├── IOXIDResolver.py
├── LICENSE
├── README.md
└── requirements.txt


/IOXIDResolver.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import sys, getopt
 4 | 
 5 | from impacket.dcerpc.v5 import transport
 6 | from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_NONE
 7 | from impacket.dcerpc.v5.dcomrt import IObjectExporter
 8 | 
 9 | def main(argv):
10 | 
11 |     if not argv:
12 |         print('IOXIDResolver.py -t <target>')
13 |         sys.exit(2)
14 | 
15 |     try:
16 |         opts, args = getopt.getopt(argv,"ht:",["target="])
17 |     except getopt.GetoptError:
18 |         print ('IOXIDResolver.py -t <target>')
19 |         sys.exit(2)
20 | 
21 |     target_ip = "192.168.1.1"
22 | 
23 |     for opt, arg in opts:
24 |         if opt == '-h':
25 |             print ('IOXIDResolver.py -t <target>')
26 |             sys.exit()
27 |         elif opt in ("-t", "--target"):
28 |             target_ip = arg
29 | 
30 |     authLevel = RPC_C_AUTHN_LEVEL_NONE
31 | 
32 |     stringBinding = r'ncacn_ip_tcp:%s' % target_ip
33 |     rpctransport = transport.DCERPCTransportFactory(stringBinding)
34 | 
35 |     portmap = rpctransport.get_dce_rpc()
36 |     portmap.set_auth_level(authLevel)
37 |     portmap.connect()
38 | 
39 |     objExporter = IObjectExporter(portmap)
40 |     bindings = objExporter.ServerAlive2()
41 | 
42 |     print ("[*] Retrieving network interface of " + target_ip)
43 | 
44 |     #NetworkAddr = bindings[0]['aNetworkAddr']
45 |     for binding in bindings:
46 |         NetworkAddr = binding['aNetworkAddr']
47 |         print ("Address: " + NetworkAddr)
48 | 
49 | if __name__ == "__main__":
50 |    main(sys.argv[1:])
51 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 3-Clause License
 2 | 
 3 | Copyright (c) 2020, Rob Fuller
 4 | All rights reserved.
 5 | 
 6 | Redistribution and use in source and binary forms, with or without
 7 | modification, are permitted provided that the following conditions are met:
 8 | 
 9 | 1. Redistributions of source code must retain the above copyright notice, this
10 |    list of conditions and the following disclaimer.
11 | 
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 |    this list of conditions and the following disclaimer in the documentation
14 |    and/or other materials provided with the distribution.
15 | 
16 | 3. Neither the name of the copyright holder nor the names of its
17 |    contributors may be used to endorse or promote products derived from
18 |    this software without specific prior written permission.
19 | 
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # IOXIDResolver
 2 | IOXIDResolver.py from AirBus Security
 3 | 
 4 | I couldn't find an official repository for this code so I am posting it here. It's great research and super useful.
 5 | 
 6 | - The source from this blog post: [https://airbus-cyber-security.com/the-oxid-resolver-part-1-remote-enumeration-of-network-interfaces-without-any-authentication/](https://www.cyber.airbus.com/the-oxid-resolver-part-1-remote-enumeration-of-network-interfaces-without-any-authentication/)
 7 | - Part 2 of that blog post: [https://airbus-cyber-security.com/the-oxid-resolver-part-2-accessing-a-remote-object-inside-dcom/](https://www.cyber.airbus.com/the-oxid-resolver-part-2-accessing-a-remote-object-inside-dcom/)
 8 | 
 9 | ## Example Run
10 | 
11 | ```
12 | user@host:~/IOXIDResolver$ python IOXIDResolver.py -t 10.10.11.3
13 | [*] Retrieving network interface of 10.10.11.3
14 | Address: HYPERV1
15 | Address: 192.168.57.1
16 | Address: 192.168.2.1
17 | Address: 192.168.77.201
18 | Address: 10.10.11.3
19 | ```
20 | This is super useful because it helps you to identify hosts that have additional active interfaces, which usually means, virtual machines, VPNs, connected wireless, docker, etc. Basically "interesting".
21 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | impacket>0
2 | 


--------------------------------------------------------------------------------