/usr/share/pyshared/impacket/dcerpc/dcom.py is in python-impacket 0.9.10-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 | # Copyright (c) 2003-2012 CORE Security Technologies
#
# This software is provided under under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# $Id: dcom.py 529 2012-04-29 21:39:46Z bethus@gmail.com $
#
import array
from impacket import ImpactPacket
from impacket import dcerpc
from impacket.dcerpc import ndrutils
from struct import *
MSRPC_UUID_REMOTE_ACTIVATION ='\xb8\x4a\x9f\x4d\x1c\x7d\xcf\x11\x86\x1e\x00\x20\xaf\x6e\x7c\x57\x00\x00\x00\x00'
MSRPC_UUID_SYSTEM_ACTIVATOR = '\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46\x00\x00\x00\x00'
class ORPCTHIS:
__SIZE = 32
def __init__(self,data=0):
self._version_hi = 5
self._version_low = 6
self._flags = 1
self._reserved1 = 0
self._cid = '\xf1\x59\xeb\x61\xfb\x1e\xd1\x11\xbc\xd9\x00\x60\x97\x92\xd2\x6c'
self._extensions = '\x60\x5e\x0d\x00'
def set_version(self, mayor, minor):
self._version_hi = mayor
self._version_low = minor
def set_cid(self, uuid):
self._cid = uuid
def rawData(self):
return pack('<HHLL', self._version_hi, self._version_low, self._flags, self._reserved1) + self._cid + self._extensions
class UnknownOpnum3RequestHeader(ImpactPacket.Header):
OP_NUM = 3
__SIZE = 48
def __init__(self, aBuffer = None):
ImpactPacket.Header.__init__(self, UnknownOpnum3RequestHeader.__SIZE)
## self.parent().set_callid(19)
self.set_bytes_from_string('\x05\x00\x06\x01\x00\x00\x00\x00' + '\x31'*32 + '\x00'*8)
if aBuffer: self.load_header(aBuffer)
def get_header_size(self):
return UnknownOpnum3RequestHeader.__SIZE
class UnknownOpnum4RequestHeader(ImpactPacket.Header):
OP_NUM = 4
__SIZE = 48
def __init__(self, aBuffer = None):
ImpactPacket.Header.__init__(self, UnknownOpnum4RequestHeader.__SIZE)
## self.parent().set_callid(19)
## self.set_bytes(self, '\x05\x00\x06\x01\x00\x00\x00\x00' + '\x31'*32 + '\x00'*8)
self.get_bytes()[:32] = array.array('B', ORPCTHIS().rawData())
self.set_cls_binuuid('\x01\x00\x00\x00\x00\x00\x00\x00\x70\x5e\x0d\x00\x02\x00\x00\x00')
if aBuffer: self.load_header(aBuffer)
def get_c_binuuid(self):
return self.get_bytes().tolist()[12:12+16]
def set_c_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[12:12+16] = array.array('B', binuuid)
def get_cls_binuuid(self):
return self.get_bytes().tolist()[32:32+16]
def set_cls_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[32:32+16] = array.array('B', binuuid)
def get_header_size(self):
return UnknownOpnum4RequestHeader.__SIZE
class RemoteActivationRequestHeader(ImpactPacket.Header):
OP_NUM = 0
__SIZE = 124
def __init__(self, aBuffer = None):
ImpactPacket.Header.__init__(self, UnknownOpnum4RequestHeader.__SIZE)
self.get_bytes()[:32] = array.array('B', ORPCTHIS().rawData())
self.set_cls_binuuid('\xbe\x1d\x8d\x47\xff\xd6\xe1\x4c\xac\x54\xaa\xd5\x4e\xf3\x45\xd3')
self.set_client_implementation_level(2)
self.set_interfaces_num(1)
self.get_bytes()[68:76] = array.array('B', '\x80\x3f\x15\x00\x01\x00\x00\x00')
self.set_pi_binuuid('\x00\x00\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00\x46')
self.get_bytes()[92:124] = array.array('B', '\x01\x00\x00\x00\x01\x00\x00\x00\x07\x00\x64\x00\x04\x00\x69\x00\x01\x00\x00\x00\x87\x03\xb2\xd6\x99\xee\xac\x65\xc7\x53\x81\xa4')
if aBuffer: self.load_header(aBuffer)
def get_c_binuuid(self):
return self.get_bytes().tolist()[12:12+16]
def set_c_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[12:12+16] = array.array('B', binuuid)
def get_cls_binuuid(self):
return self.get_bytes().tolist()[32:32+16]
def set_cls_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[32:32+16] = array.array('B', binuuid)
def get_object_name_len(self):
return self.get_word(48, '<')
def set_object_name_len(self, len):
self.set_word(48, len, '<')
def get_object_storage(self):
return self.get_word(52, '<')
def set_object_storage(self, storage):
self.set_word(52, storage, '<')
def get_client_implementation_level(self):
return self.get_long(56, '<')
def set_client_implementation_level(self, level):
self.set_long(56, level, '<')
def get_mode(self):
return self.get_long(60, '<')
def set_mode(self, mode):
self.set_long(60, mode, '<')
def get_interfaces_num(self):
return self.get_long(64, '<')
def set_interfaces_num(self, num):
self.set_long(64, num, '<')
def get_pi_binuuid(self):
return self.get_bytes().tolist()[76:76+16]
def set_pi_binuuid(self, binuuid):
assert 16 == len(binuuid)
self.get_bytes()[76:76+16] = array.array('B', binuuid)
def get_header_size(self):
return UnknownOpnum4RequestHeader.__SIZE
class DCERPCDcom:
def __init__(self, dcerpc):
self._dcerpc = dcerpc
def test(self):
request = RemoteActivationRequestHeader()
self._dcerpc.send(request)
data = self._dcerpc.recv()
return data
def test2(self):
request = UnknownOpnum3RequestHeader()
self._dcerpc.send(request)
def test_lsd(self):
request = UnknownOpnum4RequestHeader()
self._dcerpc.send(request)
|