etc/Windows/py-kms/rpcBind.py

   1 import binascii
   2 import rpcBase
   3 import struct
   4 import uuid
   5
   6 from dcerpc import MSRPCHeader, MSRPCBindAck
   7 from structure import Structure
   8
   9 uuidNDR32 = uuid.UUID('8a885d04-1ceb-11c9-9fe8-08002b104860')
  10 uuidNDR64 = uuid.UUID('71710533-beba-4937-8319-b5dbef9ccc36')
  11 uuidTime = uuid.UUID('6cb71c2c-9812-4540-0300-000000000000')
  12 uuidEmpty = uuid.UUID('00000000-0000-0000-0000-000000000000')
  13
  14 class CtxItem(Structure):
  15         structure = (
  16                 ('ContextID',          '<H=0'),
  17                 ('TransItems',         'B=0'),
  18                 ('Pad',                'B=0'),
  19                 ('AbstractSyntaxUUID', '16s=""'),
  20                 ('AbstractSyntaxVer',  '<I=0'),
  21                 ('TransferSyntaxUUID', '16s=""'),
  22                 ('TransferSyntaxVer',  '<I=0'),
  23         )
  24
  25         def ts(self):
  26                 return uuid.UUID(bytes_le=self['TransferSyntaxUUID'])
  27
  28 class CtxItemResult(Structure):
  29         structure = (
  30                 ('Result',             '<H=0'),
  31                 ('Reason',             '<H=0'),
  32                 ('TransferSyntaxUUID', '16s=""'),
  33                 ('TransferSyntaxVer',  '<I=0'),
  34         )
  35
  36         def __init__(self, result, reason, tsUUID, tsVer):
  37                 Structure.__init__(self)
  38                 self['Result'] = result
  39                 self['Reason'] = reason
  40                 self['TransferSyntaxUUID'] = tsUUID.bytes_le
  41                 self['TransferSyntaxVer'] = tsVer
  42
  43 class MSRPCBind(Structure):
  44         class CtxItemArray:
  45                 def __init__(self, data):
  46                         self.data = data
  47
  48                 def __len__(self):
  49                         return len(self.data)
  50
  51                 def __str__(self):
  52                         return self.data
  53
  54                 def __getitem__(self, i):
  55                         return CtxItem(self.data[(len(CtxItem()) * i):])
  56
  57         _CTX_ITEM_LEN = len(CtxItem())
  58
  59         structure = (
  60                         ('max_tfrag',   '<H=4280'),
  61                         ('max_rfrag',   '<H=4280'),
  62                         ('assoc_group', '<L=0'),
  63                         ('ctx_num',     'B=0'),
  64                         ('Reserved',    'B=0'),
  65                         ('Reserved2',   '<H=0'),
  66                         ('_ctx_items',  '_-ctx_items', 'self["ctx_num"]*self._CTX_ITEM_LEN'),
  67                         ('ctx_items',   ':', CtxItemArray),
  68         )
  69
  70 class handler(rpcBase.rpcBase):
  71         def parseRequest(self):
  72                 request = MSRPCHeader(self.data)
  73
  74                 if self.config['debug']:
  75                         print "RPC Bind Request Bytes:", binascii.b2a_hex(self.data)
  76                         print "RPC Bind Request:", request.dump(), MSRPCBind(request['pduData']).dump()
  77
  78                 return request
  79
  80         def generateResponse(self):
  81                 response = MSRPCBindAck()
  82                 request = self.requestData
  83                 bind = MSRPCBind(request['pduData'])
  84
  85                 response['ver_major'] = request['ver_major']
  86                 response['ver_minor'] = request['ver_minor']
  87                 response['type'] = self.packetType['bindAck']
  88                 response['flags'] = self.packetFlags['firstFrag'] | self.packetFlags['lastFrag'] | self.packetFlags['multiplex']
  89                 response['representation'] = request['representation']
  90                 response['frag_len'] = 36 + bind['ctx_num'] * 24
  91                 response['auth_len'] = request['auth_len']
  92                 response['call_id'] = request['call_id']
  93
  94                 response['max_tfrag'] = bind['max_tfrag']
  95                 response['max_rfrag'] = bind['max_rfrag']
  96                 response['assoc_group'] = 0x1063bf3f
  97
  98                 port = str(self.config['port'])
  99                 response['SecondaryAddrLen'] = len(port) + 1
 100                 response['SecondaryAddr'] = port
 101                 pad = (4-((response["SecondaryAddrLen"]+MSRPCBindAck._SIZE) % 4))%4
 102                 response['Pad'] = '\0' * pad
 103                 response['ctx_num'] = bind['ctx_num']
 104
 105                 preparedResponses = {}
 106                 preparedResponses[uuidNDR32] = CtxItemResult(0, 0, uuidNDR32, 2)
 107                 preparedResponses[uuidNDR64] = CtxItemResult(2, 2, uuidEmpty, 0)
 108                 preparedResponses[uuidTime] = CtxItemResult(3, 3, uuidEmpty, 0)
 109
 110                 response['ctx_items'] = ''
 111                 for i in range (0, bind['ctx_num']):
 112                         ts_uuid = bind['ctx_items'][i].ts()
 113                         resp = preparedResponses[ts_uuid]
 114                         response['ctx_items'] += str(resp)
 115
 116                 if self.config['debug']:
 117                         print "RPC Bind Response:", response.dump()
 118                         print "RPC Bind Response Bytes:", binascii.b2a_hex(str(response))
 119
 120                 return response
 121
 122         def generateRequest(self):
 123                 firstCtxItem = CtxItem()
 124                 firstCtxItem['ContextID'] = 0
 125                 firstCtxItem['TransItems'] = 1
 126                 firstCtxItem['Pad'] = 0
 127                 firstCtxItem['AbstractSyntaxUUID'] = uuid.UUID('51c82175-844e-4750-b0d8-ec255555bc06').bytes_le
 128                 firstCtxItem['AbstractSyntaxVer'] = 1
 129                 firstCtxItem['TransferSyntaxUUID'] = uuidNDR32.bytes_le
 130                 firstCtxItem['TransferSyntaxVer'] = 2
 131
 132                 secondCtxItem = CtxItem()
 133                 secondCtxItem['ContextID'] = 1
 134                 secondCtxItem['TransItems'] = 1
 135                 secondCtxItem['Pad'] = 0
 136                 secondCtxItem['AbstractSyntaxUUID'] = uuid.UUID('51c82175-844e-4750-b0d8-ec255555bc06').bytes_le
 137                 secondCtxItem['AbstractSyntaxVer'] = 1
 138                 secondCtxItem['TransferSyntaxUUID'] = uuidTime.bytes_le
 139                 secondCtxItem['TransferSyntaxVer'] = 1
 140
 141                 bind = MSRPCBind()
 142                 bind['max_tfrag'] = 5840
 143                 bind['max_rfrag'] = 5840
 144                 bind['assoc_group'] = 0
 145                 bind['ctx_num'] = 2
 146                 bind['ctx_items'] = bind.CtxItemArray(str(firstCtxItem)+str(secondCtxItem))
 147
 148                 request = MSRPCHeader()
 149                 request['ver_major'] = 5
 150                 request['ver_minor'] = 0
 151                 request['type'] = self.packetType['bindReq']
 152                 request['flags'] = self.packetFlags['firstFrag'] | self.packetFlags['lastFrag'] | self.packetFlags['multiplex']
 153                 request['call_id'] = self.config['call_id']
 154                 request['pduData'] = str(bind)
 155
 156                 if self.config['debug']:
 157                         print "RPC Bind Request:", request.dump(), MSRPCBind(request['pduData']).dump()
 158                         print "RPC Bind Request Bytes:", binascii.b2a_hex(str(request))
 159
 160                 return request
 161
 162         def parseResponse(self):
 163                 return response
 164