home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / usr / bin / rpcdump.py < prev    next >
Encoding:
Python Source  |  2006-06-30  |  5.0 KB  |  155 lines
  1. #!/usr/bin/python
  2. # Copyright (c) 2003 CORE Security Technologies
  3. #
  4. # This software is provided under under a slightly modified version
  5. # of the Apache Software License. See the accompanying LICENSE file
  6. # for more information.
  7. #
  8. # $Id: rpcdump.py,v 1.2 2003/10/28 21:02:20 jkohen Exp $
  9. #
  10. # DCE/RPC endpoint mapper dumper.
  11. #
  12. # Author:
  13. #  Javier Kohen <jkohen@coresecurity.com>
  14. #
  15. # Reference for:
  16. #  DCE/RPC.
  17.  
  18. import socket
  19. import string
  20. import sys
  21. import types
  22.  
  23. from impacket import uuid
  24. from impacket.dcerpc import dcerpc_v4, dcerpc, transport, epm
  25.  
  26. class RPCDump:
  27.     KNOWN_PROTOCOLS = {
  28.         '139/SMB': (r'ncacn_np:%s[\pipe\epmapper]', 139),
  29.         '445/SMB': (r'ncacn_np:%s[\pipe\epmapper]', 445),
  30.         '135/TCP': (r'ncacn_ip_tcp:%s', 135),
  31.         '135/UDP': (r'ncadg_ip_udp:%s', 135),
  32.         '80/HTTP': (r'ncacn_http:%s', 80),
  33.         }
  34.  
  35.  
  36.     def __init__(self, protocols = None,
  37.                  username = '', password = ''):
  38.         if not protocols:
  39.             protocols = RPCDump.KNOWN_PROTOCOLS.keys()
  40.  
  41.         self.__username = username
  42.         self.__password = password
  43.         self.__protocols = protocols
  44.  
  45.  
  46.     def dump(self, addr):
  47.         """Dumps the list of endpoints registered with the mapper
  48.         listening at addr. Addr is a valid host name or IP address in
  49.         string format.
  50.         """
  51.  
  52.         print 'Retrieving endpoint list from %s' % addr
  53.  
  54.         # Try all requested protocols until one works.
  55.         entries = []
  56.         for protocol in self.__protocols:
  57.             protodef = RPCDump.KNOWN_PROTOCOLS[protocol]
  58.             port = protodef[1]
  59.  
  60.             print "Trying protocol %s..." % protocol
  61.             stringbinding = protodef[0] % addr
  62.  
  63.             rpctransport = transport.DCERPCTransportFactory(stringbinding)
  64.             rpctransport.set_dport(port)
  65.             if hasattr(rpctransport, 'set_credentials'):
  66.                 # This method exists only for selected protocol sequences.
  67.                 rpctransport.set_credentials(self.__username, self.__password)
  68.  
  69.             try:
  70.                 entries = self.__fetchList(rpctransport)
  71.             except Exception, e:
  72.                 print 'Protocol failed: %s' % e
  73.             else:
  74.                 # Got a response. No need for further iterations.
  75.                 break
  76.  
  77.  
  78.         # Display results.
  79.  
  80.         for entry in entries:
  81.             base = entry.getUUID()
  82.             if 'unknown' != entry.getProviderName():
  83.                 print base + '/Provider:', entry.getProviderName()
  84.             print base + '/Version:', entry.getVersion()
  85.             if entry.getAnnotation():
  86.                 print base + '/Annotation:', entry.getAnnotation()
  87.  
  88.             objbase = base
  89.             if not entry.isZeroObjUUID():
  90.                 objbase += '/' + entry.getObjUUID()
  91.  
  92.             stringbinding = transport.DCERPCStringBindingCompose('', entry.getProtocol(), '', entry.getEndpoint())
  93.             print objbase + '/StringBindings:', stringbinding
  94.  
  95.         if entries:
  96.             num = len(entries)
  97.             if 1 == num:
  98.                 print 'Received one endpoint.'
  99.             else:
  100.                 print 'Received %d endpoints.' % num
  101.         else:
  102.             print 'No endpoints found.'
  103.  
  104.  
  105.     def __fetchList(self, rpctransport):
  106.         # UDP only works over DCE/RPC version 4.
  107.         if isinstance(rpctransport, transport.UDPTransport):
  108.             dce = dcerpc_v4.DCERPC_v4(rpctransport)
  109.         else:
  110.             dce = dcerpc.DCERPC_v5(rpctransport)
  111.  
  112.         entries = []
  113.  
  114.         dce.connect()
  115.         dce.bind(epm.MSRPC_UUID_PORTMAP)
  116.         rpcepm = epm.DCERPCEpm(dce)
  117.  
  118.         resp = rpcepm.portmap_dump()
  119.         while resp.get_entries_num() != 0:
  120.             rpc_handle = resp.get_handle()
  121.             ndrentry = resp.get_entry().get_entry()
  122.             sb = transport.DCERPCStringBinding(ndrentry.get_string_binding())
  123.             entry = epm.EpmEntry(uuid.bin_to_string(ndrentry.get_uuid()),
  124.                                  ndrentry.get_version(),
  125.                                  ndrentry.get_annotation(),
  126.                                  uuid.bin_to_string(ndrentry.get_objuuid()),
  127.                                  sb.get_protocol_sequence(),
  128.                                  sb.get_endpoint())
  129.             entries.append(entry)
  130. ##             print str(entry)
  131.             resp = rpcepm.portmap_dump(rpc_handle)
  132.  
  133.         dce.disconnect()
  134.  
  135.         return entries
  136.  
  137.  
  138. # Process command-line arguments.
  139. if __name__ == '__main__':
  140.     if len(sys.argv) <= 1:
  141.         print "Usage: %s [username[:password]@]<address> [protocol list...]" % sys.argv[0]
  142.         print "Available protocols: %s" % RPCDump.KNOWN_PROTOCOLS.keys()
  143.         print "Username and password are only required for certain transports, eg. SMB."
  144.         sys.exit(1)
  145.  
  146.     import re
  147.  
  148.     username, password, address = re.compile('(?:([^@:]*)(?::([^@]*))?@)?(.*)').match(sys.argv[1]).groups('')
  149.  
  150.     if len(sys.argv) > 2:
  151.         dumper = RPCDump(sys.argv[2:], username, password)
  152.     else:
  153.         dumper = RPCDump(username = username, password = password)
  154.     dumper.dump(address)
  155.