# Copyright (c) 2003-2006 CORE Security Technologies # # This software is provided under under a slightly modified version # of the Apache Software License. See the accompanying LICENSE file # for more information. # # $Id: ndrutils.py,v 1.7 2006/05/23 21:19:26 gera Exp $ # from struct import * import socket import random from impacket import uuid def uuid_hex(_uuid): for i in range(0,len(_uuid)): print "\\0x%.2x"%unpack(' 0: floors = self._tower.get_floors() print "IfId: %s [%s]" % (floors[0].get_uuid_string(), uuid_to_exe(floors[0].get_uuid())) if self._annotation: print "Annotation: %s" % self._annotation print "UUID: %s" % parse_uuid(self._objectid) print "Binding: %s" % self.get_string_binding() print '' def get_string_binding(self): if self._tower <> 0: tmp_address = '' tmp_address2 = '' floors = self._tower.get_floors() num_floors = self._tower.get_number_of_floors() for i in range(3,num_floors): if floors[i].get_protocol() == 0x07: tmp_address = 'ncacn_ip_tcp:%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x08: tmp_address = 'ncadg_ip_udp:%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x09: # If the address were 0.0.0.0 it would have to be replaced by the remote host's IP. tmp_address2 = socket.inet_ntoa(floors[i].get_rhs()) if tmp_address <> '': return tmp_address % tmp_address2 else: return 'IP: %s' % tmp_address2 elif floors[i].get_protocol() == 0x0c: tmp_address = 'ncacn_spx:~%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x0d: n = floors[i].get_rhs_len() tmp_address2 = ('%02X' * n) % unpack("%dB" % n, floors[i].get_rhs()) if tmp_address <> '': return tmp_address % tmp_address2 else: return 'SPX: %s' % tmp_address2 elif floors[i].get_protocol() == 0x0e: tmp_address = 'ncadg_ipx:~%%s[%d]' % unpack('!H',floors[i].get_rhs()) elif floors[i].get_protocol() == 0x0f: tmp_address = 'ncacn_np:%%s[%s]' % floors[i].get_rhs()[:floors[i].get_rhs_len()-1] elif floors[i].get_protocol() == 0x10: return 'ncalrpc:[%s]' % floors[i].get_rhs()[:floors[i].get_rhs_len()-1] elif floors[i].get_protocol() == 0x01 or floors[i].get_protocol() == 0x11: if tmp_address <> '': return tmp_address % floors[i].get_rhs()[:floors[i].get_rhs_len()-1] else: return 'NetBIOS: %s' % floors[i].get_rhs() elif floors[i].get_protocol() == 0x1f: tmp_address = 'ncacn_http:%%s[%d]' % unpack('!H',floors[i].get_rhs()) else: if floors[i].get_protocol_string() == 'unknown': return 'unknown_proto_0x%x:[0]' % floors[i].get_protocol() elif floors[i].get_protocol_string() <> 'UUID': return 'protocol: %s, value: %s' % (floors[i].get_protocol_string(), floors[i].get_rhs()) class NDREntries: def __init__(self,data=''): self._max_count = 0 self._offset = 0 self._actual_count = 0 self._entries_len = 0 self._entries = [] if data != 0: self._max_count, self._offset, self._actual_count = unpack('