Queue a list of SIDs for resolution. They are then added to self.sids if successful.
(self, sids)
| 675 | return x or "" |
| 676 | |
| 677 | def resolvesids(self, sids): |
| 678 | """ |
| 679 | Queue a list of SIDs for resolution. |
| 680 | They are then added to self.sids if successful. |
| 681 | """ |
| 682 | unknowns = [x for x in (y.summary() for y in sids) if x not in self.sids] |
| 683 | if not unknowns: |
| 684 | return |
| 685 | |
| 686 | # Perform a resolution using [MS-LSAT] LsarLookupSids3 |
| 687 | client = DCERPC_Client( |
| 688 | DCERPC_Transport.NCACN_IP_TCP, |
| 689 | ndr64=False, |
| 690 | auth_level=DCE_C_AUTHN_LEVEL.PKT_PRIVACY, |
| 691 | ssp=self.ssp, |
| 692 | ) |
| 693 | client.connect_and_bind(self.host, find_dcerpc_interface("drsuapi")) |
| 694 | |
| 695 | # 1. DRSBind |
| 696 | bind_resp = client.sr1_req( |
| 697 | IDL_DRSBind_Request( |
| 698 | puuidClientDsa=NTDSAPI_CLIENT_GUID, |
| 699 | pextClient=DRS_EXTENSIONS(rgb=bytes(DRS_EXTENSIONS_INT(Pid=1234))), |
| 700 | ndr64=client.ndr64, |
| 701 | ), |
| 702 | ) |
| 703 | if bind_resp.status != 0: |
| 704 | self.tprint("Bind Request failed.") |
| 705 | bind_resp.show() |
| 706 | return |
| 707 | |
| 708 | # 2. DRSCrackNames |
| 709 | resp = client.sr1_req( |
| 710 | IDL_DRSCrackNames_Request( |
| 711 | hDrs=bind_resp.phDrs, |
| 712 | dwInVersion=1, |
| 713 | pmsgIn=NDRUnion( |
| 714 | tag=1, |
| 715 | value=DRS_MSG_CRACKREQ_V1( |
| 716 | CodePage=0x4E4, # |
| 717 | LocaleId=0x409, # US-EN |
| 718 | formatOffered=11, # SID |
| 719 | formatDesired=0xFFFFFFF2, # DS_USER_PRINCIPAL_NAME_FOR_LOGON |
| 720 | rpNames=unknowns, |
| 721 | ), |
| 722 | ), |
| 723 | ndr64=client.ndr64, |
| 724 | ), |
| 725 | ) |
| 726 | if resp.status != 0: |
| 727 | self.tprint("DsCracknames Request failed.") |
| 728 | resp.show() |
| 729 | return |
| 730 | |
| 731 | # 3. parse results |
| 732 | for i, res in enumerate(resp.valueof("pmsgOut.pResult.rItems")): |
| 733 | if res.status != 0: |
| 734 | # Errored |
no test coverage detected