2010-03-24 16:50:50 +11:00
#!/usr/bin/env python
2004-09-23 02:21:11 +00:00
import sys, os, string
2008-05-11 05:45:49 +02:00
# Find right directory when running from source tree
sys.path.insert(0, "bin/python")
2004-09-23 02:21:11 +00:00
from cmd import Cmd
from optparse import OptionParser
2004-11-07 01:11:11 +00:00
from pprint import pprint
2004-09-23 02:21:11 +00:00
import dcerpc, samr
2005-02-06 04:34:29 +00:00
def swig2dict(obj):
"""Convert a swig object to a dictionary."""
result = {}
for attr in filter(lambda x: type(x) == str, dir(obj)):
if attr[:2] == '__' and attr[-2:] == '__':
continue
if attr == 'this' or attr == 'thisown':
continue
result[attr] = getattr(obj, attr)
return result
2004-09-23 02:21:11 +00:00
class rpcclient(Cmd):
prompt = 'rpcclient$ '
2005-05-01 01:31:23 +00:00
def __init__(self, server, cred):
2004-09-23 02:21:11 +00:00
Cmd.__init__(self)
2005-04-13 05:57:51 +00:00
self.server = server
2005-05-01 01:31:23 +00:00
self.cred = cred
2004-09-23 02:21:11 +00:00
def emptyline(self):
# Default for empty line is to repeat last command - yuck
pass
def onecmd(self, line):
# Override the onecmd() method so we can trap error returns
try:
Cmd.onecmd(self, line)
except dcerpc.NTSTATUS, arg:
print 'The command returned an error: %s' % arg[1]
# Command handlers
def do_help(self, line):
"""Displays on-line help for rpcclient commands."""
Cmd.do_help(self, line)
def do_shell(self, line):
status = os.system(line)
if os.WIFEXITED(status):
if os.WEXITSTATUS(status) != 0:
print 'Command exited with code %d' % os.WEXITSTATUS(status)
else:
print 'Command exited with signal %d' % os.WTERMSIG(status)
def do_EOF(self, line):
"""Exits rpcclient."""
print
sys.exit(0)
# SAMR pipe commands
def do_SamrEnumDomains(self, line):
"""Enumerate domain names."""
usage = 'usage: SamrEnumDomains'
if line != '':
print usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-09-23 02:21:11 +00:00
connect_handle = samr.Connect(pipe)
for i in connect_handle.EnumDomains():
print i
def do_SamrLookupDomain(self, line):
"""Return the SID for a domain."""
usage = 'SamrLookupDomain DOMAIN'
parser = OptionParser(usage)
options, args = parser.parse_args(string.split(line))
if len(args) != 1:
print 'usage:', usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-09-23 02:21:11 +00:00
connect_handle = samr.Connect(pipe)
print connect_handle.LookupDomain(args[0])
2004-11-07 01:11:11 +00:00
def do_SamrQueryDomInfo(self, line):
"""Return information about a domain designated by its SID."""
usage = 'SamrQueryDomInfo DOMAIN_SID [info_level]'
parser = OptionParser(usage)
options, args = parser.parse_args(string.split(line))
if (len(args) == 0) or (len(args) > 2):
print 'usage:', usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-11-07 01:11:11 +00:00
connect_handle = samr.Connect(pipe)
domain_handle = connect_handle.OpenDomain(args[0])
if (len(args) == 2):
result = domain_handle.QueryDomainInfo(int(args[1]))
else:
result = domain_handle.QueryDomainInfo()
2005-02-06 04:34:29 +00:00
pprint(swig2dict(result))
2004-11-07 01:11:11 +00:00
def do_SamrQueryDomInfo2(self, line):
2005-02-06 04:34:29 +00:00
"""Return information about a domain designated by its SID.
(Windows 2000 and >)"""
2004-11-07 01:11:11 +00:00
usage = 'SamrQueryDomInfo2 DOMAIN_SID [info_level] (Windows 2000 and >)'
parser = OptionParser(usage)
options, args = parser.parse_args(string.split(line))
2005-02-06 04:34:29 +00:00
if len(args) == 0 or len(args) > 2:
2004-11-07 01:11:11 +00:00
print 'usage:', usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-11-07 01:11:11 +00:00
connect_handle = samr.Connect(pipe)
domain_handle = connect_handle.OpenDomain(args[0])
if (len(args) == 2):
result = domain_handle.QueryDomainInfo2(int(args[1]))
else:
result = domain_handle.QueryDomainInfo2()
2005-02-06 04:34:29 +00:00
pprint(swig2dict(result))
2004-11-07 01:11:11 +00:00
def do_SamrEnumDomainGroups(self, line):
"""Return the list of groups of a domain designated by its SID."""
usage = 'SamrEnumDomainGroups DOMAIN_SID'
parser = OptionParser(usage)
options, args = parser.parse_args(string.split(line))
if len(args) != 1:
print 'usage:', usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-11-07 01:11:11 +00:00
connect_handle = samr.Connect(pipe)
domain_handle = connect_handle.OpenDomain(args[0])
result = domain_handle.EnumDomainGroups()
2005-02-06 04:34:29 +00:00
pprint(result)
2004-11-07 01:11:11 +00:00
def do_SamrEnumDomainAliases(self, line):
2005-02-06 04:34:29 +00:00
"""Return the list of aliases (local groups) of a domain designated
by its SID."""
2004-11-07 01:11:11 +00:00
usage = 'SamrEnumDomainAliases DOMAIN_SID'
parser = OptionParser(usage)
options, args = parser.parse_args(string.split(line))
if len(args) != 1:
print 'usage:', usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-11-07 01:11:11 +00:00
connect_handle = samr.Connect(pipe)
domain_handle = connect_handle.OpenDomain(args[0])
result = domain_handle.EnumDomainAliases()
2005-02-06 04:34:29 +00:00
pprint(result)
2004-11-07 01:11:11 +00:00
def do_SamrEnumDomainUsers(self, line):
"""Return the list of users of a domain designated by its SID."""
usage = 'SamrEnumDomainUsers DOMAIN_SID [user_account_flags]'
parser = OptionParser(usage)
options, args = parser.parse_args(string.split(line))
if (len(args) == 0) or (len(args) > 2):
print 'usage:', usage
return
pipe = dcerpc.pipe_connect(
2005-04-13 05:57:51 +00:00
'ncacn_np:%s' % self.server,
2005-02-06 04:34:29 +00:00
dcerpc.DCERPC_SAMR_UUID, int(dcerpc.DCERPC_SAMR_VERSION),
2005-05-01 01:31:23 +00:00
self.cred)
2004-11-07 01:11:11 +00:00
connect_handle = samr.Connect(pipe)
domain_handle = connect_handle.OpenDomain(args[0])
if (len(args) == 2):
result = domain_handle.EnumDomainUsers(int(args[1]))
else:
result = domain_handle.EnumDomainUsers()
2005-02-06 04:34:29 +00:00
pprint(result)
2004-11-07 01:11:11 +00:00
2004-09-23 02:21:11 +00:00
if __name__ == '__main__':
# Parse command line
2005-04-13 05:57:51 +00:00
usage = 'rpcclient SERVER [options]'
2004-09-23 02:21:11 +00:00
if len(sys.argv) == 1:
print usage
sys.exit(1)
2005-04-13 05:57:51 +00:00
server = sys.argv[1]
2004-09-23 02:21:11 +00:00
del(sys.argv[1])
parser = OptionParser(usage)
parser.add_option('-U', '--username', action='store', type='string',
help='Use given credentials when connecting',
metavar='DOMAIN\\username%password',
dest='username')
parser.add_option('-c', '--command', action='store', type='string',
help='Execute COMMAND', dest='command')
options, args = parser.parse_args()
2005-05-01 01:31:23 +00:00
# Break --username up into domain, username and password
cred = None
2004-09-23 02:21:11 +00:00
if not options.username:
options.username = '%'
domain = ''
if string.find(options.username, '\\') != -1:
domain, options.username = string.split(options.username, '\\')
password = ''
if string.find(options.username, '%') != -1:
options.username, password = string.split(options.username, '%')
username = options.username
2005-05-01 01:31:23 +00:00
if username != '':
cred = (domain, username, password)
2004-09-23 02:21:11 +00:00
# Run command loop
2005-05-01 01:31:23 +00:00
c = rpcclient(server, cred)
2004-09-23 02:21:11 +00:00
if options.command:
c.onecmd(options.command)
sys.exit(0)
while 1:
try:
c.cmdloop()
except KeyboardInterrupt:
print 'KeyboardInterrupt'