scapy.layers.msrpce.msnrpc

[MS-NRPC] Netlogon Remote Protocol

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f

scapy.layers.msrpce.msnrpc.ComputeCopySeqNumber(ClientSequenceNumber, client)[source]

scapy.layers.msrpce.msnrpc.InitLMKey(KeyIn)[source]

class scapy.layers.msrpce.msnrpc.NETLOGON_SECURE_CHANNEL_METHOD(*values)[source]

Bases: Enum

NetrServerAuthenticate3 = 1

NetrServerAuthenticateKerberos = 2

class scapy.layers.msrpce.msnrpc.NetlogonClient(auth_level=RPC_C_AUTHN_LEVEL.NONE, verb=True, supportAES=True, **kwargs)[source]

Bases: DCERPC_Client

A subclass of DCERPC_Client that supports establishing a Netlogon secure channel using the Netlogon SSP, and handling Netlogon authenticators.

This class therefore only supports the ‘logon’ rpc.

Parameters:

auth_level – one of DCE_C_AUTHN_LEVEL
verb – verbosity control.
supportAES – advertise AES support in the Netlogon session.

Example:

>>> cli = NetlogonClient()
>>> cli.connect_and_bind("192.168.0.100")
>>> cli.establishSecureChannel(
...     domainname="DOMAIN", computername="WIN10",
...     HashNT=bytes.fromhex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
... )

alter_context()[source]

connect_and_bind(remoteIP)[source]: This calls DCERPC_Client’s connect_and_bind to bind the ‘logon’ interface.

create_authenticator()[source]: Create a NETLOGON_AUTHENTICATOR

establishSecureChannel(computername: str, domainname: str, HashNt: bytes, mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, secureChannelType=NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel)[source]

Function to establish the Netlogon Secure Channel.

This uses NetrServerAuthenticate3 to negotiate the session key, then creates a NetlogonSSP that uses that session key and alters the DCE/RPC session to use it.

Parameters:

mode – one of NETLOGON_SECURE_CHANNEL_METHOD. This defines which method to use to establish the secure channel.
computername – the netbios computer account name that is used to establish the secure channel. (e.g. WIN10)
domainname – the netbios domain name to connect to (e.g. DOMAIN)
HashNt – the HashNT of the computer account.

validate_authenticator(auth)[source]

Validate a NETLOGON_AUTHENTICATOR

Parameters:: auth – the NETLOGON_AUTHENTICATOR object

class scapy.layers.msrpce.msnrpc.NetlogonSSP(SessionKey, computername, domainname, AES=True, **kwargs)[source]

Bases: SSP

class CONTEXT(IsClient, req_flags=None, AES=True)[source]

Bases: CONTEXT

AES

ClientSequenceNumber

IsClient

GSS_Accept_sec_context(Context, val=None)[source]

GSS_GetMICEx(Context, msgs, qop_req=0)[source]

GSS_Init_sec_context(Context, val=None, req_flags: GSS_C_FLAGS | None = None)[source]

GSS_UnwrapEx(Context, msgs, signature)[source]

GSS_VerifyMICEx(Context, msgs, signature)[source]

GSS_WrapEx(Context, msgs, qop_req=0)[source]

MaximumSignatureLength(Context: CONTEXT)[source]

Returns the Maximum Signature length.

This will be used in auth_len in DceRpc5, and is necessary for PFC_SUPPORT_HEADER_SIGN to work properly.

class STATE(*values)[source]

Bases: STATE

CLI_SENT_NL = 2

INIT = 1

SRV_SENT_NL = 3

auth_type = 68