NetExec/nxc/protocols/smb/samrfunc.py

#!/usr/bin/env python3
# Majorly stolen from https://gist.github.com/ropnop/7a41da7aabb8455d0898db362335e139
# Which in turn stole from Impacket :)
# Code refactored and added to by @mjhallenbeck (Marshall-Hallenbeck on GitHub)

import logging

from impacket.dcerpc.v5 import transport, lsat, lsad, samr
from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED
from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
from impacket.nmb import NetBIOSError
from impacket.smbconnection import SessionError
from nxc.logger import nxc_logger


class SamrFunc:
    def __init__(self, connection):
        self.logger = connection.logger
        self.addr = connection.host if not connection.kerberos else connection.hostname + "." + connection.domain
        self.protocol = connection.args.port
        self.username = connection.username
        self.password = connection.password
        self.domain = connection.domain
        self.hash = connection.hash
        self.lmhash = ""
        self.nthash = ""
        self.aesKey = connection.aesKey
        self.doKerberos = connection.kerberos

        if self.hash is not None:
            if self.hash.find(":") != -1:
                self.lmhash, self.nthash = self.hash.split(":")
            else:
                self.nthash = self.hash

        if self.password is None:
            self.password = ""

        self.samr_query = SAMRQuery(
            username=self.username,
            password=self.password,
            domain=self.domain,
            remote_name=self.addr,
            remote_host=self.addr,
            kerberos=self.doKerberos,
            aesKey=self.aesKey,
        )
        self.lsa_query = LSAQuery(username=self.username, password=self.password, domain=self.domain, remote_name=self.addr, remote_host=self.addr, kerberos=self.doKerberos, aesKey=self.aesKey, logger=self.logger)

    def get_builtin_groups(self):
        domains = self.samr_query.get_domains()

        if "Builtin" not in domains:
            logging.error("No Builtin group to query locally on")
            return

        domain_handle = self.samr_query.get_domain_handle("Builtin")
        groups = self.samr_query.get_domain_aliases(domain_handle)

        return groups

    def get_custom_groups(self):
        domains = self.samr_query.get_domains()
        custom_groups = {}

        for domain in domains:
            if domain == "Builtin":
                continue
            domain_handle = self.samr_query.get_domain_handle(domain)
            custom_groups.update(self.samr_query.get_domain_aliases(domain_handle))
        return custom_groups

    def get_local_groups(self):
        builtin_groups = self.get_builtin_groups()
        custom_groups = self.get_custom_groups()
        return {**builtin_groups, **custom_groups}

    def get_local_users(self):
        pass

    def get_local_administrators(self):
        self.get_builtin_groups()
        if "Administrators" in self.groups:
            self.logger.success(f"Found Local Administrators group: RID {self.groups['Administrators']}")
        domain_handle = self.samr_query.get_domain_handle("Builtin")
        self.logger.debug("Querying group members")
        member_sids = self.samr_query.get_alias_members(domain_handle, self.groups["Administrators"])
        member_names = self.lsa_query.lookup_sids(member_sids)

        for sid, name in zip(member_sids, member_names):
            print(f"{name} - {sid}")


class SAMRQuery:
    def __init__(
        self,
        username="",
        password="",
        domain="",
        port=445,
        remote_name="",
        remote_host="",
        kerberos=None,
        aesKey="",
    ):
        self.__username = username
        self.__password = password
        self.__domain = domain
        self.__lmhash = ""
        self.__nthash = ""
        self.__aesKey = aesKey
        self.__port = port
        self.__remote_name = remote_name
        self.__remote_host = remote_host
        self.__kerberos = kerberos
        self.dce = self.get_dce()
        self.server_handle = self.get_server_handle()

    def get_transport(self):
        string_binding = f"ncacn_np:{self.__port}[\pipe\samr]"
        nxc_logger.debug(f"Binding to {string_binding}")
        # using a direct SMBTransport instead of DCERPCTransportFactory since we need the filename to be '\samr'
        rpc_transport = transport.SMBTransport(
            self.__remote_host,
            self.__port,
            r"\samr",
            self.__username,
            self.__password,
            self.__domain,
            self.__lmhash,
            self.__nthash,
            self.__aesKey,
            doKerberos=self.__kerberos,
        )
        return rpc_transport

    def get_dce(self):
        rpc_transport = self.get_transport()
        try:
            dce = rpc_transport.get_dce_rpc()
            dce.connect()
            dce.bind(samr.MSRPC_UUID_SAMR)
        except NetBIOSError as e:
            logging.error(f"NetBIOSError on Connection: {e}")
            return
        except SessionError as e:
            logging.error(f"SessionError on Connection: {e}")
            return
        return dce

    def get_server_handle(self):
        if self.dce:
            try:
                resp = samr.hSamrConnect(self.dce)
            except samr.DCERPCException as e:
                nxc_logger.debug(f"Error while connecting with Samr: {e}")
                return None
            return resp["ServerHandle"]
        else:
            nxc_logger.debug("Error creating Samr handle")
            return

    def get_domains(self):
        resp = samr.hSamrEnumerateDomainsInSamServer(self.dce, self.server_handle)
        domains = resp["Buffer"]["Buffer"]
        domain_names = []
        for domain in domains:
            domain_names.append(domain["Name"])
        return domain_names

    def get_domain_handle(self, domain_name):
        resp = samr.hSamrLookupDomainInSamServer(self.dce, self.server_handle, domain_name)
        resp = samr.hSamrOpenDomain(self.dce, serverHandle=self.server_handle, domainId=resp["DomainId"])
        return resp["DomainHandle"]

    def get_domain_aliases(self, domain_handle):
        resp = samr.hSamrEnumerateAliasesInDomain(self.dce, domain_handle)
        aliases = {}
        for alias in resp["Buffer"]["Buffer"]:
            aliases[alias["Name"]] = alias["RelativeId"]
        return aliases

    def get_alias_handle(self, domain_handle, alias_id):
        resp = samr.hSamrOpenAlias(self.dce, domain_handle, desiredAccess=MAXIMUM_ALLOWED, aliasId=alias_id)
        return resp["AliasHandle"]

    def get_alias_members(self, domain_handle, alias_id):
        alias_handle = self.get_alias_handle(domain_handle, alias_id)
        resp = samr.hSamrGetMembersInAlias(self.dce, alias_handle)
        member_sids = []
        for member in resp["Members"]["Sids"]:
            member_sids.append(member["SidPointer"].formatCanonical())
        return member_sids


class LSAQuery:
    def __init__(self, username="", password="", domain="", port=445, remote_name="", remote_host="", aesKey="", kerberos=None, logger=None):
        self.__username = username
        self.__password = password
        self.__domain = domain
        self.__lmhash = ""
        self.__nthash = ""
        self.__aesKey = aesKey
        self.__port = port
        self.__remote_name = remote_name
        self.__remote_host = remote_host
        self.__kerberos = kerberos
        self.dce = self.get_dce()
        self.policy_handle = self.get_policy_handle()
        self.logger = logger

    def get_transport(self):
        string_binding = f"ncacn_np:{self.__remote_name}[\\pipe\\lsarpc]"
        rpc_transport = transport.DCERPCTransportFactory(string_binding)
        rpc_transport.set_dport(self.__port)
        rpc_transport.setRemoteHost(self.__remote_host)
        if self.__kerberos:
            rpc_transport.set_kerberos(True, None)
        if hasattr(rpc_transport, "set_credentials"):
            # This method exists only for selected protocol sequences.
            rpc_transport.set_credentials(
                self.__username,
                self.__password,
                self.__domain,
                self.__lmhash,
                self.__nthash,
                self.__aesKey,
            )
        return rpc_transport

    def get_dce(self):
        rpc_transport = self.get_transport()
        try:
            dce = rpc_transport.get_dce_rpc()
            if self.__kerberos:
                dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)
            dce.connect()
            dce.bind(lsat.MSRPC_UUID_LSAT)
        except NetBIOSError as e:
            self.logger.fail(f"NetBIOSError on Connection: {e}")
            return None
        return dce

    def get_policy_handle(self):
        resp = lsad.hLsarOpenPolicy2(self.dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
        return resp["PolicyHandle"]

    def lookup_sids(self, sids):
        resp = lsat.hLsarLookupSids(self.dce, self.policy_handle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
        names = []
        for translated_names in resp["TranslatedNames"]["Names"]:
            names.append(translated_names["Name"])
        return names
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`#!/usr/bin/env python3`
			`# Majorly stolen from https://gist.github.com/ropnop/7a41da7aabb8455d0898db362335e139`
			`# Which in turn stole from Impacket :)`
			`# Code refactored and added to by @mjhallenbeck (Marshall-Hallenbeck on GitHub)`

			`import logging`
clean and fix imports 2023-05-07 22:51:01 +00:00
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`from impacket.dcerpc.v5 import transport, lsat, lsad, samr`
			`from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED`
Fix kerberos auth with local-group function 2023-04-07 15:12:40 +00:00			`from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE`
clean and fix imports 2023-05-07 22:51:01 +00:00			`from impacket.nmb import NetBIOSError`
			`from impacket.smbconnection import SessionError`
rename folders, files, functions, classes, etc to NetExec/nxc 2023-09-14 21:07:15 +00:00			`from nxc.logger import nxc_logger`
fix(logging): fix logger assignment 2023-04-14 19:15:23 +00:00
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`class SamrFunc:`
			`def __init__(self, connection):`
fix(logger): properly use protocol logger, falling back to cme_logger 2023-05-09 13:55:10 +00:00			`self.logger = connection.logger`
black v2 formating 2023-05-08 18:39:36 +00:00			`self.addr = connection.host if not connection.kerberos else connection.hostname + "." + connection.domain`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.protocol = connection.args.port`
			`self.username = connection.username`
			`self.password = connection.password`
			`self.domain = connection.domain`
			`self.hash = connection.hash`
black formating 2023-05-02 15:17:59 +00:00			`self.lmhash = ""`
			`self.nthash = ""`
Fix AES authentication for SMB 2023-07-03 17:18:33 +00:00			`self.aesKey = connection.aesKey`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`self.doKerberos = connection.kerberos`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`if self.hash is not None:`
black formating 2023-05-02 15:17:59 +00:00			`if self.hash.find(":") != -1:`
			`self.lmhash, self.nthash = self.hash.split(":")`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`else:`
			`self.nthash = self.hash`

			`if self.password is None:`
black formating 2023-05-02 15:17:59 +00:00			`self.password = ""`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`self.samr_query = SAMRQuery(`
			`username=self.username,`
			`password=self.password,`
Fix AES authentication for SMB 2023-07-03 17:18:33 +00:00			`domain=self.domain,`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`remote_name=self.addr,`
fix(kerberos): add back in kerberos for Petitpotam and samrfunc 2023-03-16 12:34:07 +00:00			`remote_host=self.addr,`
black formating 2023-05-02 15:17:59 +00:00			`kerberos=self.doKerberos,`
Fix AES authentication for SMB 2023-07-03 17:18:33 +00:00			`aesKey=self.aesKey,`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`)`
ruff autoformat to clean up all the single quotes and other bad formatting 2023-09-23 01:10:21 +00:00			`self.lsa_query = LSAQuery(username=self.username, password=self.password, domain=self.domain, remote_name=self.addr, remote_host=self.addr, kerberos=self.doKerberos, aesKey=self.aesKey, logger=self.logger)`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`def get_builtin_groups(self):`
			`domains = self.samr_query.get_domains()`

			`if "Builtin" not in domains:`
automatic ruff fixing 2023-09-20 15:59:16 +00:00			`logging.error("No Builtin group to query locally on")`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return`

black formating 2023-05-02 15:17:59 +00:00			`domain_handle = self.samr_query.get_domain_handle("Builtin")`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`groups = self.samr_query.get_domain_aliases(domain_handle)`

			`return groups`

			`def get_custom_groups(self):`
			`domains = self.samr_query.get_domains()`
			`custom_groups = {}`

			`for domain in domains:`
			`if domain == "Builtin":`
			`continue`
			`domain_handle = self.samr_query.get_domain_handle(domain)`
			`custom_groups.update(self.samr_query.get_domain_aliases(domain_handle))`
			`return custom_groups`

			`def get_local_groups(self):`
			`builtin_groups = self.get_builtin_groups()`
			`custom_groups = self.get_custom_groups()`
			`return {builtin_groups, custom_groups}`

			`def get_local_users(self):`
			`pass`

			`def get_local_administrators(self):`
			`self.get_builtin_groups()`
			`if "Administrators" in self.groups:`
black v2 formating 2023-05-08 18:39:36 +00:00			`self.logger.success(f"Found Local Administrators group: RID {self.groups['Administrators']}")`
black formating 2023-05-02 15:17:59 +00:00			`domain_handle = self.samr_query.get_domain_handle("Builtin")`
automatic ruff fixing 2023-09-20 15:59:16 +00:00			`self.logger.debug("Querying group members")`
black v2 formating 2023-05-08 18:39:36 +00:00			`member_sids = self.samr_query.get_alias_members(domain_handle, self.groups["Administrators"])`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`member_names = self.lsa_query.lookup_sids(member_sids)`

			`for sid, name in zip(member_sids, member_names):`
			`print(f"{name} - {sid}")`


			`class SAMRQuery:`
black formating 2023-05-02 15:17:59 +00:00			`def __init__(`
			`self,`
			`username="",`
			`password="",`
			`domain="",`
			`port=445,`
			`remote_name="",`
			`remote_host="",`
			`kerberos=None,`
Fix AES authentication for SMB 2023-07-03 17:18:33 +00:00			`aesKey="",`
black formating 2023-05-02 15:17:59 +00:00			`):`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.__username = username`
			`self.__password = password`
			`self.__domain = domain`
black formating 2023-05-02 15:17:59 +00:00			`self.__lmhash = ""`
			`self.__nthash = ""`
Fix AES authentication for SMB 2023-07-03 17:18:33 +00:00			`self.__aesKey = aesKey`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.__port = port`
			`self.__remote_name = remote_name`
			`self.__remote_host = remote_host`
fix(kerberos): add back in kerberos for Petitpotam and samrfunc 2023-03-16 12:34:07 +00:00			`self.__kerberos = kerberos`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.dce = self.get_dce()`
			`self.server_handle = self.get_server_handle()`

			`def get_transport(self):`
			`string_binding = f"ncacn_np:{self.__port}[\pipe\samr]"`
rename folders, files, functions, classes, etc to NetExec/nxc 2023-09-14 21:07:15 +00:00			`nxc_logger.debug(f"Binding to {string_binding}")`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`# using a direct SMBTransport instead of DCERPCTransportFactory since we need the filename to be '\samr'`
			`rpc_transport = transport.SMBTransport(`
			`self.__remote_host,`
			`self.__port,`
black formating 2023-05-02 15:17:59 +00:00			`r"\samr",`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.__username,`
			`self.__password,`
			`self.__domain,`
			`self.__lmhash,`
			`self.__nthash,`
fix(kerberos): add back in kerberos for Petitpotam and samrfunc 2023-03-16 12:34:07 +00:00			`self.__aesKey,`
black formating 2023-05-02 15:17:59 +00:00			`doKerberos=self.__kerberos,`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`)`
			`return rpc_transport`

			`def get_dce(self):`
			`rpc_transport = self.get_transport()`
			`try:`
			`dce = rpc_transport.get_dce_rpc()`
			`dce.connect()`
			`dce.bind(samr.MSRPC_UUID_SAMR)`
clean and fix imports 2023-05-07 22:51:01 +00:00			`except NetBIOSError as e:`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`logging.error(f"NetBIOSError on Connection: {e}")`
			`return`
clean and fix imports 2023-05-07 22:51:01 +00:00			`except SessionError as e:`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`logging.error(f"SessionError on Connection: {e}")`
			`return`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return dce`

			`def get_server_handle(self):`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`if self.dce:`
			`try:`
			`resp = samr.hSamrConnect(self.dce)`
			`except samr.DCERPCException as e:`
rename folders, files, functions, classes, etc to NetExec/nxc 2023-09-14 21:07:15 +00:00			`nxc_logger.debug(f"Error while connecting with Samr: {e}")`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`return None`
black formating 2023-05-02 15:17:59 +00:00			`return resp["ServerHandle"]`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`else:`
automatic ruff fixing 2023-09-20 15:59:16 +00:00			`nxc_logger.debug("Error creating Samr handle")`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`return`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`def get_domains(self):`
			`resp = samr.hSamrEnumerateDomainsInSamServer(self.dce, self.server_handle)`
black formating 2023-05-02 15:17:59 +00:00			`domains = resp["Buffer"]["Buffer"]`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`domain_names = []`
			`for domain in domains:`
black formating 2023-05-02 15:17:59 +00:00			`domain_names.append(domain["Name"])`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return domain_names`

			`def get_domain_handle(self, domain_name):`
black v2 formating 2023-05-08 18:39:36 +00:00			`resp = samr.hSamrLookupDomainInSamServer(self.dce, self.server_handle, domain_name)`
			`resp = samr.hSamrOpenDomain(self.dce, serverHandle=self.server_handle, domainId=resp["DomainId"])`
black formating 2023-05-02 15:17:59 +00:00			`return resp["DomainHandle"]`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`def get_domain_aliases(self, domain_handle):`
			`resp = samr.hSamrEnumerateAliasesInDomain(self.dce, domain_handle)`
			`aliases = {}`
black formating 2023-05-02 15:17:59 +00:00			`for alias in resp["Buffer"]["Buffer"]:`
			`aliases[alias["Name"]] = alias["RelativeId"]`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return aliases`

			`def get_alias_handle(self, domain_handle, alias_id):`
black v2 formating 2023-05-08 18:39:36 +00:00			`resp = samr.hSamrOpenAlias(self.dce, domain_handle, desiredAccess=MAXIMUM_ALLOWED, aliasId=alias_id)`
black formating 2023-05-02 15:17:59 +00:00			`return resp["AliasHandle"]`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`def get_alias_members(self, domain_handle, alias_id):`
			`alias_handle = self.get_alias_handle(domain_handle, alias_id)`
			`resp = samr.hSamrGetMembersInAlias(self.dce, alias_handle)`
			`member_sids = []`
black formating 2023-05-02 15:17:59 +00:00			`for member in resp["Members"]["Sids"]:`
			`member_sids.append(member["SidPointer"].formatCanonical())`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return member_sids`


			`class LSAQuery:`
ruff autoformat to clean up all the single quotes and other bad formatting 2023-09-23 01:10:21 +00:00			`def __init__(self, username="", password="", domain="", port=445, remote_name="", remote_host="", aesKey="", kerberos=None, logger=None):`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.__username = username`
			`self.__password = password`
			`self.__domain = domain`
black formating 2023-05-02 15:17:59 +00:00			`self.__lmhash = ""`
			`self.__nthash = ""`
Fix AES authentication for SMB 2023-07-03 17:18:33 +00:00			`self.__aesKey = aesKey`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.__port = port`
			`self.__remote_name = remote_name`
			`self.__remote_host = remote_host`
fix(kerberos): add back in kerberos for Petitpotam and samrfunc 2023-03-16 12:34:07 +00:00			`self.__kerberos = kerberos`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`self.dce = self.get_dce()`
			`self.policy_handle = self.get_policy_handle()`
fix(logger): properly use protocol logger, falling back to cme_logger 2023-05-09 13:55:10 +00:00			`self.logger = logger`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`def get_transport(self):`
			`string_binding = f"ncacn_np:{self.__remote_name}[\\pipe\\lsarpc]"`
			`rpc_transport = transport.DCERPCTransportFactory(string_binding)`
			`rpc_transport.set_dport(self.__port)`
			`rpc_transport.setRemoteHost(self.__remote_host)`
Fix kerberos auth with local-group function 2023-04-07 15:12:40 +00:00			`if self.__kerberos:`
			`rpc_transport.set_kerberos(True, None)`
black formating 2023-05-02 15:17:59 +00:00			`if hasattr(rpc_transport, "set_credentials"):`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`# This method exists only for selected protocol sequences.`
			`rpc_transport.set_credentials(`
			`self.__username,`
			`self.__password,`
			`self.__domain,`
			`self.__lmhash,`
			`self.__nthash,`
fix(kerberos): add back in kerberos for Petitpotam and samrfunc 2023-03-16 12:34:07 +00:00			`self.__aesKey,`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`)`
			`return rpc_transport`

			`def get_dce(self):`
			`rpc_transport = self.get_transport()`
			`try:`
			`dce = rpc_transport.get_dce_rpc()`
Fix kerberos auth with local-group function 2023-04-07 15:12:40 +00:00			`if self.__kerberos:`
			`dce.set_auth_type(RPC_C_AUTHN_GSS_NEGOTIATE)`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`dce.connect()`
			`dce.bind(lsat.MSRPC_UUID_LSAT)`
clean and fix imports 2023-05-07 22:51:01 +00:00			`except NetBIOSError as e:`
core switch to fail instead of error function 2023-04-21 10:20:47 +00:00			`self.logger.fail(f"NetBIOSError on Connection: {e}")`
fix(smb): handle SMB SessionErrors when enumerating local groups 2023-03-24 17:08:47 +00:00			`return None`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return dce`

			`def get_policy_handle(self):`
black v2 formating 2023-05-08 18:39:36 +00:00			`resp = lsad.hLsarOpenPolicy2(self.dce, MAXIMUM_ALLOWED \| lsat.POLICY_LOOKUP_NAMES)`
black formating 2023-05-02 15:17:59 +00:00			`return resp["PolicyHandle"]`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00
			`def lookup_sids(self, sids):`
black v2 formating 2023-05-08 18:39:36 +00:00			`resp = lsat.hLsarLookupSids(self.dce, self.policy_handle, sids, lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`names = []`
black formating 2023-05-02 15:17:59 +00:00			`for translated_names in resp["TranslatedNames"]["Names"]:`
			`names.append(translated_names["Name"])`
feat(smb): add functionality to query SAMR for local groups if DC query fails; closes #687 2023-03-12 16:41:02 +00:00			`return names`