scapy.layers.msrpce.msnrpc

[MS-NRPC] Netlogon Remote Protocol

https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/ff8f970f-3e37-40f7-bd4b-af7336e4792f

scapy.layers.msrpce.msnrpc.ComputeCopySeqNumber(ClientSequenceNumber, client)[source]

scapy.layers.msrpce.msnrpc.InitLMKey(KeyIn)[source]

class scapy.layers.msrpce.msnrpc.NETLOGON_SECURE_CHANNEL_METHOD(*values)[source]

Bases: Enum

NetrServerAuthenticate3 = 1

NetrServerAuthenticateKerberos = 2

class scapy.layers.msrpce.msnrpc.NetlogonClient(auth_level=RPC_C_AUTHN_LEVEL.PKT_PRIVACY, verb=True, supportAES=True, **kwargs)[source]

Bases: DCERPC_Client

A subclass of DCERPC_Client that supports establishing a Netlogon secure channel using the Netlogon SSP, and handling Netlogon authenticators.

This class therefore only supports the ‘logon’ rpc.

Parameters:

auth_level – one of DCE_C_AUTHN_LEVEL
verb – verbosity control.
supportAES – advertise AES support in the Netlogon session.

Example:

>>> cli = NetlogonClient()
>>> cli.connect_and_bind("192.168.0.100")
>>> cli.establish_secure_channel(
...     UPN="WIN10@DOMAIN",
...     HASHNT=bytes.fromhex("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"),
... )

connect(host, **kwargs)[source]: This calls DCERPC_Client’s connect_and_bind to bind the ‘logon’ interface.

create_authenticator()[source]: Create a NETLOGON_AUTHENTICATOR

establish_secure_channel(UPN: str, DC_FQDN: str, HASHNT: bytes | None = None, PASSWORD: str | None = None, KEY=None, ssp: KerberosSSP | None = None, mode=NETLOGON_SECURE_CHANNEL_METHOD.NetrServerAuthenticate3, secureChannelType=NETLOGON_SECURE_CHANNEL_TYPE.WorkstationSecureChannel)[source]

Function to establish the Netlogon Secure Channel.

This uses NetrServerAuthenticate3 or NetrServerAuthenticateKerberos to negotiate the session key, then creates a NetlogonSSP that uses that session key and alters the DCE/RPC session to use it.

Parameters:

mode – one of NETLOGON_SECURE_CHANNEL_METHOD. This defines which method to use to establish the secure channel.
UPN – the UPN of the computer account name that is used to establish the secure channel. (e.g. WIN10$@domain.local)
DC_FQDN – the FQDN name of the DC.

The function then requires one of the following:

Parameters:

HASHNT – the HashNT of the computer account (in Authenticate3 mode).
KEY – a Kerberos key to use (in Kerberos mode)
PASSWORD – the password of the computer account (any mode).
ssp – a KerberosSSP to use (in Kerberos mode)

validate_authenticator(auth)[source]

Validate a NETLOGON_AUTHENTICATOR

Parameters:: auth – the NETLOGON_AUTHENTICATOR object

class scapy.layers.msrpce.msnrpc.NetlogonSSP(SessionKey, computername, domainname, AES=True, **kwargs)[source]

Bases: SSP

class CONTEXT(IsClient, req_flags=None, AES=True)[source]

Bases: CONTEXT

AES

ClientSequenceNumber

IsClient

GSS_Accept_sec_context(Context: ~scapy.layers.msrpce.msnrpc.NetlogonSSP.CONTEXT, input_token=None, req_flags: ~scapy.layers.gssapi.GSS_S_FLAGS | None = <GSS_S_FLAGS.GSS_S_ALLOW_MISSING_BINDINGS: 268435456>, chan_bindings: bytes = b'\x00')[source]

GSS_GetMICEx(Context, msgs, qop_req=0)[source]

GSS_Init_sec_context(Context: CONTEXT, input_token=None, target_name: str | None = None, req_flags: GSS_C_FLAGS | None = None, chan_bindings: bytes = b'\x00')[source]

GSS_Inquire_names_for_mech()[source]

GSS_UnwrapEx(Context, msgs, signature)[source]

GSS_VerifyMICEx(Context, msgs, signature)[source]

GSS_WrapEx(Context, msgs, qop_req=0)[source]

MaximumSignatureLength(Context: CONTEXT)[source]

Returns the Maximum Signature length.

This will be used in auth_len in DceRpc5, and is necessary for PFC_SUPPORT_HEADER_SIGN to work properly.

class STATE(*values)[source]

Bases: STATE

CLI_SENT_NL = 2

INIT = 1

SRV_SENT_NL = 3

auth_type = 68