github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_wkst.py (about) 1 ############################################################################### 2 # Tested so far: 3 # 4 # NetrWkstaGetInfo 5 # NetrWkstaUserEnum 6 # NetrWkstaTransportEnum 7 # NetrWkstaTransportAdd 8 # NetrUseAdd 9 # NetrUseGetInfo 10 # NetrUseDel 11 # NetrUseEnum 12 # NetrWorkstationStatisticsGet 13 # NetrGetJoinInformation 14 # NetrJoinDomain2 15 # NetrUnjoinDomain2 16 # NetrRenameMachineInDomain2 17 # NetrValidateName2 18 # NetrGetJoinableOUs2 19 # NetrAddAlternateComputerName 20 # NetrRemoveAlternateComputerName 21 # NetrSetPrimaryComputerName 22 # NetrEnumerateComputerNames 23 # 24 # Not yet: 25 # 26 # Shouldn't dump errors against a win7 27 # 28 ################################################################################ 29 30 from __future__ import division 31 from __future__ import print_function 32 import unittest 33 try: 34 import ConfigParser 35 except ImportError: 36 import configparser as ConfigParser 37 38 from impacket.dcerpc.v5 import transport 39 from impacket.dcerpc.v5 import wkst 40 from impacket.dcerpc.v5.ndr import NULL 41 42 43 class WKSTTests(unittest.TestCase): 44 def connect(self): 45 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 46 if len(self.hashes) > 0: 47 lmhash, nthash = self.hashes.split(':') 48 else: 49 lmhash = '' 50 nthash = '' 51 if hasattr(rpctransport, 'set_credentials'): 52 # This method exists only for selected protocol sequences. 53 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 54 dce = rpctransport.get_dce_rpc() 55 dce.connect() 56 dce.bind(wkst.MSRPC_UUID_WKST, transfer_syntax = self.ts) 57 58 return dce, rpctransport 59 60 def test_NetrWkstaGetInfo(self): 61 dce, rpctransport = self.connect() 62 request = wkst.NetrWkstaGetInfo() 63 request['ServerName'] = '\x00'*10 64 request['Level'] = 100 65 resp = dce.request(request) 66 resp.dump() 67 68 request['Level'] = 101 69 resp = dce.request(request) 70 resp.dump() 71 72 request['Level'] = 102 73 resp = dce.request(request) 74 resp.dump() 75 76 request['Level'] = 502 77 resp = dce.request(request) 78 resp.dump() 79 80 def test_hNetrWkstaGetInfo(self): 81 dce, rpctransport = self.connect() 82 resp = wkst.hNetrWkstaGetInfo(dce, 100) 83 resp.dump() 84 85 resp = wkst.hNetrWkstaGetInfo(dce, 101) 86 resp.dump() 87 88 resp = wkst.hNetrWkstaGetInfo(dce, 102) 89 resp.dump() 90 91 resp = wkst.hNetrWkstaGetInfo(dce, 502) 92 resp.dump() 93 94 def test_NetrWkstaUserEnum(self): 95 dce, rpctransport = self.connect() 96 request = wkst.NetrWkstaUserEnum() 97 request['ServerName'] = '\x00'*10 98 request['UserInfo']['Level'] = 0 99 request['UserInfo']['WkstaUserInfo']['tag'] = 0 100 request['PreferredMaximumLength'] = 8192 101 resp = dce.request(request) 102 resp.dump() 103 104 request['UserInfo']['Level'] = 1 105 request['UserInfo']['WkstaUserInfo']['tag'] = 1 106 resp = dce.request(request) 107 resp.dump() 108 109 def test_hNetrWkstaUserEnum(self): 110 dce, rpctransport = self.connect() 111 resp = wkst.hNetrWkstaUserEnum(dce, 0) 112 resp.dump() 113 114 resp = wkst.hNetrWkstaUserEnum(dce, 1) 115 resp.dump() 116 117 def test_NetrWkstaTransportEnum(self): 118 dce, rpctransport = self.connect() 119 request = wkst.NetrWkstaTransportEnum() 120 request['ServerName'] = '\x00'*10 121 request['TransportInfo']['Level'] = 0 122 request['TransportInfo']['WkstaTransportInfo']['tag'] = 0 123 request['PreferredMaximumLength'] = 500 124 request['ResumeHandle'] = NULL 125 resp = dce.request(request) 126 resp.dump() 127 128 def test_hNetrWkstaTransportEnum(self): 129 dce, rpctransport = self.connect() 130 resp = wkst.hNetrWkstaTransportEnum(dce, 0) 131 resp.dump() 132 133 def test_NetrWkstaSetInfo(self): 134 dce, rpctransport = self.connect() 135 request = wkst.NetrWkstaGetInfo() 136 request['ServerName'] = '\x00'*10 137 request['Level'] = 502 138 resp = dce.request(request) 139 resp.dump() 140 oldVal = resp['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] 141 142 req = wkst.NetrWkstaSetInfo() 143 req['ServerName'] = '\x00'*10 144 req['Level'] = 502 145 req['WkstaInfo'] = resp['WkstaInfo'] 146 req['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] = 500 147 resp2 = dce.request(req) 148 resp2.dump() 149 150 resp = dce.request(request) 151 self.assertTrue(500 == resp['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] ) 152 153 req['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] = oldVal 154 resp2 = dce.request(req) 155 resp2.dump() 156 157 def test_hNetrWkstaSetInfo(self): 158 dce, rpctransport = self.connect() 159 resp = wkst.hNetrWkstaGetInfo(dce, 502) 160 resp.dump() 161 oldVal = resp['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] 162 163 164 resp['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] = 500 165 resp2 = wkst.hNetrWkstaSetInfo(dce, 502,resp['WkstaInfo']['WkstaInfo502']) 166 resp2.dump() 167 168 resp = wkst.hNetrWkstaGetInfo(dce, 502) 169 resp.dump() 170 self.assertTrue(500 == resp['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] ) 171 172 resp['WkstaInfo']['WkstaInfo502']['wki502_dormant_file_limit'] = oldVal 173 resp2 = wkst.hNetrWkstaSetInfo(dce, 502,resp['WkstaInfo']['WkstaInfo502']) 174 resp2.dump() 175 176 def test_NetrWkstaTransportAdd(self): 177 dce, rpctransport = self.connect() 178 179 req = wkst.NetrWkstaTransportAdd() 180 req['ServerName'] = '\x00'*10 181 req['Level'] = 0 182 req['TransportInfo']['wkti0_transport_name'] = 'BETO\x00' 183 req['TransportInfo']['wkti0_transport_address'] = '000C29BC5CE5\x00' 184 try: 185 resp2 = dce.request(req) 186 resp2.dump() 187 except Exception as e: 188 if str(e).find('ERROR_INVALID_FUNCTION') < 0: 189 raise 190 191 def test_hNetrUseAdd_hNetrUseDel_hNetrUseGetInfo_hNetrUseEnum(self): 192 dce, rpctransport = self.connect() 193 194 info1 = wkst.LPUSE_INFO_1() 195 196 info1['ui1_local'] = 'Z:\x00' 197 info1['ui1_remote'] = '\\\\127.0.0.1\\c$\x00' 198 info1['ui1_password'] = NULL 199 try: 200 resp = wkst.hNetrUseAdd(dce, 1, info1) 201 resp.dump() 202 except Exception as e: 203 if str(e).find('rpc_s_access_denied') >=0: 204 # This could happen in newer OSes 205 pass 206 207 # We're not testing this call with NDR64, it fails and I can't see the contents 208 if self.ts == ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'): 209 return 210 211 try: 212 resp = wkst.hNetrUseEnum(dce, 2) 213 resp.dump() 214 except Exception as e: 215 if str(e).find('STATUS_PIPE_DISCONNECTED') >=0: 216 # This could happen in newer OSes 217 pass 218 219 try: 220 resp2 = wkst.hNetrUseGetInfo(dce, 'Z:', 3) 221 resp2.dump() 222 except Exception as e: 223 if str(e).find('STATUS_PIPE_DISCONNECTED') >=0: 224 # This could happen in newer OSes 225 pass 226 227 try: 228 resp = wkst.hNetrUseDel(dce,'Z:') 229 resp.dump() 230 except Exception as e: 231 if str(e).find('STATUS_PIPE_DISCONNECTED') >=0: 232 # This could happen in newer OSes 233 pass 234 235 def test_NetrUseAdd_NetrUseDel_NetrUseGetInfo_NetrUseEnum(self): 236 dce, rpctransport = self.connect() 237 238 req = wkst.NetrUseAdd() 239 req['ServerName'] = '\x00'*10 240 req['Level'] = 1 241 req['InfoStruct']['tag'] = 1 242 req['InfoStruct']['UseInfo1']['ui1_local'] = 'Z:\x00' 243 req['InfoStruct']['UseInfo1']['ui1_remote'] = '\\\\127.0.0.1\\c$\x00' 244 req['InfoStruct']['UseInfo1']['ui1_password'] = NULL 245 try: 246 resp2 = dce.request(req) 247 resp2.dump() 248 except Exception as e: 249 if str(e).find('rpc_s_access_denied') >=0: 250 # This could happen in newer OSes 251 pass 252 253 # We're not testing this call with NDR64, it fails and I can't see the contents 254 if self.ts == ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0'): 255 return 256 257 req = wkst.NetrUseEnum() 258 req['ServerName'] = NULL 259 req['InfoStruct']['Level'] = 2 260 req['InfoStruct']['UseInfo']['tag'] = 2 261 req['InfoStruct']['UseInfo']['Level2']['Buffer'] = NULL 262 req['PreferredMaximumLength'] = 0xffffffff 263 req['ResumeHandle'] = NULL 264 try: 265 resp2 = dce.request(req) 266 resp2.dump() 267 except Exception as e: 268 if str(e).find('rpc_s_access_denied') >=0: 269 # This could happen in newer OSes 270 pass 271 272 req = wkst.NetrUseGetInfo() 273 req['ServerName'] = '\x00'*10 274 req['UseName'] = 'Z:\x00' 275 req['Level'] = 3 276 try: 277 resp2 = dce.request(req) 278 resp2.dump() 279 except Exception as e: 280 if str(e).find('rpc_s_access_denied') >=0: 281 # This could happen in newer OSes 282 pass 283 284 285 req = wkst.NetrUseDel() 286 req['ServerName'] = '\x00'*10 287 req['UseName'] = 'Z:\x00' 288 req['ForceLevel'] = wkst.USE_LOTS_OF_FORCE 289 try: 290 resp2 = dce.request(req) 291 resp2.dump() 292 except Exception as e: 293 if str(e).find('rpc_s_access_denied') >=0: 294 # This could happen in newer OSes 295 pass 296 297 298 def test_NetrWorkstationStatisticsGet(self): 299 dce, rpctransport = self.connect() 300 301 req = wkst.NetrWorkstationStatisticsGet() 302 req['ServerName'] = '\x00'*10 303 req['ServiceName'] = '\x00' 304 req['Level'] = 0 305 req['Options'] = 0 306 try: 307 resp2 = dce.request(req) 308 resp2.dump() 309 except Exception as e: 310 if str(e).find('ERROR_INVALID_PARAMETER') < 0: 311 raise 312 313 def test_hNetrWorkstationStatisticsGet(self): 314 dce, rpctransport = self.connect() 315 316 try: 317 resp2 = wkst.hNetrWorkstationStatisticsGet(dce, '\x00', 0, 0) 318 resp2.dump() 319 except Exception as e: 320 if str(e).find('ERROR_INVALID_PARAMETER') < 0: 321 raise 322 323 def test_NetrGetJoinInformation(self): 324 dce, rpctransport = self.connect() 325 326 req = wkst.NetrGetJoinInformation() 327 req['ServerName'] = '\x00'*10 328 req['NameBuffer'] = '\x00' 329 330 try: 331 resp2 = dce.request(req) 332 resp2.dump() 333 except Exception as e: 334 if str(e).find('ERROR_INVALID_PARAMETER') < 0: 335 raise 336 337 def test_hNetrGetJoinInformation(self): 338 dce, rpctransport = self.connect() 339 340 try: 341 resp = wkst.hNetrGetJoinInformation(dce, '\x00') 342 resp.dump() 343 except Exception as e: 344 if str(e).find('ERROR_INVALID_PARAMETER') < 0: 345 raise 346 347 def test_NetrJoinDomain2(self): 348 dce, rpctransport = self.connect() 349 350 req = wkst.NetrJoinDomain2() 351 req['ServerName'] = '\x00'*10 352 req['DomainNameParam'] = '172.16.123.1\\FREEFLY\x00' 353 req['MachineAccountOU'] = 'OU=BETUS,DC=FREEFLY\x00' 354 req['AccountName'] = NULL 355 req['Password']['Buffer'] = '\x00'*512 356 req['Options'] = wkst.NETSETUP_DOMAIN_JOIN_IF_JOINED 357 #req.dump() 358 try: 359 resp2 = dce.request(req) 360 resp2.dump() 361 except Exception as e: 362 if str(e).find('ERROR_INVALID_PASSWORD') < 0: 363 raise 364 365 def test_hNetrJoinDomain2(self): 366 dce, rpctransport = self.connect() 367 368 try: 369 resp = wkst.hNetrJoinDomain2(dce,'172.16.123.1\\FREEFLY\x00','OU=BETUS,DC=FREEFLY\x00',NULL,'\x00'*512, wkst.NETSETUP_DOMAIN_JOIN_IF_JOINED) 370 resp.dump() 371 except Exception as e: 372 if str(e).find('ERROR_INVALID_PASSWORD') < 0: 373 raise 374 375 def test_NetrUnjoinDomain2(self): 376 dce, rpctransport = self.connect() 377 378 req = wkst.NetrUnjoinDomain2() 379 req['ServerName'] = '\x00'*10 380 req['AccountName'] = NULL 381 req['Password']['Buffer'] = '\x00'*512 382 #req['Password'] = NULL 383 req['Options'] = wkst.NETSETUP_ACCT_DELETE 384 try: 385 resp2 = dce.request(req) 386 resp2.dump() 387 except Exception as e: 388 if str(e).find('ERROR_INVALID_PASSWORD') < 0: 389 raise 390 391 def test_hNetrUnjoinDomain2(self): 392 dce, rpctransport = self.connect() 393 394 try: 395 resp = wkst.hNetrUnjoinDomain2(dce, NULL, b'\x00'*512, wkst.NETSETUP_ACCT_DELETE) 396 resp.dump() 397 except Exception as e: 398 if str(e).find('ERROR_INVALID_PASSWORD') < 0: 399 raise 400 401 def test_NetrRenameMachineInDomain2(self): 402 dce, rpctransport = self.connect() 403 404 req = wkst.NetrRenameMachineInDomain2() 405 req['ServerName'] = '\x00'*10 406 req['MachineName'] = 'BETUS\x00' 407 req['AccountName'] = NULL 408 req['Password']['Buffer'] = '\x00'*512 409 #req['Password'] = NULL 410 req['Options'] = wkst.NETSETUP_ACCT_CREATE 411 try: 412 resp2 = dce.request(req) 413 resp2.dump() 414 except Exception as e: 415 if str(e).find('ERROR_INVALID_PASSWORD') < 0: 416 raise 417 418 def test_hNetrRenameMachineInDomain2(self): 419 dce, rpctransport = self.connect() 420 421 try: 422 resp = wkst.hNetrRenameMachineInDomain2(dce, 'BETUS\x00', NULL, b'\x00'*512, wkst.NETSETUP_ACCT_CREATE) 423 resp.dump() 424 except Exception as e: 425 if str(e).find('ERROR_INVALID_PASSWORD') < 0: 426 raise 427 428 def test_NetrValidateName2(self): 429 dce, rpctransport = self.connect() 430 431 req = wkst.NetrValidateName2() 432 req['ServerName'] = '\x00'*10 433 req['NameToValidate'] = 'BETO\x00' 434 req['AccountName'] = NULL 435 req['Password'] = NULL 436 req['NameType'] = wkst.NETSETUP_NAME_TYPE.NetSetupDomain 437 try: 438 resp2 = dce.request(req) 439 resp2.dump() 440 except Exception as e: 441 if str(e).find('0x8001011c') < 0: 442 raise 443 444 def test_hNetrValidateName2(self): 445 dce, rpctransport = self.connect() 446 447 try: 448 resp2 = wkst.hNetrValidateName2(dce, 'BETO\x00', NULL, NULL, wkst.NETSETUP_NAME_TYPE.NetSetupDomain) 449 resp2.dump() 450 except Exception as e: 451 if str(e).find('0x8001011c') < 0: 452 raise 453 454 def test_NetrGetJoinableOUs2(self): 455 dce, rpctransport = self.connect() 456 457 req = wkst.NetrGetJoinableOUs2() 458 req['ServerName'] = '\x00'*10 459 req['DomainNameParam'] = 'FREEFLY\x00' 460 req['AccountName'] = NULL 461 req['Password'] = NULL 462 req['OUCount'] = 0 463 #req.dump() 464 try: 465 resp2 = dce.request(req) 466 resp2.dump() 467 except Exception as e: 468 if str(e).find('0x8001011c') < 0: 469 raise 470 471 def test_hNetrGetJoinableOUs2(self): 472 dce, rpctransport = self.connect() 473 474 try: 475 resp = wkst.hNetrGetJoinableOUs2(dce,'FREEFLY\x00', NULL, NULL,0 ) 476 resp.dump() 477 except Exception as e: 478 if str(e).find('0x8001011c') < 0: 479 raise 480 481 def test_NetrAddAlternateComputerName(self): 482 dce, rpctransport = self.connect() 483 484 req = wkst.NetrAddAlternateComputerName() 485 req['ServerName'] = '\x00'*10 486 req['AlternateName'] = 'FREEFLY\x00' 487 req['DomainAccount'] = NULL 488 req['EncryptedPassword'] = NULL 489 #req.dump() 490 try: 491 resp2 = dce.request(req) 492 resp2.dump() 493 except Exception as e: 494 if str(e).find('ERROR_NOT_SUPPORTED') < 0 and str(e).find('ERROR_INVALID_PASSWORD') < 0: 495 raise 496 497 def test_hNetrAddAlternateComputerName(self): 498 dce, rpctransport = self.connect() 499 500 try: 501 resp2= wkst.hNetrAddAlternateComputerName(dce, 'FREEFLY\x00', NULL, NULL) 502 resp2.dump() 503 except Exception as e: 504 if str(e).find('ERROR_NOT_SUPPORTED') < 0 and str(e).find('ERROR_INVALID_PASSWORD') < 0: 505 raise 506 507 def test_NetrRemoveAlternateComputerName(self): 508 dce, rpctransport = self.connect() 509 510 req = wkst.NetrRemoveAlternateComputerName() 511 req['ServerName'] = '\x00'*10 512 req['AlternateName'] = 'FREEFLY\x00' 513 req['DomainAccount'] = NULL 514 req['EncryptedPassword'] = NULL 515 #req.dump() 516 try: 517 resp2 = dce.request(req) 518 resp2.dump() 519 except Exception as e: 520 if str(e).find('ERROR_NOT_SUPPORTED') < 0 and str(e).find('ERROR_INVALID_PASSWORD') < 0: 521 raise 522 523 def test_hNetrRemoveAlternateComputerName(self): 524 dce, rpctransport = self.connect() 525 526 try: 527 resp2 = wkst.hNetrRemoveAlternateComputerName(dce,'FREEFLY\x00', NULL, NULL ) 528 resp2.dump() 529 except Exception as e: 530 if str(e).find('ERROR_NOT_SUPPORTED') < 0 and str(e).find('ERROR_INVALID_PASSWORD') < 0: 531 raise 532 533 def test_NetrSetPrimaryComputerName(self): 534 dce, rpctransport = self.connect() 535 536 req = wkst.NetrSetPrimaryComputerName() 537 req['ServerName'] = '\x00'*10 538 req['PrimaryName'] = 'FREEFLY\x00' 539 req['DomainAccount'] = NULL 540 req['EncryptedPassword'] = NULL 541 #req.dump() 542 try: 543 resp2 = dce.request(req) 544 resp2.dump() 545 except Exception as e: 546 if str(e).find('ERROR_NOT_SUPPORTED') < 0: 547 if str(e).find('ERROR_INVALID_PARAMETER') < 0: 548 raise 549 550 def test_hNetrSetPrimaryComputerName(self): 551 dce, rpctransport = self.connect() 552 553 try: 554 resp2 = wkst.hNetrSetPrimaryComputerName(dce,'FREEFLY\x00', NULL, NULL ) 555 resp2.dump() 556 except Exception as e: 557 if str(e).find('ERROR_NOT_SUPPORTED') < 0: 558 if str(e).find('ERROR_INVALID_PARAMETER') < 0: 559 raise 560 561 def test_NetrEnumerateComputerNames(self): 562 dce, rpctransport = self.connect() 563 564 req = wkst.NetrEnumerateComputerNames() 565 req['ServerName'] = '\x00'*10 566 req['NameType'] = wkst.NET_COMPUTER_NAME_TYPE.NetAllComputerNames 567 #req.dump() 568 try: 569 resp2 = dce.request(req) 570 resp2.dump() 571 except Exception as e: 572 if str(e).find('ERROR_NOT_SUPPORTED') < 0: 573 raise 574 575 def test_hNetrEnumerateComputerNames(self): 576 dce, rpctransport = self.connect() 577 578 try: 579 resp2 = wkst.hNetrEnumerateComputerNames(dce,wkst.NET_COMPUTER_NAME_TYPE.NetAllComputerNames) 580 resp2.dump() 581 except Exception as e: 582 if str(e).find('ERROR_NOT_SUPPORTED') < 0: 583 raise 584 585 586 class SMBTransport(WKSTTests): 587 def setUp(self): 588 WKSTTests.setUp(self) 589 configFile = ConfigParser.ConfigParser() 590 configFile.read('dcetests.cfg') 591 self.username = configFile.get('SMBTransport', 'username') 592 self.domain = configFile.get('SMBTransport', 'domain') 593 self.serverName = configFile.get('SMBTransport', 'servername') 594 self.password = configFile.get('SMBTransport', 'password') 595 self.machine = configFile.get('SMBTransport', 'machine') 596 self.hashes = configFile.get('SMBTransport', 'hashes') 597 self.stringBinding = r'ncacn_np:%s[\PIPE\wkssvc]' % self.machine 598 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 599 600 class SMBTransport64(WKSTTests): 601 def setUp(self): 602 WKSTTests.setUp(self) 603 configFile = ConfigParser.ConfigParser() 604 configFile.read('dcetests.cfg') 605 self.username = configFile.get('SMBTransport', 'username') 606 self.domain = configFile.get('SMBTransport', 'domain') 607 self.serverName = configFile.get('SMBTransport', 'servername') 608 self.password = configFile.get('SMBTransport', 'password') 609 self.machine = configFile.get('SMBTransport', 'machine') 610 self.hashes = configFile.get('SMBTransport', 'hashes') 611 self.stringBinding = r'ncacn_np:%s[\PIPE\wkssvc]' % self.machine 612 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 613 614 # Process command-line arguments. 615 if __name__ == '__main__': 616 import sys 617 if len(sys.argv) > 1: 618 testcase = sys.argv[1] 619 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 620 else: 621 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 622 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 623 unittest.TextTestRunner(verbosity=1).run(suite)