coercer.network.DCERPCSession
1#!/usr/bin/env python3 2# -*- coding: utf-8 -*- 3# File name : DCERPCSession.py 4# Author : Podalirius (@podalirius_) 5# Date created : 15 Sep 2022 6 7import sys 8from impacket.dcerpc.v5 import transport 9from impacket.uuid import uuidtup_to_bin 10from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_WINNT, RPC_C_AUTHN_LEVEL_PKT_PRIVACY 11 12 13class DCERPCSession(object): 14 """ 15 Documentation for class DCERPCSession 16 """ 17 18 __rpctransport = None 19 session = None 20 target = None 21 22 def __init__(self, credentials, verbose=False): 23 super(DCERPCSession, self).__init__() 24 self.__verbose = True 25 self.credentials = credentials 26 27 def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False): 28 self.target = target 29 ncacn_ip_tcp = r'ncacn_ip_tcp:%s[%d]' % (target, port) 30 self.__rpctransport = transport.DCERPCTransportFactory(ncacn_ip_tcp) 31 self.session = self.__rpctransport.get_dce_rpc() 32 self.session.set_credentials(self.credentials.username, self.credentials.password, self.credentials.domain, self.credentials.lmhash, self.credentials.nthash, None) 33 self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 34 35 if debug: 36 print(" [>] Connecting to %s ... " % ncacn_ip_tcp, end="") 37 sys.stdout.flush() 38 try: 39 self.session.connect() 40 except Exception as e: 41 if debug: 42 print("\x1b[1;91mfail\x1b[0m") 43 print(" [!] Something went wrong, check error status => %s" % str(e)) 44 return None 45 else: 46 if debug: 47 print("\x1b[1;92msuccess\x1b[0m") 48 return self.session 49 50 def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False): 51 """ 52 53 """ 54 self.target = target 55 ncan_target = r'ncacn_np:%s[%s]' % (target, pipe) 56 self.__rpctransport = transport.DCERPCTransportFactory(ncan_target) 57 58 debug = False 59 60 if hasattr(self.__rpctransport, 'set_credentials'): 61 self.__rpctransport.set_credentials( 62 username=self.credentials.username, 63 password=self.credentials.password, 64 domain=self.credentials.domain, 65 lmhash=self.credentials.lmhash, 66 nthash=self.credentials.nthash 67 ) 68 69 if self.credentials.doKerberos == True: 70 self.__rpctransport.set_kerberos(self.credentials.doKerberos, kdcHost=self.credentials.kdcHost) 71 if targetIp is not None: 72 self.__rpctransport.setRemoteHost(targetIp) 73 74 self.session = self.__rpctransport.get_dce_rpc() 75 self.session.set_auth_type(RPC_C_AUTHN_WINNT) 76 self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 77 78 # Connecting to named pipe 79 if debug: 80 print(" [>] Connecting to %s ... " % ncan_target, end="") 81 sys.stdout.flush() 82 try: 83 self.session.connect() 84 except Exception as e: 85 if debug: 86 print("\x1b[1;91mfail\x1b[0m") 87 print(" [!] Something went wrong, check error status => %s" % str(e)) 88 return None 89 else: 90 if debug: 91 print("\x1b[1;92msuccess\x1b[0m") 92 return self.session 93 94 def bind(self, interface_uuid, interface_version, debug=False): 95 """ 96 97 """ 98 # Binding to interface 99 if debug: 100 print(" [>] Binding to interface <uuid='%s', version='%s'> ... " % (interface_uuid, interface_version), end="") 101 sys.stdout.flush() 102 try: 103 self.session.bind(uuidtup_to_bin((interface_uuid, interface_version))) 104 except Exception as e: 105 if debug: 106 print("\x1b[1;91mfail\x1b[0m") 107 print(" [!] Something went wrong, check error status => %s" % str(e)) 108 return False 109 else: 110 if debug: 111 print("\x1b[1;92msuccess\x1b[0m") 112 return True 113 114 def set_verbose(self, value): 115 """ 116 set_verbose(value) 117 118 Sets the current verbosity level 119 """ 120 self.__verbose = value 121 122 def get_verbose(self): 123 """ 124 get_verbose() 125 126 Gets the current verbosity level 127 """ 128 return self.__verbose
class
DCERPCSession:
14class DCERPCSession(object): 15 """ 16 Documentation for class DCERPCSession 17 """ 18 19 __rpctransport = None 20 session = None 21 target = None 22 23 def __init__(self, credentials, verbose=False): 24 super(DCERPCSession, self).__init__() 25 self.__verbose = True 26 self.credentials = credentials 27 28 def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False): 29 self.target = target 30 ncacn_ip_tcp = r'ncacn_ip_tcp:%s[%d]' % (target, port) 31 self.__rpctransport = transport.DCERPCTransportFactory(ncacn_ip_tcp) 32 self.session = self.__rpctransport.get_dce_rpc() 33 self.session.set_credentials(self.credentials.username, self.credentials.password, self.credentials.domain, self.credentials.lmhash, self.credentials.nthash, None) 34 self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 35 36 if debug: 37 print(" [>] Connecting to %s ... " % ncacn_ip_tcp, end="") 38 sys.stdout.flush() 39 try: 40 self.session.connect() 41 except Exception as e: 42 if debug: 43 print("\x1b[1;91mfail\x1b[0m") 44 print(" [!] Something went wrong, check error status => %s" % str(e)) 45 return None 46 else: 47 if debug: 48 print("\x1b[1;92msuccess\x1b[0m") 49 return self.session 50 51 def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False): 52 """ 53 54 """ 55 self.target = target 56 ncan_target = r'ncacn_np:%s[%s]' % (target, pipe) 57 self.__rpctransport = transport.DCERPCTransportFactory(ncan_target) 58 59 debug = False 60 61 if hasattr(self.__rpctransport, 'set_credentials'): 62 self.__rpctransport.set_credentials( 63 username=self.credentials.username, 64 password=self.credentials.password, 65 domain=self.credentials.domain, 66 lmhash=self.credentials.lmhash, 67 nthash=self.credentials.nthash 68 ) 69 70 if self.credentials.doKerberos == True: 71 self.__rpctransport.set_kerberos(self.credentials.doKerberos, kdcHost=self.credentials.kdcHost) 72 if targetIp is not None: 73 self.__rpctransport.setRemoteHost(targetIp) 74 75 self.session = self.__rpctransport.get_dce_rpc() 76 self.session.set_auth_type(RPC_C_AUTHN_WINNT) 77 self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 78 79 # Connecting to named pipe 80 if debug: 81 print(" [>] Connecting to %s ... " % ncan_target, end="") 82 sys.stdout.flush() 83 try: 84 self.session.connect() 85 except Exception as e: 86 if debug: 87 print("\x1b[1;91mfail\x1b[0m") 88 print(" [!] Something went wrong, check error status => %s" % str(e)) 89 return None 90 else: 91 if debug: 92 print("\x1b[1;92msuccess\x1b[0m") 93 return self.session 94 95 def bind(self, interface_uuid, interface_version, debug=False): 96 """ 97 98 """ 99 # Binding to interface 100 if debug: 101 print(" [>] Binding to interface <uuid='%s', version='%s'> ... " % (interface_uuid, interface_version), end="") 102 sys.stdout.flush() 103 try: 104 self.session.bind(uuidtup_to_bin((interface_uuid, interface_version))) 105 except Exception as e: 106 if debug: 107 print("\x1b[1;91mfail\x1b[0m") 108 print(" [!] Something went wrong, check error status => %s" % str(e)) 109 return False 110 else: 111 if debug: 112 print("\x1b[1;92msuccess\x1b[0m") 113 return True 114 115 def set_verbose(self, value): 116 """ 117 set_verbose(value) 118 119 Sets the current verbosity level 120 """ 121 self.__verbose = value 122 123 def get_verbose(self): 124 """ 125 get_verbose() 126 127 Gets the current verbosity level 128 """ 129 return self.__verbose
Documentation for class DCERPCSession
def
connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False):
28 def connect_ncacn_ip_tcp(self, target, port, targetIp=None, debug=False): 29 self.target = target 30 ncacn_ip_tcp = r'ncacn_ip_tcp:%s[%d]' % (target, port) 31 self.__rpctransport = transport.DCERPCTransportFactory(ncacn_ip_tcp) 32 self.session = self.__rpctransport.get_dce_rpc() 33 self.session.set_credentials(self.credentials.username, self.credentials.password, self.credentials.domain, self.credentials.lmhash, self.credentials.nthash, None) 34 self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 35 36 if debug: 37 print(" [>] Connecting to %s ... " % ncacn_ip_tcp, end="") 38 sys.stdout.flush() 39 try: 40 self.session.connect() 41 except Exception as e: 42 if debug: 43 print("\x1b[1;91mfail\x1b[0m") 44 print(" [!] Something went wrong, check error status => %s" % str(e)) 45 return None 46 else: 47 if debug: 48 print("\x1b[1;92msuccess\x1b[0m") 49 return self.session
def
connect_ncacn_np(self, target, pipe, targetIp=None, debug=False):
51 def connect_ncacn_np(self, target, pipe, targetIp=None, debug=False): 52 """ 53 54 """ 55 self.target = target 56 ncan_target = r'ncacn_np:%s[%s]' % (target, pipe) 57 self.__rpctransport = transport.DCERPCTransportFactory(ncan_target) 58 59 debug = False 60 61 if hasattr(self.__rpctransport, 'set_credentials'): 62 self.__rpctransport.set_credentials( 63 username=self.credentials.username, 64 password=self.credentials.password, 65 domain=self.credentials.domain, 66 lmhash=self.credentials.lmhash, 67 nthash=self.credentials.nthash 68 ) 69 70 if self.credentials.doKerberos == True: 71 self.__rpctransport.set_kerberos(self.credentials.doKerberos, kdcHost=self.credentials.kdcHost) 72 if targetIp is not None: 73 self.__rpctransport.setRemoteHost(targetIp) 74 75 self.session = self.__rpctransport.get_dce_rpc() 76 self.session.set_auth_type(RPC_C_AUTHN_WINNT) 77 self.session.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY) 78 79 # Connecting to named pipe 80 if debug: 81 print(" [>] Connecting to %s ... " % ncan_target, end="") 82 sys.stdout.flush() 83 try: 84 self.session.connect() 85 except Exception as e: 86 if debug: 87 print("\x1b[1;91mfail\x1b[0m") 88 print(" [!] Something went wrong, check error status => %s" % str(e)) 89 return None 90 else: 91 if debug: 92 print("\x1b[1;92msuccess\x1b[0m") 93 return self.session
def
bind(self, interface_uuid, interface_version, debug=False):
95 def bind(self, interface_uuid, interface_version, debug=False): 96 """ 97 98 """ 99 # Binding to interface 100 if debug: 101 print(" [>] Binding to interface <uuid='%s', version='%s'> ... " % (interface_uuid, interface_version), end="") 102 sys.stdout.flush() 103 try: 104 self.session.bind(uuidtup_to_bin((interface_uuid, interface_version))) 105 except Exception as e: 106 if debug: 107 print("\x1b[1;91mfail\x1b[0m") 108 print(" [!] Something went wrong, check error status => %s" % str(e)) 109 return False 110 else: 111 if debug: 112 print("\x1b[1;92msuccess\x1b[0m") 113 return True