samrdump bug and dirty fix
Hey guys,
the included samrdump.py script crashes in some cases:
A small and dirty fix is the following:Code:root@bt:~# /pentest/python/impacket-examples/samrdump.py 10.8.28.240 Retrieving endpoint list from 10.8.28.240 Trying protocol 445/SMB... Found domain(s): . WIN2K-ENG-SP0 . Builtin Looking up users in domain WIN2K-ENG-SP0 Found user: Administrator, uid = 500 Found user: Guest, uid = 501 Found user: IUSR_WIN2K-ENG, uid = 1001 Found user: IWAM_WIN2K-ENG, uid = 1002 Found user: TsInternetUser, uid = 1000 Administrator (500)/Enabled: true Administrator (500)/Kickoff: Wed, 16 Dec 2009 11:39:20 Administrator (500)/PWD Can Change: Wed, 16 Dec 2009 11:39:20 Administrator (500)/PWD Must Change: Infinity Administrator (500)/Group id: 513 Administrator (500)/Bad pwd count: 0 Administrator (500)/Logon count: 4 Administrator (500)/Profile: Administrator (500)/Comment: Administrator (500)/Logon hours: Unlimited Administrator (500)/Workstations: Administrator (500)/Description: Built-in account for administering the computer/domain Administrator (500)/Parameters: Administrator (500)/Script: Administrator (500)/Home Drive: Administrator (500)/Account Name: Administrator Administrator (500)/Home: Administrator (500)/Full Name: Guest (501)/Enabled: false Guest (501)/Kickoff: Traceback (most recent call last): File "/pentest/python/impacket-examples/samrdump.py", line 182, in <module> dumper.dump(address) File "/pentest/python/impacket-examples/samrdump.py", line 83, in dump print base + '/Kickoff:', user.get_kickoff_time() File "/var/lib/python-support/python2.5/impacket/dcerpc/samr.py", line 134, in get_kickoff_time return display_time(self._kickoff_time_high, self._kickoff_time_low) File "/var/lib/python-support/python2.5/impacket/dcerpc/samr.py", line 35, in display_time r = (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60)[0] ValueError: timestamp out of range for platform time_t
fixing the date from a negative value to 0 helps to complete the script and get all the other details.Code:"/var/lib/python-support/python2.5/impacket/dcerpc/samr.py" 27 def display_time(filetime_high, filetime_low, minutes_utc=0): 28 d = filetime_high*4.0*1.0*(1<<30) 29 d += filetime_low 30 d *= 1.0e-7 31 d -= (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60)) 32 if minutes_utc == 0: 33 try: #dirty fix 34 r = (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60)[0] 35 except: #dirty fix 36 r = 0 #dirty fix 37 else: 38 try: #dirty fix 39 r = "%s GMT %d " % (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60) 40 except: #dirty fix 41 r = 0 #dirty fix 42 return r
if there is a connection error a huge traceback arises on your screen ... if you would like to control it you can use a new variable, called "debug" (line 26 and 70)
Set it to 1 will arise the traceback, otherwise no traceback will get printed on the screen.Code:25 26 debug = 0 #new debug variable for traceback controlling 27 ... 68 except Exception, e: 69 print 'Protocol failed: %s' % e 70 if debug == 1: 71 raise
And last I think it is quite cool to scan more IPs than one at a time (load a file with IP addresses). For this I have added the following code:
The complete, modified files are located here: http://www.s3cur1ty.de/fixing-samrdump_pyCode:21a22 > import os 166a175 > print "address could also be a file with one IP per line" 177d185 < dumper.dump(address) 178a187,192 > if os.path.isfile(address): > addressfile = open(address, "r") > for address in addressfile.readlines(): > dumper.dump(address) > else: > dumper.dump(address)
m-1-k-3
