sploutchy · April 2, 2024 05:03
diff --git a/dcomintegritycheck.py b/dcomintegritycheck.py
 from __future__ import division
 from __future__ import print_function
 import argparse
 import sys
 import logging

 from impacket import version
 from impacket.examples import logger
 from impacket.examples.utils import parse_target
 from impacket.dcerpc.v5 import transport, epm
 from impacket.dcerpc.v5.dcom import wmi
 from impacket.dcerpc.v5.dcomrt import IID_IObjectExporter, IObjectExporter
 from impacket.dcerpc.v5.rpcrt import DCERPCException, RPC_C_AUTHN_LEVEL_CONNECT, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_WINNT

 CODEC = sys.stdout.encoding

 class DCOMIntegrityCheck():
    def __init__(self, username, password, domain, addr):
        self.__username = username
        self.__password = password
        self.__domain = domain
        self.__addr = addr

    def connectDCE(self, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY):
        rpc_transport = transport.DCERPCTransportFactory("ncacn_ip_tcp:%s" % self.__addr)
        rpc_transport.set_credentials(self.__username, self.__password, self.__domain)
        dce = rpc_transport.get_dce_rpc()
        dce.set_auth_level(auth_level)
        dce.connect()
        return dce
    
    def ComplexPing(self, dce):
        dce.bind(IID_IObjectExporter)
        objExporter = IObjectExporter(dce)
        objExporter.ComplexPing()
    
    def run(self):
        try:
            dce = self.connectDCE(auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
            self.ComplexPing(dce)
            logging.info("Successfully connected to %s with authentication level RPC_C_AUTHN_LEVEL_PKT_INTEGRITY" % address)
            dce.disconnect()
        except Exception as e:
            logging.info("Error while connecting to %s, check your arguments." % address)
            logging.error(str(e))
        try:
            dce = self.connectDCE(auth_level=RPC_C_AUTHN_LEVEL_CONNECT)
            self.ComplexPing(dce)
            logging.info("Successfully connected to %s with authentication level RPC_C_AUTHN_LEVEL_CONNECT." % address)
            logging.info("Relaying to the remote server over DCOM might be possible!")
            dce.disconnect()
        except DCERPCException as e:
            if e.error_code == 0x00000005: # rpc_s_access_denied
                logging.info("Error while connecting to %s with authentication level RPC_C_AUTHN_LEVEL_CONNECT." % address)
                logging.info("Seems like the remote server is configured correctly.")
            else:
                raise e
        
 # Process command-line arguments.
 if __name__ == '__main__':
    print(version.BANNER)
    
    parser = argparse.ArgumentParser(add_help=True, description="Tries to connect to RPC without integrity.")
    parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')
    parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')

    if len(sys.argv) == 1:
        parser.print_help()
        sys.exit(1)
    options = parser.parse_args()

    if options.debug is True:
        logging.getLogger().setLevel(logging.DEBUG)
        # Print the Library's installation path
        logging.debug(version.getInstallationPath())
    else:
        logging.getLogger().setLevel(logging.INFO)
    
    domain, username, password, address = parse_target(options.target)

    if domain is None:
        domain = ''

    if password == '' and username != '':
        from getpass import getpass
        
        password = getpass("Password:")

    logger.init()
    
    executer = DCOMIntegrityCheck(username, password, domain, address)
    try:
        executer.run()
    except KeyboardInterrupt as e:
        logging.error(str(e))
    except Exception as e:
        logging.error(str(e))
        sys.exit(1)

    sys.exit(0)
	from __future__ import division
	from __future__ import print_function
	import argparse
	import sys
	import logging

	from impacket import version
	from impacket.examples import logger
	from impacket.examples.utils import parse_target
	from impacket.dcerpc.v5 import transport, epm
	from impacket.dcerpc.v5.dcom import wmi
	from impacket.dcerpc.v5.dcomrt import IID_IObjectExporter, IObjectExporter
	from impacket.dcerpc.v5.rpcrt import DCERPCException, RPC_C_AUTHN_LEVEL_CONNECT, RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_WINNT

	CODEC = sys.stdout.encoding

	class DCOMIntegrityCheck():
	def __init__(self, username, password, domain, addr):
	self.__username = username
	self.__password = password
	self.__domain = domain
	self.__addr = addr

	def connectDCE(self, auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY):
	rpc_transport = transport.DCERPCTransportFactory("ncacn_ip_tcp:%s" % self.__addr)
	rpc_transport.set_credentials(self.__username, self.__password, self.__domain)
	dce = rpc_transport.get_dce_rpc()
	dce.set_auth_level(auth_level)
	dce.connect()
	return dce

	def ComplexPing(self, dce):
	dce.bind(IID_IObjectExporter)
	objExporter = IObjectExporter(dce)
	objExporter.ComplexPing()

	def run(self):
	try:
	dce = self.connectDCE(auth_level=RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
	self.ComplexPing(dce)
	logging.info("Successfully connected to %s with authentication level RPC_C_AUTHN_LEVEL_PKT_INTEGRITY" % address)
	dce.disconnect()
	except Exception as e:
	logging.info("Error while connecting to %s, check your arguments." % address)
	logging.error(str(e))
	try:
	dce = self.connectDCE(auth_level=RPC_C_AUTHN_LEVEL_CONNECT)
	self.ComplexPing(dce)
	logging.info("Successfully connected to %s with authentication level RPC_C_AUTHN_LEVEL_CONNECT." % address)
	logging.info("Relaying to the remote server over DCOM might be possible!")
	dce.disconnect()
	except DCERPCException as e:
	if e.error_code == 0x00000005: # rpc_s_access_denied
	logging.info("Error while connecting to %s with authentication level RPC_C_AUTHN_LEVEL_CONNECT." % address)
	logging.info("Seems like the remote server is configured correctly.")
	else:
	raise e

	# Process command-line arguments.
	if __name__ == '__main__':
	print(version.BANNER)

	parser = argparse.ArgumentParser(add_help=True, description="Tries to connect to RPC without integrity.")
	parser.add_argument('target', action='store', help='[[domain/]username[:password]@]<targetName or address>')
	parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')

	if len(sys.argv) == 1:
	parser.print_help()
	sys.exit(1)
	options = parser.parse_args()

	if options.debug is True:
	logging.getLogger().setLevel(logging.DEBUG)
	# Print the Library's installation path
	logging.debug(version.getInstallationPath())
	else:
	logging.getLogger().setLevel(logging.INFO)

	domain, username, password, address = parse_target(options.target)

	if domain is None:
	domain = ''

	if password == '' and username != '':
	from getpass import getpass

	password = getpass("Password:")

	logger.init()

	executer = DCOMIntegrityCheck(username, password, domain, address)
	try:
	executer.run()
	except KeyboardInterrupt as e:
	logging.error(str(e))
	except Exception as e:
	logging.error(str(e))
	sys.exit(1)

	sys.exit(0)
No results found