scapy.layers.msrpce.rpcclient

DCE/RPC client as per [MS-RPCE]

class scapy.layers.msrpce.rpcclient.DCERPC_Client(transport: DCERPC_Transport, ndr64: bool | None = None, ndrendian: str = 'little', verb: bool = True, auth_level: RPC_C_AUTHN_LEVEL | None = None, impersonation_type: RPC_C_IMP_LEVEL = RPC_C_IMP_LEVEL.DEFAULT, **kwargs)[source]

Bases: object

A basic DCE/RPC client

Parameters:

  • transport – the transport to use.

  • ndr64 – should ask for NDR64 when binding (default conf.ndr64)

  • ndrendian – the endianness to use (default little)

  • verb – enable verbose logging (default True)

  • auth_level – the DCE_C_AUTHN_LEVEL to use

  • impersonation_type – the RPC_C_IMP_LEVEL to use

alter_context(interface: DceRpcInterface | ComInterface) bool[source]

Alter context: post-bind context negotiation

Parameters:

interface – the DceRpcInterface object

bind(interface: DceRpcInterface | ComInterface) bool[source]

Bind the client to an interface

Parameters:

interface – the DceRpcInterface object

bind_or_alter(interface: DceRpcInterface | ComInterface) bool[source]

Bind the client to an interface or alter the context if already bound

Parameters:

interface – the DceRpcInterface object

close()[source]

Close the DCE/RPC client.

close_smbpipe()[source]

Close the previously opened pipe

connect(host, endpoint: int | str = None, port: int | None = None, interface=None, timeout=5, smb_kwargs={})[source]

Initiate a connection.

Parameters:

  • host – the host to connect to

  • endpoint – (optional) the port/smb pipe to connect to

  • interface – (optional) if endpoint isn’t provided, uses the endpoint mapper to find the appropriate endpoint for that interface.

  • timeout – (optional) the connection timeout (default 5)

  • port – (optional) the port to connect to. (useful for SMB)

connect_and_bind(host: str, interface: DceRpcInterface, port: int | None = None, timeout: int = 5, smb_kwargs={})[source]

Asks the Endpoint Mapper what address to use to connect to the interface, then uses connect() followed by a bind()

Parameters:

  • host – the host to connect to

  • interface – the DceRpcInterface object

  • port – (optional, NCACN_NP only) the port to connect to

  • timeout – (optional) the connection timeout (default 5)

epm_map(interface)[source]

Calls ept_map (the EndPoint Manager)

Build a DCERPC_Client from a SMB_Client.smblink directly

open_smbpipe(name: str)[source]

Open a certain filehandle with the SMB automaton.

Parameters:

name – the name of the pipe

send(pkt, **kwargs)[source]

Send a DCE/RPC message.

The DCE/RPC header is added automatically.

property session: DceRpcSession
sr1(pkt, **kwargs)[source]

Send/Receive a DCE/RPC message.

The DCE/RPC header is added automatically.

sr1_req(pkt, **kwargs)[source]

Send/Receive a DCE/RPC request.

Parameters:

pkt – the inner DCE/RPC message, without any header.

scapy.layers.msrpce.rpcclient.get_endpoint(ip, interface, transport=DCERPC_Transport.NCACN_IP_TCP, ndrendian='little', verb=True, ssp=None, smb_kwargs={})[source]

Call the endpoint mapper on a remote IP to find an interface

Parameters:

  • ip

  • interface

  • mode

  • verb

  • ssp

Returns:

a list of connection tuples for this interface