Python impacket.dcerpc.v5.dtypes.NULL Examples
The following are 30
code examples of impacket.dcerpc.v5.dtypes.NULL().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.dtypes
, or try the search function
.
.
Example #1
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hNetrJobAdd_hNetrJobEnum_hNetrJobDel(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'
resp = atsvc.hNetrJobAdd(dce, NULL, atInfo)
resp.dump()
resp = atsvc.hNetrJobEnum(dce)
resp.dump()
for job in resp['pEnumContainer']['Buffer']:
resp = atsvc.hNetrJobDel(dce, NULL, job['JobId'], job['JobId'] )
resp.dump()
Example #2
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hNetrShareDelStart_hNetrShareDelCommit(self):
dce, rpctransport = self.connect()
shareInfo = srvs.SHARE_INFO_2()
shareInfo['shi2_netname'] = 'BETUSHARE\x00'
shareInfo['shi2_type'] = 0
shareInfo['shi2_remark'] = 'My Remark\x00'
shareInfo['shi2_max_uses'] = 0xFFFFFFFF
shareInfo['shi2_path'] = 'c:\\\x00'
shareInfo['shi2_passwd'] = NULL
resp = srvs.hNetrShareAdd(dce, 2, shareInfo)
resp.dump()
resp = srvs.hNetrShareDelStart(dce, 'BETUSHARE\x00')
resp.dump()
resp = srvs.hNetrShareDelCommit(dce, resp['ContextHandle'])
resp.dump()
Example #3
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSchRpcScheduledRuntimes(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
request = tsch.SchRpcScheduledRuntimes()
#request['path'] = '\\BBB\\Beto Task\x00'
request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00'
request['start'] = NULL
request['end'] = NULL
request['flags'] = 0
request['cRequested'] = 10
try:
resp = tsch.hSchRpcScheduledRuntimes(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag', NULL, NULL, 0, 10)
resp.dump()
except Exception, e:
# It is actually S_FALSE
if str(e).find('ERROR_INVALID_FUNCTIO') <= 0:
raise
e.get_packet().dump()
pass
Example #4
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def tes_NetrShareEnumSticky(self):
dce, rpctransport = self.connect()
request = srvs.NetrShareEnumSticky()
request['ServerName'] = NULL
request['PreferedMaximumLength'] = 0xffffffff
request['ResumeHandle'] = NULL
request['InfoStruct']['ShareInfo']['tag'] = 502
request['InfoStruct']['ShareInfo']['Level502']['Buffer'] = NULL
request['InfoStruct']['Level'] = 502
resp = dce.request(request)
resp.dump()
request['InfoStruct']['ShareInfo']['tag'] = 503
request['InfoStruct']['ShareInfo']['Level503']['Buffer'] = NULL
request['InfoStruct']['Level'] = 503
resp = dce.request(request)
resp.dump()
Example #5
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrSessionDel(self):
dce, rpctransport = self.connect()
request = srvs.NetrSessionEnum()
request['ServerName'] = NULL
request['ClientName'] = NULL
request['UserName'] = NULL
request['InfoStruct']['Level'] = 502
request['InfoStruct']['SessionInfo']['tag'] = 502
request['InfoStruct']['SessionInfo']['Level502']['Buffer'] = NULL
request['PreferedMaximumLength'] = 0xffffffff
request['ResumeHandle'] = NULL
resp = dce.request(request)
resp.dump()
request = srvs.NetrSessionDel()
request['ServerName'] = NULL
request['ClientName'] = resp['InfoStruct']['SessionInfo']['Level502']['Buffer'][0]['sesi502_cname']
request['UserName'] = resp['InfoStruct']['SessionInfo']['Level502']['Buffer'][0]['sesi502_username']
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if e.get_error_code() != 0x908:
raise
Example #6
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hNetrSessionEnum(self):
dce, rpctransport = self.connect()
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 0)
resp.dump()
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 1)
resp.dump()
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 2)
resp.dump()
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 10)
resp.dump()
resp = srvs.hNetrSessionEnum(dce, NULL, NULL, 502)
resp.dump()
Example #7
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrFileGetInfo(self):
dce, rpctransport = self.connect()
request = srvs.NetrFileEnum()
request['ServerName'] = '\\\\%s\x00' % self.machine
request['BasePath'] = NULL
request['UserName'] = NULL
request['InfoStruct']['Level'] = 2
request['InfoStruct']['FileInfo']['tag'] = 2
request['PreferedMaximumLength'] = 8192
resp = dce.request(request)
resp.dump()
request = srvs.NetrFileGetInfo()
request['ServerName'] = '\\\\%s\x00' % self.machine
request['FileId'] = resp['InfoStruct']['FileInfo']['Level2']['Buffer'][0]['fi2_id']
request['Level'] = 2
resp = dce.request(request)
resp.dump()
request['Level'] = 3
resp = dce.request(request)
resp.dump()
Example #8
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrShareDelStart_NetrShareDelCommit(self):
dce, rpctransport = self.connect()
request = srvs.NetrShareAdd()
request['ServerName'] = NULL
request['Level'] = 2
request['InfoStruct']['tag'] = 2
request['InfoStruct']['ShareInfo2']['shi2_netname'] = 'BETUSHARE\x00'
request['InfoStruct']['ShareInfo2']['shi2_type'] = 0
request['InfoStruct']['ShareInfo2']['shi2_remark'] = 'My Remark\x00'
request['InfoStruct']['ShareInfo2']['shi2_max_uses'] = 0xFFFFFFFF
request['InfoStruct']['ShareInfo2']['shi2_path'] = 'c:\\\x00'
request['InfoStruct']['ShareInfo2']['shi2_passwd'] = NULL
resp = dce.request(request)
resp.dump()
request = srvs.NetrShareDelStart()
request['ServerName'] = NULL
request['NetName'] = 'BETUSHARE\x00'
resp = dce.request(request)
resp.dump()
request = srvs.NetrShareDelCommit()
request['ContextHandle'] = resp['ContextHandle']
resp = dce.request(request)
resp.dump()
Example #9
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_SchRpcScheduledRuntimes(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
request = tsch.SchRpcScheduledRuntimes()
#request['path'] = '\\BBB\\Beto Task\x00'
request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00'
request['start'] = NULL
request['end'] = NULL
request['flags'] = 0
request['cRequested'] = 10
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
# It is actually S_FALSE
if str(e).find('ERROR_INVALID_FUNCTIO') <= 0:
raise
e.get_packet().dump()
pass
Example #10
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSchRpcStop(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
try:
resp = tsch.hSchRpcStop(dce, '\\At%d\x00' % jobId)
resp.dump()
except Exception, e:
# It is actually S_FALSE
if str(e).find('ERROR_INVALID_FUNCTION') <= 0:
raise
pass
Example #11
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSchRpcStopInstance(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
try:
resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1'))
resp.dump()
except Exception, e:
print e
pass
Example #12
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSchRpcGetInstanceInfo(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
try:
resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1'))
resp.dump()
except Exception, e:
print e
pass
Example #13
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrServerTransportEnum(self):
dce, rpctransport = self.connect()
request = srvs.NetrServerTransportEnum()
request['ServerName'] = NULL
request['PreferedMaximumLength'] = 0xffffffff
request['ResumeHandle'] = NULL
request['InfoStruct']['Level'] = 0
request['InfoStruct']['XportInfo']['tag'] = 0
request['InfoStruct']['XportInfo']['Level0']['Buffer'] = NULL
resp = dce.request(request)
resp.dump()
request['InfoStruct']['Level'] = 1
request['InfoStruct']['XportInfo']['tag'] = 1
request['InfoStruct']['XportInfo']['Level1']['Buffer'] = NULL
resp = dce.request(request)
resp.dump()
request['InfoStruct']['Level'] = 2
request['InfoStruct']['XportInfo']['tag'] = 2
request['InfoStruct']['XportInfo']['Level2']['Buffer'] = NULL
resp = dce.request(request)
resp.dump()
Example #14
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSchRpcRun(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
try:
resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1'))
resp.dump()
except Exception, e:
print e
pass
Example #15
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrpGetFileSecurity_NetrpSetFileSecurity(self):
dce, rpctransport = self.connect()
request = srvs.NetrpGetFileSecurity()
request['ServerName'] = NULL
request['ShareName'] = 'C$\x00'
request['lpFileName'] = '\\Windows\x00'
request['RequestedInformation'] = OWNER_SECURITY_INFORMATION
resp = dce.request(request)
resp.dump()
req = srvs.NetrpSetFileSecurity()
req['ServerName'] = NULL
req['ShareName'] = 'C$\x00'
req['lpFileName'] = '\\Windows\x00'
req['SecurityInformation'] = OWNER_SECURITY_INFORMATION
req['SecurityDescriptor'] = resp['SecurityDescriptor']
resp = dce.request(req)
resp.dump()
Example #16
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrJobAdd_NetrJobGetInfo_NetrJobDel(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
request = atsvc.NetrJobAdd()
request['ServerName'] = NULL
request['pAtInfo']['JobTime'] = NULL
request['pAtInfo']['DaysOfMonth'] = 0
request['pAtInfo']['DaysOfWeek'] = 0
request['pAtInfo']['Flags'] = 0
request['pAtInfo']['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'
resp = dce.request(request)
resp.dump()
request = atsvc.NetrJobGetInfo()
request['ServerName'] = NULL
request['JobId'] = resp['pJobId']
resp2 = dce.request(request)
resp2.dump()
request = atsvc.NetrJobDel()
request['ServerName'] = NULL
request['MinJobId'] = resp['pJobId']
request['MaxJobId'] = resp['pJobId']
resp = dce.request(request)
resp.dump()
Example #17
| Source File: test_wmi.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_IWbemServices_ExecQuery(self):
dcom = DCOMConnection(self.machine, self.username, self.password, self.domain, self.lmhash, self.nthash)
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices= iWbemLevel1Login.NTLMLogin('\\\\%s\\root\\cimv2' % self.machine, NULL, NULL)
classes = [ 'Win32_Account', 'Win32_UserAccount', 'Win32_Group', 'Win32_SystemAccount', 'Win32_Service']
for classn in classes:
print "Reading %s " % classn
try:
iEnumWbemClassObject = iWbemServices.ExecQuery('SELECT * from %s' % classn)
done = False
while done is False:
try:
iEnumWbemClassObject.Next(0xffffffff,1)
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
else:
done = True
pass
except Exception, e:
if str(e).find('S_FALSE') < 0:
print e
Example #18
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrDfsCreateLocalPartition(self):
dce, rpctransport = self.connect()
request = srvs.NetrDfsCreateLocalPartition()
request['ServerName'] = NULL
request['ShareName'] = 'C$\x00'
#request['EntryUid'] = 0
request['EntryPrefix'] = 'c:\\\x00'
request['ShortName'] = 'c:\\betus\x00'
request['RelationInfo']['Buffer'] = NULL
request['Force'] = 0
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e).find('ERROR_NOT_SUPPORTED') < 0:
raise
Example #19
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def ttt_NetrServerTransportAddEx_NetrServerTransportDelEx(self):
dce, rpctransport = self.connect()
request = srvs.NetrServerTransportAddEx()
request['ServerName'] = NULL
request['Level'] = 0
request['Buffer']['tag'] = 0
request['Buffer']['Transport0']['svti0_numberofvcs'] = 0
request['Buffer']['Transport0']['svti0_transportname'] = '\\Device\\NetbiosSmb\x00'
request['Buffer']['Transport0']['svti0_transportaddress'] = list('%s'% self.machine)
request['Buffer']['Transport0']['svti0_transportaddresslength'] = len(request['Buffer']['Transport0']['svti0_transportaddress'])
request['Buffer']['Transport0']['svti0_networkaddress'] = '%s\x00' % self.machine
resp = dce.request(request)
resp.dump()
req = srvs.NetrServerTransportDelEx()
req['ServerName'] = NULL
req['Level'] = 0
req['Buffer']['tag'] = 0
req['Buffer']['Transport0'] = request['Buffer']['Transport0']
resp = dce.request(req)
resp.dump()
Example #20
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def ttt_NetrServerTransportAdd_NetrServerTransportDel(self):
dce, rpctransport = self.connect()
request = srvs.NetrServerTransportAdd()
request['ServerName'] = NULL
request['Level'] = 0
request['Buffer']['svti0_numberofvcs'] = 0
request['Buffer']['svti0_transportname'] = '\\Device\\NetbiosSmb\x00'
request['Buffer']['svti0_transportaddress'] = list('%s'% self.machine)
request['Buffer']['svti0_transportaddresslength'] = len(request['Buffer']['svti0_transportaddress'])
request['Buffer']['svti0_networkaddress'] = '%s\x00' % self.machine
resp = dce.request(request)
resp.dump()
req = srvs.NetrServerTransportDel()
req['ServerName'] = NULL
req['Level'] = 0
req['Buffer'] = request['Buffer']
resp = dce.request(req)
resp.dump()
Example #21
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrServerAliasAdd_NetrServerAliasDel(self):
dce, rpctransport = self.connect()
request = srvs.NetrServerAliasAdd()
request['ServerName'] = NULL
request['Level'] = 0
request['InfoStruct']['tag'] = 0
request['InfoStruct']['ServerAliasInfo0']['srvai0_alias'] = 'BETOALIAS\x00'
request['InfoStruct']['ServerAliasInfo0']['srvai0_target'] = '%s\x00' % self.machine
request['InfoStruct']['ServerAliasInfo0']['srvai0_default'] = 0
resp = dce.request(request)
resp.dump()
request = srvs.NetrServerAliasDel()
request['ServerName'] = NULL
request['Level'] = 0
request['InfoStruct']['tag'] = 0
request['InfoStruct']['ServerAliasInfo0']['srvai0_alias'] = 'BETOALIAS\x00'
request['InfoStruct']['ServerAliasInfo0']['srvai0_target'] = '%s\x00' % self.machine
request['InfoStruct']['ServerAliasInfo0']['srvai0_default'] = 0
resp = dce.request(request)
resp.dump()
Example #22
| Source File: test_srvs.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_NetrDfsFixLocalVolume(self):
# This one I cannot make it work. It's only supported on w2k and xp
dce, rpctransport = self.connect()
request = srvs.NetrDfsFixLocalVolume()
request['ServerName'] = NULL
request['VolumeName'] = r'\??\C:\DfsShare'
request['EntryType'] = srvs.PKT_ENTRY_TYPE_LEAFONLY
request['ServiceType'] = srvs.DFS_SERVICE_TYPE_LOCAL
request['StgId'] = 'NONE\x00'
request['EntryPrefix'] = 'c:\\\x00'
request['RelationInfo']['Buffer'] = NULL
request['CreateDisposition'] = srvs.FILE_SUPERSEDE
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if str(e) != 'rpc_x_bad_stub_data':
raise
Example #23
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_SchRpcCreateFolder_SchRpcEnumFolders_SchRpcDelete(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
request = tsch.SchRpcCreateFolder()
request['path'] = '\\Beto\x00'
request['sddl'] = NULL
request['flags'] = 0
resp = dce.request(request)
resp.dump()
request = tsch.SchRpcEnumFolders()
request['path'] = '\\\x00'
request['flags'] = tsch.TASK_ENUM_HIDDEN
request['startIndex'] = 0
request['cRequested'] = 10
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
print e
pass
Example #24
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_hSchRpcEnumTasks(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
resp = tsch.hSchRpcEnumTasks(dce, '\\')
resp.dump()
resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId)
resp.dump()
Example #25
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def test_SchRpcGetInstanceInfo(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
try:
resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1'))
resp.dump()
except Exception, e:
print e
pass
Example #26
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_SAGetNSAccountInformation(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC)
request = sasec.SAGetNSAccountInformation()
request['Handle'] = NULL
request['ccBufferSize'] = 15
for i in range(request['ccBufferSize'] ):
request['wszBuffer'].append(0)
resp = dce.request(request)
resp.dump()
Example #27
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_hSASetNSAccountInformation(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC)
resp = sasec.hSASetNSAccountInformation(dce, NULL, self.username, self.password)
resp.dump()
Example #28
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_hSASetAccountInformation(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC)
try:
resp = sasec.hSASetAccountInformation(dce, NULL, 'MyJob.job', self.username, self.password, 0)
resp.dump()
except Exception, e:
if e.get_error_code() != 0x80070002:
raise
Example #29
| Source File: test_tsch.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_SAGetAccountInformation(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC)
request = sasec.SAGetAccountInformation()
request['Handle'] = NULL
request['pwszJobName'] = 'MyJob.job\x00'
request['ccBufferSize'] = 15
for i in range(request['ccBufferSize'] ):
request['wszBuffer'].append(0)
try:
resp = dce.request(request)
resp.dump()
except Exception, e:
if e.get_error_code() != 0x80070002:
raise
Example #30
| Source File: test_nrpc.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def test_hDsrGetSiteName(self):
dce, rpctransport = self.connect()
resp = nrpc.hDsrGetSiteName(dce, NULL)
resp.dump()
