MCPcopy Index your code
hub / github.com/secdev/scapy / resolvesids

Method resolvesids

scapy/modules/ldaphero.py:677–740  ·  view source on GitHub ↗

Queue a list of SIDs for resolution. They are then added to self.sids if successful.

(self, sids)

Source from the content-addressed store, hash-verified

675 return x or ""
676
677 def resolvesids(self, sids):
678 """
679 Queue a list of SIDs for resolution.
680 They are then added to self.sids if successful.
681 """
682 unknowns = [x for x in (y.summary() for y in sids) if x not in self.sids]
683 if not unknowns:
684 return
685
686 # Perform a resolution using [MS-LSAT] LsarLookupSids3
687 client = DCERPC_Client(
688 DCERPC_Transport.NCACN_IP_TCP,
689 ndr64=False,
690 auth_level=DCE_C_AUTHN_LEVEL.PKT_PRIVACY,
691 ssp=self.ssp,
692 )
693 client.connect_and_bind(self.host, find_dcerpc_interface("drsuapi"))
694
695 # 1. DRSBind
696 bind_resp = client.sr1_req(
697 IDL_DRSBind_Request(
698 puuidClientDsa=NTDSAPI_CLIENT_GUID,
699 pextClient=DRS_EXTENSIONS(rgb=bytes(DRS_EXTENSIONS_INT(Pid=1234))),
700 ndr64=client.ndr64,
701 ),
702 )
703 if bind_resp.status != 0:
704 self.tprint("Bind Request failed.")
705 bind_resp.show()
706 return
707
708 # 2. DRSCrackNames
709 resp = client.sr1_req(
710 IDL_DRSCrackNames_Request(
711 hDrs=bind_resp.phDrs,
712 dwInVersion=1,
713 pmsgIn=NDRUnion(
714 tag=1,
715 value=DRS_MSG_CRACKREQ_V1(
716 CodePage=0x4E4, #
717 LocaleId=0x409, # US-EN
718 formatOffered=11, # SID
719 formatDesired=0xFFFFFFF2, # DS_USER_PRINCIPAL_NAME_FOR_LOGON
720 rpNames=unknowns,
721 ),
722 ),
723 ndr64=client.ndr64,
724 ),
725 )
726 if resp.status != 0:
727 self.tprint("DsCracknames Request failed.")
728 resp.show()
729 return
730
731 # 3. parse results
732 for i, res in enumerate(resp.valueof("pmsgOut.pResult.rItems")):
733 if res.status != 0:
734 # Errored

Callers 1

viewsecMethod · 0.95

Calls 15

connect_and_bindMethod · 0.95
sr1_reqMethod · 0.95
tprintMethod · 0.95
_rslvsidMethod · 0.95
DCERPC_ClientClass · 0.90
find_dcerpc_interfaceFunction · 0.90
DRS_EXTENSIONS_INTClass · 0.90
NDRUnionClass · 0.90
IDL_DRSBind_RequestClass · 0.85
DRS_EXTENSIONSClass · 0.85
DRS_MSG_CRACKREQ_V1Class · 0.85

Tested by

no test coverage detected