).find('STATUS_NO_MORE_ENTRIES') < 0: 368 raise 369 370 def test_hLsarOpenAccount(self): 371 dce, rpctransport, policyHandle = self.connect() 372 resp = lsad.hLsarEnumerateAccounts(dce, policyHandle) 373 resp.dump() 374 375 resp = lsad.hLsarOpenAccount(dce, policyHandle, resp['EnumerationBuffer']['Information'][0]['Sid'].formatCanonical()) 376 resp.dump() 377 378 resp = lsad.hLsarClose(dce, resp['AccountHandle']) 379 resp.dump() 380 381 def test_LsarOpenAccount(self): 382 dce, rpctransport, policyHandle = self.connect() 383 request = lsad.LsarEnumerateAccounts() 384 request['PolicyHandle'] = policyHandle 385 request['PreferedMaximumLength'] = 0xffffffff 386 resp = dce.request(request) 387 resp.dump() 388 389 request = lsad.LsarOpenAccount() 390 request['PolicyHandle'] = policyHandle 391 request['AccountSid'] = resp['EnumerationBuffer']['Information'][0]['Sid'] 392 request['DesiredAccess'] = MAXIMUM_ALLOWED 393 resp = dce.request(request) 394 resp.dump() 395 396 request = lsad.LsarClose() 397 request['ObjectHandle'] = resp['AccountHandle'] 398 resp = dce.request(request) 399 resp.dump() 400 401 def test_LsarCreateAccount_LsarDeleteObject(self): 402 dce, rpctransport, policyHandle = self.connect() 403 request = lsad.LsarQueryInformationPolicy2() 404 request['PolicyHandle'] = policyHandle 405 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation 406 resp = dce.request(request) 407 408 sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical() 409 sid = sid + '-9999' 410 411 request = lsad.LsarCreateAccount() 412 request['PolicyHandle'] = policyHandle 413 request['AccountSid'].fromCanonical(sid) 414 request['DesiredAccess'] = MAXIMUM_ALLOWED 415 resp = dce.request(request) 416 resp.dump() 417 418 request = lsad.LsarDeleteObject() 419 request['ObjectHandle'] = resp['AccountHandle'] 420 resp = dce.request(request) 421 resp.dump() 422 423 def test_hLsarCreateAccount_hLsarDeleteObject(self): 424 dce, rpctransport, policyHandle = self.connect() 425 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle,lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation) 426 427 sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical() 428 sid = sid + '-9999' 429 430 resp = lsad.hLsarCreateAccount(dce, policyHandle, sid) 431 resp.dump() 432 433 resp = lsad.hLsarDeleteObject(dce,resp['AccountHandle']) 434 resp.dump() 435 436 def test_LsarEnumeratePrivilegesAccount(self): 437 dce, rpctransport, policyHandle = self.connect() 438 sid = 'S-1-5-32-544' 439 440 request = lsad.LsarOpenAccount() 441 request['PolicyHandle'] = policyHandle 442 request['AccountSid'].fromCanonical(sid) 443 request['DesiredAccess'] = MAXIMUM_ALLOWED 444 resp = dce.request(request) 445 resp.dump() 446 447 request = lsad.LsarEnumeratePrivilegesAccount() 448 request['AccountHandle'] = resp['AccountHandle'] 449 resp = dce.request(request) 450 resp.dump() 451 452 def test_hLsarEnumeratePrivilegesAccount(self): 453 dce, rpctransport, policyHandle = self.connect() 454 sid = 'S-1-5-32-544' 455 456 resp = lsad.hLsarOpenAccount(dce, policyHandle, sid) 457 resp.dump() 458 459 resp = lsad.hLsarEnumeratePrivilegesAccount(dce,resp['AccountHandle'] ) 460 resp.dump() 461 462 def test_LsarGetSystemAccessAccount_LsarSetSystemAccessAccount(self): 463 dce, rpctransport, policyHandle = self.connect() 464 sid = 'S-1-5-32-544' 465 466 request = lsad.LsarOpenAccount() 467 request['PolicyHandle'] = policyHandle 468 request['AccountSid'].fromCanonical(sid) 469 request['DesiredAccess'] = MAXIMUM_ALLOWED 470 resp = dce.request(request) 471 resp.dump() 472 473 request = lsad.LsarGetSystemAccessAccount() 474 request['AccountHandle'] = resp['AccountHandle'] 475 resp2 = dce.request(request) 476 resp.dump() 477 478 request = lsad.LsarSetSystemAccessAccount() 479 request['AccountHandle'] = resp['AccountHandle'] 480 request['SystemAccess'] = resp2['SystemAccess'] 481 resp = dce.request(request) 482 resp.dump() 483 484 def test_hLsarGetSystemAccessAccount_hLsarSetSystemAccessAccount(self): 485 dce, rpctransport, policyHandle = self.connect() 486 sid = 'S-1-5-32-544' 487 488 resp = lsad.hLsarOpenAccount(dce, policyHandle, sid) 489 resp.dump() 490 491 resp2 = lsad.hLsarGetSystemAccessAccount(dce, resp['AccountHandle']) 492 resp2.dump() 493 494 resp = lsad.hLsarSetSystemAccessAccount(dce,resp['AccountHandle'],resp2['SystemAccess']) 495 resp.dump() 496 497 def test_LsarAddPrivilegesToAccount_LsarRemovePrivilegesFromAccount(self): 498 dce, rpctransport, policyHandle = self.connect() 499 request = lsad.LsarQueryInformationPolicy2() 500 request['PolicyHandle'] = policyHandle 501 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation 502 resp = dce.request(request) 503 504 sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical() 505 sid = sid + '-9999' 506 507 request = lsad.LsarCreateAccount() 508 request['PolicyHandle'] = policyHandle 509 request['AccountSid'].fromCanonical(sid) 510 request['DesiredAccess'] = MAXIMUM_ALLOWED | lsad.ACCOUNT_ADJUST_PRIVILEGES 511 resp = dce.request(request) 512 resp.dump() 513 accountHandle = resp['AccountHandle'] 514 515 request = lsad.LsarAddPrivilegesToAccount() 516 request['AccountHandle'] = accountHandle 517 request['Privileges']['PrivilegeCount'] = 1 518 request['Privileges']['Control'] = 0 519 attribute = lsad.LSAPR_LUID_AND_ATTRIBUTES() 520 attribute['Luid']['LowPart'] = 0 521 attribute['Luid']['HighPart'] = 3 522 attribute['Attributes'] = 3 523 request['Privileges']['Privilege'].append(attribute) 524 try: 525 resp = dce.request(request) 526 resp.dump() 527 except: 528 request = lsad.LsarDeleteObject() 529 request['ObjectHandle'] = accountHandle 530 resp = dce.request(request) 531 return 532 533 request = lsad.LsarRemovePrivilegesFromAccount() 534 request['AccountHandle'] = accountHandle 535 request['AllPrivileges'] = 1 536 request['Privileges'] = NULL 537 resp = dce.request(request) 538 resp.dump() 539 540 request = lsad.LsarDeleteObject() 541 request['ObjectHandle'] = accountHandle 542 resp = dce.request(request) 543 resp.dump() 544 545 def test_hLsarAddPrivilegesToAccount_hLsarRemovePrivilegesFromAccount(self): 546 dce, rpctransport, policyHandle = self.connect() 547 548 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle,lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation) 549 550 sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical() 551 sid = sid + '-9999' 552 553 resp = lsad.hLsarCreateAccount(dce, policyHandle, sid) 554 accountHandle = resp['AccountHandle'] 555 556 attributes = list() 557 attribute = lsad.LSAPR_LUID_AND_ATTRIBUTES() 558 attribute['Luid']['LowPart'] = 0 559 attribute['Luid']['HighPart'] = 3 560 attribute['Attributes'] = 3 561 attributes.append(attribute) 562 try: 563 resp = lsad.hLsarAddPrivilegesToAccount(dce,accountHandle, attributes) 564 resp.dump() 565 except: 566 resp = lsad.hLsarDeleteObject(dce, accountHandle) 567 return 568 569 resp = lsad.hLsarRemovePrivilegesFromAccount(dce, accountHandle, NULL, 1) 570 resp.dump() 571 572 resp = lsad.hLsarDeleteObject(dce,accountHandle ) 573 resp.dump() 574 575 def test_LsarEnumerateAccountRights(self): 576 dce, rpctransport, policyHandle = self.connect() 577 sid = 'S-1-5-32-544' 578 579 request = lsad.LsarEnumerateAccountRights() 580 request['PolicyHandle'] = policyHandle 581 request['AccountSid'].fromCanonical(sid) 582 resp = dce.request(request) 583 resp.dump() 584 585 def test_hLsarEnumerateAccountRights(self): 586 dce, rpctransport, policyHandle = self.connect() 587 sid = 'S-1-5-32-544' 588 589 resp = lsad.hLsarEnumerateAccountRights(dce, policyHandle, sid) 590 resp.dump() 591 592 def test_LsarAddAccountRights_LsarRemoveAccountRights(self): 593 dce, rpctransport, policyHandle = self.connect() 594 sid = 'S-1-5-32-504' 595 596 request = lsad.LsarAddAccountRights() 597 request['PolicyHandle'] = policyHandle 598 request['AccountSid'].fromCanonical(sid) 599 request['UserRights']['EntriesRead'] = 1 600 right = RPC_UNICODE_STRING() 601 right['Data'] = 'SeChangeNotifyPrivilege' 602 request['UserRights']['UserRights'].append(right) 603 resp = dce.request(request) 604 resp.dump() 605 606 request = lsad.LsarRemoveAccountRights() 607 request['PolicyHandle'] = policyHandle 608 request['AccountSid'].fromCanonical(sid) 609 request['UserRights']['EntriesRead'] = 1 610 right = RPC_UNICODE_STRING() 611 right['Data'] = 'SeChangeNotifyPrivilege' 612 request['UserRights']['UserRights'].append(right) 613 resp = dce.request(request) 614 resp.dump() 615 616 def test_hLsarAddAccountRights_hLsarRemoveAccountRights(self): 617 dce, rpctransport, policyHandle = self.connect() 618 sid = 'S-1-5-32-504' 619 620 resp = lsad.hLsarAddAccountRights(dce, policyHandle, sid, ('SeChangeNotifyPrivilege', )) 621 resp.dump() 622 resp = lsad.hLsarRemoveAccountRights(dce, policyHandle, sid, ('SeChangeNotifyPrivilege', )) 623 resp.dump() 624 625 def test_LsarCreateSecret_LsarOpenSecret(self): 626 dce, rpctransport, policyHandle = self.connect() 627 628 request = lsad.LsarCreateSecret() 629 request['PolicyHandle'] = policyHandle 630 request['SecretName'] = 'MYSECRET' 631 request['DesiredAccess'] = MAXIMUM_ALLOWED 632 resp = dce.request(request) 633 resp.dump() 634 635 request = lsad.LsarOpenSecret() 636 request['PolicyHandle'] = policyHandle 637 request['SecretName'] = 'MYSECRET' 638 request['DesiredAccess'] = MAXIMUM_ALLOWED 639 resp0 = dce.request(request) 640 resp0.dump() 641 642 request = lsad.LsarSetSecret() 643 request['SecretHandle'] = resp0['SecretHandle'] 644 request['EncryptedCurrentValue']['Length'] = 16 645 request['EncryptedCurrentValue']['MaximumLength'] = 16 646 request['EncryptedCurrentValue']['Buffer'] = list('A'*16) 647 request['EncryptedOldValue']['Length'] = 16 648 request['EncryptedOldValue']['MaximumLength'] = 16 649 request['EncryptedOldValue']['Buffer'] = list('A'*16) 650 #request['EncryptedCurrentValue'] = NULL 651 #request['EncryptedOldValue'] = NULL 652 try: 653 resp = dce.request(request) 654 resp.dump() 655 except: 656 pass 657 658 request = lsad.LsarDeleteObject() 659 request['ObjectHandle'] = resp0['SecretHandle'] 660 resp = dce.request(request) 661 resp.dump() 662 663 def test_hLsarCreateSecret_hLsarOpenSecret(self): 664 dce, rpctransport, policyHandle = self.connect() 665 666 resp = lsad.hLsarCreateSecret(dce, policyHandle, 'MYSECRET') 667 resp.dump() 668 669 resp0 = lsad.hLsarOpenSecret(dce, policyHandle, 'MYSECRET') 670 resp0.dump() 671 672 try: 673 resp = lsad.hLsarSetSecret(dce, resp0['SecretHandle'], 'A'*16, 'A'*16) 674 resp.dump() 675 except: 676 pass 677 678 resp = lsad.hLsarDeleteObject(dce,resp0['SecretHandle']) 679 resp.dump() 680 681 def test_LsarQuerySecret(self): 682 dce, rpctransport, policyHandle = self.connect() 683 684 request = lsad.LsarOpenSecret() 685 request['PolicyHandle'] = policyHandle 686 request['SecretName'] = 'DPAPI_SYSTEM' 687 request['DesiredAccess'] = MAXIMUM_ALLOWED 688 resp0 = dce.request(request) 689 resp0.dump() 690 691 request = lsad.LsarQuerySecret() 692 request['SecretHandle'] = resp0['SecretHandle'] 693 request['EncryptedCurrentValue']['Buffer'] = NULL 694 request['EncryptedOldValue']['Buffer'] = NULL 695 request['OldValueSetTime'] = NULL 696 resp = dce.request(request) 697 resp.dump() 698 699 def test_hLsarQuerySecret(self): 700 dce, rpctransport, policyHandle = self.connect() 701 702 resp0 = lsad.hLsarOpenSecret(dce, policyHandle, 'DPAPI_SYSTEM') 703 resp0.dump() 704 705 resp = lsad.hLsarQuerySecret(dce, resp0['SecretHandle']) 706 resp.dump() 707 708 def test_LsarRetrievePrivateData_LsarStorePrivateData(self): 709 dce, rpctransport, policyHandle = self.connect() 710 711 request = lsad.LsarRetrievePrivateData() 712 request['PolicyHandle'] = policyHandle 713 request['KeyName'] = 'DPAPI_SYSTEM' 714 resp0 = dce.request(request) 715 resp0.dump() 716 717 request = lsad.LsarStorePrivateData() 718 request['PolicyHandle'] = policyHandle 719 request['KeyName'] = 'BETUS' 720 request['EncryptedData'] = resp0['EncryptedData'] 721 resp = dce.request(request) 722 resp.dump() 723 724 request = lsad.LsarStorePrivateData() 725 request['PolicyHandle'] = policyHandle 726 request['KeyName'] = 'BETUS' 727 request['EncryptedData'] = NULL 728 resp = dce.request(request) 729 resp.dump() 730 731 def test_hLsarRetrievePrivateData_hLsarStorePrivateData(self): 732 dce, rpctransport, policyHandle = self.connect() 733 734 resp0 = lsad.hLsarRetrievePrivateData(dce,policyHandle,'DPAPI_SYSTEM') 735 #hexdump(resp0) 736 737 resp = lsad.hLsarStorePrivateData(dce, policyHandle, 'BETUS', resp0) 738 resp.dump() 739 740 resp = lsad.hLsarStorePrivateData(dce, policyHandle, 'BETUS', NULL) 741 resp.dump() 742 743 def test_LsarEnumeratePrivileges(self): 744 dce, rpctransport, policyHandle = self.connect() 745 746 request = lsad.LsarEnumeratePrivileges() 747 request['PolicyHandle'] = policyHandle 748 request['EnumerationContext'] = 0 749 request['PreferedMaximumLength'] = 0xffffffff 750 resp = dce.request(request) 751 resp.dump() 752 753 self.assertTrue( resp['EnumerationBuffer']['Entries'] == len(resp['EnumerationBuffer']['Privileges'] ) ) 754 755 def test_hLsarEnumeratePrivileges(self): 756 dce, rpctransport, policyHandle = self.connect() 757 758 resp = lsad.hLsarEnumeratePrivileges(dce, policyHandle) 759 resp.dump() 760 761 self.assertTrue( resp['EnumerationBuffer']['Entries'] == len(resp['EnumerationBuffer']['Privileges'] ) ) 762 763 def test_LsarLookupPrivilegeValue_LsarLookupPrivilegeName(self): 764 dce, rpctransport, policyHandle = self.connect() 765 766 request = lsad.LsarLookupPrivilegeValue() 767 request['PolicyHandle'] = policyHandle 768 request['Name'] = 'SeTimeZonePrivilege' 769 resp = dce.request(request) 770 resp.dump() 771 772 request = lsad.LsarLookupPrivilegeName() 773 request['PolicyHandle'] = policyHandle 774 request['Value'] = resp['Value'] 775 resp = dce.request(request) 776 resp.dump() 777 778 self.assertTrue( resp['Name'] == 'SeTimeZonePrivilege') 779 780 def test_hLsarLookupPrivilegeValue_hLsarLookupPrivilegeName(self): 781 dce, rpctransport, policyHandle = self.connect() 782 783 resp = lsad.hLsarLookupPrivilegeValue(dce, policyHandle,'SeTimeZonePrivilege' ) 784 resp.dump() 785 786 resp = lsad.hLsarLookupPrivilegeName(dce, policyHandle, resp['Value']) 787 resp.dump() 788 789 self.assertTrue( resp['Name'] == 'SeTimeZonePrivilege') 790 791 def test_LsarLookupPrivilegeDisplayName(self): 792 dce, rpctransport, policyHandle = self.connect() 793 794 request = lsad.LsarLookupPrivilegeDisplayName() 795 request['PolicyHandle'] = policyHandle 796 request['Name'] = 'SeTimeZonePrivilege' 797 request['ClientLanguage'] = 1 798 request['ClientSystemDefaultLanguage'] = 1 799 resp = dce.request(request) 800 resp.dump() 801 802 def test_LsarQuerySecurityObject_LsarSetSecurityObject(self): 803 dce, rpctransport, policyHandle = self.connect() 804 805 request = lsad.LsarQuerySecurityObject() 806 request['PolicyHandle'] = policyHandle 807 request['SecurityInformation'] = lsad.OWNER_SECURITY_INFORMATION 808 resp = dce.request(request) 809 resp.dump() 810 811 self.assertTrue( resp['SecurityDescriptor']['Length'] == len(resp['SecurityDescriptor']['SecurityDescriptor']) ) 812 813 request = lsad.LsarSetSecurityObject() 814 request['PolicyHandle'] = policyHandle 815 request['SecurityInformation'] = lsad.OWNER_SECURITY_INFORMATION 816 request['SecurityDescriptor'] = resp['SecurityDescriptor'] 817 resp = dce.request(request) 818 resp.dump() 819 820 def test_hLsarQuerySecurityObject_hLsarSetSecurityObject(self): 821 dce, rpctransport, policyHandle = self.connect() 822 823 resp = lsad.hLsarQuerySecurityObject(dce, policyHandle, lsad.OWNER_SECURITY_INFORMATION) 824 hexdump(resp) 825 826 resp = lsad.hLsarSetSecurityObject(dce, policyHandle, lsad.OWNER_SECURITY_INFORMATION,resp) 827 resp.dump() 828 829 def test_LsarQueryForestTrustInformation(self): 830 dce, rpctransport, policyHandle = self.connect() 831 832 request = lsad.LsarQueryForestTrustInformation() 833 request['PolicyHandle'] = policyHandle 834 request['TrustedDomainName'] = 'CORE' 835 request['HighestRecordType'] = lsad.LSA_FOREST_TRUST_RECORD_TYPE.ForestTrustTopLevelName 836 try: 837 resp = dce.request(request) 838 resp.dump() 839 except Exception as e: 840 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 841 raise 842 843 def test_LsarSetInformationPolicy2(self): 844 dce, rpctransport, policyHandle = self.connect() 845 request = lsad.LsarQueryInformationPolicy2() 846 request['PolicyHandle'] = policyHandle 847 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation 848 resp = dce.request(request) 849 resp.dump() 850 oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] 851 852 req = lsad.LsarSetInformationPolicy2() 853 req['PolicyHandle'] = policyHandle 854 req['InformationClass'] = request['InformationClass'] 855 req['PolicyInformation'] = resp['PolicyInformation'] 856 req['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0 857 resp2 = dce.request(req) 858 resp2.dump() 859 860 resp = dce.request(request) 861 resp.dump() 862 863 req['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = oldValue 864 resp2 = dce.request(req) 865 resp2.dump() 866 ################################################################################ 867 868 #request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation 869 #resp = dce.request(request) 870 #resp.dump() 871 #oldValue = resp['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] 872 873 #req = lsad.LsarSetInformationPolicy2() 874 #req['PolicyHandle'] = policyHandle 875 #req['InformationClass'] = request['InformationClass'] 876 #req['PolicyInformation'] = resp['PolicyInformation'] 877 #req['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] = 'BETUS' 878 #resp2 = dce.request(req) 879 #resp2.dump() 880 881 #resp = dce.request(request) 882 #resp.dump() 883 884 #self.assertTrue( 'BETUS' == resp['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] ) 885 886 #req['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] = oldValue 887 #resp2 = dce.request(req) 888 #resp2.dump() 889 890 ################################################################################ 891 892 #request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation 893 #resp = dce.request(request) 894 #resp.dump() 895 #oldValue = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] 896 897 #req = lsad.LsarSetInformationPolicy2() 898 #req['PolicyHandle'] = policyHandle 899 #req['InformationClass'] = request['InformationClass'] 900 #req['PolicyInformation'] = resp['PolicyInformation'] 901 #req['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] = 'BETUS' 902 #resp2 = dce.request(req) 903 #resp2.dump() 904 905 #resp = dce.request(request) 906 #resp.dump() 907 908 #self.assertTrue( 'BETUS' == resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] ) 909 910 #req['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] = oldValue 911 #resp2 = dce.request(req) 912 #resp2.dump() 913 914 ################################################################################ 915 916 # ToDo rest of the Information Classes 917 918 def test_hLsarSetInformationPolicy2(self): 919 dce, rpctransport, policyHandle = self.connect() 920 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation) 921 resp.dump() 922 oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] 923 924 resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0 925 resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] ) 926 resp2.dump() 927 928 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation) 929 resp.dump() 930 931 resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = oldValue 932 resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] ) 933 resp2.dump() 934 935 def test_LsarSetInformationPolicy(self): 936 dce, rpctransport, policyHandle = self.connect() 937 request = lsad.LsarQueryInformationPolicy() 938 request['PolicyHandle'] = policyHandle 939 request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation 940 resp = dce.request(request) 941 resp.dump() 942 oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] 943 944 req = lsad.LsarSetInformationPolicy() 945 req['PolicyHandle'] = policyHandle 946 req['InformationClass'] = request['InformationClass'] 947 req['PolicyInformation'] = resp['PolicyInformation'] 948 req['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0 949 resp2 = dce.request(req) 950 resp2.dump() 951 952 resp = dce.request(request) 953 resp.dump() 954 955 req['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = oldValue 956 resp2 = dce.request(req) 957 resp2.dump() 958 ################################################################################ 959 960 #request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyPrimaryDomainInformation 961 #resp = dce.request(request) 962 #resp.dump() 963 #oldValue = resp['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] 964 965 #req = lsad.LsarSetInformationPolicy() 966 #req['PolicyHandle'] = policyHandle 967 #req['InformationClass'] = request['InformationClass'] 968 #req['PolicyInformation'] = resp['PolicyInformation'] 969 #req['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] = 'BETUS' 970 #resp2 = dce.request(req) 971 #resp2.dump() 972 973 #resp = dce.request(request) 974 #resp.dump() 975 #self.assertTrue( 'BETUS' == resp['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] ) 976 977 #req['PolicyInformation']['PolicyPrimaryDomainInfo']['Name'] = oldValue 978 #resp2 = dce.request(req) 979 #resp2.dump() 980 981 ################################################################################ 982 983 #request['InformationClass'] = lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation 984 #resp = dce.request(request) 985 #resp.dump() 986 #oldValue = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] 987 988 #req = lsad.LsarSetInformationPolicy() 989 #req['PolicyHandle'] = policyHandle 990 #req['InformationClass'] = request['InformationClass'] 991 #req['PolicyInformation'] = resp['PolicyInformation'] 992 #req['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] = 'BETUS' 993 #resp2 = dce.request(req) 994 #resp2.dump() 995 996 #resp = dce.request(request) 997 #resp.dump() 998 999 #self.assertTrue( 'BETUS' == resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] ) 1000 1001 #req['PolicyInformation']['PolicyAccountDomainInfo']['DomainName'] = oldValue 1002 #resp2 = dce.request(req) 1003 #resp2.dump() 1004 1005 ################################################################################ 1006 1007 # ToDo rest of the Information Classes 1008 1009 def test_hLsarSetInformationPolicy(self): 1010 dce, rpctransport, policyHandle = self.connect() 1011 resp = lsad.hLsarQueryInformationPolicy(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation) 1012 resp.dump() 1013 oldValue = resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] 1014 1015 resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = 0 1016 resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] ) 1017 resp2.dump() 1018 1019 resp = lsad.hLsarQueryInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation) 1020 resp.dump() 1021 1022 resp['PolicyInformation']['PolicyAuditEventsInfo']['AuditingMode'] = oldValue 1023 resp2 = lsad.hLsarSetInformationPolicy2(dce, policyHandle, lsad.POLICY_INFORMATION_CLASS.PolicyAuditEventsInformation, resp['PolicyInformation'] ) 1024 resp2.dump() 1025 1026 class SMBTransport(LSADTests): 1027 def setUp(self): 1028 LSADTests.setUp(self) 1029 configFile = ConfigParser.ConfigParser() 1030 configFile.read('dcetests.cfg') 1031 self.username = configFile.get('SMBTransport', 'username') 1032 self.domain = configFile.get('SMBTransport', 'domain') 1033 self.serverName = configFile.get('SMBTransport', 'servername') 1034 self.password = configFile.get('SMBTransport', 'password') 1035 self.machine = configFile.get('SMBTransport', 'machine') 1036 self.hashes = configFile.get('SMBTransport', 'hashes') 1037 self.stringBinding = r'ncacn_np:%s[\PIPE\lsarpc]' % self.machine 1038 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 1039 1040 class SMBTransport64(LSADTests): 1041 def setUp(self): 1042 LSADTests.setUp(self) 1043 configFile = ConfigParser.ConfigParser() 1044 configFile.read('dcetests.cfg') 1045 self.username = configFile.get('SMBTransport', 'username') 1046 self.domain = configFile.get('SMBTransport', 'domain') 1047 self.serverName = configFile.get('SMBTransport', 'servername') 1048 self.password = configFile.get('SMBTransport', 'password') 1049 self.machine = configFile.get('SMBTransport', 'machine') 1050 self.hashes = configFile.get('SMBTransport', 'hashes') 1051 self.stringBinding = r'ncacn_np:%s[\PIPE\lsarpc]' % self.machine 1052 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 1053 1054 # Process command-line arguments. 1055 if __name__ == '__main__': 1056 import sys 1057 if len(sys.argv) > 1: 1058 testcase = sys.argv[1] 1059 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 1060 else: 1061 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 1062 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 1063 unittest.TextTestRunner(verbosity=1).run(suite)