diff options
Diffstat (limited to 'source3/rpcclient')
-rw-r--r-- | source3/rpcclient/cmd_lsarpc.c | 69 | ||||
-rw-r--r-- | source3/rpcclient/rpcclient.c | 1 |
2 files changed, 70 insertions, 0 deletions
diff --git a/source3/rpcclient/cmd_lsarpc.c b/source3/rpcclient/cmd_lsarpc.c index be148a7f1d..a0d60037ec 100644 --- a/source3/rpcclient/cmd_lsarpc.c +++ b/source3/rpcclient/cmd_lsarpc.c @@ -309,3 +309,72 @@ void cmd_lsa_lookup_sids(struct client_info *info) } } +/**************************************************************************** +nt lsa query +****************************************************************************/ +void cmd_lsa_query_secret(struct client_info *info) +{ + uint16 nt_pipe_fnum; + fstring srv_name; + BOOL res = True; + BOOL res1; + int i; + + POLICY_HND hnd_secret; + fstring secret_name; + unsigned char enc_secret[24]; + NTTIME last_update; + + if (!next_token(NULL, secret_name, NULL, sizeof(secret_name))) + { + fprintf(out_hnd, "querysecret <secret name>\n"); + return; + } + + fstrcpy(srv_name, "\\\\"); + fstrcat(srv_name, info->myhostname); + strupper(srv_name); + + DEBUG(4,("cmd_lsa_query_info: server:%s\n", srv_name)); + + /* open LSARPC session. */ + res = res ? cli_nt_session_open(smb_cli, PIPE_LSARPC, &nt_pipe_fnum) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_policy(smb_cli, nt_pipe_fnum, + srv_name, + &info->dom.lsa_info_pol, False) : False; + + /* lookup domain controller; receive a policy handle */ + res = res ? lsa_open_secret(smb_cli, nt_pipe_fnum, + &info->dom.lsa_info_pol, + secret_name, 0x20003, &hnd_secret) : False; + + res1 = res ? lsa_query_secret(smb_cli, nt_pipe_fnum, + &hnd_secret, enc_secret, &last_update) : False; + + res = res ? lsa_close(smb_cli, nt_pipe_fnum, &hnd_secret) : False; + + res = res ? lsa_close(smb_cli, nt_pipe_fnum, &info->dom.lsa_info_pol) : False; + + /* close the session */ + cli_nt_session_close(smb_cli, nt_pipe_fnum); + + if (res1) + { + fprintf(out_hnd, "\tValue (encrypted): "); + for (i = 0; i < 24; i++) + { + fprintf(out_hnd, "%02X", enc_secret[i]); + } + + fprintf(out_hnd, "\n\tLast Updated : %s\n\n", + http_timestring(nt_time_to_unix(&last_update))); + } + else + { + fprintf(out_hnd, "LSA Query Secret: failed\n"); + } +} + + diff --git a/source3/rpcclient/rpcclient.c b/source3/rpcclient/rpcclient.c index a9719b143b..fb520004da 100644 --- a/source3/rpcclient/rpcclient.c +++ b/source3/rpcclient/rpcclient.c @@ -140,6 +140,7 @@ struct {"enumaliases",cmd_sam_enum_aliases, "SAM Aliases Database Query (experimental!)"}, {"enumgroups", cmd_sam_enum_groups, "SAM Group Database Query (experimental!)"}, {"samgroups", cmd_sam_query_dominfo, "SAM Query Domain Info(experimental!)"}, + {"querysecret", cmd_lsa_query_secret, "LSA Query Secret (developer use)"}, {"quit", cmd_quit, "logoff the server"}, {"q", cmd_quit, "logoff the server"}, {"exit", cmd_quit, "logoff the server"}, |