github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_samr.py (about) 1 ############################################################################### 2 # Tested so far: 3 # 4 # SamrConnect5 5 # SamrConnect4 6 # SamrConnect2 7 # SamrConnect 8 # SamrOpenDomain 9 # SamrOpenGroup 10 # SamrOpenAlias 11 # SamrOpenUser 12 # SamrEnumerateDomainsInSamServer 13 # SamrEnumerateGroupsInDomain 14 # SamrEnumerateAliasesInDomain 15 # SamrEnumerateUsersInDomain 16 # SamrLookupDomainInSamServer 17 # SamrLookupNamesInDomain 18 # SamrLookupIdsInDomain 19 # SamrGetGroupsForUser 20 # SamrQueryDisplayInformation3 21 # SamrQueryDisplayInformation2 22 # SamrQueryDisplayInformation 23 # SamrGetDisplayEnumerationIndex2 24 # SamrGetDisplayEnumerationIndex 25 # SamrCreateGroupInDomain 26 # SamrCreateAliasInDomain 27 # SamrCreateUser2InDomain 28 # SamrCreateUserInDomain 29 # SamrQueryInformationDomain2 30 # SamrQueryInformationDomain 31 # SamrQueryInformationGroup 32 # SamrQueryInformationAlias 33 # SamrQueryInformationUser2 34 # SamrQueryInformationUser 35 # SamrDeleteUser 36 # SamrDeleteAlias 37 # SamrDeleteGroup 38 # SamrAddMemberToGroup 39 # SamrRemoveMemberFromGroup 40 # SamrGetMembersInGroup 41 # SamrGetMembersInAlias 42 # SamrAddMemberToAlias 43 # SamrRemoveMemberFromAlias 44 # SamrAddMultipleMembersToAlias 45 # SamrRemoveMultipleMembersFromAlias 46 # SamrRemoveMemberFromForeignDomain 47 # SamrGetAliasMembership 48 # SamrCloseHandle 49 # SamrSetMemberAttributesOfGroup 50 # SamrGetUserDomainPasswordInformation 51 # SamrGetDomainPasswordInformation 52 # SamrRidToSid 53 # SamrSetDSRMPassword 54 # SamrValidatePassword 55 # SamrQuerySecurityObject 56 # SamrSetSecurityObject 57 # SamrSetInformationDomain 58 # SamrSetInformationGroup 59 # SamrSetInformationAlias 60 # SamrSetInformationUser2 61 # SamrChangePasswordUser 62 # SamrOemChangePasswordUser2 63 # SamrUnicodeChangePasswordUser2 64 # hSamrConnect5 65 # hSamrConnect4 66 # hSamrConnect2 67 # hSamrConnect 68 # hSamrOpenDomain 69 # hSamrOpenGroup 70 # hSamrOpenAlias 71 # hSamrOpenUser 72 # hSamrEnumerateDomainsInSamServer 73 # hSamrEnumerateGroupsInDomain 74 # hSamrEnumerateAliasesInDomain 75 # hSamrEnumerateUsersInDomain 76 # hSamrQueryDisplayInformation3 77 # hSamrQueryDisplayInformation2 78 # hSamrQueryDisplayInformation 79 # hSamrGetDisplayEnumerationIndex2 80 # hSamrGetDisplayEnumerationIndex 81 # hSamrCreateGroupInDomain 82 # hSamrCreateAliasInDomain 83 # hSamrCreateUser2InDomain 84 # hSamrCreateUserInDomain 85 # hSamrQueryInformationDomain2 86 # hSamrQueryInformationDomain 87 # hSamrQueryInformationGroup 88 # hSamrQueryInformationAlias 89 # SamrQueryInformationUser2 90 # hSamrSetInformationDomain 91 # hSamrSetInformationGroup 92 # hSamrSetInformationAlias 93 # hSamrSetInformationUser2 94 # hSamrDeleteGroup 95 # hSamrDeleteAlias 96 # hSamrDeleteUser 97 # hSamrAddMemberToGroup 98 # hSamrRemoveMemberFromGroup 99 # hSamrGetMembersInGroup 100 # hSamrAddMemberToAlias 101 # hSamrRemoveMemberFromAlias 102 # hSamrGetMembersInAlias 103 # hSamrRemoveMemberFromForeignDomain 104 # hSamrAddMultipleMembersToAlias 105 # hSamrRemoveMultipleMembersFromAlias 106 # hSamrGetGroupsForUser 107 # hSamrGetAliasMembership 108 # hSamrChangePasswordUser 109 # hSamrUnicodeChangePasswordUser2 110 # hSamrLookupDomainInSamServer 111 # hSamrSetSecurityObject 112 # hSamrQuerySecurityObject 113 # hSamrCloseHandle 114 # hSamrGetUserDomainPasswordInformation 115 # hSamrGetDomainPasswordInformation 116 # hSamrRidToSid 117 # hSamrValidatePassword 118 # hSamrLookupNamesInDomain 119 # hSamrLookupIdsInDomain 120 # 121 # ToDo: 122 # 123 # Shouldn't dump errors against a win7 124 ################################################################################ 125 126 try: 127 import ConfigParser 128 except ImportError: 129 import configparser as ConfigParser 130 import unittest 131 import string 132 import random 133 134 from impacket.dcerpc.v5 import transport 135 from impacket.dcerpc.v5 import samr, epm 136 from impacket.dcerpc.v5 import dtypes 137 from impacket import nt_errors, ntlm 138 from impacket.dcerpc.v5.ndr import NULL 139 from six import b 140 141 142 class SAMRTests(unittest.TestCase): 143 def connect(self): 144 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 145 #rpctransport.set_dport(self.dport) 146 if len(self.hashes) > 0: 147 lmhash, nthash = self.hashes.split(':') 148 else: 149 lmhash = '' 150 nthash = '' 151 if hasattr(rpctransport, 'set_credentials'): 152 # This method exists only for selected protocol sequences. 153 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 154 dce = rpctransport.get_dce_rpc() 155 dce.connect() 156 #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) 157 dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) 158 dce.bind(samr.MSRPC_UUID_SAMR, transfer_syntax = self.ts) 159 request = samr.SamrConnect() 160 request['ServerName'] = 'BETO\x00' 161 request['DesiredAccess'] = samr.DELETE | samr.READ_CONTROL | samr.WRITE_DAC | samr.WRITE_OWNER | samr.ACCESS_SYSTEM_SECURITY | samr.GENERIC_READ | samr.GENERIC_WRITE | samr.GENERIC_EXECUTE | samr.SAM_SERVER_CONNECT | samr.SAM_SERVER_SHUTDOWN | samr.SAM_SERVER_INITIALIZE | samr.SAM_SERVER_CREATE_DOMAIN | samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN | samr.SAM_SERVER_READ | samr.SAM_SERVER_WRITE | samr.SAM_SERVER_EXECUTE 162 resp = dce.request(request) 163 request = samr.SamrEnumerateDomainsInSamServer() 164 request['ServerHandle'] = resp['ServerHandle'] 165 request['EnumerationContext'] = 0 166 request['PreferedMaximumLength'] = 500 167 resp2 = dce.request(request) 168 request = samr.SamrLookupDomainInSamServer() 169 request['ServerHandle'] = resp['ServerHandle'] 170 request['Name'] = resp2['Buffer']['Buffer'][0]['Name'] 171 resp3 = dce.request(request) 172 request = samr.SamrOpenDomain() 173 request['ServerHandle'] = resp['ServerHandle'] 174 request['DesiredAccess'] = samr.DOMAIN_READ_PASSWORD_PARAMETERS | samr.DOMAIN_READ_OTHER_PARAMETERS | samr.DOMAIN_CREATE_USER | samr.DOMAIN_CREATE_ALIAS | samr.DOMAIN_LOOKUP | samr.DOMAIN_LIST_ACCOUNTS | samr.DOMAIN_ADMINISTER_SERVER | samr.DELETE | samr.READ_CONTROL | samr.ACCESS_SYSTEM_SECURITY | samr.DOMAIN_WRITE_OTHER_PARAMETERS | samr.DOMAIN_WRITE_PASSWORD_PARAMS 175 request['DomainId'] = resp3['DomainId'] 176 resp4 = dce.request(request) 177 178 return dce, rpctransport, resp4['DomainHandle'] 179 180 def test_SamrCloseHandle(self): 181 dce, rpctransport, domainHandle = self.connect() 182 request = samr.SamrCloseHandle() 183 request['SamHandle'] = domainHandle 184 resp = dce.request(request) 185 resp.dump() 186 187 def test_hSamrCloseHandle(self): 188 dce, rpctransport, domainHandle = self.connect() 189 resp = samr.hSamrCloseHandle(dce, domainHandle) 190 resp.dump() 191 192 def test_SamrConnect5(self): 193 dce, rpctransport, domainHandle = self.connect() 194 request = samr.SamrConnect5() 195 request['ServerName'] = 'BETO\x00' 196 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 197 request['InVersion'] = 1 198 request['InRevisionInfo']['tag'] = 1 199 resp = dce.request(request) 200 resp.dump() 201 202 def test_hSamrConnect5(self): 203 dce, rpctransport, domainHandle = self.connect() 204 resp = samr.hSamrConnect5(dce) 205 resp.dump() 206 207 def test_SamrConnect4(self): 208 dce, rpctransport, domainHandle = self.connect() 209 request = samr.SamrConnect4() 210 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 211 request['ServerName'] = 'BETO\x00' 212 request['ClientRevision'] = 2 213 resp = dce.request(request) 214 resp.dump() 215 216 def test_hSamrConnect4(self): 217 dce, rpctransport, domainHandle = self.connect() 218 resp = samr.hSamrConnect4(dce) 219 resp.dump() 220 221 def test_SamrConnect2(self): 222 dce, rpctransport, domainHandle = self.connect() 223 request = samr.SamrConnect2() 224 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 225 request['ServerName'] = 'BETO\x00' 226 resp = dce.request(request) 227 resp.dump() 228 229 def test_hSamrConnect2(self): 230 dce, rpctransport, domainHandle = self.connect() 231 resp = samr.hSamrConnect2(dce) 232 resp.dump() 233 234 def test_SamrConnect(self): 235 dce, rpctransport, domainHandle = self.connect() 236 request = samr.SamrConnect() 237 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 238 resp = dce.request(request) 239 resp.dump() 240 241 def test_hSamrConnect(self): 242 dce, rpctransport, domainHandle = self.connect() 243 resp = samr.hSamrConnect(dce) 244 resp.dump() 245 246 def test_SamrOpenDomain(self): 247 dce, rpctransport, domainHandle = self.connect() 248 request = samr.SamrConnect() 249 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 250 request['ServerName'] = 'BETO\x00' 251 resp = dce.request(request) 252 request = samr.SamrOpenDomain() 253 SID = 'S-1-5-352321536-2562177771-1589929855-2033349547' 254 request['ServerHandle'] = resp['ServerHandle'] 255 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 256 request['DomainId'].fromCanonical(SID) 257 try: 258 resp = dce.request(request) 259 resp.dump() 260 except Exception as e: 261 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 262 raise 263 264 def test_hSamrOpenDomain(self): 265 dce, rpctransport, domainHandle = self.connect() 266 resp = samr.hSamrConnect(dce) 267 268 SID = 'S-1-5-352321536-2562177771-1589929855-2033349547' 269 sid = dtypes.RPC_SID() 270 sid.fromCanonical(SID) 271 try: 272 resp = samr.hSamrOpenDomain(dce, serverHandle = resp['ServerHandle'], domainId = sid) 273 resp.dump() 274 except Exception as e: 275 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 276 raise 277 278 def test_SamrOpenGroup(self): 279 dce, rpctransport, domainHandle = self.connect() 280 request = samr.SamrConnect() 281 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 282 request['ServerName'] = 'BETO\x00' 283 resp = dce.request(request) 284 request = samr.SamrOpenGroup() 285 request['DomainHandle'] = domainHandle 286 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 287 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 288 try: 289 resp = dce.request(request) 290 resp.dump() 291 except Exception as e: 292 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 293 raise 294 295 def test_hSamrOpenGroup(self): 296 dce, rpctransport, domainHandle = self.connect() 297 try: 298 resp = samr.hSamrOpenGroup(dce, domainHandle, groupId=samr.DOMAIN_GROUP_RID_USERS) 299 resp.dump() 300 except Exception as e: 301 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 302 raise 303 304 def test_SamrOpenAlias(self): 305 dce, rpctransport, domainHandle = self.connect() 306 request = samr.SamrOpenAlias() 307 request['DomainHandle'] = domainHandle 308 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 309 request['AliasId'] = 25 310 try: 311 resp = dce.request(request) 312 resp.dump() 313 except Exception as e: 314 if str(e).find('STATUS_NO_SUCH_ALIAS') < 0: 315 raise 316 317 def test_hSamrOpenAlias(self): 318 dce, rpctransport, domainHandle = self.connect() 319 try: 320 resp = samr.hSamrOpenAlias(dce, domainHandle, aliasId = 25) 321 resp.dump() 322 except Exception as e: 323 if str(e).find('STATUS_NO_SUCH_ALIAS') < 0: 324 raise 325 326 def test_SamrOpenUser(self): 327 dce, rpctransport, domainHandle = self.connect() 328 request = samr.SamrOpenUser() 329 request['DomainHandle'] = domainHandle 330 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT 331 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 332 resp = dce.request(request) 333 resp.dump() 334 335 def test_hSamrOpenUser(self): 336 dce, rpctransport, domainHandle = self.connect() 337 resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN) 338 339 resp.dump() 340 341 def test_SamrEnumerateDomainsInSamServer(self): 342 dce, rpctransport, domainHandle = self.connect() 343 request = samr.SamrConnect() 344 request['ServerName'] = 'BETO\x00' 345 request['DesiredAccess'] = samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN 346 resp = dce.request(request) 347 request = samr.SamrEnumerateDomainsInSamServer() 348 request['ServerHandle'] = resp['ServerHandle'] 349 request['EnumerationContext'] = 0 350 request['PreferedMaximumLength'] = 500 351 resp2 = dce.request(request) 352 resp2.dump() 353 request = samr.SamrLookupDomainInSamServer() 354 request['ServerHandle'] = resp['ServerHandle'] 355 request['Name'] = resp2['Buffer']['Buffer'][0]['Name'] 356 resp3 = dce.request(request) 357 resp3.dump() 358 request = samr.SamrOpenDomain() 359 request['ServerHandle'] = resp['ServerHandle'] 360 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 361 request['DomainId'] = resp3['DomainId'] 362 resp4 = dce.request(request) 363 resp4.dump() 364 365 def test_hSamrEnumerateDomainsInSamServer(self): 366 dce, rpctransport, domainHandle = self.connect() 367 resp = samr.hSamrConnect(dce, desiredAccess = samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN) 368 resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, resp['ServerHandle']) 369 resp2.dump() 370 resp3 = samr.hSamrLookupDomainInSamServer(dce, resp['ServerHandle'],resp2['Buffer']['Buffer'][0]['Name'] ) 371 resp3.dump() 372 request = samr.SamrOpenDomain() 373 request['ServerHandle'] = resp['ServerHandle'] 374 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 375 request['DomainId'] = resp3['DomainId'] 376 resp4 = dce.request(request) 377 resp4.dump() 378 379 def test_SamrLookupNamesInDomain(self): 380 dce, rpctransport, domainHandle = self.connect() 381 request = samr.SamrLookupNamesInDomain() 382 request['DomainHandle'] = domainHandle 383 request['Count'] = 1 384 entry = dtypes.RPC_UNICODE_STRING() 385 entry['Data'] = 'Administrator' 386 #entry.fields['MaximumLength'] = len('Administrator\x00')*2 387 #entry.fields['Data'].fields['Data'].fields['MaximumCount'] = len('Administrator\x00') 388 request['Names'].append(entry) 389 request.fields['Names'].fields['MaximumCount'] = 1000 390 resp5 = dce.request(request) 391 resp5.dump() 392 393 def test_hSamrLookupNamesInDomain(self): 394 dce, rpctransport, domainHandle = self.connect() 395 try: 396 resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, ('Administrator','Guest')) 397 resp.dump() 398 except Exception as e: 399 if str(e).find('STATUS_MORE_ENTRIES') >=0: 400 pass 401 e.get_packet().dump() 402 403 def test_SamrLookupIdsInDomain(self): 404 dce, rpctransport, domainHandle = self.connect() 405 request = samr.SamrLookupIdsInDomain() 406 request.dump() 407 request['DomainHandle'] = domainHandle 408 request['Count'] = 2 409 entry = dtypes.ULONG() 410 entry['Data'] = 500 411 request['RelativeIds'].append(entry) 412 entry = dtypes.ULONG() 413 entry['Data'] = 501 414 request['RelativeIds'].append(entry) 415 request.fields['RelativeIds'].fields['MaximumCount'] = 1000 416 resp5 = dce.request(request) 417 resp5.dump() 418 419 def test_hSamrLookupIdsInDomain(self): 420 dce, rpctransport, domainHandle = self.connect() 421 resp = samr.hSamrLookupIdsInDomain(dce, domainHandle, (500,501)) 422 resp.dump() 423 424 def test_SamrEnumerateGroupsInDomain(self): 425 dce, rpctransport, domainHandle = self.connect() 426 request = samr.SamrEnumerateGroupsInDomain() 427 request['DomainHandle'] = domainHandle 428 request['EnumerationContext'] = 0 429 request['PreferedMaximumLength'] = 500 430 status = nt_errors.STATUS_MORE_ENTRIES 431 while status == nt_errors.STATUS_MORE_ENTRIES: 432 try: 433 resp4 = dce.request(request) 434 except Exception as e: 435 if str(e).find('STATUS_MORE_ENTRIES') < 0: 436 raise 437 resp4 = e.get_packet() 438 resp4['Buffer'].dump() 439 request['EnumerationContext'] = resp4['EnumerationContext'] 440 status = resp4['ErrorCode'] 441 442 def test_hSamrEnumerateGroupsInDomain(self): 443 dce, rpctransport, domainHandle = self.connect() 444 resp = samr.hSamrEnumerateGroupsInDomain(dce, domainHandle) 445 resp.dump() 446 447 def test_SamrEnumerateAliasesInDomain(self): 448 dce, rpctransport, domainHandle = self.connect() 449 request = samr.SamrEnumerateAliasesInDomain() 450 request['DomainHandle'] = domainHandle 451 request['EnumerationContext'] = 0 452 request['PreferedMaximumLength'] = 500 453 status = nt_errors.STATUS_MORE_ENTRIES 454 while status == nt_errors.STATUS_MORE_ENTRIES: 455 try: 456 resp4 = dce.request(request) 457 except Exception as e: 458 if str(e).find('STATUS_MORE_ENTRIES') < 0: 459 raise 460 resp4 = e.get_packet() 461 resp4['Buffer'].dump() 462 request['EnumerationContext'] = resp4['EnumerationContext'] 463 status = resp4['ErrorCode'] 464 465 def test_hSamrEnumerateAliasesInDomain(self): 466 dce, rpctransport, domainHandle = self.connect() 467 resp = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 468 resp.dump() 469 470 def test_SamrEnumerateUsersInDomain(self): 471 dce, rpctransport, domainHandle = self.connect() 472 request = samr.SamrEnumerateUsersInDomain() 473 request['DomainHandle'] = domainHandle 474 request['UserAccountControl'] = samr.USER_NORMAL_ACCOUNT 475 request['EnumerationContext'] = 0 476 request['PreferedMaximumLength'] = 8192 477 status = nt_errors.STATUS_MORE_ENTRIES 478 while status == nt_errors.STATUS_MORE_ENTRIES: 479 try: 480 resp4 = dce.request(request) 481 except Exception as e: 482 if str(e).find('STATUS_MORE_ENTRIES') < 0: 483 raise 484 resp4 = e.get_packet() 485 resp4['Buffer'].dump() 486 request['EnumerationContext'] = resp4['EnumerationContext'] 487 status = resp4['ErrorCode'] 488 489 def test_hSamrEnumerateUsersInDomain(self): 490 dce, rpctransport, domainHandle = self.connect() 491 try: 492 resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle) 493 resp.dump() 494 except Exception as e: 495 if str(e).find('STATUS_MORE_ENTRIES') >=0: 496 pass 497 e.get_packet().dump() 498 499 def test_SamrGetGroupsForUser(self): 500 dce, rpctransport, domainHandle = self.connect() 501 request = samr.SamrOpenUser() 502 request['DomainHandle'] = domainHandle 503 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS 504 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 505 resp = dce.request(request) 506 resp.dump() 507 request = samr.SamrGetGroupsForUser() 508 request['UserHandle'] = resp['UserHandle'] 509 resp = dce.request(request) 510 resp.dump() 511 512 def test_hSamrGetGroupsForUser(self): 513 dce, rpctransport, domainHandle = self.connect() 514 request = samr.SamrOpenUser() 515 request['DomainHandle'] = domainHandle 516 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS 517 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 518 resp = dce.request(request) 519 resp.dump() 520 resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle']) 521 resp.dump() 522 523 def test_SamrQueryDisplayInformation3(self): 524 dce, rpctransport, domainHandle = self.connect() 525 request = samr.SamrQueryDisplayInformation3() 526 request['DomainHandle'] = domainHandle 527 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 528 request['Index'] = 0 529 request['EntryCount'] = 100 530 request['PreferredMaximumLength'] = 8192 531 #request.dump() 532 try: 533 resp = dce.request(request) 534 resp.dump() 535 except Exception as e: 536 if str(e).find('STATUS_MORE_ENTRIES') >=0: 537 e.get_packet().dump() 538 else: 539 raise 540 541 request = samr.SamrQueryDisplayInformation3() 542 request['DomainHandle'] = domainHandle 543 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine 544 request['Index'] = 0 545 request['EntryCount'] = 100 546 request['PreferredMaximumLength'] = 8192 547 #request.dump() 548 resp = dce.request(request) 549 resp.dump() 550 551 request = samr.SamrQueryDisplayInformation3() 552 request['DomainHandle'] = domainHandle 553 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup 554 request['Index'] = 0 555 request['EntryCount'] = 100 556 request['PreferredMaximumLength'] = 8192 557 #request.dump() 558 resp = dce.request(request) 559 resp.dump() 560 561 request = samr.SamrQueryDisplayInformation3() 562 request['DomainHandle'] = domainHandle 563 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup 564 request['Index'] = 0 565 request['EntryCount'] = 100 566 request['PreferredMaximumLength'] = 8192 567 #request.dump() 568 resp = dce.request(request) 569 resp.dump() 570 571 def test_hSamrQueryDisplayInformation3(self): 572 dce, rpctransport, domainHandle = self.connect() 573 try: 574 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser) 575 resp.dump() 576 except Exception as e: 577 if str(e).find('STATUS_MORE_ENTRIES') >=0: 578 e.get_packet().dump() 579 else: 580 raise 581 582 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine) 583 resp.dump() 584 585 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup) 586 resp.dump() 587 588 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup) 589 resp.dump() 590 591 def test_SamrQueryDisplayInformation2(self): 592 dce, rpctransport, domainHandle = self.connect() 593 try: 594 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser) 595 resp.dump() 596 except Exception as e: 597 if str(e).find('STATUS_MORE_ENTRIES') >=0: 598 e.get_packet().dump() 599 else: 600 raise 601 602 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine) 603 resp.dump() 604 605 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup) 606 resp.dump() 607 608 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup) 609 resp.dump() 610 611 def test_SamrQueryDisplayInformation(self): 612 dce, rpctransport, domainHandle = self.connect() 613 request = samr.SamrQueryDisplayInformation() 614 request['DomainHandle'] = domainHandle 615 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 616 request['Index'] = 0 617 request['EntryCount'] = 100 618 request['PreferredMaximumLength'] = 8192 619 #request.dump() 620 try: 621 resp = dce.request(request) 622 resp.dump() 623 except Exception as e: 624 if str(e).find('STATUS_MORE_ENTRIES') >=0: 625 e.get_packet().dump() 626 else: 627 raise 628 629 request = samr.SamrQueryDisplayInformation() 630 request['DomainHandle'] = domainHandle 631 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine 632 request['Index'] = 0 633 request['EntryCount'] = 100 634 request['PreferredMaximumLength'] = 8192 635 #request.dump() 636 resp = dce.request(request) 637 resp.dump() 638 639 request = samr.SamrQueryDisplayInformation() 640 request['DomainHandle'] = domainHandle 641 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup 642 request['Index'] = 0 643 request['EntryCount'] = 100 644 request['PreferredMaximumLength'] = 8192 645 #request.dump() 646 resp = dce.request(request) 647 resp.dump() 648 649 request = samr.SamrQueryDisplayInformation() 650 request['DomainHandle'] = domainHandle 651 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup 652 request['Index'] = 0 653 request['EntryCount'] = 100 654 request['PreferredMaximumLength'] = 8192 655 #request.dump() 656 resp = dce.request(request) 657 resp.dump() 658 659 def test_hSamrQueryDisplayInformation(self): 660 dce, rpctransport, domainHandle = self.connect() 661 662 try: 663 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser) 664 resp.dump() 665 except Exception as e: 666 if str(e).find('STATUS_MORE_ENTRIES') >=0: 667 e.get_packet().dump() 668 else: 669 raise 670 671 672 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine) 673 resp.dump() 674 675 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup) 676 resp.dump() 677 678 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup) 679 resp.dump() 680 681 def test_SamrGetDisplayEnumerationIndex2(self): 682 dce, rpctransport, domainHandle = self.connect() 683 request = samr.SamrGetDisplayEnumerationIndex2() 684 request['DomainHandle'] = domainHandle 685 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 686 request['Prefix'] = 'Gu' 687 #request.dump() 688 resp = dce.request(request) 689 resp.dump() 690 691 request = samr.SamrGetDisplayEnumerationIndex2() 692 request['DomainHandle'] = domainHandle 693 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup 694 request['Prefix'] = 'Non' 695 #request.dump() 696 resp = dce.request(request) 697 resp.dump() 698 699 def test_hSamrGetDisplayEnumerationIndex2(self): 700 dce, rpctransport, domainHandle = self.connect() 701 resp = samr.hSamrGetDisplayEnumerationIndex2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, 'Gu') 702 resp.dump() 703 704 resp = samr.hSamrGetDisplayEnumerationIndex2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup, 'Non') 705 resp.dump() 706 707 def test_SamrGetDisplayEnumerationIndex(self): 708 dce, rpctransport, domainHandle = self.connect() 709 resp = samr.hSamrGetDisplayEnumerationIndex(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, 'Gu') 710 resp.dump() 711 712 def test_hSamrGetDisplayEnumerationIndex(self): 713 dce, rpctransport, domainHandle = self.connect() 714 request = samr.SamrGetDisplayEnumerationIndex() 715 request['DomainHandle'] = domainHandle 716 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 717 request['Prefix'] = 'Gu' 718 #request.dump() 719 resp = dce.request(request) 720 resp.dump() 721 722 def test_SamrCreateGroupInDomain_SamrDeleteGroup(self): 723 dce, rpctransport, domainHandle = self.connect() 724 request = samr.SamrCreateGroupInDomain() 725 request['DomainHandle'] = domainHandle 726 request['Name'] = 'testGroup' 727 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 728 #request.dump() 729 try: 730 resp = dce.request(request) 731 resp.dump() 732 except Exception as e: 733 if str(e).find("STATUS_ACCESS_DENIED") < 0: 734 raise 735 request = samr.SamrDeleteGroup() 736 request['GroupHandle'] = domainHandle 737 try: 738 resp = dce.request(request) 739 resp.dump() 740 except Exception as e: 741 if str(e).find("STATUS_OBJECT_TYPE_MISMATCH") < 0: 742 raise 743 744 def test_hSamrCreateGroupInDomain_hSamrDeleteGroup(self): 745 dce, rpctransport, domainHandle = self.connect() 746 try: 747 resp = samr.hSamrCreateGroupInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 748 resp.dump() 749 except Exception as e: 750 if str(e).find("STATUS_ACCESS_DENIED") < 0: 751 raise 752 try: 753 resp = samr.hSamrDeleteGroup(dce, domainHandle) 754 resp.dump() 755 except Exception as e: 756 if str(e).find("STATUS_OBJECT_TYPE_MISMATCH") < 0: 757 raise 758 759 def test_SamrCreateAliasInDomain_SamrDeleteAlias(self): 760 dce, rpctransport, domainHandle = self.connect() 761 request = samr.SamrCreateAliasInDomain() 762 request['DomainHandle'] = domainHandle 763 request['AccountName'] = 'testGroup' 764 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 765 #request.dump() 766 resp = dce.request(request) 767 resp.dump() 768 request = samr.SamrDeleteAlias() 769 request['AliasHandle'] = resp['AliasHandle'] 770 resp = dce.request(request) 771 resp.dump() 772 773 def test_hSamrCreateAliasInDomain_hSamrDeleteAlias(self): 774 dce, rpctransport, domainHandle = self.connect() 775 resp = samr.hSamrCreateAliasInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 776 resp.dump() 777 resp = samr.hSamrDeleteAlias(dce, resp['AliasHandle']) 778 resp.dump() 779 780 def test_SamrCreateUser2InDomain_SamrDeleteUser(self): 781 dce, rpctransport, domainHandle = self.connect() 782 request = samr.SamrCreateUser2InDomain() 783 request['DomainHandle'] = domainHandle 784 request['Name'] = 'testAccount' 785 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 786 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.DELETE 787 #request.dump() 788 resp = dce.request(request) 789 resp.dump() 790 request = samr.SamrDeleteUser() 791 request['UserHandle'] = resp['UserHandle'] 792 resp = dce.request(request) 793 resp.dump() 794 795 def test_hSamrCreateUser2InDomain_hSamrDeleteUser(self): 796 dce, rpctransport, domainHandle = self.connect() 797 resp = samr.hSamrCreateUser2InDomain(dce, domainHandle, 'testAccount', samr.USER_NORMAL_ACCOUNT,samr.USER_READ_GENERAL | samr.DELETE ) 798 resp.dump() 799 resp = samr.hSamrDeleteUser(dce, resp['UserHandle']) 800 resp.dump() 801 802 def test_SamrQueryInformationDomain2(self): 803 dce, rpctransport, domainHandle = self.connect() 804 request = samr.SamrQueryInformationDomain2() 805 request['DomainHandle'] = domainHandle 806 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation 807 #request.dump() 808 resp = dce.request(request) 809 resp.dump() 810 811 request = samr.SamrQueryInformationDomain2() 812 request['DomainHandle'] = domainHandle 813 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation 814 #request.dump() 815 resp = dce.request(request) 816 resp.dump() 817 818 request = samr.SamrQueryInformationDomain2() 819 request['DomainHandle'] = domainHandle 820 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation 821 #request.dump() 822 resp = dce.request(request) 823 resp.dump() 824 825 request = samr.SamrQueryInformationDomain2() 826 request['DomainHandle'] = domainHandle 827 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation 828 #request.dump() 829 resp = dce.request(request) 830 resp.dump() 831 832 request = samr.SamrQueryInformationDomain2() 833 request['DomainHandle'] = domainHandle 834 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation 835 #request.dump() 836 resp = dce.request(request) 837 resp.dump() 838 839 request = samr.SamrQueryInformationDomain2() 840 request['DomainHandle'] = domainHandle 841 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation 842 #request.dump() 843 resp = dce.request(request) 844 resp.dump() 845 846 request = samr.SamrQueryInformationDomain2() 847 request['DomainHandle'] = domainHandle 848 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation 849 #request.dump() 850 resp = dce.request(request) 851 resp.dump() 852 853 request = samr.SamrQueryInformationDomain2() 854 request['DomainHandle'] = domainHandle 855 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation 856 #request.dump() 857 resp = dce.request(request) 858 resp.dump() 859 860 request = samr.SamrQueryInformationDomain2() 861 request['DomainHandle'] = domainHandle 862 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation 863 #request.dump() 864 resp = dce.request(request) 865 resp.dump() 866 867 request = samr.SamrQueryInformationDomain2() 868 request['DomainHandle'] = domainHandle 869 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 870 #request.dump() 871 resp = dce.request(request) 872 resp.dump() 873 874 request = samr.SamrQueryInformationDomain2() 875 request['DomainHandle'] = domainHandle 876 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation 877 #request.dump() 878 resp = dce.request(request) 879 resp.dump() 880 881 request = samr.SamrQueryInformationDomain2() 882 request['DomainHandle'] = domainHandle 883 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 884 #request.dump() 885 resp = dce.request(request) 886 resp.dump() 887 888 def test_SamrQueryInformationDomain2(self): 889 dce, rpctransport, domainHandle = self.connect() 890 request = samr.SamrQueryInformationDomain2() 891 request['DomainHandle'] = domainHandle 892 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation 893 #request.dump() 894 resp = dce.request(request) 895 resp.dump() 896 897 request = samr.SamrQueryInformationDomain2() 898 request['DomainHandle'] = domainHandle 899 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation 900 #request.dump() 901 resp = dce.request(request) 902 resp.dump() 903 904 request = samr.SamrQueryInformationDomain2() 905 request['DomainHandle'] = domainHandle 906 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation 907 #request.dump() 908 resp = dce.request(request) 909 resp.dump() 910 911 request = samr.SamrQueryInformationDomain2() 912 request['DomainHandle'] = domainHandle 913 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation 914 #request.dump() 915 resp = dce.request(request) 916 resp.dump() 917 918 request = samr.SamrQueryInformationDomain2() 919 request['DomainHandle'] = domainHandle 920 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation 921 #request.dump() 922 resp = dce.request(request) 923 resp.dump() 924 925 request = samr.SamrQueryInformationDomain2() 926 request['DomainHandle'] = domainHandle 927 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation 928 #request.dump() 929 resp = dce.request(request) 930 resp.dump() 931 932 request = samr.SamrQueryInformationDomain2() 933 request['DomainHandle'] = domainHandle 934 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation 935 #request.dump() 936 resp = dce.request(request) 937 resp.dump() 938 939 request = samr.SamrQueryInformationDomain2() 940 request['DomainHandle'] = domainHandle 941 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation 942 #request.dump() 943 resp = dce.request(request) 944 resp.dump() 945 946 request = samr.SamrQueryInformationDomain2() 947 request['DomainHandle'] = domainHandle 948 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation 949 #request.dump() 950 resp = dce.request(request) 951 resp.dump() 952 953 request = samr.SamrQueryInformationDomain2() 954 request['DomainHandle'] = domainHandle 955 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 956 #request.dump() 957 resp = dce.request(request) 958 resp.dump() 959 960 request = samr.SamrQueryInformationDomain2() 961 request['DomainHandle'] = domainHandle 962 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation 963 #request.dump() 964 resp = dce.request(request) 965 resp.dump() 966 967 request = samr.SamrQueryInformationDomain2() 968 request['DomainHandle'] = domainHandle 969 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 970 #request.dump() 971 resp = dce.request(request) 972 resp.dump() 973 974 def test_hSamrQueryInformationDomain2(self): 975 dce, rpctransport, domainHandle = self.connect() 976 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation) 977 resp.dump() 978 979 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation) 980 resp.dump() 981 982 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation) 983 resp.dump() 984 985 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation) 986 resp.dump() 987 988 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation) 989 resp.dump() 990 991 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation) 992 resp.dump() 993 994 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation) 995 resp.dump() 996 997 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation) 998 resp.dump() 999 1000 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation) 1001 resp.dump() 1002 1003 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2) 1004 resp.dump() 1005 1006 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation) 1007 resp.dump() 1008 1009 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2) 1010 resp.dump() 1011 1012 def test_hSamrQueryInformationDomain_hSamrSetInformationDomain(self): 1013 dce, rpctransport, domainHandle = self.connect() 1014 1015 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation) 1016 resp.dump() 1017 1018 resp['Buffer']['Password']['MaxPasswordAge']['LowPart'] = 11 1019 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1020 resp.dump() 1021 1022 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation) 1023 resp2.dump() 1024 self.assertTrue( 11 == resp2['Buffer']['Password']['MaxPasswordAge']['LowPart'] ) 1025 1026 resp2['Buffer']['Password']['MaxPasswordAge']['LowPart'] = 0 1027 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1028 resp.dump() 1029 1030 ################################################################################ 1031 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation) 1032 resp.dump() 1033 1034 resp['Buffer']['General']['ReplicaSourceNodeName'] = 'BETUS' 1035 try: 1036 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1037 except Exception as e: 1038 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1039 raise 1040 1041 1042 ################################################################################ 1043 1044 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation) 1045 resp.dump() 1046 1047 oldData = resp['Buffer']['Logoff']['ForceLogoff']['LowPart'] 1048 1049 resp['Buffer']['Logoff']['ForceLogoff']['LowPart'] = 11 1050 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1051 resp.dump() 1052 1053 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation) 1054 resp2.dump() 1055 1056 self.assertTrue( 11 == resp2['Buffer']['Logoff']['ForceLogoff']['LowPart'] ) 1057 1058 resp2['Buffer']['Logoff']['ForceLogoff']['LowPart'] = oldData 1059 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1060 resp.dump() 1061 1062 ################################################################################ 1063 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation) 1064 resp.dump() 1065 1066 oldData = resp['Buffer']['Oem']['OemInformation'] 1067 1068 resp['Buffer']['Oem']['OemInformation'] = 'BETUS' 1069 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1070 resp.dump() 1071 1072 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation) 1073 resp2.dump() 1074 1075 self.assertTrue( 'BETUS' == resp2['Buffer']['Oem']['OemInformation']) 1076 1077 resp2['Buffer']['Oem']['OemInformation'] = oldData 1078 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1079 resp.dump() 1080 1081 ################################################################################ 1082 1083 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation) 1084 resp.dump() 1085 1086 ################################################################################ 1087 1088 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation) 1089 resp.dump() 1090 1091 ################################################################################ 1092 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation) 1093 resp.dump() 1094 1095 oldData = resp['Buffer']['Replication']['ReplicaSourceNodeName'] 1096 1097 resp['Buffer']['Replication']['ReplicaSourceNodeName'] = 'BETUS' 1098 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1099 resp.dump() 1100 1101 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation) 1102 resp2.dump() 1103 1104 self.assertTrue( 'BETUS' == resp2['Buffer']['Replication']['ReplicaSourceNodeName']) 1105 1106 resp2['Buffer']['Replication']['ReplicaSourceNodeName'] = oldData 1107 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1108 resp.dump() 1109 1110 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation) 1111 resp.dump() 1112 1113 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation) 1114 resp.dump() 1115 1116 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2) 1117 resp.dump() 1118 1119 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation) 1120 resp.dump() 1121 1122 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2) 1123 resp.dump() 1124 1125 def test_SamrQueryInformationGroup_SamrSetInformationGroup(self): 1126 dce, rpctransport, domainHandle = self.connect() 1127 request = samr.SamrOpenGroup() 1128 request['DomainHandle'] = domainHandle 1129 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS 1130 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1131 try: 1132 resp0 = dce.request(request) 1133 resp0.dump() 1134 except Exception as e: 1135 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1136 raise 1137 1138 request = samr.SamrQueryInformationGroup() 1139 request['GroupHandle'] = resp0['GroupHandle'] 1140 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupGeneralInformation 1141 #request.dump() 1142 resp = dce.request(request) 1143 resp.dump() 1144 ################################################################################ 1145 1146 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1147 #request.dump() 1148 resp = dce.request(request) 1149 resp.dump() 1150 oldData = resp['Buffer']['Name']['Name'] 1151 1152 req = samr.SamrSetInformationGroup() 1153 req['GroupHandle'] = resp0['GroupHandle'] 1154 req['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1155 req['Buffer']['tag'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1156 req['Buffer']['Name']['Name'] = 'BETUS' 1157 resp = dce.request(req) 1158 resp.dump() 1159 1160 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1161 #request.dump() 1162 resp = dce.request(request) 1163 resp.dump() 1164 1165 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1166 1167 req['Buffer']['Name']['Name'] = oldData 1168 resp = dce.request(req) 1169 resp.dump() 1170 1171 1172 ################################################################################ 1173 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1174 #request.dump() 1175 resp = dce.request(request) 1176 resp.dump() 1177 oldData = resp['Buffer']['Attribute']['Attributes'] 1178 1179 req = samr.SamrSetInformationGroup() 1180 req['GroupHandle'] = resp0['GroupHandle'] 1181 req['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1182 req['Buffer']['tag'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1183 req['Buffer']['Attribute']['Attributes'] = 2 1184 resp = dce.request(req) 1185 resp.dump() 1186 1187 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1188 #request.dump() 1189 resp = dce.request(request) 1190 resp.dump() 1191 1192 #self.assertTrue( 2 == resp['Buffer']['Attribute']['Attributes']) 1193 1194 req['Buffer']['Attribute']['Attributes'] = oldData 1195 resp = dce.request(req) 1196 resp.dump() 1197 1198 1199 ################################################################################ 1200 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1201 #request.dump() 1202 resp = dce.request(request) 1203 resp.dump() 1204 1205 oldData = resp['Buffer']['AdminComment']['AdminComment'] 1206 1207 req = samr.SamrSetInformationGroup() 1208 req['GroupHandle'] = resp0['GroupHandle'] 1209 req['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1210 req['Buffer']['tag'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1211 req['Buffer']['AdminComment']['AdminComment'] = 'BETUS' 1212 resp = dce.request(req) 1213 resp.dump() 1214 1215 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1216 #request.dump() 1217 resp = dce.request(request) 1218 resp.dump() 1219 1220 self.assertTrue( 'BETUS' == resp['Buffer']['AdminComment']['AdminComment']) 1221 1222 req['Buffer']['AdminComment']['AdminComment'] = oldData 1223 resp = dce.request(req) 1224 resp.dump() 1225 1226 ################################################################################ 1227 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupReplicationInformation 1228 #request.dump() 1229 resp = dce.request(request) 1230 resp.dump() 1231 1232 def test_hSamrQueryInformationGroup_hSamrSetInformationGroup(self): 1233 dce, rpctransport, domainHandle = self.connect() 1234 try: 1235 resp0 = samr.hSamrOpenGroup(dce, domainHandle,samr.GROUP_ALL_ACCESS, samr.DOMAIN_GROUP_RID_USERS ) 1236 resp0.dump() 1237 except Exception as e: 1238 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1239 raise 1240 1241 resp = samr.hSamrQueryInformationGroup(dce, resp0['GroupHandle'],samr.GROUP_INFORMATION_CLASS.GroupGeneralInformation) 1242 resp.dump() 1243 ################################################################################ 1244 1245 resp = samr.hSamrQueryInformationGroup(dce, resp0['GroupHandle'],samr.GROUP_INFORMATION_CLASS.GroupNameInformation) 1246 resp.dump() 1247 oldData = resp['Buffer']['Name']['Name'] 1248 1249 req = samr.SAMPR_GROUP_INFO_BUFFER() 1250 req['tag'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1251 req['Name']['Name'] = 'BETUS' 1252 resp = samr.hSamrSetInformationGroup(dce, resp0['GroupHandle'], req) 1253 resp.dump() 1254 1255 resp = samr.hSamrQueryInformationGroup(dce, resp0['GroupHandle'],samr.GROUP_INFORMATION_CLASS.GroupNameInformation) 1256 resp.dump() 1257 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1258 1259 req['Name']['Name'] = oldData 1260 resp = samr.hSamrSetInformationGroup(dce, resp0['GroupHandle'], req) 1261 resp.dump() 1262 1263 def test_hSamrQueryInformationAlias_hSamrSetInformationAlias(self): 1264 dce, rpctransport, domainHandle = self.connect() 1265 resp4 = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 1266 resp4.dump() 1267 1268 resp0 = samr.hSamrOpenAlias(dce, domainHandle, aliasId = resp4['Buffer']['Buffer'][0]['RelativeId']) 1269 resp0.dump() 1270 1271 resp = samr.hSamrQueryInformationAlias(dce, resp0['AliasHandle'], samr.ALIAS_INFORMATION_CLASS.AliasGeneralInformation) 1272 resp.dump() 1273 1274 ################################################################################ 1275 resp = samr.hSamrQueryInformationAlias(dce, resp0['AliasHandle'], samr.ALIAS_INFORMATION_CLASS.AliasNameInformation) 1276 resp.dump() 1277 oldData = resp['Buffer']['Name']['Name'] 1278 1279 req = samr.SAMPR_ALIAS_INFO_BUFFER() 1280 req['tag'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1281 req['Name']['Name'] = 'BETUS' 1282 resp = samr.hSamrSetInformationAlias(dce, resp0['AliasHandle'], req) 1283 resp.dump() 1284 1285 resp = samr.hSamrQueryInformationAlias(dce, resp0['AliasHandle'], samr.ALIAS_INFORMATION_CLASS.AliasNameInformation) 1286 resp.dump() 1287 1288 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1289 1290 req['Name']['Name'] = oldData 1291 resp = samr.hSamrSetInformationAlias(dce, resp0['AliasHandle'], req) 1292 resp.dump() 1293 1294 def test_SamrQueryInformationAlias_SamrSetInformationAlias(self): 1295 dce, rpctransport, domainHandle = self.connect() 1296 request = samr.SamrEnumerateAliasesInDomain() 1297 request['DomainHandle'] = domainHandle 1298 request['EnumerationContext'] = 0 1299 request['PreferedMaximumLength'] = 500 1300 status = nt_errors.STATUS_MORE_ENTRIES 1301 while status == nt_errors.STATUS_MORE_ENTRIES: 1302 try: 1303 resp4 = dce.request(request) 1304 except Exception as e: 1305 if str(e).find('STATUS_MORE_ENTRIES') < 0: 1306 raise 1307 resp4 = e.get_packet() 1308 resp4['Buffer'].dump() 1309 request['EnumerationContext'] = resp4['EnumerationContext'] 1310 status = resp4['ErrorCode'] 1311 1312 resp4.dump() 1313 request = samr.SamrOpenAlias() 1314 request['DomainHandle'] = domainHandle 1315 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1316 request['AliasId'] = resp4['Buffer']['Buffer'][0]['RelativeId'] 1317 resp0 = dce.request(request) 1318 resp0.dump() 1319 1320 request = samr.SamrQueryInformationAlias() 1321 request['AliasHandle'] = resp0['AliasHandle'] 1322 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasGeneralInformation 1323 #request.dump() 1324 resp = dce.request(request) 1325 resp.dump() 1326 1327 ################################################################################ 1328 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1329 #request.dump() 1330 resp = dce.request(request) 1331 resp.dump() 1332 oldData = resp['Buffer']['Name']['Name'] 1333 1334 req = samr.SamrSetInformationAlias() 1335 req['AliasHandle'] = resp0['AliasHandle'] 1336 req['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1337 req['Buffer']['tag'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1338 req['Buffer']['Name']['Name'] = 'BETUS' 1339 resp = dce.request(req) 1340 resp.dump() 1341 1342 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1343 #request.dump() 1344 resp = dce.request(request) 1345 resp.dump() 1346 1347 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1348 1349 req['Buffer']['Name']['Name'] = oldData 1350 resp = dce.request(req) 1351 resp.dump() 1352 1353 1354 ################################################################################ 1355 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1356 #request.dump() 1357 resp = dce.request(request) 1358 resp.dump() 1359 oldData = resp['Buffer']['AdminComment']['AdminComment'] 1360 1361 req = samr.SamrSetInformationAlias() 1362 req['AliasHandle'] = resp0['AliasHandle'] 1363 req['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1364 req['Buffer']['tag'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1365 req['Buffer']['AdminComment']['AdminComment'] = 'BETUS' 1366 resp = dce.request(req) 1367 resp.dump() 1368 1369 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1370 #request.dump() 1371 resp = dce.request(request) 1372 resp.dump() 1373 1374 self.assertTrue( 'BETUS' == resp['Buffer']['AdminComment']['AdminComment']) 1375 1376 req['Buffer']['AdminComment']['AdminComment'] = oldData 1377 resp = dce.request(req) 1378 resp.dump() 1379 1380 def test_SamrQueryInformationUser2_SamrSetInformationUser2(self): 1381 dce, rpctransport, domainHandle = self.connect() 1382 request = samr.SamrOpenUser() 1383 request['DomainHandle'] = domainHandle 1384 #request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_ALL_ACCESS | samr.USER_READ | samr.USER_READ_LOGON 1385 request['DesiredAccess'] = \ 1386 samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_WRITE_PREFERENCES | samr.USER_READ_LOGON \ 1387 | samr.USER_READ_ACCOUNT | samr.USER_WRITE_ACCOUNT | samr.USER_CHANGE_PASSWORD | samr.USER_FORCE_PASSWORD_CHANGE \ 1388 | samr.USER_LIST_GROUPS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION | samr.USER_ALL_ACCESS \ 1389 | samr.USER_READ | samr.USER_WRITE | samr.USER_EXECUTE 1390 1391 1392 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 1393 resp = dce.request(request) 1394 resp.dump() 1395 1396 request = samr.SamrQueryInformationUser2() 1397 request['UserHandle'] = resp['UserHandle'] 1398 userHandle = resp['UserHandle'] 1399 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserGeneralInformation 1400 #request.dump() 1401 resp = dce.request(request) 1402 resp.dump() 1403 ################################################################################ 1404 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1405 #request.dump() 1406 resp = dce.request(request) 1407 resp.dump() 1408 oldData = resp['Buffer']['Preferences']['UserComment'] 1409 1410 req = samr.SamrSetInformationUser2() 1411 req['UserHandle'] = userHandle 1412 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1413 req['Buffer'] = resp['Buffer'] 1414 req['Buffer']['Preferences']['UserComment'] = 'BETO' 1415 resp = dce.request(req) 1416 resp.dump() 1417 1418 resp = dce.request(request) 1419 resp.dump() 1420 1421 self.assertTrue( 'BETO' == resp['Buffer']['Preferences']['UserComment']) 1422 1423 req['Buffer']['Preferences']['UserComment'] = oldData 1424 resp = dce.request(req) 1425 resp.dump() 1426 1427 ################################################################################ 1428 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonInformation 1429 #request.dump() 1430 resp = dce.request(request) 1431 resp.dump() 1432 1433 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonHoursInformation 1434 #request.dump() 1435 resp = dce.request(request) 1436 resp.dump() 1437 1438 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountInformation 1439 #request.dump() 1440 resp = dce.request(request) 1441 resp.dump() 1442 1443 ################################################################################ 1444 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserNameInformation 1445 #request.dump() 1446 resp = dce.request(request) 1447 resp.dump() 1448 oldData = resp['Buffer']['Name']['FullName'] 1449 1450 req = samr.SamrSetInformationUser2() 1451 req['UserHandle'] = userHandle 1452 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserNameInformation 1453 req['Buffer'] = resp['Buffer'] 1454 req['Buffer']['Name']['FullName'] = 'BETO' 1455 resp = dce.request(req) 1456 resp.dump() 1457 1458 resp = dce.request(request) 1459 resp.dump() 1460 1461 self.assertTrue( 'BETO' == resp['Buffer']['Name']['FullName']) 1462 1463 req['Buffer']['Name']['FullName'] = oldData 1464 resp = dce.request(req) 1465 resp.dump() 1466 1467 ################################################################################ 1468 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountNameInformation 1469 #request.dump() 1470 resp = dce.request(request) 1471 resp.dump() 1472 1473 oldData = resp['Buffer']['AccountName']['UserName'] 1474 1475 req = samr.SamrSetInformationUser2() 1476 req['UserHandle'] = userHandle 1477 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountNameInformation 1478 req['Buffer'] = resp['Buffer'] 1479 req['Buffer']['AccountName']['UserName'] = 'BETUS' 1480 resp = dce.request(req) 1481 resp.dump() 1482 1483 resp = dce.request(request) 1484 resp.dump() 1485 1486 self.assertTrue( 'BETUS' == resp['Buffer']['AccountName']['UserName']) 1487 1488 req['Buffer']['AccountName']['UserName'] = oldData 1489 resp = dce.request(req) 1490 resp.dump() 1491 1492 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserFullNameInformation 1493 #request.dump() 1494 resp = dce.request(request) 1495 resp.dump() 1496 1497 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPrimaryGroupInformation 1498 #request.dump() 1499 resp = dce.request(request) 1500 resp.dump() 1501 1502 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserHomeInformation 1503 #request.dump() 1504 resp = dce.request(request) 1505 resp.dump() 1506 1507 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserScriptInformation 1508 #request.dump() 1509 resp = dce.request(request) 1510 resp.dump() 1511 1512 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserProfileInformation 1513 #request.dump() 1514 resp = dce.request(request) 1515 resp.dump() 1516 1517 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAdminCommentInformation 1518 #request.dump() 1519 resp = dce.request(request) 1520 resp.dump() 1521 1522 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserWorkStationsInformation 1523 #request.dump() 1524 resp = dce.request(request) 1525 resp.dump() 1526 1527 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserControlInformation 1528 #request.dump() 1529 resp = dce.request(request) 1530 resp.dump() 1531 1532 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserExpiresInformation 1533 #request.dump() 1534 resp = dce.request(request) 1535 resp.dump() 1536 1537 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal1Information 1538 #request.dump() 1539 try: 1540 resp = dce.request(request) 1541 resp.dump() 1542 except Exception as e: 1543 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1544 raise 1545 pass 1546 1547 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserParametersInformation 1548 #request.dump() 1549 resp = dce.request(request) 1550 resp.dump() 1551 1552 ################################################################################ 1553 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAllInformation 1554 #request.dump() 1555 resp = dce.request(request) 1556 resp.dump() 1557 1558 ################################################################################ 1559 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4Information 1560 #request.dump() 1561 try: 1562 resp = dce.request(request) 1563 resp.dump() 1564 except Exception as e: 1565 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1566 raise 1567 pass 1568 1569 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5Information 1570 #request.dump() 1571 try: 1572 resp = dce.request(request) 1573 resp.dump() 1574 except Exception as e: 1575 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1576 raise 1577 pass 1578 1579 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4InformationNew 1580 #request.dump() 1581 try: 1582 resp = dce.request(request) 1583 resp.dump() 1584 except Exception as e: 1585 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1586 raise 1587 pass 1588 1589 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5InformationNew 1590 #request.dump() 1591 try: 1592 resp = dce.request(request) 1593 resp.dump() 1594 except Exception as e: 1595 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1596 raise 1597 pass 1598 1599 def test_hSamrQueryInformationUser2_hSamrSetInformationUser2(self): 1600 dce, rpctransport, domainHandle = self.connect() 1601 desiredAccess = \ 1602 samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_WRITE_PREFERENCES | samr.USER_READ_LOGON \ 1603 | samr.USER_READ_ACCOUNT | samr.USER_WRITE_ACCOUNT | samr.USER_CHANGE_PASSWORD | samr.USER_FORCE_PASSWORD_CHANGE \ 1604 | samr.USER_LIST_GROUPS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION | samr.USER_ALL_ACCESS \ 1605 | samr.USER_READ | samr.USER_WRITE | samr.USER_EXECUTE 1606 resp = samr.hSamrOpenUser(dce, domainHandle, desiredAccess, samr.DOMAIN_USER_RID_ADMIN ) 1607 resp.dump() 1608 userHandle = resp['UserHandle'] 1609 1610 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserGeneralInformation) 1611 resp.dump() 1612 ################################################################################ 1613 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserPreferencesInformation) 1614 resp.dump() 1615 oldData = resp['Buffer']['Preferences']['UserComment'] 1616 1617 resp['Buffer']['Preferences']['UserComment'] = 'BETO' 1618 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1619 resp.dump() 1620 1621 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserPreferencesInformation) 1622 resp.dump() 1623 1624 self.assertTrue( 'BETO' == resp['Buffer']['Preferences']['UserComment']) 1625 1626 resp['Buffer']['Preferences']['UserComment'] = oldData 1627 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1628 resp.dump() 1629 1630 ################################################################################ 1631 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserLogonInformation) 1632 resp.dump() 1633 1634 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserLogonHoursInformation) 1635 resp.dump() 1636 1637 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAccountInformation) 1638 resp.dump() 1639 1640 ################################################################################ 1641 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserNameInformation) 1642 resp.dump() 1643 oldData = resp['Buffer']['Name']['FullName'] 1644 1645 resp['Buffer']['Name']['FullName'] = 'BETO' 1646 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1647 resp.dump() 1648 1649 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserNameInformation) 1650 resp.dump() 1651 1652 self.assertTrue( 'BETO' == resp['Buffer']['Name']['FullName']) 1653 1654 resp['Buffer']['Name']['FullName'] = oldData 1655 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1656 resp.dump() 1657 1658 ################################################################################ 1659 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAccountNameInformation) 1660 resp.dump() 1661 1662 oldData = resp['Buffer']['AccountName']['UserName'] 1663 1664 resp['Buffer']['AccountName']['UserName'] = 'BETUS' 1665 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1666 resp.dump() 1667 1668 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAccountNameInformation) 1669 resp.dump() 1670 1671 self.assertTrue( 'BETUS' == resp['Buffer']['AccountName']['UserName']) 1672 1673 resp['Buffer']['AccountName']['UserName'] = oldData 1674 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1675 resp.dump() 1676 1677 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserFullNameInformation) 1678 resp.dump() 1679 1680 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserPrimaryGroupInformation) 1681 resp.dump() 1682 1683 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserHomeInformation) 1684 resp.dump() 1685 1686 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserScriptInformation) 1687 resp.dump() 1688 1689 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserProfileInformation) 1690 resp.dump() 1691 1692 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAdminCommentInformation) 1693 resp.dump() 1694 1695 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserWorkStationsInformation) 1696 resp.dump() 1697 1698 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserControlInformation) 1699 resp.dump() 1700 1701 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserExpiresInformation) 1702 resp.dump() 1703 1704 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserParametersInformation) 1705 resp.dump() 1706 1707 1708 ################################################################################ 1709 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAllInformation) 1710 resp.dump() 1711 1712 def test_SamrQueryInformationUser_SamrSetInformationUser(self): 1713 dce, rpctransport, domainHandle = self.connect() 1714 request = samr.SamrOpenUser() 1715 request['DomainHandle'] = domainHandle 1716 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_ALL_ACCESS | samr.USER_READ 1717 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 1718 resp = dce.request(request) 1719 resp.dump() 1720 1721 request = samr.SamrQueryInformationUser() 1722 request['UserHandle'] = resp['UserHandle'] 1723 userHandle = resp['UserHandle'] 1724 1725 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserGeneralInformation 1726 #request.dump() 1727 resp = dce.request(request) 1728 resp.dump() 1729 1730 ################################################################################ 1731 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1732 #request.dump() 1733 resp = dce.request(request) 1734 resp.dump() 1735 oldData = resp['Buffer']['Preferences']['UserComment'] 1736 1737 req = samr.SamrSetInformationUser() 1738 req['UserHandle'] = userHandle 1739 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1740 req['Buffer'] = resp['Buffer'] 1741 req['Buffer']['Preferences']['UserComment'] = 'BETO' 1742 resp = dce.request(req) 1743 resp.dump() 1744 1745 resp = dce.request(request) 1746 resp.dump() 1747 1748 self.assertTrue( 'BETO' == resp['Buffer']['Preferences']['UserComment']) 1749 1750 req['Buffer']['Preferences']['UserComment'] = oldData 1751 resp = dce.request(req) 1752 resp.dump() 1753 1754 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonInformation 1755 #request.dump() 1756 resp = dce.request(request) 1757 resp.dump() 1758 1759 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonHoursInformation 1760 #request.dump() 1761 resp = dce.request(request) 1762 resp.dump() 1763 1764 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountInformation 1765 #request.dump() 1766 resp = dce.request(request) 1767 resp.dump() 1768 1769 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserNameInformation 1770 #request.dump() 1771 resp = dce.request(request) 1772 resp.dump() 1773 1774 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountNameInformation 1775 #request.dump() 1776 resp = dce.request(request) 1777 resp.dump() 1778 1779 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserFullNameInformation 1780 #request.dump() 1781 resp = dce.request(request) 1782 resp.dump() 1783 1784 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPrimaryGroupInformation 1785 #request.dump() 1786 resp = dce.request(request) 1787 resp.dump() 1788 1789 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserHomeInformation 1790 #request.dump() 1791 resp = dce.request(request) 1792 resp.dump() 1793 1794 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserScriptInformation 1795 #request.dump() 1796 resp = dce.request(request) 1797 resp.dump() 1798 1799 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserProfileInformation 1800 #request.dump() 1801 resp = dce.request(request) 1802 resp.dump() 1803 1804 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAdminCommentInformation 1805 #request.dump() 1806 resp = dce.request(request) 1807 resp.dump() 1808 1809 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserWorkStationsInformation 1810 #request.dump() 1811 resp = dce.request(request) 1812 resp.dump() 1813 1814 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserControlInformation 1815 #request.dump() 1816 resp = dce.request(request) 1817 resp.dump() 1818 1819 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserExpiresInformation 1820 #request.dump() 1821 resp = dce.request(request) 1822 resp.dump() 1823 1824 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal1Information 1825 #request.dump() 1826 try: 1827 resp = dce.request(request) 1828 resp.dump() 1829 except Exception as e: 1830 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1831 raise 1832 pass 1833 1834 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserParametersInformation 1835 #request.dump() 1836 resp = dce.request(request) 1837 resp.dump() 1838 1839 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAllInformation 1840 #request.dump() 1841 resp = dce.request(request) 1842 resp.dump() 1843 1844 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4Information 1845 #request.dump() 1846 try: 1847 resp = dce.request(request) 1848 resp.dump() 1849 except Exception as e: 1850 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1851 raise 1852 pass 1853 1854 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5Information 1855 #request.dump() 1856 try: 1857 resp = dce.request(request) 1858 resp.dump() 1859 except Exception as e: 1860 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1861 raise 1862 pass 1863 1864 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4InformationNew 1865 #request.dump() 1866 try: 1867 resp = dce.request(request) 1868 resp.dump() 1869 except Exception as e: 1870 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1871 raise 1872 pass 1873 1874 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5InformationNew 1875 #request.dump() 1876 try: 1877 resp = dce.request(request) 1878 resp.dump() 1879 except Exception as e: 1880 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1881 raise 1882 pass 1883 1884 def test_SamrAddMemberToGroup_SamrRemoveMemberFromGroup(self): 1885 dce, rpctransport, domainHandle = self.connect() 1886 request = samr.SamrConnect() 1887 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1888 request['ServerName'] = 'BETO\x00' 1889 resp = dce.request(request) 1890 request = samr.SamrOpenGroup() 1891 request['DomainHandle'] = domainHandle 1892 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1893 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1894 try: 1895 resp = dce.request(request) 1896 resp.dump() 1897 except Exception as e: 1898 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1899 raise 1900 request = samr.SamrRemoveMemberFromGroup() 1901 request['GroupHandle'] = resp['GroupHandle'] 1902 request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN 1903 try: 1904 resp2 = dce.request(request) 1905 resp2.dump() 1906 except Exception as e: 1907 if str(e).find('STATUS_MEMBERS_PRIMARY_GROUP') < 0: 1908 raise 1909 request = samr.SamrAddMemberToGroup() 1910 request['GroupHandle'] = resp['GroupHandle'] 1911 request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN 1912 request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT 1913 try: 1914 resp2 = dce.request(request) 1915 resp2.dump() 1916 except Exception as e: 1917 if str(e).find('STATUS_MEMBER_IN_GROUP') < 0: 1918 raise 1919 1920 def test_hSamrAddMemberToGroup_hSamrRemoveMemberFromGroup(self): 1921 dce, rpctransport, domainHandle = self.connect() 1922 request = samr.SamrConnect() 1923 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1924 request['ServerName'] = 'BETO\x00' 1925 resp = dce.request(request) 1926 request = samr.SamrOpenGroup() 1927 request['DomainHandle'] = domainHandle 1928 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1929 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1930 try: 1931 resp = dce.request(request) 1932 resp.dump() 1933 except Exception as e: 1934 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1935 raise 1936 try: 1937 resp2 = samr.hSamrRemoveMemberFromGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN) 1938 resp2.dump() 1939 except Exception as e: 1940 if str(e).find('STATUS_MEMBERS_PRIMARY_GROUP') < 0: 1941 raise 1942 try: 1943 resp2= samr.hSamrAddMemberToGroup(dce, resp['GroupHandle'] ,samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT) 1944 resp2.dump() 1945 except Exception as e: 1946 if str(e).find('STATUS_MEMBER_IN_GROUP') < 0: 1947 raise 1948 1949 def test_SamrGetMembersInGroup(self): 1950 dce, rpctransport, domainHandle = self.connect() 1951 request = samr.SamrOpenGroup() 1952 request['DomainHandle'] = domainHandle 1953 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1954 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1955 try: 1956 resp = dce.request(request) 1957 resp.dump() 1958 except Exception as e: 1959 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1960 raise 1961 1962 request = samr.SamrGetMembersInGroup() 1963 request['GroupHandle'] = resp['GroupHandle'] 1964 resp = dce.request(request) 1965 resp.dump() 1966 1967 def test_hSamrGetMembersInGroup(self): 1968 dce, rpctransport, domainHandle = self.connect() 1969 request = samr.SamrOpenGroup() 1970 request['DomainHandle'] = domainHandle 1971 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1972 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1973 try: 1974 resp = dce.request(request) 1975 resp.dump() 1976 except Exception as e: 1977 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1978 raise 1979 1980 resp = samr.hSamrGetMembersInGroup(dce, resp['GroupHandle']) 1981 resp.dump() 1982 1983 def test_SamrGetMembersInAlias(self): 1984 dce, rpctransport, domainHandle = self.connect() 1985 request = samr.SamrEnumerateAliasesInDomain() 1986 request['DomainHandle'] = domainHandle 1987 request['EnumerationContext'] = 0 1988 request['PreferedMaximumLength'] = 500 1989 status = nt_errors.STATUS_MORE_ENTRIES 1990 while status == nt_errors.STATUS_MORE_ENTRIES: 1991 try: 1992 resp4 = dce.request(request) 1993 except Exception as e: 1994 if str(e).find('STATUS_MORE_ENTRIES') < 0: 1995 raise 1996 resp4 = e.get_packet() 1997 resp4['Buffer'].dump() 1998 request['EnumerationContext'] = resp4['EnumerationContext'] 1999 status = resp4['ErrorCode'] 2000 2001 request = samr.SamrOpenAlias() 2002 request['DomainHandle'] = domainHandle 2003 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2004 request['AliasId'] = resp4['Buffer']['Buffer'][0]['RelativeId'] 2005 resp = dce.request(request) 2006 resp.dump() 2007 2008 request = samr.SamrGetMembersInAlias() 2009 request['AliasHandle'] = resp['AliasHandle'] 2010 resp = dce.request(request) 2011 resp.dump() 2012 2013 def test_hSamrGetMembersInAlias(self): 2014 dce, rpctransport, domainHandle = self.connect() 2015 request = samr.SamrEnumerateAliasesInDomain() 2016 request['DomainHandle'] = domainHandle 2017 request['EnumerationContext'] = 0 2018 request['PreferedMaximumLength'] = 500 2019 status = nt_errors.STATUS_MORE_ENTRIES 2020 while status == nt_errors.STATUS_MORE_ENTRIES: 2021 try: 2022 resp4 = dce.request(request) 2023 except Exception as e: 2024 if str(e).find('STATUS_MORE_ENTRIES') < 0: 2025 raise 2026 resp4 = e.get_packet() 2027 resp4['Buffer'].dump() 2028 request['EnumerationContext'] = resp4['EnumerationContext'] 2029 status = resp4['ErrorCode'] 2030 2031 request = samr.SamrOpenAlias() 2032 request['DomainHandle'] = domainHandle 2033 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2034 request['AliasId'] = resp4['Buffer']['Buffer'][0]['RelativeId'] 2035 resp = dce.request(request) 2036 resp.dump() 2037 2038 resp = samr.hSamrGetMembersInAlias(dce, resp['AliasHandle']) 2039 resp.dump() 2040 2041 def test_SamrAddMemberToAlias_SamrRemoveMemberFromAlias(self): 2042 dce, rpctransport, domainHandle = self.connect() 2043 request = samr.SamrCreateAliasInDomain() 2044 request['DomainHandle'] = domainHandle 2045 request['AccountName'] = 'testGroup' 2046 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2047 #request.dump() 2048 resp = dce.request(request) 2049 aliasHandle = resp['AliasHandle'] 2050 relativeId = resp['RelativeId'] 2051 resp.dump() 2052 2053 request = samr.SamrRidToSid() 2054 request['ObjectHandle'] = domainHandle 2055 request['Rid'] = relativeId 2056 resp3 = dce.request(request) 2057 resp3.dump() 2058 2059 # Let's extract the SID and remove the RID from one entry 2060 sp = resp3['Sid'].formatCanonical() 2061 domainID = '-'.join(sp.split('-')[:-1]) 2062 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2063 2064 sid = samr.RPC_SID() 2065 sid.fromCanonical(adminSID) 2066 2067 request = samr.SamrAddMemberToAlias() 2068 request['AliasHandle'] = aliasHandle 2069 request['MemberId'] = sid 2070 resp2 = dce.request(request) 2071 resp2.dump() 2072 2073 request = samr.SamrRemoveMemberFromAlias() 2074 request['AliasHandle'] = aliasHandle 2075 request['MemberId'] = sid 2076 resp2 = dce.request(request) 2077 resp2.dump() 2078 2079 request = samr.SamrDeleteAlias() 2080 request['AliasHandle'] = aliasHandle 2081 dce.request(request) 2082 2083 def test_hSamrAddMemberToAlias_hSamrRemoveMemberFromAlias(self): 2084 dce, rpctransport, domainHandle = self.connect() 2085 resp = samr.hSamrCreateAliasInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 2086 resp.dump() 2087 aliasHandle = resp['AliasHandle'] 2088 relativeId = resp['RelativeId'] 2089 resp.dump() 2090 2091 request = samr.SamrRidToSid() 2092 request['ObjectHandle'] = domainHandle 2093 request['Rid'] = relativeId 2094 resp3 = dce.request(request) 2095 resp3.dump() 2096 2097 # Let's extract the SID and remove the RID from one entry 2098 sp = resp3['Sid'].formatCanonical() 2099 domainID = '-'.join(sp.split('-')[:-1]) 2100 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2101 2102 sid = samr.RPC_SID() 2103 sid.fromCanonical(adminSID) 2104 2105 resp2 = samr.hSamrAddMemberToAlias(dce, aliasHandle, sid) 2106 resp2.dump() 2107 2108 resp2 = samr.hSamrRemoveMemberFromAlias(dce, aliasHandle, sid) 2109 resp2.dump() 2110 2111 resp = samr.hSamrDeleteAlias(dce, aliasHandle) 2112 resp.dump() 2113 2114 2115 def test_SamrAddMultipleMembersToAlias_SamrRemoveMultipleMembersFromAliass(self): 2116 dce, rpctransport, domainHandle = self.connect() 2117 request = samr.SamrCreateAliasInDomain() 2118 request['DomainHandle'] = domainHandle 2119 request['AccountName'] = 'testGroup' 2120 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2121 #request.dump() 2122 resp = dce.request(request) 2123 aliasHandle = resp['AliasHandle'] 2124 relativeId = resp['RelativeId'] 2125 resp.dump() 2126 2127 request = samr.SamrRidToSid() 2128 request['ObjectHandle'] = domainHandle 2129 request['Rid'] = relativeId 2130 resp3 = dce.request(request) 2131 resp3.dump() 2132 2133 # Let's extract the SID and remove the RID from one entry 2134 sp = resp3['Sid'].formatCanonical() 2135 domainID = '-'.join(sp.split('-')[:-1]) 2136 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2137 2138 sid = samr.RPC_SID() 2139 sid.fromCanonical(adminSID) 2140 2141 sid = samr.RPC_SID() 2142 sid.fromCanonical(adminSID) 2143 2144 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2145 2146 sid1 = samr.RPC_SID() 2147 sid1.fromCanonical(adminSID) 2148 2149 sid2 = samr.RPC_SID() 2150 sid2.fromCanonical(guestSID) 2151 2152 si = samr.PSAMPR_SID_INFORMATION() 2153 si['SidPointer'] = sid1 2154 2155 si2 = samr.PSAMPR_SID_INFORMATION() 2156 si2['SidPointer'] = sid2 2157 2158 request = samr.SamrAddMultipleMembersToAlias() 2159 request['AliasHandle'] = aliasHandle 2160 request['MembersBuffer']['Count'] = 2 2161 request['MembersBuffer']['Sids'].append(si) 2162 request['MembersBuffer']['Sids'].append(si2) 2163 #request.dump() 2164 resp2 = dce.request(request) 2165 resp2.dump() 2166 2167 request = samr.SamrRemoveMultipleMembersFromAlias() 2168 request['AliasHandle'] = resp['AliasHandle'] 2169 request['MembersBuffer']['Count'] = 2 2170 request['MembersBuffer']['Sids'].append(si) 2171 request['MembersBuffer']['Sids'].append(si2) 2172 resp2 = dce.request(request) 2173 resp2.dump() 2174 2175 request = samr.SamrDeleteAlias() 2176 request['AliasHandle'] = aliasHandle 2177 dce.request(request) 2178 2179 def test_hSamrAddMultipleMembersToAlias_hSamrRemoveMultipleMembersFromAliass(self): 2180 dce, rpctransport, domainHandle = self.connect() 2181 #resp = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 2182 #resp = samr.hSamrOpenAlias(dce, domainHandle, samr.DELETE, 1257) 2183 #resp = samr.hSamrDeleteAlias(dce, resp['AliasHandle']) 2184 resp = samr.hSamrCreateAliasInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 2185 aliasHandle = resp['AliasHandle'] 2186 relativeId = resp['RelativeId'] 2187 resp.dump() 2188 2189 request = samr.SamrRidToSid() 2190 request['ObjectHandle'] = domainHandle 2191 request['Rid'] = relativeId 2192 resp3 = dce.request(request) 2193 resp3.dump() 2194 2195 # Let's extract the SID and remove the RID from one entry 2196 sp = resp3['Sid'].formatCanonical() 2197 domainID = '-'.join(sp.split('-')[:-1]) 2198 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2199 2200 sid = samr.RPC_SID() 2201 sid.fromCanonical(adminSID) 2202 2203 sid = samr.RPC_SID() 2204 sid.fromCanonical(adminSID) 2205 2206 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2207 2208 sid1 = samr.RPC_SID() 2209 sid1.fromCanonical(adminSID) 2210 2211 sid2 = samr.RPC_SID() 2212 sid2.fromCanonical(guestSID) 2213 2214 si = samr.PSAMPR_SID_INFORMATION() 2215 si['SidPointer'] = sid1 2216 2217 si2 = samr.PSAMPR_SID_INFORMATION() 2218 si2['SidPointer'] = sid2 2219 2220 sidArray = samr.SAMPR_PSID_ARRAY() 2221 sidArray['Sids'].append(si) 2222 sidArray['Sids'].append(si2) 2223 2224 resp = samr.hSamrAddMultipleMembersToAlias(dce, aliasHandle, sidArray) 2225 resp.dump() 2226 2227 resp = samr.hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, sidArray) 2228 resp.dump() 2229 2230 request = samr.SamrDeleteAlias() 2231 request['AliasHandle'] = aliasHandle 2232 dce.request(request) 2233 2234 2235 def test_SamrRemoveMemberFromForeignDomain(self): 2236 dce, rpctransport, domainHandle = self.connect() 2237 2238 request = samr.SamrCreateAliasInDomain() 2239 request['DomainHandle'] = domainHandle 2240 request['AccountName'] = 'testGroup' 2241 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2242 #request.dump() 2243 resp = dce.request(request) 2244 aliasHandle = resp['AliasHandle'] 2245 relativeId = resp['RelativeId'] 2246 resp.dump() 2247 2248 request = samr.SamrRidToSid() 2249 request['ObjectHandle'] = domainHandle 2250 request['Rid'] = relativeId 2251 resp3 = dce.request(request) 2252 resp3.dump() 2253 2254 # Let's extract the SID and remove the RID from one entry 2255 sp = resp3['Sid'].formatCanonical() 2256 domainID = '-'.join(sp.split('-')[:-1]) 2257 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2258 2259 request = samr.SamrRemoveMemberFromForeignDomain() 2260 request['DomainHandle'] = domainHandle 2261 request['MemberSid'].fromCanonical(adminSID) 2262 try: 2263 resp = dce.request(request) 2264 resp.dump() 2265 except Exception as e: 2266 if str(e).find('STATUS_SPECIAL_ACCOUNT') < 0: 2267 raise 2268 2269 request = samr.SamrDeleteAlias() 2270 request['AliasHandle'] = aliasHandle 2271 dce.request(request) 2272 2273 def test_hSamrRemoveMemberFromForeignDomain(self): 2274 dce, rpctransport, domainHandle = self.connect() 2275 request = samr.SamrCreateAliasInDomain() 2276 request['DomainHandle'] = domainHandle 2277 request['AccountName'] = 'testGroup' 2278 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2279 #request.dump() 2280 resp = dce.request(request) 2281 aliasHandle = resp['AliasHandle'] 2282 relativeId = resp['RelativeId'] 2283 resp.dump() 2284 2285 request = samr.SamrRidToSid() 2286 request['ObjectHandle'] = domainHandle 2287 request['Rid'] = relativeId 2288 resp3 = dce.request(request) 2289 resp3.dump() 2290 2291 # Let's extract the SID and remove the RID from one entry 2292 sp = resp3['Sid'].formatCanonical() 2293 domainID = '-'.join(sp.split('-')[:-1]) 2294 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2295 sid = samr.RPC_SID() 2296 sid.fromCanonical(adminSID) 2297 try: 2298 resp= samr.hSamrRemoveMemberFromForeignDomain(dce, domainHandle, sid) 2299 resp = dce.request(request) 2300 resp.dump() 2301 except Exception as e: 2302 if str(e).find('STATUS_SPECIAL_ACCOUNT') < 0: 2303 raise 2304 2305 request = samr.SamrDeleteAlias() 2306 request['AliasHandle'] = aliasHandle 2307 dce.request(request) 2308 2309 def test_SamrGetAliasMembership(self): 2310 dce, rpctransport, domainHandle = self.connect() 2311 request = samr.SamrCreateAliasInDomain() 2312 request['DomainHandle'] = domainHandle 2313 request['AccountName'] = 'testGroup' 2314 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2315 #request.dump() 2316 resp = dce.request(request) 2317 aliasHandle = resp['AliasHandle'] 2318 relativeId = resp['RelativeId'] 2319 resp.dump() 2320 2321 request = samr.SamrRidToSid() 2322 request['ObjectHandle'] = domainHandle 2323 request['Rid'] = relativeId 2324 resp3 = dce.request(request) 2325 resp3.dump() 2326 2327 # Let's extract the SID and remove the RID from one entry 2328 sp = resp3['Sid'].formatCanonical() 2329 domainID = '-'.join(sp.split('-')[:-1]) 2330 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2331 2332 sid = samr.RPC_SID() 2333 sid.fromCanonical(adminSID) 2334 2335 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2336 2337 sid1 = samr.RPC_SID() 2338 sid1.fromCanonical(adminSID) 2339 2340 sid2 = samr.RPC_SID() 2341 sid2.fromCanonical(guestSID) 2342 2343 si = samr.PSAMPR_SID_INFORMATION() 2344 si['SidPointer'] = sid1 2345 2346 si2 = samr.PSAMPR_SID_INFORMATION() 2347 si2['SidPointer'] = sid2 2348 2349 2350 request = samr.SamrGetAliasMembership() 2351 request['DomainHandle'] = domainHandle 2352 request['SidArray']['Count'] = 2 2353 request['SidArray']['Sids'].append(si) 2354 request['SidArray']['Sids'].append(si2) 2355 resp = dce.request(request) 2356 resp.dump() 2357 2358 request = samr.SamrDeleteAlias() 2359 request['AliasHandle'] = aliasHandle 2360 dce.request(request) 2361 2362 def test_hSamrGetAliasMembership(self): 2363 dce, rpctransport, domainHandle = self.connect() 2364 #resp = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 2365 #resp = samr.hSamrOpenAlias(dce, domainHandle, samr.DELETE, 1268) 2366 #resp = samr.hSamrDeleteAlias(dce, resp['AliasHandle']) 2367 2368 request = samr.SamrCreateAliasInDomain() 2369 request['DomainHandle'] = domainHandle 2370 request['AccountName'] = 'testGroup' 2371 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2372 #request.dump() 2373 resp = dce.request(request) 2374 aliasHandle = resp['AliasHandle'] 2375 relativeId = resp['RelativeId'] 2376 resp.dump() 2377 2378 request = samr.SamrRidToSid() 2379 request['ObjectHandle'] = domainHandle 2380 request['Rid'] = relativeId 2381 resp3 = dce.request(request) 2382 resp3.dump() 2383 2384 # Let's extract the SID and remove the RID from one entry 2385 sp = resp3['Sid'].formatCanonical() 2386 domainID = '-'.join(sp.split('-')[:-1]) 2387 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2388 2389 sid = samr.RPC_SID() 2390 sid.fromCanonical(adminSID) 2391 2392 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2393 2394 sid1 = samr.RPC_SID() 2395 sid1.fromCanonical(adminSID) 2396 2397 sid2 = samr.RPC_SID() 2398 sid2.fromCanonical(guestSID) 2399 2400 si = samr.PSAMPR_SID_INFORMATION() 2401 si['SidPointer'] = sid1 2402 2403 si2 = samr.PSAMPR_SID_INFORMATION() 2404 si2['SidPointer'] = sid2 2405 2406 sidsArray = samr.SAMPR_PSID_ARRAY() 2407 sidsArray['Sids'].append(si) 2408 sidsArray['Sids'].append(si2) 2409 2410 try: 2411 resp = samr.hSamrGetAliasMembership(dce, domainHandle, sidsArray) 2412 resp.dump() 2413 except Exception as e: 2414 request = samr.SamrDeleteAlias() 2415 request['AliasHandle'] = aliasHandle 2416 dce.request(request) 2417 raise 2418 2419 request = samr.SamrDeleteAlias() 2420 request['AliasHandle'] = aliasHandle 2421 dce.request(request) 2422 2423 def test_SamrSetMemberAttributesOfGroup(self): 2424 dce, rpctransport, domainHandle = self.connect() 2425 request = samr.SamrConnect() 2426 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2427 request['ServerName'] = 'BETO\x00' 2428 dce.request(request) 2429 request = samr.SamrOpenGroup() 2430 request['DomainHandle'] = domainHandle 2431 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2432 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 2433 resp = dce.request(request) 2434 2435 request = samr.SamrSetMemberAttributesOfGroup() 2436 request['GroupHandle'] = resp['GroupHandle'] 2437 request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN 2438 request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT 2439 resp = dce.request(request) 2440 resp.dump() 2441 2442 def test_hSamrSetMemberAttributesOfGroup(self): 2443 dce, rpctransport, domainHandle = self.connect() 2444 request = samr.SamrConnect() 2445 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2446 request['ServerName'] = 'BETO\x00' 2447 dce.request(request) 2448 request = samr.SamrOpenGroup() 2449 request['DomainHandle'] = domainHandle 2450 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2451 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 2452 resp = dce.request(request) 2453 2454 resp = samr.hSamrSetMemberAttributesOfGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT) 2455 resp.dump() 2456 2457 2458 def test_SamrGetUserDomainPasswordInformation(self): 2459 dce, rpctransport, domainHandle = self.connect() 2460 request = samr.SamrOpenUser() 2461 request['DomainHandle'] = domainHandle 2462 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT 2463 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 2464 resp = dce.request(request) 2465 2466 request = samr.SamrGetUserDomainPasswordInformation() 2467 request['UserHandle'] = resp['UserHandle'] 2468 resp = dce.request(request) 2469 resp.dump() 2470 2471 def test_hSamrGetUserDomainPasswordInformation(self): 2472 dce, rpctransport, domainHandle = self.connect() 2473 request = samr.SamrOpenUser() 2474 request['DomainHandle'] = domainHandle 2475 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT 2476 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 2477 resp = dce.request(request) 2478 2479 resp = samr.hSamrGetUserDomainPasswordInformation(dce, resp['UserHandle']) 2480 resp.dump() 2481 2482 def test_SamrGetDomainPasswordInformation(self): 2483 dce, rpctransport, domainHandle = self.connect() 2484 request = samr.SamrGetDomainPasswordInformation() 2485 request['Unused'] = NULL 2486 resp = dce.request(request) 2487 resp.dump() 2488 2489 def test_hSamrGetDomainPasswordInformation(self): 2490 dce, rpctransport, domainHandle = self.connect() 2491 resp = samr.hSamrGetDomainPasswordInformation(dce) 2492 resp.dump() 2493 2494 def test_SamrRidToSid(self): 2495 dce, rpctransport, domainHandle = self.connect() 2496 request = samr.SamrRidToSid() 2497 request['ObjectHandle'] = domainHandle 2498 request['Rid'] = samr.DOMAIN_USER_RID_ADMIN 2499 dce.request(request) 2500 2501 def test_hSamrRidToSid(self): 2502 dce, rpctransport, domainHandle = self.connect() 2503 resp = samr.hSamrRidToSid(dce, domainHandle, samr.DOMAIN_USER_RID_ADMIN) 2504 resp.dump() 2505 2506 def test_SamrSetDSRMPassword(self): 2507 dce, rpctransport, domainHandle = self.connect() 2508 request = samr.SamrSetDSRMPassword() 2509 request['Unused'] = NULL 2510 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 2511 request['EncryptedNtOwfPassword'] = '\x00'*16 2512 # calls made to SamrSetDSRMPassword using NCACN_IP_TCP are rejected with RPC_S_ACCESS_DENIED. 2513 try: 2514 dce.request(request) 2515 except Exception as e: 2516 if self.stringBinding.find('ncacn_ip_tcp') >=0: 2517 if str(e).find('rpc_s_access_denied') < 0: 2518 raise 2519 elif str(e).find('STATUS_NOT_SUPPORTED') < 0: 2520 raise 2521 2522 def test_SamrValidatePassword(self): 2523 dce, rpctransport, domainHandle = self.connect() 2524 request = samr.SamrValidatePassword() 2525 request['ValidationType'] = samr.PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset 2526 request['InputArg']['tag'] = samr.PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset 2527 request['InputArg']['ValidatePasswordResetInput']['InputPersistedFields']['PresentFields'] = samr.SAM_VALIDATE_PASSWORD_HISTORY 2528 request['InputArg']['ValidatePasswordResetInput']['InputPersistedFields']['PasswordHistory'] = NULL 2529 request['InputArg']['ValidatePasswordResetInput']['ClearPassword'] = 'AAAAAAAAAAAAAAAA' 2530 request['InputArg']['ValidatePasswordResetInput']['UserAccountName'] = 'Administrator' 2531 kk = samr.SamrValidatePassword() 2532 kk.fromString(request.getData()) 2533 try: 2534 resp = dce.request(request) 2535 resp.dump() 2536 except Exception as e: 2537 if str(e).find('rpc_s_access_denied') < 0: 2538 raise 2539 2540 def test_hSamrValidatePassword(self): 2541 dce, rpctransport, domainHandle = self.connect() 2542 inputArg = samr.SAM_VALIDATE_INPUT_ARG() 2543 inputArg['tag'] = samr.PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset 2544 inputArg['ValidatePasswordResetInput']['InputPersistedFields']['PresentFields'] = samr.SAM_VALIDATE_PASSWORD_HISTORY 2545 inputArg['ValidatePasswordResetInput']['InputPersistedFields']['PasswordHistory'] = NULL 2546 inputArg['ValidatePasswordResetInput']['ClearPassword'] = 'AAAAAAAAAAAAAAAA' 2547 inputArg['ValidatePasswordResetInput']['UserAccountName'] = 'Administrator' 2548 try: 2549 resp = samr.hSamrValidatePassword(dce, inputArg) 2550 resp.dump() 2551 except Exception as e: 2552 if str(e).find('rpc_s_access_denied') < 0: 2553 raise 2554 2555 def test_SamrQuerySecurityObject(self): 2556 dce, rpctransport, domainHandle = self.connect() 2557 request = samr.SamrQuerySecurityObject() 2558 request['ObjectHandle'] = domainHandle 2559 request['SecurityInformation'] = dtypes.OWNER_SECURITY_INFORMATION | dtypes.GROUP_SECURITY_INFORMATION | dtypes.SACL_SECURITY_INFORMATION | dtypes.DACL_SECURITY_INFORMATION 2560 resp = dce.request(request) 2561 resp.dump() 2562 2563 def test_hSamrQuerySecurityObject(self): 2564 dce, rpctransport, domainHandle = self.connect() 2565 resp = samr.hSamrQuerySecurityObject(dce, domainHandle,dtypes.OWNER_SECURITY_INFORMATION | dtypes.GROUP_SECURITY_INFORMATION | dtypes.SACL_SECURITY_INFORMATION | dtypes.DACL_SECURITY_INFORMATION) 2566 resp.dump() 2567 2568 def test_SamrSetSecurityObject(self): 2569 dce, rpctransport, domainHandle = self.connect() 2570 2571 resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,)) 2572 resp.dump() 2573 2574 resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data']) 2575 resp.dump() 2576 userHandle = resp['UserHandle'] 2577 request = samr.SamrQuerySecurityObject() 2578 request['ObjectHandle'] = userHandle 2579 request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION 2580 resp = dce.request(request) 2581 resp.dump() 2582 2583 request = samr.SamrSetSecurityObject() 2584 request['ObjectHandle'] = userHandle 2585 request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION 2586 request['SecurityDescriptor'] = resp['SecurityDescriptor'] 2587 #request.dump() 2588 try: 2589 resp = dce.request(request) 2590 resp.dump() 2591 except Exception as e: 2592 if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0: 2593 raise 2594 2595 resp = samr.hSamrCloseHandle(dce, userHandle) 2596 resp.dump() 2597 2598 def test_hSamrSetSecurityObject(self): 2599 dce, rpctransport, domainHandle = self.connect() 2600 dce, rpctransport, domainHandle = self.connect() 2601 2602 resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,)) 2603 resp.dump() 2604 2605 resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data']) 2606 resp.dump() 2607 userHandle = resp['UserHandle'] 2608 resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION) 2609 resp.dump() 2610 2611 try: 2612 resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] ) 2613 resp.dump() 2614 except Exception as e: 2615 if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0: 2616 raise 2617 2618 resp = samr.hSamrCloseHandle(dce, userHandle) 2619 resp.dump() 2620 2621 2622 def test_SamrChangePasswordUser(self): 2623 dce, rpctransport, domainHandle = self.connect() 2624 2625 request = samr.SamrCreateUser2InDomain() 2626 request['DomainHandle'] = domainHandle 2627 request['Name'] = 'testAccount' 2628 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2629 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2630 #request.dump() 2631 resp0 = dce.request(request) 2632 resp0.dump() 2633 2634 oldPwd = '' 2635 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2636 newPwd = 'ADMIN' 2637 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2638 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2639 2640 from impacket import crypto 2641 request = samr.SamrChangePasswordUser() 2642 request['UserHandle'] = resp0['UserHandle'] 2643 request['LmPresent'] = 0 2644 request['OldLmEncryptedWithNewLm'] = NULL 2645 request['NewLmEncryptedWithOldLm'] = NULL 2646 request['NtPresent'] = 1 2647 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2648 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2649 request['NtCrossEncryptionPresent'] = 0 2650 request['NewNtEncryptedWithNewLm'] = NULL 2651 request['LmCrossEncryptionPresent'] = 1 2652 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2653 resp = dce.request(request) 2654 resp.dump() 2655 2656 # Delete the temp user 2657 request = samr.SamrDeleteUser() 2658 request['UserHandle'] = resp0['UserHandle'] 2659 resp = dce.request(request) 2660 resp.dump() 2661 2662 def test_hSamrChangePasswordUser(self): 2663 dce, rpctransport, domainHandle = self.connect() 2664 2665 request = samr.SamrCreateUser2InDomain() 2666 request['DomainHandle'] = domainHandle 2667 request['Name'] = 'testAccount' 2668 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2669 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2670 #request.dump() 2671 resp0 = dce.request(request) 2672 resp0.dump() 2673 2674 resp = samr.hSamrChangePasswordUser(dce, resp0['UserHandle'], '', 'ADMIN') 2675 resp.dump() 2676 2677 # Delete the temp user 2678 request = samr.SamrDeleteUser() 2679 request['UserHandle'] = resp0['UserHandle'] 2680 resp = dce.request(request) 2681 resp.dump() 2682 2683 def test_SamrOemChangePasswordUser2(self): 2684 dce, rpctransport, domainHandle = self.connect() 2685 # As you can guess by now, target machine must have the Administrator account with password admin 2686 # NOTE: It's giving me WRONG_PASSWORD 'cause the target test server doesn't hold LM Hashes 2687 # further testing is needed to verify this call works 2688 oldPwd = 'admin' 2689 oldPwdHashLM = ntlm.LMOWFv1(oldPwd) 2690 newPwd = 'ADMIN' 2691 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2692 2693 try: 2694 from Cryptodome.Cipher import ARC4 2695 except Exception: 2696 print("Warning: You don't have any crypto installed. You need pycryptodomex") 2697 print("See https://pypi.org/project/pycryptodomex/") 2698 2699 from impacket import crypto 2700 request = samr.SamrOemChangePasswordUser2() 2701 request['ServerName'] = '' 2702 request['UserName'] = 'Administrator' 2703 samUser = samr.SAMPR_USER_PASSWORD() 2704 samUser['Buffer'] = b'A'*(512-len(newPwd)) + b(newPwd) 2705 samUser['Length'] = len(newPwd) 2706 pwdBuff = samUser.getData() 2707 2708 rc4 = ARC4.new(oldPwdHashLM) 2709 encBuf = rc4.encrypt(pwdBuff) 2710 request['NewPasswordEncryptedWithOldLm']['Buffer'] = encBuf 2711 request['OldLmOwfPasswordEncryptedWithNewLm'] = crypto.SamEncryptNTLMHash(oldPwdHashLM, newPwdHashLM) 2712 try: 2713 resp = dce.request(request) 2714 resp.dump() 2715 except Exception as e: 2716 if str(e).find('STATUS_WRONG_PASSWORD') < 0: 2717 raise 2718 2719 def test_SamrUnicodeChangePasswordUser2(self): 2720 dce, rpctransport, domainHandle = self.connect() 2721 2722 request = samr.SamrCreateUser2InDomain() 2723 request['DomainHandle'] = domainHandle 2724 request['Name'] = 'testAccount' 2725 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2726 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2727 #request.dump() 2728 resp0 = dce.request(request) 2729 resp0.dump() 2730 2731 oldPwd = '' 2732 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2733 newPwd = 'ADMIN' 2734 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2735 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2736 2737 from impacket import crypto 2738 request = samr.SamrChangePasswordUser() 2739 request['UserHandle'] = resp0['UserHandle'] 2740 request['LmPresent'] = 0 2741 request['OldLmEncryptedWithNewLm'] = NULL 2742 request['NewLmEncryptedWithOldLm'] = NULL 2743 request['NtPresent'] = 1 2744 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2745 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2746 request['NtCrossEncryptionPresent'] = 0 2747 request['NewNtEncryptedWithNewLm'] = NULL 2748 request['LmCrossEncryptionPresent'] = 1 2749 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2750 resp = dce.request(request) 2751 resp.dump() 2752 2753 oldPwd = 'ADMIN' 2754 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2755 newPwd = chars = "".join( [random.choice(string.ascii_letters) for i in range(15)] ) 2756 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2757 2758 try: 2759 from Cryptodome.Cipher import ARC4 2760 except Exception: 2761 print("Warning: You don't have any crypto installed. You need pycryptodomex") 2762 print("See https://pypi.org/project/pycryptodomex/") 2763 2764 from impacket import crypto 2765 request = samr.SamrUnicodeChangePasswordUser2() 2766 request['ServerName'] = '' 2767 request['UserName'] = 'testAccount' 2768 samUser = samr.SAMPR_USER_PASSWORD() 2769 samUser['Buffer'] = b'A'*(512-len(newPwd)*2) + newPwd.encode('utf-16le') 2770 samUser['Length'] = len(newPwd)*2 2771 pwdBuff = samUser.getData() 2772 2773 rc4 = ARC4.new(oldPwdHashNT) 2774 encBuf = rc4.encrypt(pwdBuff) 2775 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf 2776 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2777 request['LmPresent'] = 0 2778 request['NewPasswordEncryptedWithOldLm'] = NULL 2779 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL 2780 2781 try: 2782 resp = dce.request(request) 2783 resp.dump() 2784 except Exception as e: 2785 if str(e).find('STATUS_PASSWORD_RESTRICTION') < 0: 2786 raise 2787 2788 # Delete the temp user 2789 request = samr.SamrDeleteUser() 2790 request['UserHandle'] = resp0['UserHandle'] 2791 resp = dce.request(request) 2792 resp.dump() 2793 2794 def test_hSamrUnicodeChangePasswordUser2(self): 2795 dce, rpctransport, domainHandle = self.connect() 2796 2797 request = samr.SamrCreateUser2InDomain() 2798 request['DomainHandle'] = domainHandle 2799 request['Name'] = 'testAccount' 2800 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2801 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2802 #request.dump() 2803 resp0 = dce.request(request) 2804 resp0.dump() 2805 2806 oldPwd = '' 2807 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2808 newPwd = 'ADMIN' 2809 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2810 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2811 2812 from impacket import crypto 2813 request = samr.SamrChangePasswordUser() 2814 request['UserHandle'] = resp0['UserHandle'] 2815 request['LmPresent'] = 0 2816 request['OldLmEncryptedWithNewLm'] = NULL 2817 request['NewLmEncryptedWithOldLm'] = NULL 2818 request['NtPresent'] = 1 2819 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2820 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2821 request['NtCrossEncryptionPresent'] = 0 2822 request['NewNtEncryptedWithNewLm'] = NULL 2823 request['LmCrossEncryptionPresent'] = 1 2824 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2825 resp = dce.request(request) 2826 resp.dump() 2827 2828 try: 2829 resp = samr.hSamrUnicodeChangePasswordUser2(dce, '', 'testAccount', 'ADMIN', 'betus') 2830 resp.dump() 2831 except Exception as e: 2832 if str(e).find('STATUS_PASSWORD_RESTRICTION') < 0: 2833 raise 2834 2835 # Delete the temp user 2836 request = samr.SamrDeleteUser() 2837 request['UserHandle'] = resp0['UserHandle'] 2838 resp = dce.request(request) 2839 resp.dump() 2840 2841 class SMBTransport(SAMRTests): 2842 def setUp(self): 2843 SAMRTests.setUp(self) 2844 configFile = ConfigParser.ConfigParser() 2845 configFile.read('dcetests.cfg') 2846 self.username = configFile.get('SMBTransport', 'username') 2847 self.domain = configFile.get('SMBTransport', 'domain') 2848 self.serverName = configFile.get('SMBTransport', 'servername') 2849 self.password = configFile.get('SMBTransport', 'password') 2850 self.machine = configFile.get('SMBTransport', 'machine') 2851 self.hashes = configFile.get('SMBTransport', 'hashes') 2852 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np') 2853 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 2854 2855 class TCPTransport(SAMRTests): 2856 def setUp(self): 2857 SAMRTests.setUp(self) 2858 configFile = ConfigParser.ConfigParser() 2859 configFile.read('dcetests.cfg') 2860 self.username = configFile.get('TCPTransport', 'username') 2861 self.domain = configFile.get('TCPTransport', 'domain') 2862 self.serverName = configFile.get('TCPTransport', 'servername') 2863 self.password = configFile.get('TCPTransport', 'password') 2864 self.machine = configFile.get('TCPTransport', 'machine') 2865 self.hashes = configFile.get('TCPTransport', 'hashes') 2866 #print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2867 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2868 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 2869 2870 class SMBTransport64(SAMRTests): 2871 def setUp(self): 2872 SAMRTests.setUp(self) 2873 configFile = ConfigParser.ConfigParser() 2874 configFile.read('dcetests.cfg') 2875 self.username = configFile.get('SMBTransport', 'username') 2876 self.domain = configFile.get('SMBTransport', 'domain') 2877 self.serverName = configFile.get('SMBTransport', 'servername') 2878 self.password = configFile.get('SMBTransport', 'password') 2879 self.machine = configFile.get('SMBTransport', 'machine') 2880 self.hashes = configFile.get('SMBTransport', 'hashes') 2881 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np') 2882 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 2883 2884 class TCPTransport64(SAMRTests): 2885 def setUp(self): 2886 SAMRTests.setUp(self) 2887 configFile = ConfigParser.ConfigParser() 2888 configFile.read('dcetests.cfg') 2889 self.username = configFile.get('TCPTransport', 'username') 2890 self.domain = configFile.get('TCPTransport', 'domain') 2891 self.serverName = configFile.get('TCPTransport', 'servername') 2892 self.password = configFile.get('TCPTransport', 'password') 2893 self.machine = configFile.get('TCPTransport', 'machine') 2894 self.hashes = configFile.get('TCPTransport', 'hashes') 2895 #print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2896 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2897 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 2898 2899 2900 # Process command-line arguments. 2901 if __name__ == '__main__': 2902 import sys 2903 if len(sys.argv) > 1: 2904 testcase = sys.argv[1] 2905 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 2906 else: 2907 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 2908 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport)) 2909 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 2910 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport64)) 2911 unittest.TextTestRunner(verbosity=1).run(suite)