coercer.utils.RPCProtocol
1#!/usr/bin/env python3 2# -*- coding: utf-8 -*- 3# File name : RPCProtocol.py 4# Author : Podalirius (@podalirius_) 5# Date created : 6 Jul 2022 6 7 8import sys 9from impacket import system_errors 10from impacket.dcerpc.v5 import transport 11from impacket.dcerpc.v5.rpcrt import DCERPCException 12from impacket.uuid import uuidtup_to_bin 13 14 15class DCERPCSessionError(DCERPCException): 16 def __init__(self, error_string=None, error_code=None, packet=None): 17 DCERPCException.__init__(self, error_string, error_code, packet) 18 19 def __str__(self): 20 key = self.error_code 21 if key in system_errors.ERROR_MESSAGES: 22 error_msg_short = system_errors.ERROR_MESSAGES[key][0] 23 error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] 24 return '[!] SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 25 else: 26 return '[!] SessionError: unknown error code: 0x%x' % self.error_code 27 28 29class RPCProtocol(object): 30 """ 31 Documentation for class RPCProtocol 32 """ 33 34 uuid = None 35 version = None 36 37 auth_type = None 38 auth_level = None 39 pipe = None 40 41 available_pipes = [] 42 43 webdav_host = None 44 webdav_port = None 45 46 ncan_target = None 47 __rpctransport = None 48 dce = None 49 verbose = False 50 debug = False 51 52 def __init__(self, verbose=False): 53 super(RPCProtocol, self).__init__() 54 self.verbose = verbose 55 56 def connect(self, username, password, domain, lmhash, nthash, target, dcHost, doKerberos=False, targetIp=None): 57 self.ncan_target = r'ncacn_np:%s[%s]' % (target, self.pipe) 58 self.__rpctransport = transport.DCERPCTransportFactory(self.ncan_target) 59 60 self.auth_username = username 61 self.auth_password = password 62 self.auth_domain = domain 63 self.target = target 64 self.auth_lmhash = lmhash 65 self.auth_nthash = nthash 66 67 if hasattr(self.__rpctransport, 'set_credentials'): 68 self.__rpctransport.set_credentials( 69 username=username, 70 password=password, 71 domain=domain, 72 lmhash=lmhash, 73 nthash=nthash 74 ) 75 76 if doKerberos: 77 self.__rpctransport.set_kerberos(doKerberos, kdcHost=dcHost) 78 if targetIp is not None: 79 self.__rpctransport.setRemoteHost(targetIp) 80 81 self.dce = self.__rpctransport.get_dce_rpc() 82 if self.auth_type is not None: 83 self.dce.set_auth_type(self.auth_type) 84 if self.auth_level is not None: 85 self.dce.set_auth_level(self.auth_level) 86 87 if self.verbose: 88 print(" [>] Connecting to %s ... " % self.ncan_target, end="") 89 sys.stdout.flush() 90 try: 91 self.dce.connect() 92 except Exception as e: 93 if self.verbose: 94 print("\x1b[1;91mfail\x1b[0m") 95 print(" [!] Something went wrong, check error status => %s" % str(e)) 96 return False 97 else: 98 if self.verbose: 99 print("\x1b[1;92msuccess\x1b[0m") 100 101 if self.verbose: 102 print(" [>] Binding to <uuid='%s', version='%s'> ... " % (self.uuid, self.version), end="") 103 sys.stdout.flush() 104 try: 105 self.dce.bind(uuidtup_to_bin((self.uuid, self.version))) 106 except Exception as e: 107 if self.verbose: 108 print("\x1b[1;91mfail\x1b[0m") 109 print(" [!] Something went wrong, check error status => %s" % str(e)) 110 return False 111 else: 112 if self.verbose: 113 print("\x1b[1;92msuccess\x1b[0m") 114 115 return True 116 117 @classmethod 118 def list_coerce_methods(cls): 119 return [] 120 121 def perform_coerce_calls(self, listener): 122 pass 123 124 def analyze_coerce_calls(self, listener): 125 pass
class
DCERPCSessionError(impacket.dcerpc.v5.rpcrt.DCERPCException):
16class DCERPCSessionError(DCERPCException): 17 def __init__(self, error_string=None, error_code=None, packet=None): 18 DCERPCException.__init__(self, error_string, error_code, packet) 19 20 def __str__(self): 21 key = self.error_code 22 if key in system_errors.ERROR_MESSAGES: 23 error_msg_short = system_errors.ERROR_MESSAGES[key][0] 24 error_msg_verbose = system_errors.ERROR_MESSAGES[key][1] 25 return '[!] SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) 26 else: 27 return '[!] SessionError: unknown error code: 0x%x' % self.error_code
This is the exception every client should catch regardless of the underlying DCERPC Transport used.
DCERPCSessionError(error_string=None, error_code=None, packet=None)
17 def __init__(self, error_string=None, error_code=None, packet=None): 18 DCERPCException.__init__(self, error_string, error_code, packet)
:param string error_string: A string you want to show explaining the exception. Otherwise the default ones will be used :param integer error_code: the error_code if we're using a dictionary with error's descriptions :param NDR packet: if successfully decoded, the NDR packet of the response call. This could probably have useful information
Inherited Members
- impacket.dcerpc.v5.rpcrt.DCERPCException
- get_error_code
- get_packet
- builtins.BaseException
- with_traceback
class
RPCProtocol:
30class RPCProtocol(object): 31 """ 32 Documentation for class RPCProtocol 33 """ 34 35 uuid = None 36 version = None 37 38 auth_type = None 39 auth_level = None 40 pipe = None 41 42 available_pipes = [] 43 44 webdav_host = None 45 webdav_port = None 46 47 ncan_target = None 48 __rpctransport = None 49 dce = None 50 verbose = False 51 debug = False 52 53 def __init__(self, verbose=False): 54 super(RPCProtocol, self).__init__() 55 self.verbose = verbose 56 57 def connect(self, username, password, domain, lmhash, nthash, target, dcHost, doKerberos=False, targetIp=None): 58 self.ncan_target = r'ncacn_np:%s[%s]' % (target, self.pipe) 59 self.__rpctransport = transport.DCERPCTransportFactory(self.ncan_target) 60 61 self.auth_username = username 62 self.auth_password = password 63 self.auth_domain = domain 64 self.target = target 65 self.auth_lmhash = lmhash 66 self.auth_nthash = nthash 67 68 if hasattr(self.__rpctransport, 'set_credentials'): 69 self.__rpctransport.set_credentials( 70 username=username, 71 password=password, 72 domain=domain, 73 lmhash=lmhash, 74 nthash=nthash 75 ) 76 77 if doKerberos: 78 self.__rpctransport.set_kerberos(doKerberos, kdcHost=dcHost) 79 if targetIp is not None: 80 self.__rpctransport.setRemoteHost(targetIp) 81 82 self.dce = self.__rpctransport.get_dce_rpc() 83 if self.auth_type is not None: 84 self.dce.set_auth_type(self.auth_type) 85 if self.auth_level is not None: 86 self.dce.set_auth_level(self.auth_level) 87 88 if self.verbose: 89 print(" [>] Connecting to %s ... " % self.ncan_target, end="") 90 sys.stdout.flush() 91 try: 92 self.dce.connect() 93 except Exception as e: 94 if self.verbose: 95 print("\x1b[1;91mfail\x1b[0m") 96 print(" [!] Something went wrong, check error status => %s" % str(e)) 97 return False 98 else: 99 if self.verbose: 100 print("\x1b[1;92msuccess\x1b[0m") 101 102 if self.verbose: 103 print(" [>] Binding to <uuid='%s', version='%s'> ... " % (self.uuid, self.version), end="") 104 sys.stdout.flush() 105 try: 106 self.dce.bind(uuidtup_to_bin((self.uuid, self.version))) 107 except Exception as e: 108 if self.verbose: 109 print("\x1b[1;91mfail\x1b[0m") 110 print(" [!] Something went wrong, check error status => %s" % str(e)) 111 return False 112 else: 113 if self.verbose: 114 print("\x1b[1;92msuccess\x1b[0m") 115 116 return True 117 118 @classmethod 119 def list_coerce_methods(cls): 120 return [] 121 122 def perform_coerce_calls(self, listener): 123 pass 124 125 def analyze_coerce_calls(self, listener): 126 pass
Documentation for class RPCProtocol
def
connect( self, username, password, domain, lmhash, nthash, target, dcHost, doKerberos=False, targetIp=None):
57 def connect(self, username, password, domain, lmhash, nthash, target, dcHost, doKerberos=False, targetIp=None): 58 self.ncan_target = r'ncacn_np:%s[%s]' % (target, self.pipe) 59 self.__rpctransport = transport.DCERPCTransportFactory(self.ncan_target) 60 61 self.auth_username = username 62 self.auth_password = password 63 self.auth_domain = domain 64 self.target = target 65 self.auth_lmhash = lmhash 66 self.auth_nthash = nthash 67 68 if hasattr(self.__rpctransport, 'set_credentials'): 69 self.__rpctransport.set_credentials( 70 username=username, 71 password=password, 72 domain=domain, 73 lmhash=lmhash, 74 nthash=nthash 75 ) 76 77 if doKerberos: 78 self.__rpctransport.set_kerberos(doKerberos, kdcHost=dcHost) 79 if targetIp is not None: 80 self.__rpctransport.setRemoteHost(targetIp) 81 82 self.dce = self.__rpctransport.get_dce_rpc() 83 if self.auth_type is not None: 84 self.dce.set_auth_type(self.auth_type) 85 if self.auth_level is not None: 86 self.dce.set_auth_level(self.auth_level) 87 88 if self.verbose: 89 print(" [>] Connecting to %s ... " % self.ncan_target, end="") 90 sys.stdout.flush() 91 try: 92 self.dce.connect() 93 except Exception as e: 94 if self.verbose: 95 print("\x1b[1;91mfail\x1b[0m") 96 print(" [!] Something went wrong, check error status => %s" % str(e)) 97 return False 98 else: 99 if self.verbose: 100 print("\x1b[1;92msuccess\x1b[0m") 101 102 if self.verbose: 103 print(" [>] Binding to <uuid='%s', version='%s'> ... " % (self.uuid, self.version), end="") 104 sys.stdout.flush() 105 try: 106 self.dce.bind(uuidtup_to_bin((self.uuid, self.version))) 107 except Exception as e: 108 if self.verbose: 109 print("\x1b[1;91mfail\x1b[0m") 110 print(" [!] Something went wrong, check error status => %s" % str(e)) 111 return False 112 else: 113 if self.verbose: 114 print("\x1b[1;92msuccess\x1b[0m") 115 116 return True