home *** CD-ROM | disk | FTP | other *** search
- # Source Generated with Decompyle++
- # File: in.pyc (Python 2.4)
-
- from struct import *
- import socket
- import random
- from impacket import uuid
-
- def uuid_hex(_uuid):
- for i in range(0, len(_uuid)):
- print '\\0x%.2x' % unpack('<B', _uuid[i]),
-
- print ''
-
-
- def uuid_to_exe(_uuid):
- KNOWN_UUIDS = {
- '\xb9\x99?\x87M\x1b\x10\x99\xb7\xaa\x00\x04\x00\x7f\x07\x01\x00\x00': 'ssmsrp70.dll',
- '\x90,\xfe\x98B\xa5\xd0\x11\xa4\xef\x00\xa0\xc9\x06)\x10\x01\x00': 'advapi32.dll',
- 'D\xaf}\x8c\xdc\xb6\xd1\x11\x9aL\x00 \xafn|W\x01\x00': 'appmgmts.dll',
- '\xc0\xebO\xfa\x91E\xce\x11\x95\xe5\x00\xaa\x00Q\xe5\x10\x04\x00': 'autmgr32.exe',
- '\xe0B\xc7O\x10J\xcf\x11\x82s\x00\xaa\x00J\xe6s\x03\x00': 'dfssvc.exe',
- '\x98\xd0\xffk\x12\xa1\x106\x983F\xc3\xf8tS-\x01\x00': 'DHCPSSVC.DLL',
- ' \x17\x82[;\xf6\xd0\x11\xaa\xd2\x00\xc0O\xc3$\xdb\x01\x00': 'DHCPSSVC.DLL',
- '\xfa\x9d\xd7\xd2\x004\xd0\x11\xb4\x0b\x00\xaa\x00_\xf5\x86\x01\x00': 'dmadmin.exe',
- '\xa4\xc2\xabPMW\xb3@\x9df\xeeO\xd5\xfb\xa0v\x05\x00': 'dns.exe',
- '\x908\xa9e\xb9\xfa\xa3C\xb2\xa5\x1e3\n\xc2\x8f\x11\x02\x00': 'dnsrslvr.dll',
- 'e1\n\xea4H\xd2\x11\xa6\xf8\x00\xc0O\xa3F\xcc\x04\x00': 'faxsvc.exe',
- 'd\x1d\x82\x0c\xfc\xa3\xd1\x11\xbbz\x00\x80\xc7^N\xc1\x01\x00': 'irftp.exe',
- '\xd0\xbb\xf5zc`\xd1\x11\xae*\x00\x80\xc7^N\xc1\x00\x00': 'irmon.dll',
- '@\xb2\x9b \x19\xb9\xd1\x11\xbb\xb6\x00\x80\xc7^N\xc1\x01\x00': 'irmon.dll',
- '\xfb\xee\x0c\x13f\xe4\xd1\x11\xb7\x8b\x00\xc0O\xa3(\x83\x02\x00': 'ismip.dll',
- '\x86\xd4\xdch\x9ef\xd1\x11\xab\x0c\x00\xc0O\xc2\xdc\xd2\x01\x00': 'ismserv.exe',
- '@\xfd,4l<\xce\x11\xa8\x93\x08\x00+.\x9cm\x00\x00': 'llssrv.exe',
- '\xd0LgW\x00R\xce\x11\xa8\x97\x08\x00+.\x9cm\x01\x00': 'llssrv.exe',
- '\xc4\x0c<\xe3\x82\x04\x1a\x10\xbc\x0c\x02`\x8ck\xa2\x18\x01\x00': 'locator.exe',
- '\xf0\x0e\xd7\xd6;\x0e\xcb\x11\xac\xc3\x08\x00+\x1d)\xc3\x01\x00': 'locator.exe',
- '\x14\xb5\xfb\xd3;\x0e\xcb\x11\x8f\xad\x08\x00+\x1d)\xc3\x01\x00': 'locator.exe',
- '\xf0\x0e\xd7\xd6;\x0e\xcb\x11\xac\xc3\x08\x00+\x1d)\xc4\x01\x00': 'locator.exe',
- 'xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x00\x00': 'lsasrv.dll',
- '\x88\xd4\x81\xc6P\xd8\xd0\x11\x8cR\x00\xc0O\xd9\x0f~\x01\x00': 'lsasrv.dll',
- '\xf0\t\x8f\xed\xb7\xce\x11\xbb\xd2\x00\x00\x1a\x18\x1c\xad\x00\x00\x00': 'mprdim.dll',
- '\xe0\xca\x02\xec\xe0\xb9\xd2\x11\xbeb\x00 \xaf\xed\xdfc\x01\x00': 'mq1repl.dll',
- '\x80z\xdfw\x98\xf2\xd0\x11\x83X\x00\xa0$\xc4\x80\xa8\x01\x00': 'mdqssrv.dll',
- '\x10\xca\x8cpi\x95\xd1\x11\xb2\xa5\x00`\x97}\x81\x18\x01\x00': 'mqdssrv.dll',
- '\x805[[\xe0\xb0\xd1\x11\xb9-\x00`\x08\x1e\x87\xf0\x01\x00': 'mqqm.dll',
- '\xe0\x8e Ap\xe9\xd1\x11\x9b\x9e\x00\xe0,\x06L9\x01\x00': 'mqqm.dll',
- '\x80\xa9\x88\x10\xe5\xea\xd0\x11\x8d\x9b\x00\xa0$S\xc37\x01\x00': 'mqqm.dll',
- '\xe0\x0ck\x90\x0b\xc7g\x10\xb3\x17\x00\xdd\x01\x06b\xda\x01\x00': 'msdtcprx.dll',
- '\xf8\x91{Z\x00\xff\xd0\x11\xa9\xb2\x00\xc0O\xb66\xfc\x01\x00': 'msgsvc.dll',
- '\x82\x06\xf7\x1fQ\n\xe80\x07mt\x0b\xe8\xce\xe9\x8b\x01\x00': 'mstask.exe',
- '\xb0R\x8e7\xa9\xc0\xcf\x11\x82-\x00\xaa\x00Q\xe4\x0f\x01\x00': 'mstask.exe',
- ' 2_/&\xc1v\x10\xb5I\x07M\x07\x86\x19\xda\x01\x00': 'netdde.exe',
- 'xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\xcf\xfb\x01\x00': 'netlogon.dll',
- '\x18Z\xcc\xf5dB\x1a\x10\x8cY\x08\x00+/\x84&8\x00': 'ntdsa.dll',
- '|Z\xcc\xf5dB\x1a\x10\x8cY\x08\x00+/\x84&\x15\x00': 'ntdsa.dll',
- '5BQ\xe3\x06K\xd1\x11\xab\x04\x00\xc0O\xc2\xdc\xd2\x04\x00': 'ntdsa.dll',
- 'p\r\xec\xec\x03\xa6\xd0\x11\x96\xb1\x00\xa0\xc9\x1e\xce0\x01\x00': 'ntdsbsrv.dll',
- ':\xcf\xe0\x16\x04\xa6\xd0\x11\x96\xb1\x00\xa0\xc9\x1e\xce0\x01\x00': 'ntdsbsrv.dll',
- '\xb4Y\xcc\xf5dB\x1a\x10\x8cY\x08\x00+/\x84&\x01\x00': 'ntfrs.exe',
- '\x86\xb1I\xd0O\x81\xd1\x11\x9a<\x00\xc0O\xc9\xb22\x01\x00': 'ntfrs.exe',
- '\x1c\x02\x0c\xa0\xe2+\xd2\x11\xb6x\x00\x00\xf8z\x8f\x8e\x01\x00': 'ntfrs.exe',
- '\xa0\x9e\xc0i\tJ\x1b\x10\xaeK\x08\x00+4\x9a\x02\x00\x00': 'ole32.dll',
- 'P8\xcd\x15\xca(\xce\x11\xa4\xe8\x00\xaa\x00a\x16\xcb\x01\x00': 'pgpsdkserv.exe',
- '\xf6\xb85\xd31\xcb\xd0\x11\xb0\xf9\x00`\x97\xbaNT\x01\x00': 'polagent.dll',
- '\xf0\xe4\x9c6\xdc\x0f\xd3\x11\xbd\xe8\x00\xc0O\x8e\xeex\x01\x00': 'profmap.dll',
- '6\x00a "\xfa\xcf\x11\x98#\x00\xa0\xc9\x11\xe5\xdf\x01\x00': 'rasmans.dll',
- '\x01\xd0\x8c3D"\xf11\xaa\xaa\x90\x008\x00\x10\x03\x01\x00': 'regsvc.exe',
- '\x83\xaf\xe1\x1f]\xc9\x11\x91\xa4\x08\x00+\x14\xa0\xfa\x03\x00\x00': 'rpcss.dll',
- '\x84e\n\x0b\x0f\x9e\xcf\x11\xa3\xcf\x00\x80_h\xcb\x1b\x01\x00': 'rpcss.dll',
- '\xb0\x01R\x97\xcaY\xd0\x11\xa8\xd5\x00\xa0\xc9\r\x80Q\x01\x00': 'rpcss.dll',
- '\xe6s\x0c\xe6\xf9\x88\xcf\x11\x9a\xf1\x00 \xafnr\xf4\x02\x00': 'rpcss.dll',
- '\xc4\xfe\xfc\x99`R\x1b\x10\xbb\xcb\x00\xaa\x00!4z\x00\x00': 'rpcss.dll',
- '\x1e$/A*\xc1\xce\x11\xab\xff\x00 \xafnz\x17\x00\x00': 'rpcss.dll',
- '6\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00\x00\x00F\x00\x00': 'rpcss.dll',
- 'r\xee\xf3\xc6~\xce\xd1\x11\xb7\x1e\x00\xc0O\xc3\x11\x1a\x01\x00': 'rpcss.dll',
- '\xb8J\x9fM\x1c}\xcf\x11\x86\x1e\x00 \xafn|W\x00\x00': 'rpcss.dll',
- '\xa0\x01\x00\x00\x00\x00\x00\x00\xc0\x00\x00\x00\x00x\x00x\x00F\x00\x00': 'rpcss.dll',
- '`\x9e\xe7\xb9R=\xce\x11\xaa\xa1\x00\x00i\x01)?\x00\x00': 'rpcss.dll',
- 'xW4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xac\x01\x00': 'samsrv.dll',
- '\xa2\x9c\x14\x93;\x97\xd1\x11\x8c9\x00\xc0O\xb9\x84\xf9\x00\x00': 'scesrv.dll',
- '$\xe4\xfbc) \xd1\x11\x8d\xb8\x00\xaa\x00J\xbd^\x01\x00': 'sens.dll',
- 'f\x9f\x9bblU\xd1\x11\x8d\xd2\x00\xaa\x00J\xbd^\x02\x00': 'sens.dll',
- '\x81\xbbz6D\x98\xf15\xad2\x98\xf08\x00\x10\x03\x02\x00': 'services.exe',
- '|\xda\x83O\xe8\xd2\x11\x98\x07\x00\xc0O\x8e\xc8P\x02\x00\x00': 'sfc.dll',
- '\xc8O2Kp\x16\xd3\x01\x12xZG\xbfn\xe1\x88\x00\x00': 'sfmsvc.exe',
- 'xV4\x124\x12\xcd\xab\xef\x00\x01#Eg\x89\xab\x01\x00': 'spoolsv.exe',
- '\xe0mz\x8c\x8dx\xd0\x11\x9e\xdfDEST\x00\x00\x02\x00': 'stisvc.exe',
- ' e_/F\xcag\x10\xb3\x19\x00\xdd\x01\x06b\xda\x01\x00': 'tapisrv.dll',
- '`\xa7\xa4\\\xb1\xeb\xcf\x11\x86\x11\x00\xa0$T \xed\x01\x00': 'termsrv.exe',
- '"\xc4\xa1M=\x94\xd1\x11\xac\xae\x00\xc0O\xc2\xaa?\x01\x00': 'trksvr.dll',
- '25\x0f0\xcc8\xd0\x11\xa3\xf0\x00 \xafk\n\xdd\x01\x00': 'trkwks.dll',
- '\x12\xfc\x99`\xff>\xd0\x11\xab\xd0\x00\xc0O\xd9\x1aN\x03\x00': 'winfax.dll',
- '\xc0\xe0M\x89U\r\xd3\x11\xa3"\x00\xc0O\xa3!\xa1\x01\x00': 'winlogon.exe',
- '(,\xf5E\x9f\x7f\x1a\x10\xb5+\x08\x00+.\xfa\xbe\x01\x00': 'wins.exe',
- '\xbf\t\x11\x81\xe1\xa4\xd1\x11\xabT\x00\xa0\xc9\x1e\x9bE\x01\x00': 'wins.exe',
- '\xa0\xb3\x02\xa0\xb7\xc9\xd1\x11\xae\x88\x00\x80\xc7^N\xc1\x01\x00': 'wlnotify.dll',
- '\xd1Q\xa9\xbf\x0e/\xd3\x11\xbf\xd1\x00\xc0O\xa3I\n\x01\x00': 'aqueue.dll',
- '\x80x"\xad\x82k\x03\xcf\x11\x97,\x00\xaa\x00h\x87\xb0\x02\x00': 'infocomm.dll',
- 'p]\xfb\x8c\xa41\xcf\x11\xa7\xd8\x00\x80_H\xa15\x03\x00': 'smtpsvc.dll',
- '\x80B\xad\x82k\x03\xcf\x11\x97,\x00\xaa\x00h\x87\xb0\x02\x00': 'infoadmn.dll',
- '\x00\xb9\x99?\x87M\x1b\x10\x99\xb7\xaa\x00\x04\x00\x7f\x07\x01\x00': 'ssmsrpc.dll - Microsoft SQL Server',
- '`\xf4\x82O!\x0e\xcf\x11\x90\x9e\x00\x80_H\xa15\x04\x00': 'nntpsvc.dll',
- '\xc0G\xdf\xb3Z\xa9\xcf\x11\xaa&\x00\xaa\x00\xc1H\xb9\t\x00': 'mspadmin.exe - Microsoft ISA Server',
- '\x1f\xa77!^\xbb)N\x8e~.F\xa6h\x1d\xbf\t\x00': 'wspsrv.exe - Microsoft ISA Server',
- '\xf8\x91{Z\x00\xff\xd0\x11\xa9\xb2\x00\xc0O\xb6\xe6\xfc\x01\x00': 'msgsvc.dll' }
- if KNOWN_UUIDS.has_key(_uuid):
- return KNOWN_UUIDS[_uuid]
- else:
- return 'unknown'
-
-
- class NDRFloor:
- PROTO_ID = {
- 0: 'OSI OID',
- 2: 'UUID',
- 5: 'OSI TP4',
- 6: 'OSI CLNS or DNA Routing',
- 7: 'DOD TCP',
- 8: 'DOD UDP',
- 9: 'DOD IP',
- 10: 'RPC connectionless protocol',
- 11: 'RPC connection-oriented protocol',
- 13: 'UUID',
- 2: 'DNA Session Control',
- 3: 'DNA Session Control V3',
- 4: 'DNA NSP Transport',
- 13: 'Netware SPX',
- 14: 'Netware IPX',
- 15: 'Named Pipes',
- 16: 'Named Pipes',
- 17: 'NetBIOS',
- 18: 'NetBEUI',
- 19: 'Netware SPX',
- 20: 'Netware IPX',
- 22: 'Appletalk Stream',
- 23: 'Appletalk Datagram',
- 24: 'Appletalk',
- 25: 'NetBIOS',
- 26: 'Vines SPP',
- 27: 'Vines IPC',
- 28: 'StreeTalk',
- 32: 'Unix Domain Socket',
- 33: 'null',
- 34: 'NetBIOS' }
-
- def __init__(self, data = ''):
- self._lhs_len = 0
- self._protocol = 0
- self._uuid = ''
- self._rhs_len = 0
- self._rhs = ''
- self._floor_len = 0
- if data != 0:
- (self._lhs_len, self._protocol) = unpack('<HB', data[:3])
- offset = 3
- if self._protocol == 13:
- self._uuid = data[offset:offset + self._lhs_len - 1]
- offset += self._lhs_len - 1
-
- self._rhs_len = unpack('<H', data[offset:offset + 2])[0]
- offset += 2
- self._rhs = data[offset:offset + self._rhs_len]
- self._floor_len = offset + self._rhs_len
-
-
-
- def get_floor_len(self):
- return self._floor_len
-
-
- def get_protocol(self):
- return self._protocol
-
-
- def get_rhs(self):
- return self._rhs
-
-
- def get_rhs_len(self):
- return self._rhs_len
-
-
- def get_uuid(self):
- return self._uuid
-
-
- def get_protocol_string(self):
- if NDRFloor.PROTO_ID.has_key(self._protocol):
- return NDRFloor.PROTO_ID[self._protocol]
- else:
- return 'unknown'
-
-
- def get_uuid_string(self):
- if len(self._uuid) == 18:
- version = unpack('<H', self._uuid[16:18])[0]
- return '%s version: %d' % (parse_uuid(self._uuid), version)
- else:
- return ''
-
-
-
- def parse_uuid(_uuid):
- return uuid.bin_to_string(_uuid)
-
-
- class NDRTower:
-
- def __init__(self, data = ''):
- self._length = 0
- self._length2 = 0
- self._number_of_floors = 0
- self._floors = []
- self._tower_len = 0
- if data != 0:
- (self._length, self._length2, self._number_of_floors) = unpack('<LLH', data[:10])
- offset = 10
- for i in range(0, self._number_of_floors):
- self._floors.append(NDRFloor(data[offset:]))
- offset += self._floors[i].get_floor_len()
-
- self._tower_len = offset
-
-
-
- def get_tower_len(self):
- return self._tower_len
-
-
- def get_floors(self):
- return self._floors
-
-
- def get_number_of_floors(self):
- return self._number_of_floors
-
-
-
- class NDREntry:
-
- def __init__(self, data = ''):
- self._objectid = ''
- self._entry_len = 0
- self._tower = 0
- self._referent_id = 0
- self._annotation_offset = 0
- self._annotation_len = 0
- self._annotation = ''
- if data != 0:
- self._objectid = data[:16]
- self._referent_id = unpack('<L', data[16:20])[0]
- (self._annotation_offset, self._annotation_len) = unpack('<LL', data[20:28])
- self._annotation = data[28:28 + self._annotation_len - 1]
- if self._annotation_len % 4:
- self._annotation_len += 4 - self._annotation_len % 4
-
- offset = 28 + self._annotation_len
- self._tower = NDRTower(data[offset:])
- self._entry_len = offset + self._tower.get_tower_len()
-
-
-
- def get_entry_len(self):
- if self._entry_len % 4:
- self._entry_len += 4 - self._entry_len % 4
-
- return self._entry_len
-
-
- def get_annotation(self):
- return self._annotation
-
-
- def get_tower(self):
- return self._tower
-
-
- def get_uuid(self):
- binuuid = self._tower.get_floors()[0].get_uuid()
- return binuuid[:16]
-
-
- def get_objuuid(self):
- return self._objectid
-
-
- def get_version(self):
- binuuid = self._tower.get_floors()[0].get_uuid()
- return unpack('<H', binuuid[16:18])[0]
-
-
- def print_friendly(self):
- if self._tower != 0:
- floors = self._tower.get_floors()
- print 'IfId: %s [%s]' % (floors[0].get_uuid_string(), uuid_to_exe(floors[0].get_uuid()))
- if self._annotation:
- print 'Annotation: %s' % self._annotation
-
- print 'UUID: %s' % parse_uuid(self._objectid)
- print 'Binding: %s' % self.get_string_binding()
- print ''
-
-
-
- def get_string_binding(self):
- if self._tower != 0:
- tmp_address = ''
- tmp_address2 = ''
- floors = self._tower.get_floors()
- num_floors = self._tower.get_number_of_floors()
- for i in range(3, num_floors):
- if floors[i].get_protocol() == 7:
- tmp_address = 'ncacn_ip_tcp:%%s[%d]' % unpack('!H', floors[i].get_rhs())
- continue
- if floors[i].get_protocol() == 8:
- tmp_address = 'ncadg_ip_udp:%%s[%d]' % unpack('!H', floors[i].get_rhs())
- continue
- if floors[i].get_protocol() == 9:
- tmp_address2 = socket.inet_ntoa(floors[i].get_rhs())
- if tmp_address != '':
- return tmp_address % tmp_address2
- else:
- return 'IP: %s' % tmp_address2
- tmp_address != ''
- if floors[i].get_protocol() == 12:
- tmp_address = 'ncacn_spx:~%%s[%d]' % unpack('!H', floors[i].get_rhs())
- continue
- if floors[i].get_protocol() == 13:
- n = floors[i].get_rhs_len()
- tmp_address2 = '%02X' * n % unpack('%dB' % n, floors[i].get_rhs())
- if tmp_address != '':
- return tmp_address % tmp_address2
- else:
- return 'SPX: %s' % tmp_address2
- tmp_address != ''
- if floors[i].get_protocol() == 14:
- tmp_address = 'ncadg_ipx:~%%s[%d]' % unpack('!H', floors[i].get_rhs())
- continue
- if floors[i].get_protocol() == 15:
- tmp_address = 'ncacn_np:%%s[%s]' % floors[i].get_rhs()[:floors[i].get_rhs_len() - 1]
- continue
- if floors[i].get_protocol() == 16:
- return 'ncalrpc:[%s]' % floors[i].get_rhs()[:floors[i].get_rhs_len() - 1]
- continue
- if floors[i].get_protocol() == 1 or floors[i].get_protocol() == 17:
- if tmp_address != '':
- return tmp_address % floors[i].get_rhs()[:floors[i].get_rhs_len() - 1]
- else:
- return 'NetBIOS: %s' % floors[i].get_rhs()
- tmp_address != ''
- if floors[i].get_protocol() == 31:
- tmp_address = 'ncacn_http:%%s[%d]' % unpack('!H', floors[i].get_rhs())
- continue
- if floors[i].get_protocol_string() == 'unknown':
- return 'unknown_proto_0x%x:[0]' % floors[i].get_protocol()
- continue
- if floors[i].get_protocol_string() != 'UUID':
- return 'protocol: %s, value: %s' % (floors[i].get_protocol_string(), floors[i].get_rhs())
- continue
-
-
-
-
-
- class NDREntries:
-
- def __init__(self, data = ''):
- self._max_count = 0
- self._offset = 0
- self._actual_count = 0
- self._entries_len = 0
- self._entries = []
- if data != 0:
- (self._max_count, self._offset, self._actual_count) = unpack('<LLL', data[:12])
- self._entries_len = 12
- for i in range(0, self._actual_count):
- self._entries.append(NDREntry(data[self._entries_len:]))
- self._entries_len += self._entries[i].get_entry_len()
-
-
-
-
- def get_max_count(self):
- return self._max_count
-
-
- def get_offset(self):
- return self._offset
-
-
- def get_actual_count(self):
- return self._actual_count
-
-
- def get_entries_len(self):
- return self._entries_len
-
-
- def get_entry(self):
- return self._entries[0]
-
-
-
- class NDRPointer:
-
- def __init__(self, data = '', pointerType = None):
- self._referent_id = random.randint(0, 65535)
- self._pointer = None
- if data != '':
- self._referent_id = unpack('<L', data[:4])[0]
- self._pointer = pointerType(data[4:])
-
-
-
- def set_pointer(self, data):
- self._pointer = data
-
-
- def get_pointer(self):
- return self._pointer
-
-
- def rawData(self):
- return pack('<L', self._referent_id) + self._pointer.rawData()
-
-
-
- class NDRString:
-
- def __init__(self, data = ''):
- self._string = ''
- self._max_len = 0
- self._offset = 0
- self._length = 0
- if data != '':
- (self._max_len, self._offset, self._length) = unpack('<LLL', data[:12])
- self._string = unicode(data[12:12 + self._length * 2], 'utf-16le')
-
-
-
- def get_string(self):
- return self._string
-
-
- def set_string(self, str):
- self._string = str
- self._max_len = self._length = len(str) + 1
-
-
- def rawData(self):
- if self._length & 1:
- self._tail = pack('<HH', 0, 0)
- else:
- self._tail = pack('<H', 0)
- return pack('<LLL', self._max_len, self._offset, self._length) + self._string.encode('utf-16le') + self._tail
-
-
- def get_max_len(self):
- return self._max_len
-
-
- def get_length(self):
- return self._length
-
-
-