scapy.layers.windows.security

Python objects for Microsoft Windows security structures.

class scapy.layers.windows.security.CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1(_pkt, /, *, NameOffset=0, ValueType=0, Reserved=0, Flags=<Flag 0 ()>, ValueCount=0, ValueOffsets=[], Data=[])[source]

Bases: _NTLMPayloadPacket

aliastypes = [<class 'scapy.layers.windows.security.CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1'>, <class 'scapy.layers.ntlm._NTLMPayloadPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<LEIntField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).NameOffset>, <LEShortEnumField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).ValueType>, <LEShortField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).Reserved>, <FlagsField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).Flags>, <LEIntField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).ValueCount>, <FieldListField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).ValueOffsets>, <_NTLMPayloadField (CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1).Data>]

class scapy.layers.windows.security.SECURITY_DESCRIPTOR(_pkt, /, *, Revision=1, Sbz1=0, Control=<Flag 0 ()>, OwnerSidOffset=None, GroupSidOffset=None, SACLOffset=None, DACLOffset=None, Data=[])[source]

Bases: _NTLMPayloadPacket

OFFSET = 20

aliastypes = [<class 'scapy.layers.windows.security.SECURITY_DESCRIPTOR'>, <class 'scapy.layers.ntlm._NTLMPayloadPacket'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (SECURITY_DESCRIPTOR).Revision>, <ByteField (SECURITY_DESCRIPTOR).Sbz1>, <FlagsField (SECURITY_DESCRIPTOR).Control>, <LEIntField (SECURITY_DESCRIPTOR).OwnerSidOffset>, <LEIntField (SECURITY_DESCRIPTOR).GroupSidOffset>, <LEIntField (SECURITY_DESCRIPTOR).SACLOffset>, <LEIntField (SECURITY_DESCRIPTOR).DACLOffset>, <_NTLMPayloadField (SECURITY_DESCRIPTOR).Data>]

post_build(pkt: bytes, pay: bytes) → bytes[source]

show_print()[source]: Print the SECURITY_DESCRIPTOR in a human format

class scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>]

class scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_CALLBACK_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>, ApplicationData=<WINNT_APPLICATION_DATA |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_CALLBACK_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>, <PacketField (WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE).ApplicationData>]

class scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Flags=<Flag 0 ()>, ObjectType=None, InheritedObjectType=None, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>, ApplicationData=<WINNT_APPLICATION_DATA |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Mask>, <FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Sid>, <PacketField (WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE).ApplicationData>]

class scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_OBJECT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Flags=<Flag 0 ()>, ObjectType=None, InheritedObjectType=None, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_OBJECT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Mask>, <FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Sid>]

class scapy.layers.windows.security.WINNT_ACCESS_DENIED_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>]

class scapy.layers.windows.security.WINNT_ACCESS_DENIED_CALLBACK_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>, ApplicationData=<WINNT_APPLICATION_DATA |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_CALLBACK_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>, <PacketField (WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE).ApplicationData>]

class scapy.layers.windows.security.WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Flags=<Flag 0 ()>, ObjectType=None, InheritedObjectType=None, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>, ApplicationData=<WINNT_APPLICATION_DATA |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Mask>, <FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Sid>, <PacketField (WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE).ApplicationData>]

class scapy.layers.windows.security.WINNT_ACCESS_DENIED_OBJECT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Flags=<Flag 0 ()>, ObjectType=None, InheritedObjectType=None, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_OBJECT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Mask>, <FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Sid>]

class scapy.layers.windows.security.WINNT_ACE_HEADER(_pkt, /, *, AceType=0, AceFlags=<Flag 0 ()>, AceSize=None)[source]

Bases: Packet

Access Control Entry (ACE) Header It is composed of 3 fields, followed by ACE-specific data:

AceType (1 byte): see below for standard values

AceFlags (1 byte): see WINNT_ACE_FLAGS

AceSize (2 bytes): total size of the ACE, including the header
and the ACE-specific data.

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACE_HEADER'>, <class 'scapy.packet.Packet'>]

extractData(accessMask=None)[source]

Return the ACE data as usable data.

Parameters:: accessMask – context-specific flags for the ACE Mask.

extract_padding(p)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField (WINNT_ACE_HEADER).AceType>, <FlagsField (WINNT_ACE_HEADER).AceFlags>, <LenField (WINNT_ACE_HEADER).AceSize>]

payload_guess: List[Tuple[Dict[str, Any], Type[Packet]]] = [({'AceType': 0}, <class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_ACE'>), ({'AceType': 5}, <class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_OBJECT_ACE'>), ({'AceType': 1}, <class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_ACE'>), ({'AceType': 6}, <class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_OBJECT_ACE'>), ({'AceType': 9}, <class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_CALLBACK_ACE'>), ({'AceType': 10}, <class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_CALLBACK_ACE'>), ({'AceType': 11}, <class 'scapy.layers.windows.security.WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE'>), ({'AceType': 12}, <class 'scapy.layers.windows.security.WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE'>), ({'AceType': 2}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_ACE'>), ({'AceType': 7}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_OBJECT_ACE'>), ({'AceType': 13}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_CALLBACK_ACE'>), ({'AceType': 17}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_MANDATORY_LABEL_ACE'>), ({'AceType': 15}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE'>), ({'AceType': 18}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE'>), ({'AceType': 19}, <class 'scapy.layers.windows.security.WINNT_SYSTEM_SCOPED_POLICY_ID_ACE'>)]

toSDDL(accessMask=None)[source]: Return SDDL

class scapy.layers.windows.security.WINNT_ACL(_pkt, /, *, AclRevision=2, Sbz1=0, AclSize=None, AceCount=None, Sbz2=0, Aces=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_ACL'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (WINNT_ACL).AclRevision>, <ByteField (WINNT_ACL).Sbz1>, <FieldLenField (WINNT_ACL).AclSize>, <FieldLenField (WINNT_ACL).AceCount>, <ShortField (WINNT_ACL).Sbz2>, <PacketListField (WINNT_ACL).Aces>]

toSDDL()[source]

class scapy.layers.windows.security.WINNT_APPLICATION_DATA(_pkt, /, *, Magic=b'artx', Tokens=[])[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_APPLICATION_DATA'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (WINNT_APPLICATION_DATA).Magic>, <PacketListField (WINNT_APPLICATION_DATA).Tokens>]

class scapy.layers.windows.security.WINNT_APPLICATION_DATA_LITERAL_TOKEN(_pkt, /)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_APPLICATION_DATA_LITERAL_TOKEN'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload)[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteEnumField ().TokenType>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>]

class scapy.layers.windows.security.WINNT_SID(_pkt, /, *, Revision=1, SubAuthorityCount=None, IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |>, SubAuthority=[0])[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SID'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload: bytes) → Packet[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<ByteField (WINNT_SID).Revision>, <FieldLenField (WINNT_SID).SubAuthorityCount>, <PacketField (WINNT_SID).IdentifierAuthority>, <FieldListField (WINNT_SID).SubAuthority>]

static fromstr(x: str)[source]

Helper to create a SID from its string representation.

Parameters:: x (str) – string representation of the SID like “S-1-5-18”

Example

>>> from scapy.layers.windows.security import WINNT_SID
>>> WINNT_SID.fromstr("S-1-5-18")
<WINNT_SID  Revision=1 IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY
Value=b'' |> SubAuthority=[18] |>
>>> _.summary()
>>> 'S-1-5-18'

summary() → str[source]: Return the string representation of the SID.

class scapy.layers.windows.security.WINNT_SID_IDENTIFIER_AUTHORITY(_pkt, /, *, Value=b'\x00\x00\x00\x00\x00\x01')[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SID_IDENTIFIER_AUTHORITY'>, <class 'scapy.packet.Packet'>]

default_payload_class(payload: bytes) → Packet[source]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<StrFixedLenField (WINNT_SID_IDENTIFIER_AUTHORITY).Value>]

class scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>]

class scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_CALLBACK_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>, ApplicationData=<WINNT_APPLICATION_DATA |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_CALLBACK_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>, <PacketField (WINNT_SYSTEM_AUDIT_CALLBACK_ACE).ApplicationData>]

class scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Flags=<Flag 0 ()>, ObjectType=None, InheritedObjectType=None, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Mask>, <FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Sid>]

class scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_OBJECT_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Flags=<Flag 0 ()>, ObjectType=None, InheritedObjectType=None, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_AUDIT_OBJECT_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Mask>, <FlagsField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Flags>, <scapy.fields.ConditionalField object>, <scapy.fields.ConditionalField object>, <PacketField (WINNT_ACCESS_ALLOWED_OBJECT_ACE,WINNT_ACCESS_DENIED_OBJECT_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,WINNT_ACCESS_DENIED_CALLBACK_OBJECT_ACE,WINNT_SYSTEM_AUDIT_OBJECT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE).Sid>]

class scapy.layers.windows.security.WINNT_SYSTEM_MANDATORY_LABEL_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_MANDATORY_LABEL_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>]

class scapy.layers.windows.security.WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>, AttributeData=<CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>, <PacketField (WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE).AttributeData>]

class scapy.layers.windows.security.WINNT_SYSTEM_SCOPED_POLICY_ID_ACE(_pkt, /, *, Mask=<Flag 0 ()>, Sid=<WINNT_SID IdentifierAuthority=<WINNT_SID_IDENTIFIER_AUTHORITY |> SubAuthority=[0] |>)[source]

Bases: Packet

aliastypes = [<class 'scapy.layers.windows.security.WINNT_SYSTEM_SCOPED_POLICY_ID_ACE'>, <class 'scapy.packet.Packet'>]

fields_desc: ClassVar[List[Field[Any, Any] | _FieldContainer]] = [<FlagsField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Mask>, <PacketField (WINNT_ACCESS_ALLOWED_ACE,WINNT_ACCESS_DENIED_ACE,WINNT_ACCESS_ALLOWED_CALLBACK_ACE,WINNT_ACCESS_DENIED_CALLBACK_ACE,WINNT_SYSTEM_AUDIT_ACE,WINNT_SYSTEM_AUDIT_CALLBACK_ACE,WINNT_SYSTEM_MANDATORY_LABEL_ACE,WINNT_SYSTEM_RESOURCE_ATTRIBUTE_ACE,WINNT_SYSTEM_SCOPED_POLICY_ID_ACE).Sid>]