def test_MimiCommand(self):
dce, rpctransport, pHandle, key = self.connect()
from Crypto.Cipher import ARC4
cipher = ARC4.new(key[::-1])
command = cipher.encrypt('token::whoami\x00'.encode('utf-16le'))
#command = cipher.encrypt('sekurlsa::logonPasswords\x00'.encode('utf-16le'))
#command = cipher.encrypt('process::imports\x00'.encode('utf-16le'))
request = mimilib.MimiCommand()
request['phMimi'] = pHandle
request['szEncCommand'] = len(command)
request['encCommand'] = list(command)
resp = dce.request(request)
cipherText = ''.join(resp['encResult'])
cipher = ARC4.new(key[::-1])
plain = cipher.decrypt(cipherText)
print '='*80
print plain
#resp.dump()
评论列表
文章目录
