1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
import string
import dcerpc
def test_OpenPrinterEx(pipe, printer):
print 'testing spoolss_OpenPrinterEx(%s)' % printer
r = {}
r['printername'] = '\\\\win2k3dc\\%s' % printer
r['datatype'] = None
r['devmode_ctr'] = {}
r['devmode_ctr']['size'] = 0
r['devmode_ctr']['devmode'] = None
r['access_mask'] = 0x02000000
r['level'] = 1
r['userlevel'] = {}
r['userlevel']['level1'] = {}
r['userlevel']['level1']['size'] = 0
r['userlevel']['level1']['client'] = None
r['userlevel']['level1']['user'] = None
r['userlevel']['level1']['build'] = 1381
r['userlevel']['level1']['major'] = 2
r['userlevel']['level1']['minor'] = 0
r['userlevel']['level1']['processor'] = 0
result = dcerpc.spoolss_OpenPrinterEx(pipe, r)
return result['handle']
def test_ClosePrinter(pipe, handle):
r = {}
r['handle'] = handle
dcerpc.spoolss_ClosePrinter(pipe, r)
def test_GetPrinter(pipe, handle):
r = {}
r['handle'] = handle
for level in [1, 2, 3]:
r['level'] = level
r['buffer'] = None
r['buf_size'] = 0
result = dcerpc.spoolss_GetPrinter(pipe, r)
print result
if result['result'] == dcerpc.WERR_INSUFFICIENT_BUFFER:
r['buffer'] = result['buf_size'] * '\x00'
r['buf_size'] = result['buf_size']
result = dcerpc.spoolss_GetPrinter(pipe, r)
print result
def test_EnumPrinters(pipe):
print 'testing spoolss_EnumPrinters'
printer_names = None
r = {}
r['flags'] = 0x02
r['server'] = None
for level in [1, 2, 4, 5]:
r['level'] = level
r['buf_size'] = 0
r['buffer'] = None
result = dcerpc.spoolss_EnumPrinters(pipe, r)
if result['result'] == dcerpc.WERR_INSUFFICIENT_BUFFER:
r['buffer'] = result['buf_size'] * '\x00'
r['buf_size'] = result['buf_size']
result = dcerpc.spoolss_EnumPrinters(pipe, r)
printers = dcerpc.unmarshall_spoolss_PrinterInfo_array(
result['buffer'], r['level'], result['count'])
if printer_names is None:
printer_names = map(
lambda x: string.split(x['info1']['name'], ',')[0], printers)
for printer in printer_names:
handle = test_OpenPrinterEx(pipe, printer)
test_GetPrinter(pipe, handle)
test_ClosePrinter(pipe, handle)
def runtests(binding, domain, username, password):
print 'Testing SPOOLSS pipe'
pipe = dcerpc.pipe_connect(binding,
dcerpc.DCERPC_SPOOLSS_UUID, dcerpc.DCERPC_SPOOLSS_VERSION,
domain, username, password)
test_EnumPrinters(pipe)
|