1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/usr/bin/python
import dcerpc
def test_Connect(handle):
print 'testing samr_Connect'
r = {}
r['system_name'] = '\0\0'
r['access_mask'] = 0x02000000
result = dcerpc.samr_Connect(pipe, r)
dcerpc.samr_Close(pipe, result)
print 'testing samr_Connect2'
r = {}
r['system_name'] = None
r['access_mask'] = 0x02000000
result = dcerpc.samr_Connect2(pipe, r)
dcerpc.samr_Close(pipe, result)
print 'testing samr_Connect3'
r = {}
r['system_name'] = None
r['unknown'] = 0
r['access_mask'] = 0x02000000
result = dcerpc.samr_Connect3(pipe, r)
dcerpc.samr_Close(pipe, result)
print 'testing samr_Connect4'
r = {}
r['system_name'] = None
r['unknown'] = 0
r['access_mask'] = 0x02000000
result = dcerpc.samr_Connect4(pipe, r)
dcerpc.samr_Close(pipe, result)
print 'testing samr_Connect5'
r = {}
r['system_name'] = None
r['access_mask'] = 0x02000000
r['level'] = 1
r['info'] = {}
r['info']['info1'] = {}
r['info']['info1']['unknown1'] = 0
r['info']['info1']['unknown2'] = 0
result = dcerpc.samr_Connect5(pipe, r)
# Connect to server
pipe = dcerpc.pipe_connect('ncacn_np:win2k3dc',
dcerpc.DCERPC_SAMR_UUID, dcerpc.DCERPC_SAMR_VERSION,
'win2k3dom', 'administrator', 'penguin')
test_Connect(pipe)
|
