📄 smb_net.inc
字号:
shares[i] = name; } } return shares;}#---------------------------------------------------------## Function : NetWkstaUserEnum ## Description : Return logged users ## level : WKSTA_USER_INFO_x (x = 0, 1) ##---------------------------------------------------------#function NetWkstaUserEnum (level){ return NetEnum (pipe:"\wkssvc", uuid:"6bffd098-a112-3610-9833-46c3f87e345a", vers:1, level:level, opnum:OPNUM_WKSTAUSERENUM);}#---------------------------------------------------------## Function : NetServerEnum ## Description : Return enumerated systems ## Return : return Array ##---------------------------------------------------------## ## If level == 0, array item is an ascii string. ## ## If level == 1, array item is the following structure ## ## byte [16] server name ## byte os_vers_major ## byte os_vers_minor ## DWORD server_type ## byte [] comment (not null terminated) ## ##---------------------------------------------------------#function NetServerEnum (level){ local_var data, resp, convert, count, available, ret, i, offset, comment; data = raw_word (w:104) + # Function code ascii (string:"WrLehDO") + # Parameter Descriptor ascii (string:"B16BBDz") + # Return Descriptor raw_word (w:level) + # Detail level raw_word (w:0xFFFF) + # Receive buffer length raw_dword (d:3) ; # Server type (server + workstation) data = smb_trans_lanman (data:data); if (!data || (strlen(data) < 8)) return NULL; # WORD status # WORD convert # WORD Entry count # WORD Available entries resp = get_word (blob:data, pos:0); convert = get_word (blob:data, pos:2); count = get_word (blob:data, pos:4); available = get_word (blob:data, pos:6); if (resp != STATUS_SUCCESS) return NULL; if (level == 0) { # struct : # byte [16] server_name; if (strlen (data) < (8 + count*16)) return NULL; ret = NULL; for (i=0; i<count; i++) { ret[i] = get_string (blob:data, pos:8+i*16, _type:ASCII_STRING); } } else { # struct : # byte [16] server name # byte os_vers_major # byte os_vers_minor # DWORD server_type # DWORD comment_offset if (strlen (data) < (8 + count*26)) return NULL; ret = NULL; for (i=0; i<count; i++) { # offset is a negative position at the end of the buffer offset = 65535 - get_dword (blob:data, pos:8+i*26+22); offset = strlen(data) - offset; if ((offset > 0) && (offset < strlen(data))) comment = get_string (blob:data, pos:offset, _type:ASCII_STRING); else comment = ""; ret[i] = substr (data, 8+i*26, 8+i*26+25) + comment; } } return ret;}#---------------------------------------------------------## Function : NetUserGetGroups ## Description : Return user's group ##---------------------------------------------------------#function NetUserGetGroups (user){ local_var ret, handle, domains, sid, handle2, rid, uhandle, rids; ret = NULL; handle = SamConnect2 (); if (!isnull(handle)) { domains = SamEnumerateDomainsInSamServer (handle:handle); if (!isnull(domains)) { sid = SamLookupDomainInSamServer (handle:handle, domain:domains[0]); if (!isnull(sid)) { handle2 = SamOpenDomain (handle:handle, sid:sid, access:0x200); if (!isnull (handle2)) { rid = SamLookupNamesInDomain (handle:handle2, user:user); if (!isnull(rid)) { uhandle = SamOpenUser (handle:handle2, rid:rid, access:0x100); if (!isnull(uhandle)) { rids = SamGetGroupsForUser (handle:uhandle); if (!isnull (rids)) # ret = SamLookupIdsInDomain (handle:handle2, ids:rids); ret = rids; SamCloseHandle(handle:uhandle); } } } SamCloseHandle(handle:handle2); } } SamCloseHandle(handle:handle); } return ret;}#---------------------------------------------------------## Function : NetUserGetLocalGroups ## Description : Return user's local group ##---------------------------------------------------------#function NetUserGetLocalGroups (user){ local_var ret, handle, domains, sid, handle2, rid, uhandle, rids, builtsid, handle3, aliases; builtsid = raw_string (0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x05,0x20,0x00,0x00,0x00); ret = NULL; handle = SamConnect2 (); if (!isnull(handle)) { domains = SamEnumerateDomainsInSamServer (handle:handle); if (!isnull(domains)) { sid = SamLookupDomainInSamServer (handle:handle, domain:domains[0]); if (!isnull(sid)) { handle2 = SamOpenDomain (handle:handle, sid:sid, access:0x280); if (!isnull (handle2)) { handle3 = SamOpenDomain (handle:handle, sid:builtsid, access:0x280); if (!isnull (handle3)) { rid = SamLookupNamesInDomain (handle:handle2, user:user); if (!isnull(rid)) { uhandle = SamOpenUser (handle:handle2, rid:rid, access:0x100); if (!isnull(uhandle)) { rids = SamGetGroupsForUser (handle:uhandle); if (!isnull (rids)) { aliases = SamGetAliasMemberShip (handle:handle2, sid:sid, rids:rids, urid:rid); if (isnull(aliases)) aliases = SamGetAliasMemberShip (handle:handle3, sid:sid, rids:rids, urid:rid); if (!isnull(aliases)) # ret = SamLookupIdsInDomain (handle:handle2, ids:rids); ret = aliases; } SamCloseHandle(handle:uhandle); } } } } SamCloseHandle(handle:handle2); } } SamCloseHandle(handle:handle); } return ret;}#---------------------------------------------------------## Function : NetLocalGroupGetMembers ## Description : Return local group members ##---------------------------------------------------------#function NetLocalGroupGetMembers (group){ local_var ret, handle, domains, sid, handle2, rid, handle3, names, lsa, members, builtsid; builtsid = raw_string (0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x05,0x20,0x00,0x00,0x00); ret = NULL; handle = SamConnect2 (); if (!isnull(handle)) { handle2 = SamOpenDomain (handle:handle, sid:builtsid, access:0x200); if (!isnull (handle2)) { rid = SamLookupNamesInDomain (handle:handle2, user:group); if (isnull(rid)) { SamCloseHandle(handle:handle2); domains = SamEnumerateDomainsInSamServer (handle:handle); if (!isnull(domains)) { sid = SamLookupDomainInSamServer (handle:handle, domain:domains[0]); if (!isnull(sid)) { handle2 = SamOpenDomain (handle:handle, sid:sid, access:0x200); if (!isnull (handle2)) { rid = SamLookupNamesInDomain (handle:handle2, user:group); } } } } if (!isnull(rid)) { handle3 = SamOpenAlias (handle:handle2, rid:rid, access:0x2000C); if (!isnull(handle3)) { members = SamGetMembersInAlias (handle:handle3); if (!isnull(members)) { lsa = LsaOpenPolicy (desired_access:0x20801); if (!isnull(lsa)) { names = LsaLookupSid (handle:lsa, sid_array:members); if (!isnull(names)) { ret = names; } LsaClose (handle:lsa); } } SamCloseHandle(handle:handle3); } } SamCloseHandle(handle:handle2); } SamCloseHandle(handle:handle); } return ret;}#---------------------------------------------------------## Function : NetGroupGetUsers ## Description : Return group members ##---------------------------------------------------------#function NetGroupGetUsers (group){ local_var ret, handle, domains, sid, handle2, rid, ghandle, members; ret = NULL; handle = SamConnect2 (); if (!isnull(handle)) { domains = SamEnumerateDomainsInSamServer (handle:handle); if (!isnull(domains)) { sid = SamLookupDomainInSamServer (handle:handle, domain:domains[0]); if (!isnull(sid)) { handle2 = SamOpenDomain (handle:handle, sid:sid, access:0x200); if (!isnull (handle2)) { rid = SamLookupNamesInDomain (handle:handle2, user:group); if (!isnull(rid)) { ghandle = SamOpenGroup (handle:handle2, rid:rid, access:0x10); if (!isnull(ghandle)) { members = SamGetMembersInGroup (handle:ghandle); if (!isnull(members)) { ret = SamLookupIdsInDomain (handle:handle2, ids:members); } SamCloseHandle(handle:ghandle); } } } SamCloseHandle(handle:handle2); } } SamCloseHandle(handle:handle); } return ret;}#---------------------------------------------------------## Function : NetUserGetInfo ## Description : Return user's info ##---------------------------------------------------------#function NetUserGetInfo (user){ local_var ret, handle, domains, sid, handle2, rid, uhandle; ret = NULL; handle = SamConnect2 (); if (!isnull(handle)) { domains = SamEnumerateDomainsInSamServer (handle:handle); if (!isnull(domains)) { sid = SamLookupDomainInSamServer (handle:handle, domain:domains[0]); if (!isnull(sid)) { handle2 = SamOpenDomain (handle:handle, sid:sid, access:0x200); if (!isnull (handle2)) { rid = SamLookupNamesInDomain (handle:handle2, user:user); if (!isnull(rid)) { uhandle = SamOpenUser (handle:handle2, rid:rid, access:0x11b); if (!isnull(uhandle)) { ret = SamQueryInformationUser (handle:uhandle); SamCloseHandle(handle:uhandle); } } } SamCloseHandle(handle:handle2); } } SamCloseHandle(handle:handle); } return ret;}#---------------------------------------------------------## Function : NetUserGetModals ## Description : Return password policy ## Return : if level == 1 ## ret[0] = min pass len ## ret[1] = pass history len ## ret[2] = max pass age ## ret[3] = min pass age ## ret[4] = force logoff ## ret[5] = must meet complexity ## if level == 3 ## ret[0] = lockout duration ## ret[1] = lockout observation window ## ret[2] = lockout treshold ## Note : time in seconds (-1 if infinite) ##---------------------------------------------------------#function NetUserGetModals (level){ local_var ret, handle, domains, sid, handle2, rid, uhandle, tmp; ret = NULL; handle = SamConnect2 (); if (!isnull(handle)) { domains = SamEnumerateDomainsInSamServer (handle:handle); if (!isnull(domains)) { sid = SamLookupDomainInSamServer (handle:handle, domain:domains[0]); if (!isnull(sid)) { handle2 = SamOpenDomain (handle:handle, sid:sid, access:0x205); if (!isnull (handle2)) { if (level == 1) { ret = SamQueryInformationDomain (handle:handle2, level:1); if (!isnull (ret)) { tmp = SamQueryInformationDomain (handle:handle2, level:3); if (!isnull(tmp)) ret[max_index(ret)] = tmp[0]; } } else if (level == 3) { ret = SamQueryInformationDomain (handle:handle2, level:12); } } SamCloseHandle(handle:handle2); } } SamCloseHandle(handle:handle); } return ret;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -