Results 1 to 1 of 1

Thread: samrdump bug and dirty fix

Hybrid View

  1. #1
    Moderator
    Join Date
    Jan 2010
    Posts
    167

    Default samrdump bug and dirty fix

    Hey guys,

    the included samrdump.py script crashes in some cases:

    Code:
    root@bt:~# /pentest/python/impacket-examples/samrdump.py 10.8.28.240
    Retrieving endpoint list from 10.8.28.240
    Trying protocol 445/SMB...
    Found domain(s):
     . WIN2K-ENG-SP0
     . Builtin
    Looking up users in domain WIN2K-ENG-SP0
    Found user: Administrator, uid = 500
    Found user: Guest, uid = 501
    Found user: IUSR_WIN2K-ENG, uid = 1001
    Found user: IWAM_WIN2K-ENG, uid = 1002
    Found user: TsInternetUser, uid = 1000
    Administrator (500)/Enabled: true
    Administrator (500)/Kickoff: Wed, 16 Dec 2009 11:39:20
    Administrator (500)/PWD Can Change: Wed, 16 Dec 2009 11:39:20
    Administrator (500)/PWD Must Change: Infinity
    Administrator (500)/Group id: 513
    Administrator (500)/Bad pwd count: 0
    Administrator (500)/Logon count: 4
    Administrator (500)/Profile:
    Administrator (500)/Comment:
    Administrator (500)/Logon hours: Unlimited
    Administrator (500)/Workstations:
    Administrator (500)/Description: Built-in account for administering the computer/domain
    Administrator (500)/Parameters:
    Administrator (500)/Script:
    Administrator (500)/Home Drive:
    Administrator (500)/Account Name: Administrator
    Administrator (500)/Home:
    Administrator (500)/Full Name:
    Guest (501)/Enabled: false
    Guest (501)/Kickoff:
    Traceback (most recent call last):
      File "/pentest/python/impacket-examples/samrdump.py", line 182, in <module>
        dumper.dump(address)
      File "/pentest/python/impacket-examples/samrdump.py", line 83, in dump
        print base + '/Kickoff:', user.get_kickoff_time()
      File "/var/lib/python-support/python2.5/impacket/dcerpc/samr.py", line 134, in get_kickoff_time
        return display_time(self._kickoff_time_high, self._kickoff_time_low)
      File "/var/lib/python-support/python2.5/impacket/dcerpc/samr.py", line 35, in display_time
        r = (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60)[0]
    ValueError: timestamp out of range for platform time_t
    A small and dirty fix is the following:

    Code:
    "/var/lib/python-support/python2.5/impacket/dcerpc/samr.py"
     27 def display_time(filetime_high, filetime_low, minutes_utc=0):
     28     d = filetime_high*4.0*1.0*(1<<30)
     29     d += filetime_low
     30     d *= 1.0e-7
     31     d -= (369.0*365.25*24*60*60-(3.0*24*60*60+6.0*60*60))
     32     if minutes_utc == 0:
     33         try:    #dirty fix
     34                 r = (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60)[0]
     35         except: #dirty fix
     36                 r = 0   #dirty fix
     37     else:
     38         try:    #dirty fix
     39                 r = "%s GMT %d " % (strftime("%a, %d %b %Y %H:%M:%S",gmtime(d)), minutes_utc/60)
     40         except: #dirty fix
     41                 r = 0   #dirty fix
     42     return r
    fixing the date from a negative value to 0 helps to complete the script and get all the other details.

    if there is a connection error a huge traceback arises on your screen ... if you would like to control it you can use a new variable, called "debug" (line 26 and 70)

    Code:
     25
     26 debug = 0       #new debug variable for traceback controlling
     27
    
    ...
     68             except Exception, e:
     69                 print 'Protocol failed: %s' % e
     70                 if debug == 1:
     71                         raise
    Set it to 1 will arise the traceback, otherwise no traceback will get printed on the screen.

    And last I think it is quite cool to scan more IPs than one at a time (load a file with IP addresses). For this I have added the following code:

    Code:
    21a22
    > import os
    
    166a175
    >       print "address could also be a file with one IP per line"
    177d185
    <     dumper.dump(address)
    178a187,192
    >     if os.path.isfile(address):
    >       addressfile = open(address, "r")
    >       for address in addressfile.readlines():
    >               dumper.dump(address)
    >     else:
    >       dumper.dump(address)
    The complete, modified files are located here: http://www.s3cur1ty.de/fixing-samrdump_py

    m-1-k-3
    Last edited by m-1-k-3; 05-14-2010 at 07:18 PM. Reason: fix with exceptions, fix traceback, load files

Similar Threads

  1. Replies: 6
    Last Post: 01-23-2010, 01:07 AM
  2. Video: A Quick and Dirty Intro to Nessus
    By Irongeek in forum OLD Tutorials and Guides
    Replies: 0
    Last Post: 05-30-2008, 08:04 PM
  3. Video: A Quick and Dirty Intro to Nessus
    By Irongeek in forum OLD BT1, Whax and Auditor Videos
    Replies: 0
    Last Post: 05-30-2008, 08:04 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •