1############################################################################### 2# Tested so far: 3# 4# SamrConnect5 5# SamrConnect4 6# SamrConnect2 7# SamrConnect 8# SamrOpenDomain 9# SamrOpenGroup 10# SamrOpenAlias 11# SamrOpenUser 12# SamrEnumerateDomainsInSamServer 13# SamrEnumerateGroupsInDomain 14# SamrEnumerateAliasesInDomain 15# SamrEnumerateUsersInDomain 16# SamrLookupDomainInSamServer 17# SamrLookupNamesInDomain 18# SamrLookupIdsInDomain 19# SamrGetGroupsForUser 20# SamrQueryDisplayInformation3 21# SamrQueryDisplayInformation2 22# SamrQueryDisplayInformation 23# SamrGetDisplayEnumerationIndex2 24# SamrGetDisplayEnumerationIndex 25# SamrCreateGroupInDomain 26# SamrCreateAliasInDomain 27# SamrCreateUser2InDomain 28# SamrCreateUserInDomain 29# SamrQueryInformationDomain2 30# SamrQueryInformationDomain 31# SamrQueryInformationGroup 32# SamrQueryInformationAlias 33# SamrQueryInformationUser2 34# SamrQueryInformationUser 35# SamrDeleteUser 36# SamrDeleteAlias 37# SamrDeleteGroup 38# SamrAddMemberToGroup 39# SamrRemoveMemberFromGroup 40# SamrGetMembersInGroup 41# SamrGetMembersInAlias 42# SamrAddMemberToAlias 43# SamrRemoveMemberFromAlias 44# SamrAddMultipleMembersToAlias 45# SamrRemoveMultipleMembersFromAlias 46# SamrRemoveMemberFromForeignDomain 47# SamrGetAliasMembership 48# SamrCloseHandle 49# SamrSetMemberAttributesOfGroup 50# SamrGetUserDomainPasswordInformation 51# SamrGetDomainPasswordInformation 52# SamrRidToSid 53# SamrSetDSRMPassword 54# SamrValidatePassword 55# SamrQuerySecurityObject 56# SamrSetSecurityObject 57# SamrSetInformationDomain 58# SamrSetInformationGroup 59# SamrSetInformationAlias 60# SamrSetInformationUser2 61# SamrChangePasswordUser 62# SamrOemChangePasswordUser2 63# SamrUnicodeChangePasswordUser2 64# hSamrConnect5 65# hSamrConnect4 66# hSamrConnect2 67# hSamrConnect 68# hSamrOpenDomain 69# hSamrOpenGroup 70# hSamrOpenAlias 71# hSamrOpenUser 72# hSamrEnumerateDomainsInSamServer 73# hSamrEnumerateGroupsInDomain 74# hSamrEnumerateAliasesInDomain 75# hSamrEnumerateUsersInDomain 76# hSamrQueryDisplayInformation3 77# hSamrQueryDisplayInformation2 78# hSamrQueryDisplayInformation 79# hSamrGetDisplayEnumerationIndex2 80# hSamrGetDisplayEnumerationIndex 81# hSamrCreateGroupInDomain 82# hSamrCreateAliasInDomain 83# hSamrCreateUser2InDomain 84# hSamrCreateUserInDomain 85# hSamrQueryInformationDomain2 86# hSamrQueryInformationDomain 87# hSamrQueryInformationGroup 88# hSamrQueryInformationAlias 89# SamrQueryInformationUser2 90# hSamrSetInformationDomain 91# hSamrSetInformationGroup 92# hSamrSetInformationAlias 93# hSamrSetInformationUser2 94# hSamrDeleteGroup 95# hSamrDeleteAlias 96# hSamrDeleteUser 97# hSamrAddMemberToGroup 98# hSamrRemoveMemberFromGroup 99# hSamrGetMembersInGroup 100# hSamrAddMemberToAlias 101# hSamrRemoveMemberFromAlias 102# hSamrGetMembersInAlias 103# hSamrRemoveMemberFromForeignDomain 104# hSamrAddMultipleMembersToAlias 105# hSamrRemoveMultipleMembersFromAlias 106# hSamrGetGroupsForUser 107# hSamrGetAliasMembership 108# hSamrChangePasswordUser 109# hSamrUnicodeChangePasswordUser2 110# hSamrLookupDomainInSamServer 111# hSamrSetSecurityObject 112# hSamrQuerySecurityObject 113# hSamrCloseHandle 114# hSamrGetUserDomainPasswordInformation 115# hSamrGetDomainPasswordInformation 116# hSamrRidToSid 117# hSamrValidatePassword 118# hSamrLookupNamesInDomain 119# hSamrLookupIdsInDomain 120# 121# ToDo: 122# 123# Shouldn't dump errors against a win7 124################################################################################ 125 126import unittest 127import ConfigParser 128import string 129import random 130 131from impacket.dcerpc.v5 import transport 132from impacket.dcerpc.v5 import samr, epm 133from impacket.dcerpc.v5 import dtypes 134from impacket import nt_errors, ntlm 135from impacket.dcerpc.v5.ndr import NULL 136 137 138class SAMRTests(unittest.TestCase): 139 def connect(self): 140 rpctransport = transport.DCERPCTransportFactory(self.stringBinding) 141 #rpctransport.set_dport(self.dport) 142 if len(self.hashes) > 0: 143 lmhash, nthash = self.hashes.split(':') 144 else: 145 lmhash = '' 146 nthash = '' 147 if hasattr(rpctransport, 'set_credentials'): 148 # This method exists only for selected protocol sequences. 149 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 150 dce = rpctransport.get_dce_rpc() 151 dce.connect() 152 #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) 153 dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) 154 dce.bind(samr.MSRPC_UUID_SAMR, transfer_syntax = self.ts) 155 request = samr.SamrConnect() 156 request['ServerName'] = u'BETO\x00' 157 request['DesiredAccess'] = samr.DELETE | samr.READ_CONTROL | samr.WRITE_DAC | samr.WRITE_OWNER | samr.ACCESS_SYSTEM_SECURITY | samr.GENERIC_READ | samr.GENERIC_WRITE | samr.GENERIC_EXECUTE | samr.SAM_SERVER_CONNECT | samr.SAM_SERVER_SHUTDOWN | samr.SAM_SERVER_INITIALIZE | samr.SAM_SERVER_CREATE_DOMAIN | samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN | samr.SAM_SERVER_READ | samr.SAM_SERVER_WRITE | samr.SAM_SERVER_EXECUTE 158 resp = dce.request(request) 159 request = samr.SamrEnumerateDomainsInSamServer() 160 request['ServerHandle'] = resp['ServerHandle'] 161 request['EnumerationContext'] = 0 162 request['PreferedMaximumLength'] = 500 163 resp2 = dce.request(request) 164 request = samr.SamrLookupDomainInSamServer() 165 request['ServerHandle'] = resp['ServerHandle'] 166 request['Name'] = resp2['Buffer']['Buffer'][0]['Name'] 167 resp3 = dce.request(request) 168 request = samr.SamrOpenDomain() 169 request['ServerHandle'] = resp['ServerHandle'] 170 request['DesiredAccess'] = samr.DOMAIN_READ_PASSWORD_PARAMETERS | samr.DOMAIN_READ_OTHER_PARAMETERS | samr.DOMAIN_CREATE_USER | samr.DOMAIN_CREATE_ALIAS | samr.DOMAIN_LOOKUP | samr.DOMAIN_LIST_ACCOUNTS | samr.DOMAIN_ADMINISTER_SERVER | samr.DELETE | samr.READ_CONTROL | samr.ACCESS_SYSTEM_SECURITY | samr.DOMAIN_WRITE_OTHER_PARAMETERS | samr.DOMAIN_WRITE_PASSWORD_PARAMS 171 request['DomainId'] = resp3['DomainId'] 172 resp4 = dce.request(request) 173 174 return dce, rpctransport, resp4['DomainHandle'] 175 176 def test_SamrCloseHandle(self): 177 dce, rpctransport, domainHandle = self.connect() 178 request = samr.SamrCloseHandle() 179 request['SamHandle'] = domainHandle 180 resp = dce.request(request) 181 resp.dump() 182 183 def test_hSamrCloseHandle(self): 184 dce, rpctransport, domainHandle = self.connect() 185 resp = samr.hSamrCloseHandle(dce, domainHandle) 186 resp.dump() 187 188 def test_SamrConnect5(self): 189 dce, rpctransport, domainHandle = self.connect() 190 request = samr.SamrConnect5() 191 request['ServerName'] = u'BETO\x00' 192 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 193 request['InVersion'] = 1 194 request['InRevisionInfo']['tag'] = 1 195 resp = dce.request(request) 196 resp.dump() 197 198 def test_hSamrConnect5(self): 199 dce, rpctransport, domainHandle = self.connect() 200 resp = samr.hSamrConnect5(dce) 201 resp.dump() 202 203 def test_SamrConnect4(self): 204 dce, rpctransport, domainHandle = self.connect() 205 request = samr.SamrConnect4() 206 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 207 request['ServerName'] = u'BETO\x00' 208 request['ClientRevision'] = 2 209 resp = dce.request(request) 210 resp.dump() 211 212 def test_hSamrConnect4(self): 213 dce, rpctransport, domainHandle = self.connect() 214 resp = samr.hSamrConnect4(dce) 215 resp.dump() 216 217 def test_SamrConnect2(self): 218 dce, rpctransport, domainHandle = self.connect() 219 request = samr.SamrConnect2() 220 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 221 request['ServerName'] = u'BETO\x00' 222 resp = dce.request(request) 223 resp.dump() 224 225 def test_hSamrConnect2(self): 226 dce, rpctransport, domainHandle = self.connect() 227 resp = samr.hSamrConnect2(dce) 228 resp.dump() 229 230 def test_SamrConnect(self): 231 dce, rpctransport, domainHandle = self.connect() 232 request = samr.SamrConnect() 233 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 234 resp = dce.request(request) 235 resp.dump() 236 237 def test_hSamrConnect(self): 238 dce, rpctransport, domainHandle = self.connect() 239 resp = samr.hSamrConnect(dce) 240 resp.dump() 241 242 def test_SamrOpenDomain(self): 243 dce, rpctransport, domainHandle = self.connect() 244 request = samr.SamrConnect() 245 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 246 request['ServerName'] = u'BETO\x00' 247 resp = dce.request(request) 248 request = samr.SamrOpenDomain() 249 SID = 'S-1-5-352321536-2562177771-1589929855-2033349547' 250 request['ServerHandle'] = resp['ServerHandle'] 251 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 252 request['DomainId'].fromCanonical(SID) 253 try: 254 resp = dce.request(request) 255 resp.dump() 256 except Exception, e: 257 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 258 raise 259 260 def test_hSamrOpenDomain(self): 261 dce, rpctransport, domainHandle = self.connect() 262 resp = samr.hSamrConnect(dce) 263 264 SID = 'S-1-5-352321536-2562177771-1589929855-2033349547' 265 sid = dtypes.RPC_SID() 266 sid.fromCanonical(SID) 267 try: 268 resp = samr.hSamrOpenDomain(dce, serverHandle = resp['ServerHandle'], domainId = sid) 269 resp.dump() 270 except Exception, e: 271 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 272 raise 273 274 def test_SamrOpenGroup(self): 275 dce, rpctransport, domainHandle = self.connect() 276 request = samr.SamrConnect() 277 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 278 request['ServerName'] = u'BETO\x00' 279 resp = dce.request(request) 280 request = samr.SamrOpenGroup() 281 request['DomainHandle'] = domainHandle 282 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 283 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 284 try: 285 resp = dce.request(request) 286 resp.dump() 287 except Exception, e: 288 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 289 raise 290 291 def test_hSamrOpenGroup(self): 292 dce, rpctransport, domainHandle = self.connect() 293 try: 294 resp = samr.hSamrOpenGroup(dce, domainHandle, groupId=samr.DOMAIN_GROUP_RID_USERS) 295 resp.dump() 296 except Exception, e: 297 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 298 raise 299 300 def test_SamrOpenAlias(self): 301 dce, rpctransport, domainHandle = self.connect() 302 request = samr.SamrOpenAlias() 303 request['DomainHandle'] = domainHandle 304 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 305 request['AliasId'] = 25 306 try: 307 resp = dce.request(request) 308 resp.dump() 309 except Exception, e: 310 if str(e).find('STATUS_NO_SUCH_ALIAS') < 0: 311 raise 312 313 def test_hSamrOpenAlias(self): 314 dce, rpctransport, domainHandle = self.connect() 315 try: 316 resp = samr.hSamrOpenAlias(dce, domainHandle, aliasId = 25) 317 resp.dump() 318 except Exception, e: 319 if str(e).find('STATUS_NO_SUCH_ALIAS') < 0: 320 raise 321 322 def test_SamrOpenUser(self): 323 dce, rpctransport, domainHandle = self.connect() 324 request = samr.SamrOpenUser() 325 request['DomainHandle'] = domainHandle 326 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT 327 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 328 resp = dce.request(request) 329 resp.dump() 330 331 def test_hSamrOpenUser(self): 332 dce, rpctransport, domainHandle = self.connect() 333 resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT, samr.DOMAIN_USER_RID_ADMIN) 334 335 resp.dump() 336 337 def test_SamrEnumerateDomainsInSamServer(self): 338 dce, rpctransport, domainHandle = self.connect() 339 request = samr.SamrConnect() 340 request['ServerName'] = u'BETO\x00' 341 request['DesiredAccess'] = samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN 342 resp = dce.request(request) 343 request = samr.SamrEnumerateDomainsInSamServer() 344 request['ServerHandle'] = resp['ServerHandle'] 345 request['EnumerationContext'] = 0 346 request['PreferedMaximumLength'] = 500 347 resp2 = dce.request(request) 348 resp2.dump() 349 request = samr.SamrLookupDomainInSamServer() 350 request['ServerHandle'] = resp['ServerHandle'] 351 request['Name'] = resp2['Buffer']['Buffer'][0]['Name'] 352 resp3 = dce.request(request) 353 resp3.dump() 354 request = samr.SamrOpenDomain() 355 request['ServerHandle'] = resp['ServerHandle'] 356 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 357 request['DomainId'] = resp3['DomainId'] 358 resp4 = dce.request(request) 359 resp4.dump() 360 361 def test_hSamrEnumerateDomainsInSamServer(self): 362 dce, rpctransport, domainHandle = self.connect() 363 resp = samr.hSamrConnect(dce, desiredAccess = samr.SAM_SERVER_ENUMERATE_DOMAINS | samr.SAM_SERVER_LOOKUP_DOMAIN) 364 resp2 = samr.hSamrEnumerateDomainsInSamServer(dce, resp['ServerHandle']) 365 resp2.dump() 366 resp3 = samr.hSamrLookupDomainInSamServer(dce, resp['ServerHandle'],resp2['Buffer']['Buffer'][0]['Name'] ) 367 resp3.dump() 368 request = samr.SamrOpenDomain() 369 request['ServerHandle'] = resp['ServerHandle'] 370 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 371 request['DomainId'] = resp3['DomainId'] 372 resp4 = dce.request(request) 373 resp4.dump() 374 375 def test_SamrLookupNamesInDomain(self): 376 dce, rpctransport, domainHandle = self.connect() 377 request = samr.SamrLookupNamesInDomain() 378 request['DomainHandle'] = domainHandle 379 request['Count'] = 1 380 entry = dtypes.RPC_UNICODE_STRING() 381 entry['Data'] = 'Administrator' 382 #entry.fields['MaximumLength'] = len('Administrator\x00')*2 383 #entry.fields['Data'].fields['Data'].fields['MaximumCount'] = len('Administrator\x00') 384 request['Names'].append(entry) 385 request.fields['Names'].fields['MaximumCount'] = 1000 386 resp5 = dce.request(request) 387 resp5.dump() 388 389 def test_hSamrLookupNamesInDomain(self): 390 dce, rpctransport, domainHandle = self.connect() 391 try: 392 resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, ('Administrator','Guest')) 393 resp.dump() 394 except Exception, e: 395 if str(e).find('STATUS_MORE_ENTRIES') >=0: 396 pass 397 e.get_packet().dump() 398 399 def test_SamrLookupIdsInDomain(self): 400 dce, rpctransport, domainHandle = self.connect() 401 request = samr.SamrLookupIdsInDomain() 402 request.dump() 403 request['DomainHandle'] = domainHandle 404 request['Count'] = 2 405 entry = dtypes.ULONG() 406 entry['Data'] = 500 407 request['RelativeIds'].append(entry) 408 entry = dtypes.ULONG() 409 entry['Data'] = 501 410 request['RelativeIds'].append(entry) 411 request.fields['RelativeIds'].fields['MaximumCount'] = 1000 412 resp5 = dce.request(request) 413 resp5.dump() 414 415 def test_hSamrLookupIdsInDomain(self): 416 dce, rpctransport, domainHandle = self.connect() 417 resp = samr.hSamrLookupIdsInDomain(dce, domainHandle, (500,501)) 418 resp.dump() 419 420 def test_SamrEnumerateGroupsInDomain(self): 421 dce, rpctransport, domainHandle = self.connect() 422 request = samr.SamrEnumerateGroupsInDomain() 423 request['DomainHandle'] = domainHandle 424 request['EnumerationContext'] = 0 425 request['PreferedMaximumLength'] = 500 426 status = nt_errors.STATUS_MORE_ENTRIES 427 while status == nt_errors.STATUS_MORE_ENTRIES: 428 try: 429 resp4 = dce.request(request) 430 except Exception, e: 431 if str(e).find('STATUS_MORE_ENTRIES') < 0: 432 raise 433 resp4 = e.get_packet() 434 resp4['Buffer'].dump() 435 request['EnumerationContext'] = resp4['EnumerationContext'] 436 status = resp4['ErrorCode'] 437 438 def test_hSamrEnumerateGroupsInDomain(self): 439 dce, rpctransport, domainHandle = self.connect() 440 resp = samr.hSamrEnumerateGroupsInDomain(dce, domainHandle) 441 resp.dump() 442 443 def test_SamrEnumerateAliasesInDomain(self): 444 dce, rpctransport, domainHandle = self.connect() 445 request = samr.SamrEnumerateAliasesInDomain() 446 request['DomainHandle'] = domainHandle 447 request['EnumerationContext'] = 0 448 request['PreferedMaximumLength'] = 500 449 status = nt_errors.STATUS_MORE_ENTRIES 450 while status == nt_errors.STATUS_MORE_ENTRIES: 451 try: 452 resp4 = dce.request(request) 453 except Exception, e: 454 if str(e).find('STATUS_MORE_ENTRIES') < 0: 455 raise 456 resp4 = e.get_packet() 457 resp4['Buffer'].dump() 458 request['EnumerationContext'] = resp4['EnumerationContext'] 459 status = resp4['ErrorCode'] 460 461 def test_hSamrEnumerateAliasesInDomain(self): 462 dce, rpctransport, domainHandle = self.connect() 463 resp = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 464 resp.dump() 465 466 def test_SamrEnumerateUsersInDomain(self): 467 dce, rpctransport, domainHandle = self.connect() 468 request = samr.SamrEnumerateUsersInDomain() 469 request['DomainHandle'] = domainHandle 470 request['UserAccountControl'] = samr.USER_NORMAL_ACCOUNT 471 request['EnumerationContext'] = 0 472 request['PreferedMaximumLength'] = 8192 473 status = nt_errors.STATUS_MORE_ENTRIES 474 while status == nt_errors.STATUS_MORE_ENTRIES: 475 try: 476 resp4 = dce.request(request) 477 except Exception, e: 478 if str(e).find('STATUS_MORE_ENTRIES') < 0: 479 raise 480 resp4 = e.get_packet() 481 resp4['Buffer'].dump() 482 request['EnumerationContext'] = resp4['EnumerationContext'] 483 status = resp4['ErrorCode'] 484 485 def test_hSamrEnumerateUsersInDomain(self): 486 dce, rpctransport, domainHandle = self.connect() 487 try: 488 resp = samr.hSamrEnumerateUsersInDomain(dce, domainHandle) 489 resp.dump() 490 except Exception, e: 491 if str(e).find('STATUS_MORE_ENTRIES') >=0: 492 pass 493 e.get_packet().dump() 494 495 def test_SamrGetGroupsForUser(self): 496 dce, rpctransport, domainHandle = self.connect() 497 request = samr.SamrOpenUser() 498 request['DomainHandle'] = domainHandle 499 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS 500 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 501 resp = dce.request(request) 502 resp.dump() 503 request = samr.SamrGetGroupsForUser() 504 request['UserHandle'] = resp['UserHandle'] 505 resp = dce.request(request) 506 resp.dump() 507 508 def test_hSamrGetGroupsForUser(self): 509 dce, rpctransport, domainHandle = self.connect() 510 request = samr.SamrOpenUser() 511 request['DomainHandle'] = domainHandle 512 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_LIST_GROUPS 513 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 514 resp = dce.request(request) 515 resp.dump() 516 resp = samr.hSamrGetGroupsForUser(dce, resp['UserHandle']) 517 resp.dump() 518 519 def test_SamrQueryDisplayInformation3(self): 520 dce, rpctransport, domainHandle = self.connect() 521 request = samr.SamrQueryDisplayInformation3() 522 request['DomainHandle'] = domainHandle 523 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 524 request['Index'] = 0 525 request['EntryCount'] = 100 526 request['PreferredMaximumLength'] = 8192 527 #request.dump() 528 try: 529 resp = dce.request(request) 530 resp.dump() 531 except Exception, e: 532 if str(e).find('STATUS_MORE_ENTRIES') >=0: 533 e.get_packet().dump() 534 else: 535 raise 536 537 request = samr.SamrQueryDisplayInformation3() 538 request['DomainHandle'] = domainHandle 539 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine 540 request['Index'] = 0 541 request['EntryCount'] = 100 542 request['PreferredMaximumLength'] = 8192 543 #request.dump() 544 resp = dce.request(request) 545 resp.dump() 546 547 request = samr.SamrQueryDisplayInformation3() 548 request['DomainHandle'] = domainHandle 549 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup 550 request['Index'] = 0 551 request['EntryCount'] = 100 552 request['PreferredMaximumLength'] = 8192 553 #request.dump() 554 resp = dce.request(request) 555 resp.dump() 556 557 request = samr.SamrQueryDisplayInformation3() 558 request['DomainHandle'] = domainHandle 559 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup 560 request['Index'] = 0 561 request['EntryCount'] = 100 562 request['PreferredMaximumLength'] = 8192 563 #request.dump() 564 resp = dce.request(request) 565 resp.dump() 566 567 def test_hSamrQueryDisplayInformation3(self): 568 dce, rpctransport, domainHandle = self.connect() 569 try: 570 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser) 571 resp.dump() 572 except Exception, e: 573 if str(e).find('STATUS_MORE_ENTRIES') >=0: 574 e.get_packet().dump() 575 else: 576 raise 577 578 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine) 579 resp.dump() 580 581 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup) 582 resp.dump() 583 584 resp = samr.hSamrQueryDisplayInformation3(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup) 585 resp.dump() 586 587 def test_SamrQueryDisplayInformation2(self): 588 dce, rpctransport, domainHandle = self.connect() 589 try: 590 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser) 591 resp.dump() 592 except Exception, e: 593 if str(e).find('STATUS_MORE_ENTRIES') >=0: 594 e.get_packet().dump() 595 else: 596 raise 597 598 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine) 599 resp.dump() 600 601 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup) 602 resp.dump() 603 604 resp = samr.hSamrQueryDisplayInformation2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup) 605 resp.dump() 606 607 def test_SamrQueryDisplayInformation(self): 608 dce, rpctransport, domainHandle = self.connect() 609 request = samr.SamrQueryDisplayInformation() 610 request['DomainHandle'] = domainHandle 611 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 612 request['Index'] = 0 613 request['EntryCount'] = 100 614 request['PreferredMaximumLength'] = 8192 615 #request.dump() 616 try: 617 resp = dce.request(request) 618 resp.dump() 619 except Exception, e: 620 if str(e).find('STATUS_MORE_ENTRIES') >=0: 621 e.get_packet().dump() 622 else: 623 raise 624 625 request = samr.SamrQueryDisplayInformation() 626 request['DomainHandle'] = domainHandle 627 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine 628 request['Index'] = 0 629 request['EntryCount'] = 100 630 request['PreferredMaximumLength'] = 8192 631 #request.dump() 632 resp = dce.request(request) 633 resp.dump() 634 635 request = samr.SamrQueryDisplayInformation() 636 request['DomainHandle'] = domainHandle 637 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup 638 request['Index'] = 0 639 request['EntryCount'] = 100 640 request['PreferredMaximumLength'] = 8192 641 #request.dump() 642 resp = dce.request(request) 643 resp.dump() 644 645 request = samr.SamrQueryDisplayInformation() 646 request['DomainHandle'] = domainHandle 647 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup 648 request['Index'] = 0 649 request['EntryCount'] = 100 650 request['PreferredMaximumLength'] = 8192 651 #request.dump() 652 resp = dce.request(request) 653 resp.dump() 654 655 def test_hSamrQueryDisplayInformation(self): 656 dce, rpctransport, domainHandle = self.connect() 657 658 try: 659 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser) 660 resp.dump() 661 except Exception, e: 662 if str(e).find('STATUS_MORE_ENTRIES') >=0: 663 e.get_packet().dump() 664 else: 665 raise 666 667 668 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayMachine) 669 resp.dump() 670 671 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup) 672 resp.dump() 673 674 resp = samr.hSamrQueryDisplayInformation(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayOemGroup) 675 resp.dump() 676 677 def test_SamrGetDisplayEnumerationIndex2(self): 678 dce, rpctransport, domainHandle = self.connect() 679 request = samr.SamrGetDisplayEnumerationIndex2() 680 request['DomainHandle'] = domainHandle 681 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 682 request['Prefix'] = 'Gu' 683 #request.dump() 684 resp = dce.request(request) 685 resp.dump() 686 687 request = samr.SamrGetDisplayEnumerationIndex2() 688 request['DomainHandle'] = domainHandle 689 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup 690 request['Prefix'] = 'Non' 691 #request.dump() 692 resp = dce.request(request) 693 resp.dump() 694 695 def test_hSamrGetDisplayEnumerationIndex2(self): 696 dce, rpctransport, domainHandle = self.connect() 697 resp = samr.hSamrGetDisplayEnumerationIndex2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, 'Gu') 698 resp.dump() 699 700 resp = samr.hSamrGetDisplayEnumerationIndex2(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayGroup, 'Non') 701 resp.dump() 702 703 def test_SamrGetDisplayEnumerationIndex(self): 704 dce, rpctransport, domainHandle = self.connect() 705 resp = samr.hSamrGetDisplayEnumerationIndex(dce, domainHandle, samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser, 'Gu') 706 resp.dump() 707 708 def test_hSamrGetDisplayEnumerationIndex(self): 709 dce, rpctransport, domainHandle = self.connect() 710 request = samr.SamrGetDisplayEnumerationIndex() 711 request['DomainHandle'] = domainHandle 712 request['DisplayInformationClass'] = samr.DOMAIN_DISPLAY_INFORMATION.DomainDisplayUser 713 request['Prefix'] = 'Gu' 714 #request.dump() 715 resp = dce.request(request) 716 resp.dump() 717 718 def test_SamrCreateGroupInDomain_SamrDeleteGroup(self): 719 dce, rpctransport, domainHandle = self.connect() 720 request = samr.SamrCreateGroupInDomain() 721 request['DomainHandle'] = domainHandle 722 request['Name'] = 'testGroup' 723 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 724 #request.dump() 725 try: 726 resp = dce.request(request) 727 resp.dump() 728 except Exception, e: 729 if str(e).find("STATUS_ACCESS_DENIED") < 0: 730 raise 731 request = samr.SamrDeleteGroup() 732 request['GroupHandle'] = domainHandle 733 try: 734 resp = dce.request(request) 735 resp.dump() 736 except Exception, e: 737 if str(e).find("STATUS_OBJECT_TYPE_MISMATCH") < 0: 738 raise 739 740 def test_hSamrCreateGroupInDomain_hSamrDeleteGroup(self): 741 dce, rpctransport, domainHandle = self.connect() 742 try: 743 resp = samr.hSamrCreateGroupInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 744 resp.dump() 745 except Exception, e: 746 if str(e).find("STATUS_ACCESS_DENIED") < 0: 747 raise 748 try: 749 resp = samr.hSamrDeleteGroup(dce, domainHandle) 750 resp.dump() 751 except Exception, e: 752 if str(e).find("STATUS_OBJECT_TYPE_MISMATCH") < 0: 753 raise 754 755 def test_SamrCreateAliasInDomain_SamrDeleteAlias(self): 756 dce, rpctransport, domainHandle = self.connect() 757 request = samr.SamrCreateAliasInDomain() 758 request['DomainHandle'] = domainHandle 759 request['AccountName'] = 'testGroup' 760 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 761 #request.dump() 762 resp = dce.request(request) 763 resp.dump() 764 request = samr.SamrDeleteAlias() 765 request['AliasHandle'] = resp['AliasHandle'] 766 resp = dce.request(request) 767 resp.dump() 768 769 def test_hSamrCreateAliasInDomain_hSamrDeleteAlias(self): 770 dce, rpctransport, domainHandle = self.connect() 771 resp = samr.hSamrCreateAliasInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 772 resp.dump() 773 resp = samr.hSamrDeleteAlias(dce, resp['AliasHandle']) 774 resp.dump() 775 776 def test_SamrCreateUser2InDomain_SamrDeleteUser(self): 777 dce, rpctransport, domainHandle = self.connect() 778 request = samr.SamrCreateUser2InDomain() 779 request['DomainHandle'] = domainHandle 780 request['Name'] = 'testAccount' 781 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 782 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.DELETE 783 #request.dump() 784 resp = dce.request(request) 785 resp.dump() 786 request = samr.SamrDeleteUser() 787 request['UserHandle'] = resp['UserHandle'] 788 resp = dce.request(request) 789 resp.dump() 790 791 def test_hSamrCreateUser2InDomain_hSamrDeleteUser(self): 792 dce, rpctransport, domainHandle = self.connect() 793 resp = samr.hSamrCreateUser2InDomain(dce, domainHandle, 'testAccount', samr.USER_NORMAL_ACCOUNT,samr.USER_READ_GENERAL | samr.DELETE ) 794 resp.dump() 795 resp = samr.hSamrDeleteUser(dce, resp['UserHandle']) 796 resp.dump() 797 798 def test_SamrQueryInformationDomain2(self): 799 dce, rpctransport, domainHandle = self.connect() 800 request = samr.SamrQueryInformationDomain2() 801 request['DomainHandle'] = domainHandle 802 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation 803 #request.dump() 804 resp = dce.request(request) 805 resp.dump() 806 807 request = samr.SamrQueryInformationDomain2() 808 request['DomainHandle'] = domainHandle 809 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation 810 #request.dump() 811 resp = dce.request(request) 812 resp.dump() 813 814 request = samr.SamrQueryInformationDomain2() 815 request['DomainHandle'] = domainHandle 816 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation 817 #request.dump() 818 resp = dce.request(request) 819 resp.dump() 820 821 request = samr.SamrQueryInformationDomain2() 822 request['DomainHandle'] = domainHandle 823 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation 824 #request.dump() 825 resp = dce.request(request) 826 resp.dump() 827 828 request = samr.SamrQueryInformationDomain2() 829 request['DomainHandle'] = domainHandle 830 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation 831 #request.dump() 832 resp = dce.request(request) 833 resp.dump() 834 835 request = samr.SamrQueryInformationDomain2() 836 request['DomainHandle'] = domainHandle 837 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation 838 #request.dump() 839 resp = dce.request(request) 840 resp.dump() 841 842 request = samr.SamrQueryInformationDomain2() 843 request['DomainHandle'] = domainHandle 844 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation 845 #request.dump() 846 resp = dce.request(request) 847 resp.dump() 848 849 request = samr.SamrQueryInformationDomain2() 850 request['DomainHandle'] = domainHandle 851 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation 852 #request.dump() 853 resp = dce.request(request) 854 resp.dump() 855 856 request = samr.SamrQueryInformationDomain2() 857 request['DomainHandle'] = domainHandle 858 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation 859 #request.dump() 860 resp = dce.request(request) 861 resp.dump() 862 863 request = samr.SamrQueryInformationDomain2() 864 request['DomainHandle'] = domainHandle 865 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 866 #request.dump() 867 resp = dce.request(request) 868 resp.dump() 869 870 request = samr.SamrQueryInformationDomain2() 871 request['DomainHandle'] = domainHandle 872 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation 873 #request.dump() 874 resp = dce.request(request) 875 resp.dump() 876 877 request = samr.SamrQueryInformationDomain2() 878 request['DomainHandle'] = domainHandle 879 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 880 #request.dump() 881 resp = dce.request(request) 882 resp.dump() 883 884 def test_SamrQueryInformationDomain2(self): 885 dce, rpctransport, domainHandle = self.connect() 886 request = samr.SamrQueryInformationDomain2() 887 request['DomainHandle'] = domainHandle 888 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation 889 #request.dump() 890 resp = dce.request(request) 891 resp.dump() 892 893 request = samr.SamrQueryInformationDomain2() 894 request['DomainHandle'] = domainHandle 895 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation 896 #request.dump() 897 resp = dce.request(request) 898 resp.dump() 899 900 request = samr.SamrQueryInformationDomain2() 901 request['DomainHandle'] = domainHandle 902 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation 903 #request.dump() 904 resp = dce.request(request) 905 resp.dump() 906 907 request = samr.SamrQueryInformationDomain2() 908 request['DomainHandle'] = domainHandle 909 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation 910 #request.dump() 911 resp = dce.request(request) 912 resp.dump() 913 914 request = samr.SamrQueryInformationDomain2() 915 request['DomainHandle'] = domainHandle 916 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation 917 #request.dump() 918 resp = dce.request(request) 919 resp.dump() 920 921 request = samr.SamrQueryInformationDomain2() 922 request['DomainHandle'] = domainHandle 923 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation 924 #request.dump() 925 resp = dce.request(request) 926 resp.dump() 927 928 request = samr.SamrQueryInformationDomain2() 929 request['DomainHandle'] = domainHandle 930 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation 931 #request.dump() 932 resp = dce.request(request) 933 resp.dump() 934 935 request = samr.SamrQueryInformationDomain2() 936 request['DomainHandle'] = domainHandle 937 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation 938 #request.dump() 939 resp = dce.request(request) 940 resp.dump() 941 942 request = samr.SamrQueryInformationDomain2() 943 request['DomainHandle'] = domainHandle 944 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation 945 #request.dump() 946 resp = dce.request(request) 947 resp.dump() 948 949 request = samr.SamrQueryInformationDomain2() 950 request['DomainHandle'] = domainHandle 951 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2 952 #request.dump() 953 resp = dce.request(request) 954 resp.dump() 955 956 request = samr.SamrQueryInformationDomain2() 957 request['DomainHandle'] = domainHandle 958 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation 959 #request.dump() 960 resp = dce.request(request) 961 resp.dump() 962 963 request = samr.SamrQueryInformationDomain2() 964 request['DomainHandle'] = domainHandle 965 request['DomainInformationClass'] = samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2 966 #request.dump() 967 resp = dce.request(request) 968 resp.dump() 969 970 def test_hSamrQueryInformationDomain2(self): 971 dce, rpctransport, domainHandle = self.connect() 972 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation) 973 resp.dump() 974 975 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation) 976 resp.dump() 977 978 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation) 979 resp.dump() 980 981 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation) 982 resp.dump() 983 984 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation) 985 resp.dump() 986 987 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation) 988 resp.dump() 989 990 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation) 991 resp.dump() 992 993 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation) 994 resp.dump() 995 996 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation) 997 resp.dump() 998 999 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2) 1000 resp.dump() 1001 1002 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation) 1003 resp.dump() 1004 1005 resp = samr.hSamrQueryInformationDomain2(dce, domainHandle,samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2) 1006 resp.dump() 1007 1008 def test_hSamrQueryInformationDomain_hSamrSetInformationDomain(self): 1009 dce, rpctransport, domainHandle = self.connect() 1010 1011 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation) 1012 resp.dump() 1013 1014 resp['Buffer']['Password']['MaxPasswordAge']['LowPart'] = 11 1015 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1016 resp.dump() 1017 1018 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainPasswordInformation) 1019 resp2.dump() 1020 self.assertTrue( 11 == resp2['Buffer']['Password']['MaxPasswordAge']['LowPart'] ) 1021 1022 resp2['Buffer']['Password']['MaxPasswordAge']['LowPart'] = 0 1023 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1024 resp.dump() 1025 1026 ################################################################################ 1027 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation) 1028 resp.dump() 1029 1030 resp['Buffer']['General']['ReplicaSourceNodeName'] = 'BETUS' 1031 try: 1032 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1033 except Exception, e: 1034 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1035 raise 1036 1037 1038 ################################################################################ 1039 1040 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation) 1041 resp.dump() 1042 1043 oldData = resp['Buffer']['Logoff']['ForceLogoff']['LowPart'] 1044 1045 resp['Buffer']['Logoff']['ForceLogoff']['LowPart'] = 11 1046 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1047 resp.dump() 1048 1049 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainLogoffInformation) 1050 resp2.dump() 1051 1052 self.assertTrue( 11 == resp2['Buffer']['Logoff']['ForceLogoff']['LowPart'] ) 1053 1054 resp2['Buffer']['Logoff']['ForceLogoff']['LowPart'] = oldData 1055 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1056 resp.dump() 1057 1058 ################################################################################ 1059 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation) 1060 resp.dump() 1061 1062 oldData = resp['Buffer']['Oem']['OemInformation'] 1063 1064 resp['Buffer']['Oem']['OemInformation'] = 'BETUS' 1065 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1066 resp.dump() 1067 1068 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainOemInformation) 1069 resp2.dump() 1070 1071 self.assertTrue( 'BETUS' == resp2['Buffer']['Oem']['OemInformation']) 1072 1073 resp2['Buffer']['Oem']['OemInformation'] = oldData 1074 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1075 resp.dump() 1076 1077 ################################################################################ 1078 1079 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainNameInformation) 1080 resp.dump() 1081 1082 ################################################################################ 1083 1084 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainServerRoleInformation) 1085 resp.dump() 1086 1087 ################################################################################ 1088 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation) 1089 resp.dump() 1090 1091 oldData = resp['Buffer']['Replication']['ReplicaSourceNodeName'] 1092 1093 resp['Buffer']['Replication']['ReplicaSourceNodeName'] = 'BETUS' 1094 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp['Buffer']) 1095 resp.dump() 1096 1097 resp2 = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainReplicationInformation) 1098 resp2.dump() 1099 1100 self.assertTrue( 'BETUS' == resp2['Buffer']['Replication']['ReplicaSourceNodeName']) 1101 1102 resp2['Buffer']['Replication']['ReplicaSourceNodeName'] = oldData 1103 resp = samr.hSamrSetInformationDomain(dce, domainHandle, resp2['Buffer']) 1104 resp.dump() 1105 1106 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation) 1107 resp.dump() 1108 1109 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainStateInformation) 1110 resp.dump() 1111 1112 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainGeneralInformation2) 1113 resp.dump() 1114 1115 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainLockoutInformation) 1116 resp.dump() 1117 1118 resp = samr.hSamrQueryInformationDomain(dce, domainHandle, samr.DOMAIN_INFORMATION_CLASS.DomainModifiedInformation2) 1119 resp.dump() 1120 1121 def test_SamrQueryInformationGroup_SamrSetInformationGroup(self): 1122 dce, rpctransport, domainHandle = self.connect() 1123 request = samr.SamrOpenGroup() 1124 request['DomainHandle'] = domainHandle 1125 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS 1126 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1127 try: 1128 resp0 = dce.request(request) 1129 resp0.dump() 1130 except Exception, e: 1131 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1132 raise 1133 1134 request = samr.SamrQueryInformationGroup() 1135 request['GroupHandle'] = resp0['GroupHandle'] 1136 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupGeneralInformation 1137 #request.dump() 1138 resp = dce.request(request) 1139 resp.dump() 1140 ################################################################################ 1141 1142 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1143 #request.dump() 1144 resp = dce.request(request) 1145 resp.dump() 1146 oldData = resp['Buffer']['Name']['Name'] 1147 1148 req = samr.SamrSetInformationGroup() 1149 req['GroupHandle'] = resp0['GroupHandle'] 1150 req['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1151 req['Buffer']['tag'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1152 req['Buffer']['Name']['Name'] = 'BETUS' 1153 resp = dce.request(req) 1154 resp.dump() 1155 1156 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1157 #request.dump() 1158 resp = dce.request(request) 1159 resp.dump() 1160 1161 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1162 1163 req['Buffer']['Name']['Name'] = oldData 1164 resp = dce.request(req) 1165 resp.dump() 1166 1167 1168 ################################################################################ 1169 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1170 #request.dump() 1171 resp = dce.request(request) 1172 resp.dump() 1173 oldData = resp['Buffer']['Attribute']['Attributes'] 1174 1175 req = samr.SamrSetInformationGroup() 1176 req['GroupHandle'] = resp0['GroupHandle'] 1177 req['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1178 req['Buffer']['tag'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1179 req['Buffer']['Attribute']['Attributes'] = 2 1180 resp = dce.request(req) 1181 resp.dump() 1182 1183 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAttributeInformation 1184 #request.dump() 1185 resp = dce.request(request) 1186 resp.dump() 1187 1188 #self.assertTrue( 2 == resp['Buffer']['Attribute']['Attributes']) 1189 1190 req['Buffer']['Attribute']['Attributes'] = oldData 1191 resp = dce.request(req) 1192 resp.dump() 1193 1194 1195 ################################################################################ 1196 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1197 #request.dump() 1198 resp = dce.request(request) 1199 resp.dump() 1200 1201 oldData = resp['Buffer']['AdminComment']['AdminComment'] 1202 1203 req = samr.SamrSetInformationGroup() 1204 req['GroupHandle'] = resp0['GroupHandle'] 1205 req['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1206 req['Buffer']['tag'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1207 req['Buffer']['AdminComment']['AdminComment'] = 'BETUS' 1208 resp = dce.request(req) 1209 resp.dump() 1210 1211 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupAdminCommentInformation 1212 #request.dump() 1213 resp = dce.request(request) 1214 resp.dump() 1215 1216 self.assertTrue( 'BETUS' == resp['Buffer']['AdminComment']['AdminComment']) 1217 1218 req['Buffer']['AdminComment']['AdminComment'] = oldData 1219 resp = dce.request(req) 1220 resp.dump() 1221 1222 ################################################################################ 1223 request['GroupInformationClass'] = samr.GROUP_INFORMATION_CLASS.GroupReplicationInformation 1224 #request.dump() 1225 resp = dce.request(request) 1226 resp.dump() 1227 1228 def test_hSamrQueryInformationGroup_hSamrSetInformationGroup(self): 1229 dce, rpctransport, domainHandle = self.connect() 1230 try: 1231 resp0 = samr.hSamrOpenGroup(dce, domainHandle,samr.GROUP_ALL_ACCESS, samr.DOMAIN_GROUP_RID_USERS ) 1232 resp0.dump() 1233 except Exception, e: 1234 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1235 raise 1236 1237 resp = samr.hSamrQueryInformationGroup(dce, resp0['GroupHandle'],samr.GROUP_INFORMATION_CLASS.GroupGeneralInformation) 1238 resp.dump() 1239 ################################################################################ 1240 1241 resp = samr.hSamrQueryInformationGroup(dce, resp0['GroupHandle'],samr.GROUP_INFORMATION_CLASS.GroupNameInformation) 1242 resp.dump() 1243 oldData = resp['Buffer']['Name']['Name'] 1244 1245 req = samr.SAMPR_GROUP_INFO_BUFFER() 1246 req['tag'] = samr.GROUP_INFORMATION_CLASS.GroupNameInformation 1247 req['Name']['Name'] = 'BETUS' 1248 resp = samr.hSamrSetInformationGroup(dce, resp0['GroupHandle'], req) 1249 resp.dump() 1250 1251 resp = samr.hSamrQueryInformationGroup(dce, resp0['GroupHandle'],samr.GROUP_INFORMATION_CLASS.GroupNameInformation) 1252 resp.dump() 1253 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1254 1255 req['Name']['Name'] = oldData 1256 resp = samr.hSamrSetInformationGroup(dce, resp0['GroupHandle'], req) 1257 resp.dump() 1258 1259 def test_hSamrQueryInformationAlias_hSamrSetInformationAlias(self): 1260 dce, rpctransport, domainHandle = self.connect() 1261 resp4 = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 1262 resp4.dump() 1263 1264 resp0 = samr.hSamrOpenAlias(dce, domainHandle, aliasId = resp4['Buffer']['Buffer'][0]['RelativeId']) 1265 resp0.dump() 1266 1267 resp = samr.hSamrQueryInformationAlias(dce, resp0['AliasHandle'], samr.ALIAS_INFORMATION_CLASS.AliasGeneralInformation) 1268 resp.dump() 1269 1270 ################################################################################ 1271 resp = samr.hSamrQueryInformationAlias(dce, resp0['AliasHandle'], samr.ALIAS_INFORMATION_CLASS.AliasNameInformation) 1272 resp.dump() 1273 oldData = resp['Buffer']['Name']['Name'] 1274 1275 req = samr.SAMPR_ALIAS_INFO_BUFFER() 1276 req['tag'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1277 req['Name']['Name'] = 'BETUS' 1278 resp = samr.hSamrSetInformationAlias(dce, resp0['AliasHandle'], req) 1279 resp.dump() 1280 1281 resp = samr.hSamrQueryInformationAlias(dce, resp0['AliasHandle'], samr.ALIAS_INFORMATION_CLASS.AliasNameInformation) 1282 resp.dump() 1283 1284 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1285 1286 req['Name']['Name'] = oldData 1287 resp = samr.hSamrSetInformationAlias(dce, resp0['AliasHandle'], req) 1288 resp.dump() 1289 1290 def test_SamrQueryInformationAlias_SamrSetInformationAlias(self): 1291 dce, rpctransport, domainHandle = self.connect() 1292 request = samr.SamrEnumerateAliasesInDomain() 1293 request['DomainHandle'] = domainHandle 1294 request['EnumerationContext'] = 0 1295 request['PreferedMaximumLength'] = 500 1296 status = nt_errors.STATUS_MORE_ENTRIES 1297 while status == nt_errors.STATUS_MORE_ENTRIES: 1298 try: 1299 resp4 = dce.request(request) 1300 except Exception, e: 1301 if str(e).find('STATUS_MORE_ENTRIES') < 0: 1302 raise 1303 resp4 = e.get_packet() 1304 resp4['Buffer'].dump() 1305 request['EnumerationContext'] = resp4['EnumerationContext'] 1306 status = resp4['ErrorCode'] 1307 1308 resp4.dump() 1309 request = samr.SamrOpenAlias() 1310 request['DomainHandle'] = domainHandle 1311 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1312 request['AliasId'] = resp4['Buffer']['Buffer'][0]['RelativeId'] 1313 resp0 = dce.request(request) 1314 resp0.dump() 1315 1316 request = samr.SamrQueryInformationAlias() 1317 request['AliasHandle'] = resp0['AliasHandle'] 1318 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasGeneralInformation 1319 #request.dump() 1320 resp = dce.request(request) 1321 resp.dump() 1322 1323 ################################################################################ 1324 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1325 #request.dump() 1326 resp = dce.request(request) 1327 resp.dump() 1328 oldData = resp['Buffer']['Name']['Name'] 1329 1330 req = samr.SamrSetInformationAlias() 1331 req['AliasHandle'] = resp0['AliasHandle'] 1332 req['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1333 req['Buffer']['tag'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1334 req['Buffer']['Name']['Name'] = 'BETUS' 1335 resp = dce.request(req) 1336 resp.dump() 1337 1338 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasNameInformation 1339 #request.dump() 1340 resp = dce.request(request) 1341 resp.dump() 1342 1343 self.assertTrue( 'BETUS' == resp['Buffer']['Name']['Name']) 1344 1345 req['Buffer']['Name']['Name'] = oldData 1346 resp = dce.request(req) 1347 resp.dump() 1348 1349 1350 ################################################################################ 1351 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1352 #request.dump() 1353 resp = dce.request(request) 1354 resp.dump() 1355 oldData = resp['Buffer']['AdminComment']['AdminComment'] 1356 1357 req = samr.SamrSetInformationAlias() 1358 req['AliasHandle'] = resp0['AliasHandle'] 1359 req['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1360 req['Buffer']['tag'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1361 req['Buffer']['AdminComment']['AdminComment'] = 'BETUS' 1362 resp = dce.request(req) 1363 resp.dump() 1364 1365 request['AliasInformationClass'] = samr.ALIAS_INFORMATION_CLASS.AliasAdminCommentInformation 1366 #request.dump() 1367 resp = dce.request(request) 1368 resp.dump() 1369 1370 self.assertTrue( 'BETUS' == resp['Buffer']['AdminComment']['AdminComment']) 1371 1372 req['Buffer']['AdminComment']['AdminComment'] = oldData 1373 resp = dce.request(req) 1374 resp.dump() 1375 1376 def test_SamrQueryInformationUser2_SamrSetInformationUser2(self): 1377 dce, rpctransport, domainHandle = self.connect() 1378 request = samr.SamrOpenUser() 1379 request['DomainHandle'] = domainHandle 1380 #request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_ALL_ACCESS | samr.USER_READ | samr.USER_READ_LOGON 1381 request['DesiredAccess'] = \ 1382 samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_WRITE_PREFERENCES | samr.USER_READ_LOGON \ 1383 | samr.USER_READ_ACCOUNT | samr.USER_WRITE_ACCOUNT | samr.USER_CHANGE_PASSWORD | samr.USER_FORCE_PASSWORD_CHANGE \ 1384 | samr.USER_LIST_GROUPS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION | samr.USER_ALL_ACCESS \ 1385 | samr.USER_READ | samr.USER_WRITE | samr.USER_EXECUTE 1386 1387 1388 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 1389 resp = dce.request(request) 1390 resp.dump() 1391 1392 request = samr.SamrQueryInformationUser2() 1393 request['UserHandle'] = resp['UserHandle'] 1394 userHandle = resp['UserHandle'] 1395 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserGeneralInformation 1396 #request.dump() 1397 resp = dce.request(request) 1398 resp.dump() 1399 ################################################################################ 1400 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1401 #request.dump() 1402 resp = dce.request(request) 1403 resp.dump() 1404 oldData = resp['Buffer']['Preferences']['UserComment'] 1405 1406 req = samr.SamrSetInformationUser2() 1407 req['UserHandle'] = userHandle 1408 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1409 req['Buffer'] = resp['Buffer'] 1410 req['Buffer']['Preferences']['UserComment'] = 'BETO' 1411 resp = dce.request(req) 1412 resp.dump() 1413 1414 resp = dce.request(request) 1415 resp.dump() 1416 1417 self.assertTrue( 'BETO' == resp['Buffer']['Preferences']['UserComment']) 1418 1419 req['Buffer']['Preferences']['UserComment'] = oldData 1420 resp = dce.request(req) 1421 resp.dump() 1422 1423 ################################################################################ 1424 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonInformation 1425 #request.dump() 1426 resp = dce.request(request) 1427 resp.dump() 1428 1429 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonHoursInformation 1430 #request.dump() 1431 resp = dce.request(request) 1432 resp.dump() 1433 1434 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountInformation 1435 #request.dump() 1436 resp = dce.request(request) 1437 resp.dump() 1438 1439 ################################################################################ 1440 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserNameInformation 1441 #request.dump() 1442 resp = dce.request(request) 1443 resp.dump() 1444 oldData = resp['Buffer']['Name']['FullName'] 1445 1446 req = samr.SamrSetInformationUser2() 1447 req['UserHandle'] = userHandle 1448 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserNameInformation 1449 req['Buffer'] = resp['Buffer'] 1450 req['Buffer']['Name']['FullName'] = 'BETO' 1451 resp = dce.request(req) 1452 resp.dump() 1453 1454 resp = dce.request(request) 1455 resp.dump() 1456 1457 self.assertTrue( 'BETO' == resp['Buffer']['Name']['FullName']) 1458 1459 req['Buffer']['Name']['FullName'] = oldData 1460 resp = dce.request(req) 1461 resp.dump() 1462 1463 ################################################################################ 1464 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountNameInformation 1465 #request.dump() 1466 resp = dce.request(request) 1467 resp.dump() 1468 1469 oldData = resp['Buffer']['AccountName']['UserName'] 1470 1471 req = samr.SamrSetInformationUser2() 1472 req['UserHandle'] = userHandle 1473 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountNameInformation 1474 req['Buffer'] = resp['Buffer'] 1475 req['Buffer']['AccountName']['UserName'] = 'BETUS' 1476 resp = dce.request(req) 1477 resp.dump() 1478 1479 resp = dce.request(request) 1480 resp.dump() 1481 1482 self.assertTrue( 'BETUS' == resp['Buffer']['AccountName']['UserName']) 1483 1484 req['Buffer']['AccountName']['UserName'] = oldData 1485 resp = dce.request(req) 1486 resp.dump() 1487 1488 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserFullNameInformation 1489 #request.dump() 1490 resp = dce.request(request) 1491 resp.dump() 1492 1493 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPrimaryGroupInformation 1494 #request.dump() 1495 resp = dce.request(request) 1496 resp.dump() 1497 1498 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserHomeInformation 1499 #request.dump() 1500 resp = dce.request(request) 1501 resp.dump() 1502 1503 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserScriptInformation 1504 #request.dump() 1505 resp = dce.request(request) 1506 resp.dump() 1507 1508 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserProfileInformation 1509 #request.dump() 1510 resp = dce.request(request) 1511 resp.dump() 1512 1513 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAdminCommentInformation 1514 #request.dump() 1515 resp = dce.request(request) 1516 resp.dump() 1517 1518 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserWorkStationsInformation 1519 #request.dump() 1520 resp = dce.request(request) 1521 resp.dump() 1522 1523 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserControlInformation 1524 #request.dump() 1525 resp = dce.request(request) 1526 resp.dump() 1527 1528 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserExpiresInformation 1529 #request.dump() 1530 resp = dce.request(request) 1531 resp.dump() 1532 1533 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal1Information 1534 #request.dump() 1535 try: 1536 resp = dce.request(request) 1537 resp.dump() 1538 except Exception, e: 1539 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1540 raise 1541 pass 1542 1543 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserParametersInformation 1544 #request.dump() 1545 resp = dce.request(request) 1546 resp.dump() 1547 1548 ################################################################################ 1549 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAllInformation 1550 #request.dump() 1551 resp = dce.request(request) 1552 resp.dump() 1553 1554 ################################################################################ 1555 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4Information 1556 #request.dump() 1557 try: 1558 resp = dce.request(request) 1559 resp.dump() 1560 except Exception, e: 1561 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1562 raise 1563 pass 1564 1565 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5Information 1566 #request.dump() 1567 try: 1568 resp = dce.request(request) 1569 resp.dump() 1570 except Exception, e: 1571 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1572 raise 1573 pass 1574 1575 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4InformationNew 1576 #request.dump() 1577 try: 1578 resp = dce.request(request) 1579 resp.dump() 1580 except Exception, e: 1581 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1582 raise 1583 pass 1584 1585 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5InformationNew 1586 #request.dump() 1587 try: 1588 resp = dce.request(request) 1589 resp.dump() 1590 except Exception, e: 1591 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1592 raise 1593 pass 1594 1595 def test_hSamrQueryInformationUser2_hSamrSetInformationUser2(self): 1596 dce, rpctransport, domainHandle = self.connect() 1597 desiredAccess = \ 1598 samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_WRITE_PREFERENCES | samr.USER_READ_LOGON \ 1599 | samr.USER_READ_ACCOUNT | samr.USER_WRITE_ACCOUNT | samr.USER_CHANGE_PASSWORD | samr.USER_FORCE_PASSWORD_CHANGE \ 1600 | samr.USER_LIST_GROUPS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION | samr.USER_ALL_ACCESS \ 1601 | samr.USER_READ | samr.USER_WRITE | samr.USER_EXECUTE 1602 resp = samr.hSamrOpenUser(dce, domainHandle, desiredAccess, samr.DOMAIN_USER_RID_ADMIN ) 1603 resp.dump() 1604 userHandle = resp['UserHandle'] 1605 1606 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserGeneralInformation) 1607 resp.dump() 1608 ################################################################################ 1609 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserPreferencesInformation) 1610 resp.dump() 1611 oldData = resp['Buffer']['Preferences']['UserComment'] 1612 1613 resp['Buffer']['Preferences']['UserComment'] = 'BETO' 1614 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1615 resp.dump() 1616 1617 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserPreferencesInformation) 1618 resp.dump() 1619 1620 self.assertTrue( 'BETO' == resp['Buffer']['Preferences']['UserComment']) 1621 1622 resp['Buffer']['Preferences']['UserComment'] = oldData 1623 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1624 resp.dump() 1625 1626 ################################################################################ 1627 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserLogonInformation) 1628 resp.dump() 1629 1630 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserLogonHoursInformation) 1631 resp.dump() 1632 1633 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAccountInformation) 1634 resp.dump() 1635 1636 ################################################################################ 1637 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserNameInformation) 1638 resp.dump() 1639 oldData = resp['Buffer']['Name']['FullName'] 1640 1641 resp['Buffer']['Name']['FullName'] = 'BETO' 1642 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1643 resp.dump() 1644 1645 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserNameInformation) 1646 resp.dump() 1647 1648 self.assertTrue( 'BETO' == resp['Buffer']['Name']['FullName']) 1649 1650 resp['Buffer']['Name']['FullName'] = oldData 1651 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1652 resp.dump() 1653 1654 ################################################################################ 1655 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAccountNameInformation) 1656 resp.dump() 1657 1658 oldData = resp['Buffer']['AccountName']['UserName'] 1659 1660 resp['Buffer']['AccountName']['UserName'] = 'BETUS' 1661 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1662 resp.dump() 1663 1664 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAccountNameInformation) 1665 resp.dump() 1666 1667 self.assertTrue( 'BETUS' == resp['Buffer']['AccountName']['UserName']) 1668 1669 resp['Buffer']['AccountName']['UserName'] = oldData 1670 resp = samr.hSamrSetInformationUser2(dce, userHandle, resp['Buffer']) 1671 resp.dump() 1672 1673 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserFullNameInformation) 1674 resp.dump() 1675 1676 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserPrimaryGroupInformation) 1677 resp.dump() 1678 1679 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserHomeInformation) 1680 resp.dump() 1681 1682 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserScriptInformation) 1683 resp.dump() 1684 1685 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserProfileInformation) 1686 resp.dump() 1687 1688 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAdminCommentInformation) 1689 resp.dump() 1690 1691 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserWorkStationsInformation) 1692 resp.dump() 1693 1694 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserControlInformation) 1695 resp.dump() 1696 1697 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserExpiresInformation) 1698 resp.dump() 1699 1700 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserParametersInformation) 1701 resp.dump() 1702 1703 1704 ################################################################################ 1705 resp = samr.hSamrQueryInformationUser2(dce, userHandle,samr.USER_INFORMATION_CLASS.UserAllInformation) 1706 resp.dump() 1707 1708 def test_SamrQueryInformationUser_SamrSetInformationUser(self): 1709 dce, rpctransport, domainHandle = self.connect() 1710 request = samr.SamrOpenUser() 1711 request['DomainHandle'] = domainHandle 1712 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT | samr.USER_ALL_ACCESS | samr.USER_READ 1713 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 1714 resp = dce.request(request) 1715 resp.dump() 1716 1717 request = samr.SamrQueryInformationUser() 1718 request['UserHandle'] = resp['UserHandle'] 1719 userHandle = resp['UserHandle'] 1720 1721 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserGeneralInformation 1722 #request.dump() 1723 resp = dce.request(request) 1724 resp.dump() 1725 1726 ################################################################################ 1727 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1728 #request.dump() 1729 resp = dce.request(request) 1730 resp.dump() 1731 oldData = resp['Buffer']['Preferences']['UserComment'] 1732 1733 req = samr.SamrSetInformationUser() 1734 req['UserHandle'] = userHandle 1735 req['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPreferencesInformation 1736 req['Buffer'] = resp['Buffer'] 1737 req['Buffer']['Preferences']['UserComment'] = 'BETO' 1738 resp = dce.request(req) 1739 resp.dump() 1740 1741 resp = dce.request(request) 1742 resp.dump() 1743 1744 self.assertTrue( 'BETO' == resp['Buffer']['Preferences']['UserComment']) 1745 1746 req['Buffer']['Preferences']['UserComment'] = oldData 1747 resp = dce.request(req) 1748 resp.dump() 1749 1750 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonInformation 1751 #request.dump() 1752 resp = dce.request(request) 1753 resp.dump() 1754 1755 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserLogonHoursInformation 1756 #request.dump() 1757 resp = dce.request(request) 1758 resp.dump() 1759 1760 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountInformation 1761 #request.dump() 1762 resp = dce.request(request) 1763 resp.dump() 1764 1765 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserNameInformation 1766 #request.dump() 1767 resp = dce.request(request) 1768 resp.dump() 1769 1770 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAccountNameInformation 1771 #request.dump() 1772 resp = dce.request(request) 1773 resp.dump() 1774 1775 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserFullNameInformation 1776 #request.dump() 1777 resp = dce.request(request) 1778 resp.dump() 1779 1780 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserPrimaryGroupInformation 1781 #request.dump() 1782 resp = dce.request(request) 1783 resp.dump() 1784 1785 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserHomeInformation 1786 #request.dump() 1787 resp = dce.request(request) 1788 resp.dump() 1789 1790 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserScriptInformation 1791 #request.dump() 1792 resp = dce.request(request) 1793 resp.dump() 1794 1795 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserProfileInformation 1796 #request.dump() 1797 resp = dce.request(request) 1798 resp.dump() 1799 1800 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAdminCommentInformation 1801 #request.dump() 1802 resp = dce.request(request) 1803 resp.dump() 1804 1805 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserWorkStationsInformation 1806 #request.dump() 1807 resp = dce.request(request) 1808 resp.dump() 1809 1810 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserControlInformation 1811 #request.dump() 1812 resp = dce.request(request) 1813 resp.dump() 1814 1815 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserExpiresInformation 1816 #request.dump() 1817 resp = dce.request(request) 1818 resp.dump() 1819 1820 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal1Information 1821 #request.dump() 1822 try: 1823 resp = dce.request(request) 1824 resp.dump() 1825 except Exception, e: 1826 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1827 raise 1828 pass 1829 1830 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserParametersInformation 1831 #request.dump() 1832 resp = dce.request(request) 1833 resp.dump() 1834 1835 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserAllInformation 1836 #request.dump() 1837 resp = dce.request(request) 1838 resp.dump() 1839 1840 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4Information 1841 #request.dump() 1842 try: 1843 resp = dce.request(request) 1844 resp.dump() 1845 except Exception, e: 1846 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1847 raise 1848 pass 1849 1850 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5Information 1851 #request.dump() 1852 try: 1853 resp = dce.request(request) 1854 resp.dump() 1855 except Exception, e: 1856 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1857 raise 1858 pass 1859 1860 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal4InformationNew 1861 #request.dump() 1862 try: 1863 resp = dce.request(request) 1864 resp.dump() 1865 except Exception, e: 1866 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1867 raise 1868 pass 1869 1870 request['UserInformationClass'] = samr.USER_INFORMATION_CLASS.UserInternal5InformationNew 1871 #request.dump() 1872 try: 1873 resp = dce.request(request) 1874 resp.dump() 1875 except Exception, e: 1876 if str(e).find('STATUS_INVALID_INFO_CLASS') < 0: 1877 raise 1878 pass 1879 1880 def test_SamrAddMemberToGroup_SamrRemoveMemberFromGroup(self): 1881 dce, rpctransport, domainHandle = self.connect() 1882 request = samr.SamrConnect() 1883 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1884 request['ServerName'] = u'BETO\x00' 1885 resp = dce.request(request) 1886 request = samr.SamrOpenGroup() 1887 request['DomainHandle'] = domainHandle 1888 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1889 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1890 try: 1891 resp = dce.request(request) 1892 resp.dump() 1893 except Exception, e: 1894 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1895 raise 1896 request = samr.SamrRemoveMemberFromGroup() 1897 request['GroupHandle'] = resp['GroupHandle'] 1898 request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN 1899 try: 1900 resp2 = dce.request(request) 1901 resp2.dump() 1902 except Exception, e: 1903 if str(e).find('STATUS_MEMBERS_PRIMARY_GROUP') < 0: 1904 raise 1905 request = samr.SamrAddMemberToGroup() 1906 request['GroupHandle'] = resp['GroupHandle'] 1907 request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN 1908 request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT 1909 try: 1910 resp2 = dce.request(request) 1911 resp2.dump() 1912 except Exception, e: 1913 if str(e).find('STATUS_MEMBER_IN_GROUP') < 0: 1914 raise 1915 1916 def test_hSamrAddMemberToGroup_hSamrRemoveMemberFromGroup(self): 1917 dce, rpctransport, domainHandle = self.connect() 1918 request = samr.SamrConnect() 1919 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1920 request['ServerName'] = u'BETO\x00' 1921 resp = dce.request(request) 1922 request = samr.SamrOpenGroup() 1923 request['DomainHandle'] = domainHandle 1924 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1925 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1926 try: 1927 resp = dce.request(request) 1928 resp.dump() 1929 except Exception, e: 1930 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1931 raise 1932 try: 1933 resp2 = samr.hSamrRemoveMemberFromGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN) 1934 resp2.dump() 1935 except Exception, e: 1936 if str(e).find('STATUS_MEMBERS_PRIMARY_GROUP') < 0: 1937 raise 1938 try: 1939 resp2= samr.hSamrAddMemberToGroup(dce, resp['GroupHandle'] ,samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT) 1940 resp2.dump() 1941 except Exception, e: 1942 if str(e).find('STATUS_MEMBER_IN_GROUP') < 0: 1943 raise 1944 1945 def test_SamrGetMembersInGroup(self): 1946 dce, rpctransport, domainHandle = self.connect() 1947 request = samr.SamrOpenGroup() 1948 request['DomainHandle'] = domainHandle 1949 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1950 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1951 try: 1952 resp = dce.request(request) 1953 resp.dump() 1954 except Exception, e: 1955 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1956 raise 1957 1958 request = samr.SamrGetMembersInGroup() 1959 request['GroupHandle'] = resp['GroupHandle'] 1960 resp = dce.request(request) 1961 resp.dump() 1962 1963 def test_hSamrGetMembersInGroup(self): 1964 dce, rpctransport, domainHandle = self.connect() 1965 request = samr.SamrOpenGroup() 1966 request['DomainHandle'] = domainHandle 1967 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 1968 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 1969 try: 1970 resp = dce.request(request) 1971 resp.dump() 1972 except Exception, e: 1973 if str(e).find('STATUS_NO_SUCH_DOMAIN') < 0: 1974 raise 1975 1976 resp = samr.hSamrGetMembersInGroup(dce, resp['GroupHandle']) 1977 resp.dump() 1978 1979 def test_SamrGetMembersInAlias(self): 1980 dce, rpctransport, domainHandle = self.connect() 1981 request = samr.SamrEnumerateAliasesInDomain() 1982 request['DomainHandle'] = domainHandle 1983 request['EnumerationContext'] = 0 1984 request['PreferedMaximumLength'] = 500 1985 status = nt_errors.STATUS_MORE_ENTRIES 1986 while status == nt_errors.STATUS_MORE_ENTRIES: 1987 try: 1988 resp4 = dce.request(request) 1989 except Exception, e: 1990 if str(e).find('STATUS_MORE_ENTRIES') < 0: 1991 raise 1992 resp4 = e.get_packet() 1993 resp4['Buffer'].dump() 1994 request['EnumerationContext'] = resp4['EnumerationContext'] 1995 status = resp4['ErrorCode'] 1996 1997 request = samr.SamrOpenAlias() 1998 request['DomainHandle'] = domainHandle 1999 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2000 request['AliasId'] = resp4['Buffer']['Buffer'][0]['RelativeId'] 2001 resp = dce.request(request) 2002 resp.dump() 2003 2004 request = samr.SamrGetMembersInAlias() 2005 request['AliasHandle'] = resp['AliasHandle'] 2006 resp = dce.request(request) 2007 resp.dump() 2008 2009 def test_hSamrGetMembersInAlias(self): 2010 dce, rpctransport, domainHandle = self.connect() 2011 request = samr.SamrEnumerateAliasesInDomain() 2012 request['DomainHandle'] = domainHandle 2013 request['EnumerationContext'] = 0 2014 request['PreferedMaximumLength'] = 500 2015 status = nt_errors.STATUS_MORE_ENTRIES 2016 while status == nt_errors.STATUS_MORE_ENTRIES: 2017 try: 2018 resp4 = dce.request(request) 2019 except Exception, e: 2020 if str(e).find('STATUS_MORE_ENTRIES') < 0: 2021 raise 2022 resp4 = e.get_packet() 2023 resp4['Buffer'].dump() 2024 request['EnumerationContext'] = resp4['EnumerationContext'] 2025 status = resp4['ErrorCode'] 2026 2027 request = samr.SamrOpenAlias() 2028 request['DomainHandle'] = domainHandle 2029 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2030 request['AliasId'] = resp4['Buffer']['Buffer'][0]['RelativeId'] 2031 resp = dce.request(request) 2032 resp.dump() 2033 2034 resp = samr.hSamrGetMembersInAlias(dce, resp['AliasHandle']) 2035 resp.dump() 2036 2037 def test_SamrAddMemberToAlias_SamrRemoveMemberFromAlias(self): 2038 dce, rpctransport, domainHandle = self.connect() 2039 request = samr.SamrCreateAliasInDomain() 2040 request['DomainHandle'] = domainHandle 2041 request['AccountName'] = 'testGroup' 2042 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2043 #request.dump() 2044 resp = dce.request(request) 2045 aliasHandle = resp['AliasHandle'] 2046 relativeId = resp['RelativeId'] 2047 resp.dump() 2048 2049 request = samr.SamrRidToSid() 2050 request['ObjectHandle'] = domainHandle 2051 request['Rid'] = relativeId 2052 resp3 = dce.request(request) 2053 resp3.dump() 2054 2055 # Let's extract the SID and remove the RID from one entry 2056 sp = resp3['Sid'].formatCanonical() 2057 domainID = '-'.join(sp.split('-')[:-1]) 2058 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2059 2060 sid = samr.RPC_SID() 2061 sid.fromCanonical(adminSID) 2062 2063 request = samr.SamrAddMemberToAlias() 2064 request['AliasHandle'] = aliasHandle 2065 request['MemberId'] = sid 2066 resp2 = dce.request(request) 2067 resp2.dump() 2068 2069 request = samr.SamrRemoveMemberFromAlias() 2070 request['AliasHandle'] = aliasHandle 2071 request['MemberId'] = sid 2072 resp2 = dce.request(request) 2073 resp2.dump() 2074 2075 request = samr.SamrDeleteAlias() 2076 request['AliasHandle'] = aliasHandle 2077 resp = dce.request(request) 2078 2079 def test_hSamrAddMemberToAlias_hSamrRemoveMemberFromAlias(self): 2080 dce, rpctransport, domainHandle = self.connect() 2081 resp = samr.hSamrCreateAliasInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 2082 resp.dump() 2083 aliasHandle = resp['AliasHandle'] 2084 relativeId = resp['RelativeId'] 2085 resp.dump() 2086 2087 request = samr.SamrRidToSid() 2088 request['ObjectHandle'] = domainHandle 2089 request['Rid'] = relativeId 2090 resp3 = dce.request(request) 2091 resp3.dump() 2092 2093 # Let's extract the SID and remove the RID from one entry 2094 sp = resp3['Sid'].formatCanonical() 2095 domainID = '-'.join(sp.split('-')[:-1]) 2096 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2097 2098 sid = samr.RPC_SID() 2099 sid.fromCanonical(adminSID) 2100 2101 resp2 = samr.hSamrAddMemberToAlias(dce, aliasHandle, sid) 2102 resp2.dump() 2103 2104 resp2 = samr.hSamrRemoveMemberFromAlias(dce, aliasHandle, sid) 2105 resp2.dump() 2106 2107 resp = samr.hSamrDeleteAlias(dce, aliasHandle) 2108 resp.dump() 2109 2110 2111 def test_SamrAddMultipleMembersToAlias_SamrRemoveMultipleMembersFromAliass(self): 2112 dce, rpctransport, domainHandle = self.connect() 2113 request = samr.SamrCreateAliasInDomain() 2114 request['DomainHandle'] = domainHandle 2115 request['AccountName'] = 'testGroup' 2116 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2117 #request.dump() 2118 resp = dce.request(request) 2119 aliasHandle = resp['AliasHandle'] 2120 relativeId = resp['RelativeId'] 2121 resp.dump() 2122 2123 request = samr.SamrRidToSid() 2124 request['ObjectHandle'] = domainHandle 2125 request['Rid'] = relativeId 2126 resp3 = dce.request(request) 2127 resp3.dump() 2128 2129 # Let's extract the SID and remove the RID from one entry 2130 sp = resp3['Sid'].formatCanonical() 2131 domainID = '-'.join(sp.split('-')[:-1]) 2132 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2133 2134 sid = samr.RPC_SID() 2135 sid.fromCanonical(adminSID) 2136 2137 sid = samr.RPC_SID() 2138 sid.fromCanonical(adminSID) 2139 2140 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2141 2142 sid1 = samr.RPC_SID() 2143 sid1.fromCanonical(adminSID) 2144 2145 sid2 = samr.RPC_SID() 2146 sid2.fromCanonical(guestSID) 2147 2148 si = samr.PSAMPR_SID_INFORMATION() 2149 si['SidPointer'] = sid1 2150 2151 si2 = samr.PSAMPR_SID_INFORMATION() 2152 si2['SidPointer'] = sid2 2153 2154 request = samr.SamrAddMultipleMembersToAlias() 2155 request['AliasHandle'] = aliasHandle 2156 request['MembersBuffer']['Count'] = 2 2157 request['MembersBuffer']['Sids'].append(si) 2158 request['MembersBuffer']['Sids'].append(si2) 2159 #request.dump() 2160 resp2 = dce.request(request) 2161 resp2.dump() 2162 2163 request = samr.SamrRemoveMultipleMembersFromAlias() 2164 request['AliasHandle'] = resp['AliasHandle'] 2165 request['MembersBuffer']['Count'] = 2 2166 request['MembersBuffer']['Sids'].append(si) 2167 request['MembersBuffer']['Sids'].append(si2) 2168 resp2 = dce.request(request) 2169 resp2.dump() 2170 2171 request = samr.SamrDeleteAlias() 2172 request['AliasHandle'] = aliasHandle 2173 resp = dce.request(request) 2174 2175 def test_hSamrAddMultipleMembersToAlias_hSamrRemoveMultipleMembersFromAliass(self): 2176 dce, rpctransport, domainHandle = self.connect() 2177 #resp = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 2178 #resp = samr.hSamrOpenAlias(dce, domainHandle, samr.DELETE, 1257) 2179 #resp = samr.hSamrDeleteAlias(dce, resp['AliasHandle']) 2180 resp = samr.hSamrCreateAliasInDomain(dce, domainHandle, 'testGroup', samr.GROUP_ALL_ACCESS | samr.DELETE) 2181 aliasHandle = resp['AliasHandle'] 2182 relativeId = resp['RelativeId'] 2183 resp.dump() 2184 2185 request = samr.SamrRidToSid() 2186 request['ObjectHandle'] = domainHandle 2187 request['Rid'] = relativeId 2188 resp3 = dce.request(request) 2189 resp3.dump() 2190 2191 # Let's extract the SID and remove the RID from one entry 2192 sp = resp3['Sid'].formatCanonical() 2193 domainID = '-'.join(sp.split('-')[:-1]) 2194 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2195 2196 sid = samr.RPC_SID() 2197 sid.fromCanonical(adminSID) 2198 2199 sid = samr.RPC_SID() 2200 sid.fromCanonical(adminSID) 2201 2202 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2203 2204 sid1 = samr.RPC_SID() 2205 sid1.fromCanonical(adminSID) 2206 2207 sid2 = samr.RPC_SID() 2208 sid2.fromCanonical(guestSID) 2209 2210 si = samr.PSAMPR_SID_INFORMATION() 2211 si['SidPointer'] = sid1 2212 2213 si2 = samr.PSAMPR_SID_INFORMATION() 2214 si2['SidPointer'] = sid2 2215 2216 sidArray = samr.SAMPR_PSID_ARRAY() 2217 sidArray['Sids'].append(si) 2218 sidArray['Sids'].append(si2) 2219 2220 resp = samr.hSamrAddMultipleMembersToAlias(dce, aliasHandle, sidArray) 2221 resp.dump() 2222 2223 resp = samr.hSamrRemoveMultipleMembersFromAlias(dce, aliasHandle, sidArray) 2224 resp.dump() 2225 2226 request = samr.SamrDeleteAlias() 2227 request['AliasHandle'] = aliasHandle 2228 resp = dce.request(request) 2229 2230 2231 def test_SamrRemoveMemberFromForeignDomain(self): 2232 dce, rpctransport, domainHandle = self.connect() 2233 2234 request = samr.SamrCreateAliasInDomain() 2235 request['DomainHandle'] = domainHandle 2236 request['AccountName'] = 'testGroup' 2237 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2238 #request.dump() 2239 resp = dce.request(request) 2240 aliasHandle = resp['AliasHandle'] 2241 relativeId = resp['RelativeId'] 2242 resp.dump() 2243 2244 request = samr.SamrRidToSid() 2245 request['ObjectHandle'] = domainHandle 2246 request['Rid'] = relativeId 2247 resp3 = dce.request(request) 2248 resp3.dump() 2249 2250 # Let's extract the SID and remove the RID from one entry 2251 sp = resp3['Sid'].formatCanonical() 2252 domainID = '-'.join(sp.split('-')[:-1]) 2253 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2254 2255 request = samr.SamrRemoveMemberFromForeignDomain() 2256 request['DomainHandle'] = domainHandle 2257 request['MemberSid'].fromCanonical(adminSID) 2258 try: 2259 resp = dce.request(request) 2260 resp.dump() 2261 except Exception, e: 2262 if str(e).find('STATUS_SPECIAL_ACCOUNT') < 0: 2263 raise 2264 2265 request = samr.SamrDeleteAlias() 2266 request['AliasHandle'] = aliasHandle 2267 resp = dce.request(request) 2268 2269 def test_hSamrRemoveMemberFromForeignDomain(self): 2270 dce, rpctransport, domainHandle = self.connect() 2271 request = samr.SamrCreateAliasInDomain() 2272 request['DomainHandle'] = domainHandle 2273 request['AccountName'] = 'testGroup' 2274 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2275 #request.dump() 2276 resp = dce.request(request) 2277 aliasHandle = resp['AliasHandle'] 2278 relativeId = resp['RelativeId'] 2279 resp.dump() 2280 2281 request = samr.SamrRidToSid() 2282 request['ObjectHandle'] = domainHandle 2283 request['Rid'] = relativeId 2284 resp3 = dce.request(request) 2285 resp3.dump() 2286 2287 # Let's extract the SID and remove the RID from one entry 2288 sp = resp3['Sid'].formatCanonical() 2289 domainID = '-'.join(sp.split('-')[:-1]) 2290 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2291 sid = samr.RPC_SID() 2292 sid.fromCanonical(adminSID) 2293 try: 2294 resp= samr.hSamrRemoveMemberFromForeignDomain(dce, domainHandle, sid) 2295 resp = dce.request(request) 2296 resp.dump() 2297 except Exception, e: 2298 if str(e).find('STATUS_SPECIAL_ACCOUNT') < 0: 2299 raise 2300 2301 request = samr.SamrDeleteAlias() 2302 request['AliasHandle'] = aliasHandle 2303 resp = dce.request(request) 2304 2305 def test_SamrGetAliasMembership(self): 2306 dce, rpctransport, domainHandle = self.connect() 2307 request = samr.SamrCreateAliasInDomain() 2308 request['DomainHandle'] = domainHandle 2309 request['AccountName'] = 'testGroup' 2310 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2311 #request.dump() 2312 resp = dce.request(request) 2313 aliasHandle = resp['AliasHandle'] 2314 relativeId = resp['RelativeId'] 2315 resp.dump() 2316 2317 request = samr.SamrRidToSid() 2318 request['ObjectHandle'] = domainHandle 2319 request['Rid'] = relativeId 2320 resp3 = dce.request(request) 2321 resp3.dump() 2322 2323 # Let's extract the SID and remove the RID from one entry 2324 sp = resp3['Sid'].formatCanonical() 2325 domainID = '-'.join(sp.split('-')[:-1]) 2326 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2327 2328 sid = samr.RPC_SID() 2329 sid.fromCanonical(adminSID) 2330 2331 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2332 2333 sid1 = samr.RPC_SID() 2334 sid1.fromCanonical(adminSID) 2335 2336 sid2 = samr.RPC_SID() 2337 sid2.fromCanonical(guestSID) 2338 2339 si = samr.PSAMPR_SID_INFORMATION() 2340 si['SidPointer'] = sid1 2341 2342 si2 = samr.PSAMPR_SID_INFORMATION() 2343 si2['SidPointer'] = sid2 2344 2345 2346 request = samr.SamrGetAliasMembership() 2347 request['DomainHandle'] = domainHandle 2348 request['SidArray']['Count'] = 2 2349 request['SidArray']['Sids'].append(si) 2350 request['SidArray']['Sids'].append(si2) 2351 resp = dce.request(request) 2352 resp.dump() 2353 2354 request = samr.SamrDeleteAlias() 2355 request['AliasHandle'] = aliasHandle 2356 resp = dce.request(request) 2357 2358 def test_hSamrGetAliasMembership(self): 2359 dce, rpctransport, domainHandle = self.connect() 2360 #resp = samr.hSamrEnumerateAliasesInDomain(dce, domainHandle) 2361 #resp = samr.hSamrOpenAlias(dce, domainHandle, samr.DELETE, 1268) 2362 #resp = samr.hSamrDeleteAlias(dce, resp['AliasHandle']) 2363 2364 request = samr.SamrCreateAliasInDomain() 2365 request['DomainHandle'] = domainHandle 2366 request['AccountName'] = 'testGroup' 2367 request['DesiredAccess'] = samr.GROUP_ALL_ACCESS | samr.DELETE 2368 #request.dump() 2369 resp = dce.request(request) 2370 aliasHandle = resp['AliasHandle'] 2371 relativeId = resp['RelativeId'] 2372 resp.dump() 2373 2374 request = samr.SamrRidToSid() 2375 request['ObjectHandle'] = domainHandle 2376 request['Rid'] = relativeId 2377 resp3 = dce.request(request) 2378 resp3.dump() 2379 2380 # Let's extract the SID and remove the RID from one entry 2381 sp = resp3['Sid'].formatCanonical() 2382 domainID = '-'.join(sp.split('-')[:-1]) 2383 adminSID = domainID + '-%d' % samr.DOMAIN_USER_RID_ADMIN 2384 2385 sid = samr.RPC_SID() 2386 sid.fromCanonical(adminSID) 2387 2388 guestSID = domainID + '-%d' % samr.DOMAIN_USER_RID_GUEST 2389 2390 sid1 = samr.RPC_SID() 2391 sid1.fromCanonical(adminSID) 2392 2393 sid2 = samr.RPC_SID() 2394 sid2.fromCanonical(guestSID) 2395 2396 si = samr.PSAMPR_SID_INFORMATION() 2397 si['SidPointer'] = sid1 2398 2399 si2 = samr.PSAMPR_SID_INFORMATION() 2400 si2['SidPointer'] = sid2 2401 2402 sidsArray = samr.SAMPR_PSID_ARRAY() 2403 sidsArray['Sids'].append(si) 2404 sidsArray['Sids'].append(si2) 2405 2406 try: 2407 resp = samr.hSamrGetAliasMembership(dce, domainHandle, sidsArray) 2408 resp.dump() 2409 except Exception, e: 2410 request = samr.SamrDeleteAlias() 2411 request['AliasHandle'] = aliasHandle 2412 resp = dce.request(request) 2413 raise 2414 2415 request = samr.SamrDeleteAlias() 2416 request['AliasHandle'] = aliasHandle 2417 resp = dce.request(request) 2418 2419 def test_SamrSetMemberAttributesOfGroup(self): 2420 dce, rpctransport, domainHandle = self.connect() 2421 request = samr.SamrConnect() 2422 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2423 request['ServerName'] = u'BETO\x00' 2424 resp = dce.request(request) 2425 request = samr.SamrOpenGroup() 2426 request['DomainHandle'] = domainHandle 2427 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2428 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 2429 resp = dce.request(request) 2430 2431 request = samr.SamrSetMemberAttributesOfGroup() 2432 request['GroupHandle'] = resp['GroupHandle'] 2433 request['MemberId'] = samr.DOMAIN_USER_RID_ADMIN 2434 request['Attributes'] = samr.SE_GROUP_ENABLED_BY_DEFAULT 2435 resp = dce.request(request) 2436 resp.dump() 2437 2438 def test_hSamrSetMemberAttributesOfGroup(self): 2439 dce, rpctransport, domainHandle = self.connect() 2440 request = samr.SamrConnect() 2441 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2442 request['ServerName'] = u'BETO\x00' 2443 resp = dce.request(request) 2444 request = samr.SamrOpenGroup() 2445 request['DomainHandle'] = domainHandle 2446 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED 2447 request['GroupId'] = samr.DOMAIN_GROUP_RID_USERS 2448 resp = dce.request(request) 2449 2450 resp = samr.hSamrSetMemberAttributesOfGroup(dce, resp['GroupHandle'],samr.DOMAIN_USER_RID_ADMIN, samr.SE_GROUP_ENABLED_BY_DEFAULT) 2451 resp.dump() 2452 2453 2454 def test_SamrGetUserDomainPasswordInformation(self): 2455 dce, rpctransport, domainHandle = self.connect() 2456 request = samr.SamrOpenUser() 2457 request['DomainHandle'] = domainHandle 2458 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT 2459 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 2460 resp = dce.request(request) 2461 2462 request = samr.SamrGetUserDomainPasswordInformation() 2463 request['UserHandle'] = resp['UserHandle'] 2464 resp = dce.request(request) 2465 resp.dump() 2466 2467 def test_hSamrGetUserDomainPasswordInformation(self): 2468 dce, rpctransport, domainHandle = self.connect() 2469 request = samr.SamrOpenUser() 2470 request['DomainHandle'] = domainHandle 2471 request['DesiredAccess'] = samr.USER_READ_GENERAL | samr.USER_READ_PREFERENCES | samr.USER_READ_ACCOUNT 2472 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 2473 resp = dce.request(request) 2474 2475 resp = samr.hSamrGetUserDomainPasswordInformation(dce, resp['UserHandle']) 2476 resp.dump() 2477 2478 def test_SamrGetDomainPasswordInformation(self): 2479 dce, rpctransport, domainHandle = self.connect() 2480 request = samr.SamrGetDomainPasswordInformation() 2481 request['Unused'] = NULL 2482 resp = dce.request(request) 2483 resp.dump() 2484 2485 def test_hSamrGetDomainPasswordInformation(self): 2486 dce, rpctransport, domainHandle = self.connect() 2487 resp = samr.hSamrGetDomainPasswordInformation(dce) 2488 resp.dump() 2489 2490 def test_SamrRidToSid(self): 2491 dce, rpctransport, domainHandle = self.connect() 2492 request = samr.SamrRidToSid() 2493 request['ObjectHandle'] = domainHandle 2494 request['Rid'] = samr.DOMAIN_USER_RID_ADMIN 2495 resp = dce.request(request) 2496 2497 def test_hSamrRidToSid(self): 2498 dce, rpctransport, domainHandle = self.connect() 2499 resp = samr.hSamrRidToSid(dce, domainHandle, samr.DOMAIN_USER_RID_ADMIN) 2500 resp.dump() 2501 2502 def test_SamrSetDSRMPassword(self): 2503 dce, rpctransport, domainHandle = self.connect() 2504 request = samr.SamrSetDSRMPassword() 2505 request['Unused'] = NULL 2506 request['UserId'] = samr.DOMAIN_USER_RID_ADMIN 2507 request['EncryptedNtOwfPassword'] = '\x00'*16 2508 # calls made to SamrSetDSRMPassword using NCACN_IP_TCP are rejected with RPC_S_ACCESS_DENIED. 2509 try: 2510 resp = dce.request(request) 2511 except Exception, e: 2512 if self.stringBinding.find('ncacn_ip_tcp') >=0: 2513 if str(e).find('rpc_s_access_denied') < 0: 2514 raise 2515 elif str(e).find('STATUS_NOT_SUPPORTED') < 0: 2516 raise 2517 2518 def test_SamrValidatePassword(self): 2519 dce, rpctransport, domainHandle = self.connect() 2520 request = samr.SamrValidatePassword() 2521 request['ValidationType'] = samr.PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset 2522 request['InputArg']['tag'] = samr.PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset 2523 request['InputArg']['ValidatePasswordResetInput']['InputPersistedFields']['PresentFields'] = samr.SAM_VALIDATE_PASSWORD_HISTORY 2524 request['InputArg']['ValidatePasswordResetInput']['InputPersistedFields']['PasswordHistory'] = NULL 2525 request['InputArg']['ValidatePasswordResetInput']['ClearPassword'] = 'AAAAAAAAAAAAAAAA' 2526 request['InputArg']['ValidatePasswordResetInput']['UserAccountName'] = 'Administrator' 2527 kk = samr.SamrValidatePassword() 2528 kk.fromString(str(request)) 2529 try: 2530 resp = dce.request(request) 2531 resp.dump() 2532 except Exception, e: 2533 if str(e).find('rpc_s_access_denied') < 0: 2534 raise 2535 2536 def test_hSamrValidatePassword(self): 2537 dce, rpctransport, domainHandle = self.connect() 2538 inputArg = samr.SAM_VALIDATE_INPUT_ARG() 2539 inputArg['tag'] = samr.PASSWORD_POLICY_VALIDATION_TYPE.SamValidatePasswordReset 2540 inputArg['ValidatePasswordResetInput']['InputPersistedFields']['PresentFields'] = samr.SAM_VALIDATE_PASSWORD_HISTORY 2541 inputArg['ValidatePasswordResetInput']['InputPersistedFields']['PasswordHistory'] = NULL 2542 inputArg['ValidatePasswordResetInput']['ClearPassword'] = 'AAAAAAAAAAAAAAAA' 2543 inputArg['ValidatePasswordResetInput']['UserAccountName'] = 'Administrator' 2544 try: 2545 resp = samr.hSamrValidatePassword(dce, inputArg) 2546 resp.dump() 2547 except Exception, e: 2548 if str(e).find('rpc_s_access_denied') < 0: 2549 raise 2550 2551 def test_SamrQuerySecurityObject(self): 2552 dce, rpctransport, domainHandle = self.connect() 2553 request = samr.SamrQuerySecurityObject() 2554 request['ObjectHandle'] = domainHandle 2555 request['SecurityInformation'] = dtypes.OWNER_SECURITY_INFORMATION | dtypes.GROUP_SECURITY_INFORMATION | dtypes.SACL_SECURITY_INFORMATION | dtypes.DACL_SECURITY_INFORMATION 2556 resp = dce.request(request) 2557 resp.dump() 2558 2559 def test_hSamrQuerySecurityObject(self): 2560 dce, rpctransport, domainHandle = self.connect() 2561 resp = samr.hSamrQuerySecurityObject(dce, domainHandle,dtypes.OWNER_SECURITY_INFORMATION | dtypes.GROUP_SECURITY_INFORMATION | dtypes.SACL_SECURITY_INFORMATION | dtypes.DACL_SECURITY_INFORMATION) 2562 resp.dump() 2563 2564 def test_SamrSetSecurityObject(self): 2565 dce, rpctransport, domainHandle = self.connect() 2566 2567 resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,)) 2568 resp.dump() 2569 2570 resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data']) 2571 resp.dump() 2572 userHandle = resp['UserHandle'] 2573 request = samr.SamrQuerySecurityObject() 2574 request['ObjectHandle'] = userHandle 2575 request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION 2576 resp = dce.request(request) 2577 resp.dump() 2578 2579 request = samr.SamrSetSecurityObject() 2580 request['ObjectHandle'] = userHandle 2581 request['SecurityInformation'] = dtypes.GROUP_SECURITY_INFORMATION 2582 request['SecurityDescriptor'] = resp['SecurityDescriptor'] 2583 #request.dump() 2584 try: 2585 resp = dce.request(request) 2586 resp.dump() 2587 except Exception, e: 2588 if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0: 2589 raise 2590 2591 resp = samr.hSamrCloseHandle(dce, userHandle) 2592 resp.dump() 2593 2594 def test_hSamrSetSecurityObject(self): 2595 dce, rpctransport, domainHandle = self.connect() 2596 dce, rpctransport, domainHandle = self.connect() 2597 2598 resp = samr.hSamrLookupNamesInDomain(dce, domainHandle, (self.username,)) 2599 resp.dump() 2600 2601 resp = samr.hSamrOpenUser(dce, domainHandle, samr.USER_ALL_ACCESS | samr.USER_READ_GROUP_INFORMATION | samr.USER_WRITE_GROUP_INFORMATION, resp['RelativeIds']['Element'][0]['Data']) 2602 resp.dump() 2603 userHandle = resp['UserHandle'] 2604 resp = samr.hSamrQuerySecurityObject(dce, userHandle, dtypes.GROUP_SECURITY_INFORMATION) 2605 resp.dump() 2606 2607 try: 2608 resp = samr.hSamrSetSecurityObject(dce, userHandle,dtypes.GROUP_SECURITY_INFORMATION ,resp['SecurityDescriptor'] ) 2609 resp.dump() 2610 except Exception, e: 2611 if str(e).find('STATUS_BAD_DESCRIPTOR_FORMAT') <= 0: 2612 raise 2613 2614 resp = samr.hSamrCloseHandle(dce, userHandle) 2615 resp.dump() 2616 2617 2618 def test_SamrChangePasswordUser(self): 2619 dce, rpctransport, domainHandle = self.connect() 2620 2621 request = samr.SamrCreateUser2InDomain() 2622 request['DomainHandle'] = domainHandle 2623 request['Name'] = 'testAccount' 2624 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2625 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2626 #request.dump() 2627 resp0 = dce.request(request) 2628 resp0.dump() 2629 2630 oldPwd = '' 2631 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2632 newPwd = 'ADMIN' 2633 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2634 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2635 2636 from impacket import crypto 2637 request = samr.SamrChangePasswordUser() 2638 request['UserHandle'] = resp0['UserHandle'] 2639 request['LmPresent'] = 0 2640 request['OldLmEncryptedWithNewLm'] = NULL 2641 request['NewLmEncryptedWithOldLm'] = NULL 2642 request['NtPresent'] = 1 2643 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2644 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2645 request['NtCrossEncryptionPresent'] = 0 2646 request['NewNtEncryptedWithNewLm'] = NULL 2647 request['LmCrossEncryptionPresent'] = 1 2648 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2649 resp = dce.request(request) 2650 resp.dump() 2651 2652 # Delete the temp user 2653 request = samr.SamrDeleteUser() 2654 request['UserHandle'] = resp0['UserHandle'] 2655 resp = dce.request(request) 2656 resp.dump() 2657 2658 def test_hSamrChangePasswordUser(self): 2659 dce, rpctransport, domainHandle = self.connect() 2660 2661 request = samr.SamrCreateUser2InDomain() 2662 request['DomainHandle'] = domainHandle 2663 request['Name'] = 'testAccount' 2664 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2665 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2666 #request.dump() 2667 resp0 = dce.request(request) 2668 resp0.dump() 2669 2670 resp = samr.hSamrChangePasswordUser(dce, resp0['UserHandle'], '', 'ADMIN') 2671 resp.dump() 2672 2673 # Delete the temp user 2674 request = samr.SamrDeleteUser() 2675 request['UserHandle'] = resp0['UserHandle'] 2676 resp = dce.request(request) 2677 resp.dump() 2678 2679 def test_SamrOemChangePasswordUser2(self): 2680 dce, rpctransport, domainHandle = self.connect() 2681 # As you can guess by now, target machine must have the Administrator account with password admin 2682 # NOTE: It's giving me WRONG_PASSWORD 'cause the target test server doesn't hold LM Hashes 2683 # further testing is needed to verify this call works 2684 oldPwd = 'admin' 2685 oldPwdHashLM = ntlm.LMOWFv1(oldPwd) 2686 newPwd = 'ADMIN' 2687 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2688 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2689 2690 try: 2691 from Crypto.Cipher import ARC4 2692 except Exception: 2693 print "Warning: You don't have any crypto installed. You need PyCrypto" 2694 print "See http://www.pycrypto.org/" 2695 2696 from impacket import crypto 2697 request = samr.SamrOemChangePasswordUser2() 2698 request['ServerName'] = '' 2699 request['UserName'] = 'Administrator' 2700 samUser = samr.SAMPR_USER_PASSWORD() 2701 samUser['Buffer'] = 'A'*(512-len(newPwd)) + newPwd 2702 samUser['Length'] = len(newPwd) 2703 pwdBuff = str(samUser) 2704 2705 rc4 = ARC4.new(oldPwdHashLM) 2706 encBuf = rc4.encrypt(pwdBuff) 2707 request['NewPasswordEncryptedWithOldLm']['Buffer'] = encBuf 2708 request['OldLmOwfPasswordEncryptedWithNewLm'] = crypto.SamEncryptNTLMHash(oldPwdHashLM, newPwdHashLM) 2709 try: 2710 resp = dce.request(request) 2711 resp.dump() 2712 except Exception, e: 2713 if str(e).find('STATUS_WRONG_PASSWORD') < 0: 2714 raise 2715 2716 def test_SamrUnicodeChangePasswordUser2(self): 2717 dce, rpctransport, domainHandle = self.connect() 2718 2719 request = samr.SamrCreateUser2InDomain() 2720 request['DomainHandle'] = domainHandle 2721 request['Name'] = 'testAccount' 2722 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2723 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2724 #request.dump() 2725 resp0 = dce.request(request) 2726 resp0.dump() 2727 2728 oldPwd = '' 2729 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2730 newPwd = 'ADMIN' 2731 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2732 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2733 2734 from impacket import crypto 2735 request = samr.SamrChangePasswordUser() 2736 request['UserHandle'] = resp0['UserHandle'] 2737 request['LmPresent'] = 0 2738 request['OldLmEncryptedWithNewLm'] = NULL 2739 request['NewLmEncryptedWithOldLm'] = NULL 2740 request['NtPresent'] = 1 2741 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2742 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2743 request['NtCrossEncryptionPresent'] = 0 2744 request['NewNtEncryptedWithNewLm'] = NULL 2745 request['LmCrossEncryptionPresent'] = 1 2746 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2747 resp = dce.request(request) 2748 resp.dump() 2749 2750 oldPwd = 'ADMIN' 2751 oldPwdHashLM = ntlm.LMOWFv1(oldPwd) 2752 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2753 newPwd = chars = "".join( [random.choice(string.letters) for i in xrange(15)] ) 2754 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2755 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2756 2757 try: 2758 from Crypto.Cipher import ARC4 2759 except Exception: 2760 print "Warning: You don't have any crypto installed. You need PyCrypto" 2761 print "See http://www.pycrypto.org/" 2762 2763 from impacket import crypto 2764 request = samr.SamrUnicodeChangePasswordUser2() 2765 request['ServerName'] = '' 2766 request['UserName'] = 'testAccount' 2767 samUser = samr.SAMPR_USER_PASSWORD() 2768 samUser['Buffer'] = 'A'*(512-len(newPwd)*2) + newPwd.encode('utf-16le') 2769 samUser['Length'] = len(newPwd)*2 2770 pwdBuff = str(samUser) 2771 2772 rc4 = ARC4.new(oldPwdHashNT) 2773 encBuf = rc4.encrypt(pwdBuff) 2774 request['NewPasswordEncryptedWithOldNt']['Buffer'] = encBuf 2775 request['OldNtOwfPasswordEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2776 request['LmPresent'] = 0 2777 request['NewPasswordEncryptedWithOldLm'] = NULL 2778 request['OldLmOwfPasswordEncryptedWithNewNt'] = NULL 2779 2780 try: 2781 resp = dce.request(request) 2782 resp.dump() 2783 except Exception, e: 2784 if str(e).find('STATUS_PASSWORD_RESTRICTION') < 0: 2785 raise 2786 2787 # Delete the temp user 2788 request = samr.SamrDeleteUser() 2789 request['UserHandle'] = resp0['UserHandle'] 2790 resp = dce.request(request) 2791 resp.dump() 2792 2793 def test_hSamrUnicodeChangePasswordUser2(self): 2794 dce, rpctransport, domainHandle = self.connect() 2795 2796 request = samr.SamrCreateUser2InDomain() 2797 request['DomainHandle'] = domainHandle 2798 request['Name'] = 'testAccount' 2799 request['AccountType'] = samr.USER_NORMAL_ACCOUNT 2800 request['DesiredAccess'] = dtypes.MAXIMUM_ALLOWED | samr.USER_READ_GENERAL | samr.DELETE 2801 #request.dump() 2802 resp0 = dce.request(request) 2803 resp0.dump() 2804 2805 oldPwd = '' 2806 oldPwdHashNT = ntlm.NTOWFv1(oldPwd) 2807 newPwd = 'ADMIN' 2808 newPwdHashNT = ntlm.NTOWFv1(newPwd) 2809 newPwdHashLM = ntlm.LMOWFv1(newPwd) 2810 2811 from impacket import crypto 2812 request = samr.SamrChangePasswordUser() 2813 request['UserHandle'] = resp0['UserHandle'] 2814 request['LmPresent'] = 0 2815 request['OldLmEncryptedWithNewLm'] = NULL 2816 request['NewLmEncryptedWithOldLm'] = NULL 2817 request['NtPresent'] = 1 2818 request['OldNtEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(oldPwdHashNT, newPwdHashNT) 2819 request['NewNtEncryptedWithOldNt'] = crypto.SamEncryptNTLMHash(newPwdHashNT, oldPwdHashNT) 2820 request['NtCrossEncryptionPresent'] = 0 2821 request['NewNtEncryptedWithNewLm'] = NULL 2822 request['LmCrossEncryptionPresent'] = 1 2823 request['NewLmEncryptedWithNewNt'] = crypto.SamEncryptNTLMHash(newPwdHashLM, newPwdHashNT) 2824 resp = dce.request(request) 2825 resp.dump() 2826 2827 try: 2828 resp = samr.hSamrUnicodeChangePasswordUser2(dce, '', 'testAccount', 'ADMIN', 'betus') 2829 resp.dump() 2830 except Exception, e: 2831 if str(e).find('STATUS_PASSWORD_RESTRICTION') < 0: 2832 raise 2833 2834 # Delete the temp user 2835 request = samr.SamrDeleteUser() 2836 request['UserHandle'] = resp0['UserHandle'] 2837 resp = dce.request(request) 2838 resp.dump() 2839 2840class SMBTransport(SAMRTests): 2841 def setUp(self): 2842 SAMRTests.setUp(self) 2843 configFile = ConfigParser.ConfigParser() 2844 configFile.read('dcetests.cfg') 2845 self.username = configFile.get('SMBTransport', 'username') 2846 self.domain = configFile.get('SMBTransport', 'domain') 2847 self.serverName = configFile.get('SMBTransport', 'servername') 2848 self.password = configFile.get('SMBTransport', 'password') 2849 self.machine = configFile.get('SMBTransport', 'machine') 2850 self.hashes = configFile.get('SMBTransport', 'hashes') 2851 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np') 2852 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 2853 2854class TCPTransport(SAMRTests): 2855 def setUp(self): 2856 SAMRTests.setUp(self) 2857 configFile = ConfigParser.ConfigParser() 2858 configFile.read('dcetests.cfg') 2859 self.username = configFile.get('TCPTransport', 'username') 2860 self.domain = configFile.get('TCPTransport', 'domain') 2861 self.serverName = configFile.get('TCPTransport', 'servername') 2862 self.password = configFile.get('TCPTransport', 'password') 2863 self.machine = configFile.get('TCPTransport', 'machine') 2864 self.hashes = configFile.get('TCPTransport', 'hashes') 2865 #print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2866 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2867 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 2868 2869class SMBTransport64(SAMRTests): 2870 def setUp(self): 2871 SAMRTests.setUp(self) 2872 configFile = ConfigParser.ConfigParser() 2873 configFile.read('dcetests.cfg') 2874 self.username = configFile.get('SMBTransport', 'username') 2875 self.domain = configFile.get('SMBTransport', 'domain') 2876 self.serverName = configFile.get('SMBTransport', 'servername') 2877 self.password = configFile.get('SMBTransport', 'password') 2878 self.machine = configFile.get('SMBTransport', 'machine') 2879 self.hashes = configFile.get('SMBTransport', 'hashes') 2880 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_np') 2881 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 2882 2883class TCPTransport64(SAMRTests): 2884 def setUp(self): 2885 SAMRTests.setUp(self) 2886 configFile = ConfigParser.ConfigParser() 2887 configFile.read('dcetests.cfg') 2888 self.username = configFile.get('TCPTransport', 'username') 2889 self.domain = configFile.get('TCPTransport', 'domain') 2890 self.serverName = configFile.get('TCPTransport', 'servername') 2891 self.password = configFile.get('TCPTransport', 'password') 2892 self.machine = configFile.get('TCPTransport', 'machine') 2893 self.hashes = configFile.get('TCPTransport', 'hashes') 2894 #print epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2895 self.stringBinding = epm.hept_map(self.machine, samr.MSRPC_UUID_SAMR, protocol = 'ncacn_ip_tcp') 2896 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 2897 2898 2899# Process command-line arguments. 2900if __name__ == '__main__': 2901 import sys 2902 if len(sys.argv) > 1: 2903 testcase = sys.argv[1] 2904 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 2905 else: 2906 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 2907 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport)) 2908 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 2909 suite.addTests(unittest.TestLoader().loadTestsFromTestCase(TCPTransport64)) 2910 unittest.TextTestRunner(verbosity=1).run(suite) 2911