coercer.network.DCERPCSession

  1#!/usr/bin/env python3
  2# -*- coding: utf-8 -*-
  3# File name          : DCERPCSession.py
  4# Author             : Podalirius (@podalirius_)
  5# Date created       : 15 Sep 2022
  6
  7import sys
  8from impacket.dcerpc.v5 import transport
  9from impacket.uuid import uuidtup_to_bin
 10from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_WINNT, RPC_C_AUTHN_LEVEL_PKT_PRIVACY
 11
 12
 13class DCERPCSession(object):
 14    """
 15    Documentation for class DCERPCSession
 16    """
 17
 18    __rpctransport = None
 19    session = None
 20    target = None
 21
 22    def __init__(self, credentials, verbose=False):
 23        super(DCERPCSession, self).__init__()
 24        self.__verbose = True
 25        self.credentials = credentials
 26
 27    def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False):
 28        self.target = target
 29        ncacn_ip_tcp = r'ncacn_ip_tcp:%s[%d]' % (target, port)
 30        self.__rpctransport = transport.DCERPCTransportFactory(ncacn_ip_tcp)
 31        self.session = self.__rpctransport.get_dce_rpc()
 32        self.session.set_credentials(self.credentials.username, self.credentials.password, self.credentials.domain, self.credentials.lmhash, self.credentials.nthash, None)
 33        self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
 34        
 35        if debug:
 36            print("   [>] Connecting to %s ... " % ncacn_ip_tcp, end="")
 37            sys.stdout.flush()
 38        try:
 39            self.session.connect()
 40        except Exception as e:
 41            if debug:
 42                print("\x1b[1;91mfail\x1b[0m")
 43                print("      [!] Something went wrong, check error status => %s" % str(e))
 44            return None
 45        else:
 46            if debug:
 47                print("\x1b[1;92msuccess\x1b[0m")
 48        return self.session
 49
 50    def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False):
 51        """
 52
 53        """
 54        self.target = target
 55        ncan_target = r'ncacn_np:%s[%s]' % (target, pipe)
 56        self.__rpctransport = transport.DCERPCTransportFactory(ncan_target)
 57
 58        debug = False
 59
 60        if hasattr(self.__rpctransport, 'set_credentials'):
 61            self.__rpctransport.set_credentials(
 62                username=self.credentials.username,
 63                password=self.credentials.password,
 64                domain=self.credentials.domain,
 65                lmhash=self.credentials.lmhash,
 66                nthash=self.credentials.nthash
 67            )
 68
 69        if self.credentials.doKerberos == True:
 70            self.__rpctransport.set_kerberos(self.credentials.doKerberos, kdcHost=self.credentials.kdcHost)
 71        if targetIp is not None:
 72            self.__rpctransport.setRemoteHost(targetIp)
 73
 74        self.session = self.__rpctransport.get_dce_rpc()
 75        self.session.set_auth_type(RPC_C_AUTHN_WINNT)
 76        self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
 77
 78        # Connecting to named pipe
 79        if debug:
 80            print("   [>] Connecting to %s ... " % ncan_target, end="")
 81            sys.stdout.flush()
 82        try:
 83            self.session.connect()
 84        except Exception as e:
 85            if debug:
 86                print("\x1b[1;91mfail\x1b[0m")
 87                print("      [!] Something went wrong, check error status => %s" % str(e))
 88            return None
 89        else:
 90            if debug:
 91                print("\x1b[1;92msuccess\x1b[0m")
 92        return self.session
 93
 94    def bind(self, interface_uuid, interface_version, debug=False):
 95        """
 96
 97        """
 98        # Binding to interface
 99        if debug:
100            print("   [>] Binding to interface <uuid='%s', version='%s'> ... " % (interface_uuid, interface_version), end="")
101            sys.stdout.flush()
102        try:
103            self.session.bind(uuidtup_to_bin((interface_uuid, interface_version)))
104        except Exception as e:
105            if debug:
106                print("\x1b[1;91mfail\x1b[0m")
107                print("      [!] Something went wrong, check error status => %s" % str(e))
108            return False
109        else:
110            if debug:
111                print("\x1b[1;92msuccess\x1b[0m")
112        return True
113
114    def set_verbose(self, value):
115        """
116        set_verbose(value)
117
118        Sets the current verbosity level
119        """
120        self.__verbose = value
121
122    def get_verbose(self):
123        """
124        get_verbose()
125
126        Gets the current verbosity level
127        """
128        return self.__verbose
class DCERPCSession:
 14class DCERPCSession(object):
 15    """
 16    Documentation for class DCERPCSession
 17    """
 18
 19    __rpctransport = None
 20    session = None
 21    target = None
 22
 23    def __init__(self, credentials, verbose=False):
 24        super(DCERPCSession, self).__init__()
 25        self.__verbose = True
 26        self.credentials = credentials
 27
 28    def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False):
 29        self.target = target
 30        ncacn_ip_tcp = r'ncacn_ip_tcp:%s[%d]' % (target, port)
 31        self.__rpctransport = transport.DCERPCTransportFactory(ncacn_ip_tcp)
 32        self.session = self.__rpctransport.get_dce_rpc()
 33        self.session.set_credentials(self.credentials.username, self.credentials.password, self.credentials.domain, self.credentials.lmhash, self.credentials.nthash, None)
 34        self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
 35        
 36        if debug:
 37            print("   [>] Connecting to %s ... " % ncacn_ip_tcp, end="")
 38            sys.stdout.flush()
 39        try:
 40            self.session.connect()
 41        except Exception as e:
 42            if debug:
 43                print("\x1b[1;91mfail\x1b[0m")
 44                print("      [!] Something went wrong, check error status => %s" % str(e))
 45            return None
 46        else:
 47            if debug:
 48                print("\x1b[1;92msuccess\x1b[0m")
 49        return self.session
 50
 51    def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False):
 52        """
 53
 54        """
 55        self.target = target
 56        ncan_target = r'ncacn_np:%s[%s]' % (target, pipe)
 57        self.__rpctransport = transport.DCERPCTransportFactory(ncan_target)
 58
 59        debug = False
 60
 61        if hasattr(self.__rpctransport, 'set_credentials'):
 62            self.__rpctransport.set_credentials(
 63                username=self.credentials.username,
 64                password=self.credentials.password,
 65                domain=self.credentials.domain,
 66                lmhash=self.credentials.lmhash,
 67                nthash=self.credentials.nthash
 68            )
 69
 70        if self.credentials.doKerberos == True:
 71            self.__rpctransport.set_kerberos(self.credentials.doKerberos, kdcHost=self.credentials.kdcHost)
 72        if targetIp is not None:
 73            self.__rpctransport.setRemoteHost(targetIp)
 74
 75        self.session = self.__rpctransport.get_dce_rpc()
 76        self.session.set_auth_type(RPC_C_AUTHN_WINNT)
 77        self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
 78
 79        # Connecting to named pipe
 80        if debug:
 81            print("   [>] Connecting to %s ... " % ncan_target, end="")
 82            sys.stdout.flush()
 83        try:
 84            self.session.connect()
 85        except Exception as e:
 86            if debug:
 87                print("\x1b[1;91mfail\x1b[0m")
 88                print("      [!] Something went wrong, check error status => %s" % str(e))
 89            return None
 90        else:
 91            if debug:
 92                print("\x1b[1;92msuccess\x1b[0m")
 93        return self.session
 94
 95    def bind(self, interface_uuid, interface_version, debug=False):
 96        """
 97
 98        """
 99        # Binding to interface
100        if debug:
101            print("   [>] Binding to interface <uuid='%s', version='%s'> ... " % (interface_uuid, interface_version), end="")
102            sys.stdout.flush()
103        try:
104            self.session.bind(uuidtup_to_bin((interface_uuid, interface_version)))
105        except Exception as e:
106            if debug:
107                print("\x1b[1;91mfail\x1b[0m")
108                print("      [!] Something went wrong, check error status => %s" % str(e))
109            return False
110        else:
111            if debug:
112                print("\x1b[1;92msuccess\x1b[0m")
113        return True
114
115    def set_verbose(self, value):
116        """
117        set_verbose(value)
118
119        Sets the current verbosity level
120        """
121        self.__verbose = value
122
123    def get_verbose(self):
124        """
125        get_verbose()
126
127        Gets the current verbosity level
128        """
129        return self.__verbose

Documentation for class DCERPCSession

DCERPCSession(credentials, verbose=False)
23    def __init__(self, credentials, verbose=False):
24        super(DCERPCSession, self).__init__()
25        self.__verbose = True
26        self.credentials = credentials
session = None
target = None
credentials
def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False):
28    def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False):
29        self.target = target
30        ncacn_ip_tcp = r'ncacn_ip_tcp:%s[%d]' % (target, port)
31        self.__rpctransport = transport.DCERPCTransportFactory(ncacn_ip_tcp)
32        self.session = self.__rpctransport.get_dce_rpc()
33        self.session.set_credentials(self.credentials.username, self.credentials.password, self.credentials.domain, self.credentials.lmhash, self.credentials.nthash, None)
34        self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
35        
36        if debug:
37            print("   [>] Connecting to %s ... " % ncacn_ip_tcp, end="")
38            sys.stdout.flush()
39        try:
40            self.session.connect()
41        except Exception as e:
42            if debug:
43                print("\x1b[1;91mfail\x1b[0m")
44                print("      [!] Something went wrong, check error status => %s" % str(e))
45            return None
46        else:
47            if debug:
48                print("\x1b[1;92msuccess\x1b[0m")
49        return self.session
def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False):
51    def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False):
52        """
53
54        """
55        self.target = target
56        ncan_target = r'ncacn_np:%s[%s]' % (target, pipe)
57        self.__rpctransport = transport.DCERPCTransportFactory(ncan_target)
58
59        debug = False
60
61        if hasattr(self.__rpctransport, 'set_credentials'):
62            self.__rpctransport.set_credentials(
63                username=self.credentials.username,
64                password=self.credentials.password,
65                domain=self.credentials.domain,
66                lmhash=self.credentials.lmhash,
67                nthash=self.credentials.nthash
68            )
69
70        if self.credentials.doKerberos == True:
71            self.__rpctransport.set_kerberos(self.credentials.doKerberos, kdcHost=self.credentials.kdcHost)
72        if targetIp is not None:
73            self.__rpctransport.setRemoteHost(targetIp)
74
75        self.session = self.__rpctransport.get_dce_rpc()
76        self.session.set_auth_type(RPC_C_AUTHN_WINNT)
77        self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
78
79        # Connecting to named pipe
80        if debug:
81            print("   [>] Connecting to %s ... " % ncan_target, end="")
82            sys.stdout.flush()
83        try:
84            self.session.connect()
85        except Exception as e:
86            if debug:
87                print("\x1b[1;91mfail\x1b[0m")
88                print("      [!] Something went wrong, check error status => %s" % str(e))
89            return None
90        else:
91            if debug:
92                print("\x1b[1;92msuccess\x1b[0m")
93        return self.session
def bind(self, interface_uuid, interface_version, debug=False):
 95    def bind(self, interface_uuid, interface_version, debug=False):
 96        """
 97
 98        """
 99        # Binding to interface
100        if debug:
101            print("   [>] Binding to interface <uuid='%s', version='%s'> ... " % (interface_uuid, interface_version), end="")
102            sys.stdout.flush()
103        try:
104            self.session.bind(uuidtup_to_bin((interface_uuid, interface_version)))
105        except Exception as e:
106            if debug:
107                print("\x1b[1;91mfail\x1b[0m")
108                print("      [!] Something went wrong, check error status => %s" % str(e))
109            return False
110        else:
111            if debug:
112                print("\x1b[1;92msuccess\x1b[0m")
113        return True
def set_verbose(self, value):
115    def set_verbose(self, value):
116        """
117        set_verbose(value)
118
119        Sets the current verbosity level
120        """
121        self.__verbose = value

set_verbose(value)

Sets the current verbosity level

def get_verbose(self):
123    def get_verbose(self):
124        """
125        get_verbose()
126
127        Gets the current verbosity level
128        """
129        return self.__verbose

get_verbose()

Gets the current verbosity level