99from impacket .dcerpc .v5 .rpcrt import RPC_C_AUTHN_GSS_NEGOTIATE
1010from impacket .nmb import NetBIOSError
1111from impacket .smbconnection import SessionError
12- from nxc .logger import nxc_logger
1312
1413
1514class SamrFunc :
@@ -37,7 +36,7 @@ def __init__(self, connection):
3736 if self .password is None :
3837 self .password = ""
3938
40- self .samr_query = SAMRQuery (username = self .username , password = self .password , domain = self .domain , remote_name = self .addr , remote_host = self .host , kerberos = self .doKerberos , kdcHost = self .kdcHost , aesKey = self .aesKey )
39+ self .samr_query = SAMRQuery (username = self .username , password = self .password , domain = self .domain , remote_name = self .addr , remote_host = self .host , kerberos = self .doKerberos , kdcHost = self .kdcHost , aesKey = self .aesKey , logger = self . logger )
4140 self .lsa_query = LSAQuery (username = self .username , password = self .password , domain = self .domain , remote_name = self .addr , remote_host = self .host , kdcHost = self .kdcHost , kerberos = self .doKerberos , aesKey = self .aesKey , logger = self .logger )
4241
4342 def get_builtin_groups (self , group ):
@@ -82,23 +81,13 @@ def get_local_users(self, group, domain_handle):
8281 for sid , name in zip (member_sids , member_names , strict = True ):
8382 users .append (f"{ name } { sid } )
8483 except Exception as e :
85- nxc_logger .debug (f"Error enumerating users in { group } { e } )
84+ self . logger .debug (f"Error enumerating users in { group } { e } )
8685 return []
8786 return users
8887
88+
8989class SAMRQuery :
90- def __init__ (
91- self ,
92- username = "" ,
93- password = "" ,
94- domain = "" ,
95- port = 445 ,
96- remote_name = "" ,
97- remote_host = "" ,
98- kerberos = None ,
99- kdcHost = "" ,
100- aesKey = "" ,
101- ):
90+ def __init__ (self , username = "" , password = "" , domain = "" , port = 445 , remote_name = "" , remote_host = "" , kerberos = None , kdcHost = "" , aesKey = "" , logger = None ,):
10291 self .__username = username
10392 self .__password = password
10493 self .__domain = domain
@@ -110,12 +99,13 @@ def __init__(
11099 self .__remote_host = remote_host
111100 self .__kerberos = kerberos
112101 self .__kdcHost = kdcHost
102+ self .logger = logger
113103 self .dce = self .get_dce ()
114104 self .server_handle = self .get_server_handle ()
115105
116106 def get_transport (self ):
117107 string_binding = rf"ncacn_np:{ self .__port }
118- nxc_logger .debug (f"Binding to { string_binding } )
108+ self . logger .debug (f"Binding to { string_binding } )
119109 # using a direct SMBTransport instead of DCERPCTransportFactory since we need the filename to be '\samr'
120110 return transport .SMBTransport (
121111 self .__remote_name ,
@@ -151,11 +141,13 @@ def get_server_handle(self):
151141 try :
152142 resp = samr .hSamrConnect (self .dce )
153143 except samr .DCERPCException as e :
154- nxc_logger .debug (f"Error while connecting with Samr: { e } )
144+ if "rpc_s_access_denied" in str (e ):
145+ raise
146+ self .logger .debug (f"Error while connecting with Samr: { e } )
155147 return None
156148 return resp ["ServerHandle" ]
157149 else :
158- nxc_logger .debug ("Error creating Samr handle" )
150+ self . logger .debug ("Error creating Samr handle" )
159151
160152 def get_domains (self ):
161153 """Calls the hSamrEnumerateDomainsInSamServer() method directly with list comprehension and extracts the "Name" value from each element in the "Buffer" list."""
@@ -186,6 +178,7 @@ def get_alias_members(self, domain_handle, alias_id):
186178 alias_handle = self .get_alias_handle (domain_handle , alias_id )
187179 return [member ["SidPointer" ].formatCanonical () for member in samr .hSamrGetMembersInAlias (self .dce , alias_handle )["Members" ]["Sids" ]]
188180
181+
189182class LSAQuery :
190183 def __init__ (self , username = "" , password = "" , domain = "" , port = 445 , remote_name = "" , remote_host = "" , kdcHost = "" , aesKey = "" , kerberos = None , logger = None ):
191184 self .__username = username
0 commit comments