home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2007 January, February, March & April
/
Chip-Cover-CD-2007-02.iso
/
Pakiet bezpieczenstwa
/
mini Pentoo LiveCD 2006.1
/
mpentoo-2006.1.iso
/
livecd.squashfs
/
usr
/
lib
/
python2.4
/
site-packages
/
impacket
/
dcerpc
/
dcom.py
< prev
next >
Wrap
Text File
|
2006-05-23
|
6KB
|
175 lines
# Copyright (c) 2003-2006 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# $Id: dcom.py,v 1.5 2006/05/23 21:19:26 gera Exp $
#
import array
from impacket import ImpactPacket
import dcerpc
import ndrutils
from struct import *
MSRPC_UUID_REMOTE_ACTIVATION ='\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57\x00\x00\x00\x00'
MSRPC_UUID_SYSTEM_ACTIVATOR = '\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00'
class ORPCTHIS:
__SIZE = 32
def __init__(self,data=0):
self._version_hi = 5
self._version_low = 6
self._flags = 1
self._reserved1 = 0
self._cid = '\xf1\x59\xeb\x61\xfb\x1e\xd1\x11\xbc\xd9\x00\x60\x97\x92\xd2\x6c'
self._extensions = '\x60\x5e\x0d\x00'
def set_version(self, mayor, minor):
self._version_hi = mayor
self._version_low = minor
def set_cid(self, uuid):
self._cid = uuid
def rawData(self):
return pack('<HHLL', self._version_hi, self._version_low, self._flags, self._reserved1) + self._cid + self._extensions
class UnknownOpnum3RequestHeader(ImpactPacket.Header):
OP_NUM = 3
__SIZE = 48
def __init__(self, aBuffer = None):
ImpactPacket.Header.__init__(self, UnknownOpnum3RequestHeader.__SIZE)
## self.parent().set_callid(19)
self.set_bytes_from_string('\x05\x00\x06\x01\x00\x00\x00\x00' + '\x31'*32 + '\x00'*8)
if aBuffer: self.load_header(aBuffer)
def get_header_size(self):
return UnknownOpnum3RequestHeader.__SIZE
class UnknownOpnum4RequestHeader(ImpactPacket.Header):
OP_NUM = 4
__SIZE = 48
def __init__(self, aBuffer = None):
ImpactPacket.Header.__init__(self, UnknownOpnum4RequestHeader.__SIZE)
## self.parent().set_callid(19)
## self.set_bytes(self, '\x05\x00\x06\x01\x00\x00\x00\x00' + '\x31'*32 + '\x00'*8)
self.get_bytes()[:32] = array.array('B', ORPCTHIS().rawData())
self.set_cls_binuuid('\x01\x00\x00\x00\x00\x00\x00\x00\x70\x5e\x0d\x00\x02\x00\x00\x00')
if aBuffer: self.load_header(aBuffer)
def get_c_binuuid(self):
return self.get_bytes().tolist()[12:12+16]
def set_c_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[12:12+16] = array.array('B', binuuid)
def get_cls_binuuid(self):
return self.get_bytes().tolist()[32:32+16]
def set_cls_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[32:32+16] = array.array('B', binuuid)
def get_header_size(self):
return UnknownOpnum4RequestHeader.__SIZE
class RemoteActivationRequestHeader(ImpactPacket.Header):
OP_NUM = 0
__SIZE = 124
def __init__(self, aBuffer = None):
ImpactPacket.Header.__init__(self, UnknownOpnum4RequestHeader.__SIZE)
self.get_bytes()[:32] = array.array('B', ORPCTHIS().rawData())
self.set_cls_binuuid('\xbe\x1d\x8d\x47\xff\xd6\xe1\x4c\xac\x54\xaa\xd5\x4e\xf3\x45\xd3')
self.set_client_implementation_level(2)
self.set_interfaces_num(1)
self.get_bytes()[68:76] = array.array('B', '\x80\x3f\x15\x00\x01\x00\x00\x00')
self.set_pi_binuuid('\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46')
self.get_bytes()[92:124] = array.array('B', '\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x64\x00\x04\x00\x69\x00\x01\x00\x00\x00\x87\x03\xb2\xd6\x99\xee\xac\x65\xc7\x53\x81\xa4')
if aBuffer: self.load_header(aBuffer)
def get_c_binuuid(self):
return self.get_bytes().tolist()[12:12+16]
def set_c_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[12:12+16] = array.array('B', binuuid)
def get_cls_binuuid(self):
return self.get_bytes().tolist()[32:32+16]
def set_cls_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[32:32+16] = array.array('B', binuuid)
def get_object_name_len(self):
return self.get_word(48, '<')
def set_object_name_len(self, len):
self.set_word(48, len, '<')
def get_object_storage(self):
return self.get_word(52, '<')
def set_object_storage(self, storage):
self.set_word(52, storage, '<')
def get_client_implementation_level(self):
return self.get_long(56, '<')
def set_client_implementation_level(self, level):
self.set_long(56, level, '<')
def get_mode(self):
return self.get_long(60, '<')
def set_mode(self, mode):
self.set_long(60, mode, '<')
def get_interfaces_num(self):
return self.get_long(64, '<')
def set_interfaces_num(self, num):
self.set_long(64, num, '<')
def get_pi_binuuid(self):
return self.get_bytes().tolist()[76:76+16]
def set_pi_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[76:76+16] = array.array('B', binuuid)
def get_header_size(self):
return UnknownOpnum4RequestHeader.__SIZE
class DCERPCDcom:
def __init__(self, dcerpc):
self._dcerpc = dcerpc
def test(self):
request = RemoteActivationRequestHeader()
self._dcerpc.send(request)
data = self._dcerpc.recv()
return data
def test2(self):
request = UnknownOpnum3RequestHeader()
self._dcerpc.send(request)
def test_lsd(self):
request = UnknownOpnum4RequestHeader()
self._dcerpc.send(request)
