Coverage for /root/GitHubProjects/impacket/impacket/dcerpc/v5/bkrp.py : 82%

Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1# Impacket - Collection of Python classes for working with network protocols.
2#
3# SECUREAUTH LABS. Copyright (C) 2018 SecureAuth Corporation. All rights reserved.
4#
5# This software is provided under a slightly modified version
6# of the Apache Software License. See the accompanying LICENSE file
7# for more information.
8#
9# Description:
10# [MS-BKRP] Interface implementation
11#
12# Best way to learn how to use these calls is to grab the protocol standard
13# so you understand what the call does, and then read the test case located
14# at https://github.com/SecureAuthCorp/impacket/tree/master/tests/SMB_RPC
15#
16# Some calls have helper functions, which makes it even easier to use.
17# They are located at the end of this file.
18# Helper functions start with "h"<name of the call>.
19# There are test cases for them too.
20#
21# Author:
22# Alberto Solino (@agsolino)
23#
24# ToDo:
25# [ ] 2.2.2 Client-Side-Wrapped Secret
26#
28from __future__ import division
29from __future__ import print_function
30from impacket.dcerpc.v5.ndr import NDRCALL, NDRPOINTER, NDRUniConformantArray
31from impacket.dcerpc.v5.dtypes import DWORD, NTSTATUS, GUID, RPC_SID, NULL
32from impacket.dcerpc.v5.rpcrt import DCERPCException
33from impacket import system_errors
34from impacket.uuid import uuidtup_to_bin, string_to_bin
35from impacket.structure import Structure
37MSRPC_UUID_BKRP = uuidtup_to_bin(('3dde7c30-165d-11d1-ab8f-00805f14db40', '1.0'))
39class DCERPCSessionError(DCERPCException):
40 def __init__(self, error_string=None, error_code=None, packet=None):
41 DCERPCException.__init__(self, error_string, error_code, packet)
43 def __str__( self ):
44 key = self.error_code
45 if key in system_errors.ERROR_MESSAGES:
46 error_msg_short = system_errors.ERROR_MESSAGES[key][0]
47 error_msg_verbose = system_errors.ERROR_MESSAGES[key][1]
48 return 'BKRP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose)
49 else:
50 return 'BKRP SessionError: unknown error code: 0x%x' % self.error_code
52################################################################################
53# CONSTANTS
54################################################################################
56BACKUPKEY_BACKUP_GUID = string_to_bin("7F752B10-178E-11D1-AB8F-00805F14DB40")
57BACKUPKEY_RESTORE_GUID_WIN2K = string_to_bin("7FE94D50-178E-11D1-AB8F-00805F14DB40")
58BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID = string_to_bin("018FF48A-EABA-40C6-8F6D-72370240E967")
59BACKUPKEY_RESTORE_GUID = string_to_bin("47270C64-2FC7-499B-AC5B-0E37CDCE899A")
61################################################################################
62# STRUCTURES
63################################################################################
64class BYTE_ARRAY(NDRUniConformantArray):
65 item = 'c'
67class PBYTE_ARRAY(NDRPOINTER):
68 referent = (
69 ('Data', BYTE_ARRAY),
70 )
72# 2.2.4.1 Rc4EncryptedPayload Structure
73class Rc4EncryptedPayload(Structure):
74 structure = (
75 ('R3', '32s=""'),
76 ('MAC', '20s=""'),
77 ('SID', ':', RPC_SID),
78 ('Secret', ':'),
79 )
81# 2.2.4 Secret Wrapped with Symmetric Key
82class WRAPPED_SECRET(Structure):
83 structure = (
84 ('SIGNATURE', '<L=1'),
85 ('Payload_Length', '<L=0'),
86 ('Ciphertext_Length', '<L=0'),
87 ('GUID_of_Wrapping_Key', '16s=""'),
88 ('R2', '68s=""'),
89 ('_Rc4EncryptedPayload', '_-Rc4EncryptedPayload', 'self["Payload_Length"]'),
90 ('Rc4EncryptedPayload', ':'),
91 )
93################################################################################
94# RPC CALLS
95################################################################################
96# 3.1.4.1 BackuprKey(Opnum 0)
97class BackuprKey(NDRCALL):
98 opnum = 0
99 structure = (
100 ('pguidActionAgent', GUID),
101 ('pDataIn', BYTE_ARRAY),
102 ('cbDataIn', DWORD),
103 ('dwParam', DWORD),
104 )
106class BackuprKeyResponse(NDRCALL):
107 structure = (
108 ('ppDataOut', PBYTE_ARRAY),
109 ('pcbDataOut', DWORD),
110 ('ErrorCode', NTSTATUS),
111 )
113################################################################################
114# OPNUMs and their corresponding structures
115################################################################################
116OPNUMS = {
117 0 : (BackuprKey, BackuprKeyResponse),
118}
120################################################################################
121# HELPER FUNCTIONS
122################################################################################
123def hBackuprKey(dce, pguidActionAgent, pDataIn, dwParam=0):
124 request = BackuprKey()
125 request['pguidActionAgent'] = pguidActionAgent
126 request['pDataIn'] = pDataIn
127 if pDataIn == NULL:
128 request['cbDataIn'] = 0
129 else:
130 request['cbDataIn'] = len(pDataIn)
131 request['dwParam'] = dwParam
132 return dce.request(request)