From 6d3cce8c2ec4e1c07c1772571934b21aa135989b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9as=20Leroux?= Date: Tue, 19 Nov 2024 08:55:49 +0100 Subject: [PATCH] Handle no more entries response from ept_lookup rpc call --- impacket/dcerpc/v5/epm.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/impacket/dcerpc/v5/epm.py b/impacket/dcerpc/v5/epm.py index bc0f7fcb77..dce4b778db 100644 --- a/impacket/dcerpc/v5/epm.py +++ b/impacket/dcerpc/v5/epm.py @@ -1233,7 +1233,12 @@ def hept_lookup(destHost, inquiry_type = RPC_C_EP_ALL_ELTS, objectUUID = NULL, i request['entry_handle'] = entry_handle request['max_ents'] = 500 - resp = dce.request(request) + try: + resp = dce.request(request) + except DCERPCException as e: + # [MS-RPCE]: Section 2.2.1.2.4 specify ept_lookup should return 0x16C9A0D6 when no more entries + if e.error_code == 0x16c9a0d6: + break for i in range(resp['num_ents']): tmpEntry = {} @@ -1244,6 +1249,7 @@ def hept_lookup(destHost, inquiry_type = RPC_C_EP_ALL_ELTS, objectUUID = NULL, i entries.append(tmpEntry) entry_handle = resp['entry_handle'] + # However MSAD implementation seems to never return 0x16C9A0D6 but instead return an empty handle to notify end of elements if entry_handle.isNull(): break