swisskyrepo
/
NetExec
mirror of https://github.com/swisskyrepo/NetExec.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix(smb): handle ACCESS_DENIED issues when bruteforcing RIDs

main
Marshall Hallenbeck 2023-03-24 12:56:28 -04:00
parent d112bfcbfb
commit 8be90461c7
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cme/protocols/smb.py
View File

@ -1360,13 +1360,24 @@ class smb(connection):
# Want fragmentation? Uncomment next line # Want fragmentation? Uncomment next line
# dce.set_max_fragment_size(32) # dce.set_max_fragment_size(32)
self.logger.success('Brute forcing RIDs') self.logger.info('Brute forcing RIDs (no results may indicate an access error (check with --verbose)')
dce.bind(lsat.MSRPC_UUID_LSAT) dce.bind(lsat.MSRPC_UUID_LSAT)
resp = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES) try:
resp = lsad.hLsarOpenPolicy2(
dce,
MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES
)
except lsad.DCERPCSessionError as e:
logging.debug(f"Error connecting: {e}")
return entries
policy_handle = resp['PolicyHandle'] policy_handle = resp['PolicyHandle']
resp = lsad.hLsarQueryInformationPolicy2(dce, policy_handle, resp = lsad.hLsarQueryInformationPolicy2(
lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation) dce,
policy_handle,
lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation
)
domain_sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical() domain_sid = resp['PolicyInformation']['PolicyAccountDomainInfo']['DomainSid'].formatCanonical()