Python impacket.dcerpc.v5.scmr.hRCloseServiceHandle() Examples
The following are 30
code examples of impacket.dcerpc.v5.scmr.hRCloseServiceHandle().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
impacket.dcerpc.v5.scmr
, or try the search function
.
.
Example #1
| Source File: secretsdump.py From CVE-2017-7494 with GNU General Public License v3.0 | 6 votes |
|
def __executeRemote(self, data):
self.__tmpServiceName = ''.join([random.choice(string.letters) for _ in range(8)]).encode('utf-16le')
command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' > ' + self.__batchFile + ' & ' + \
self.__shell + self.__batchFile
command += ' & ' + 'del ' + self.__batchFile
self.__serviceDeleted = False
resp = scmr.hRCreateServiceW(self.__scmr, self.__scManagerHandle, self.__tmpServiceName, self.__tmpServiceName,
lpBinaryPathName=command)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
self.__serviceDeleted = True
scmr.hRCloseServiceHandle(self.__scmr, service)
Example #2
| Source File: secretsdump.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception as e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None
Example #3
| Source File: smbexec.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def execute_remote(self, data):
command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' 2^>^&1 > ' + self.__batchFile + ' & ' + \
self.__shell + self.__batchFile
if self.__mode == 'SERVER':
command += ' & ' + self.__copyBack
command += ' & ' + 'del ' + self.__batchFile
logging.debug('Executing %s' % command)
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName,
lpBinaryPathName=command, dwStartType=scmr.SERVICE_DEMAND_START)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output()
Example #4
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def te_REnumServiceGroupW(self):
dce, rpctransport, scHandle = self.connect()
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
cbBufSize = 10
lpResumeIndex = 0
pszGroupName = 'RemoteRegistry\x00'
try:
resp = scmr.hREnumServiceGroupW(dce, scHandle, dwServiceType, dwServiceState, cbBufSize, lpResumeIndex, pszGroupName )
resp.dump()
except Exception as e:
if str(e).find('ERROR_SERVICE_DOES_NOT_EXISTS') <= 0:
raise
scmr.hRCloseServiceHandle(dce, scHandle)
Example #5
| Source File: secretsdump.py From PiBunny with MIT License | 6 votes |
|
def __executeRemote(self, data):
self.__tmpServiceName = ''.join([random.choice(string.letters) for _ in range(8)]).encode('utf-16le')
command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' > ' + self.__batchFile + ' & ' + \
self.__shell + self.__batchFile
command += ' & ' + 'del ' + self.__batchFile
self.__serviceDeleted = False
resp = scmr.hRCreateServiceW(self.__scmr, self.__scManagerHandle, self.__tmpServiceName, self.__tmpServiceName,
lpBinaryPathName=command)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
self.__serviceDeleted = True
scmr.hRCloseServiceHandle(self.__scmr, service)
Example #6
| Source File: dump.py From CVE-2019-1040 with MIT License | 6 votes |
|
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception as e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None
Example #7
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 6 votes |
|
def test_RStartServiceW(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(dce, serviceHandle, 3, ['arg1\x00', 'arg2\x00', 'arg3\x00'] )
except Exception as e:
if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') <= 0:
raise
scmr.hRCloseServiceHandle(dce, scHandle)
Example #8
| Source File: smbexec.py From PiBunny with MIT License | 6 votes |
|
def execute_remote(self, data):
command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' 2^>^&1 > ' + self.__batchFile + ' & ' + \
self.__shell + self.__batchFile
if self.__mode == 'SERVER':
command += ' & ' + self.__copyBack
command += ' & ' + 'del ' + self.__batchFile
logging.debug('Executing %s' % command)
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName, lpBinaryPathName=command)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output()
Example #9
| Source File: smbmap.py From smbmap with GNU General Public License v3.0 | 6 votes |
|
def execute_remote(self, data):
command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' 2^>^&1 > ' + self.__batchFile + ' & ' + \
self.__shell + self.__batchFile
if self.__mode == 'SERVER':
command += ' & ' + self.__copyBack
command += ' & ' + 'del ' + self.__batchFile
logging.debug('Executing %s' % command)
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName, lpBinaryPathName=command)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output()
Example #10
| Source File: mysmb.py From AutoBlue-MS17-010 with MIT License | 6 votes |
|
def execute_remote(self, data):
to_batch = '{} echo {} ^> {} 2^>^&1 > {}'.format(self.__shell, data, self.__output, self.__batchFile)
command = '{} & {} {}'.format(to_batch, self.__shell, self.__batchFile)
if self.__mode == 'SERVER':
command += ' & ' + self.__copyBack
command = '{} & del {}'.format(command, self.__batchFile )
logging.debug('Executing %s' % command)
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName,
lpBinaryPathName=command, dwStartType=scmr.SERVICE_DEMAND_START)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output()
#print(self.__outputBuffer)
Example #11
| Source File: dump.py From Exchange2domain with MIT License | 6 votes |
|
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None
Example #12
| Source File: secretsdump.py From CVE-2017-7494 with GNU General Public License v3.0 | 5 votes |
|
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
LOG.error(e)
return None
Example #13
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_lock_unlock(self):
dce, rpctransport, scHandle = self.connect()
resp = scmr.hRLockServiceDatabase(dce, scHandle)
lockHandle = resp['lpLock']
scmr.hRUnlockServiceDatabase(dce, lockHandle)
scmr.hRCloseServiceHandle(dce, scHandle)
Example #14
| Source File: test_scmr.py From PiBunny with MIT License | 5 votes |
|
def test_RQueryServiceLockStatusW(self):
dce, rpctransport, scHandle = self.connect()
pcbBytesNeeded = 1000
resp = scmr.hRQueryServiceLockStatusW(dce, scHandle, pcbBytesNeeded)
resp = scmr.hRCloseServiceHandle(dce, scHandle)
Example #15
| Source File: test_scmr.py From PiBunny with MIT License | 5 votes |
|
def test_RGetServiceKeyNameW(self):
dce, rpctransport, scHandle = self.connect()
lpDisplayName = 'Plug and Play\x00'
lpcchBuffer = len(lpDisplayName)+100
resp = scmr.hRGetServiceKeyNameW(dce, scHandle, lpDisplayName, lpcchBuffer)
resp = scmr.hRCloseServiceHandle(dce, scHandle)
Example #16
| Source File: test_scmr.py From PiBunny with MIT License | 5 votes |
|
def test_RGetServiceDisplayNameW(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
lpcchBuffer = len(lpServiceName)+100
resp = scmr.hRGetServiceDisplayNameW(dce, scHandle, lpServiceName, lpcchBuffer)
resp = scmr.hRCloseServiceHandle(dce, scHandle)
Example #17
| Source File: serviceinstall.py From PiBunny with MIT License | 5 votes |
|
def uninstall(self):
fileCopied = True
serviceCreated = True
# Do the stuff here
try:
# Let's get the shares
svcManager = self.openSvcManager()
if svcManager != 0:
resp = scmr.hROpenServiceW(self.rpcsvc, svcManager, self.__service_name+'\x00')
service = resp['lpServiceHandle']
LOG.info('Stoping service %s.....' % self.__service_name)
try:
scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP)
except:
pass
LOG.info('Removing service %s.....' % self.__service_name)
scmr.hRDeleteService(self.rpcsvc, service)
scmr.hRCloseServiceHandle(self.rpcsvc, service)
scmr.hRCloseServiceHandle(self.rpcsvc, svcManager)
LOG.info('Removing file %s.....' % self.__binary_service_name)
self.connection.deleteFile(self.share, self.__binary_service_name)
except Exception:
LOG.critical("Error performing the uninstallation, cleaning up" )
try:
scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP)
except:
pass
if fileCopied is True:
try:
self.connection.deleteFile(self.share, self.__binary_service_name)
except:
try:
self.connection.deleteFile(self.share, self.__binary_service_name)
except:
pass
pass
if serviceCreated is True:
try:
scmr.hRDeleteService(self.rpcsvc, service)
except:
pass
Example #18
| Source File: secretsdump.py From PiBunny with MIT License | 5 votes |
|
def __restore(self):
# First of all stop the service if it was originally stopped
if self.__shouldStop is True:
LOG.info('Stopping service %s' % self.__serviceName)
scmr.hRControlService(self.__scmr, self.__serviceHandle, scmr.SERVICE_CONTROL_STOP)
if self.__disabled is True:
LOG.info('Restoring the disabled state for service %s' % self.__serviceName)
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType = 0x4)
if self.__serviceDeleted is False:
# Check again the service we created does not exist, starting a new connection
# Why?.. Hitting CTRL+C might break the whole existing DCE connection
try:
rpc = transport.DCERPCTransportFactory(r'ncacn_np:%s[\pipe\svcctl]' % self.__smbConnection.getRemoteHost())
if hasattr(rpc, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpc.set_credentials(*self.__smbConnection.getCredentials())
rpc.set_kerberos(self.__doKerberos, self.__kdcHost)
self.__scmr = rpc.get_dce_rpc()
self.__scmr.connect()
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
resp = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__tmpServiceName)
service = resp['lpServiceHandle']
scmr.hRDeleteService(self.__scmr, service)
scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)
scmr.hRCloseServiceHandle(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, self.__serviceHandle)
scmr.hRCloseServiceHandle(self.__scmr, self.__scManagerHandle)
rpc.disconnect()
except Exception, e:
# If service is stopped it'll trigger an exception
# If service does not exist it'll trigger an exception
# So. we just wanna be sure we delete it, no need to
# show this exception message
pass
Example #19
| Source File: secretsdump.py From PiBunny with MIT License | 5 votes |
|
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
LOG.error(e)
return None
Example #20
| Source File: dump.py From CVE-2019-1040 with MIT License | 5 votes |
|
def __smbExec(self, command):
self.__serviceDeleted = False
resp = scmr.hRCreateServiceW(self.__scmr, self.__scManagerHandle, self.__tmpServiceName, self.__tmpServiceName,
lpBinaryPathName=command)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
self.__serviceDeleted = True
scmr.hRCloseServiceHandle(self.__scmr, service)
Example #21
| Source File: smbexec.py From ActiveReign with GNU General Public License v3.0 | 5 votes |
|
def finish(self):
# Just in case the service is still created
try:
self.__scmr = self.__rpctransport.get_dce_rpc()
self.__scmr.connect()
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
resp = scmr.hROpenSCManagerW(self.__scmr)
self.__scHandle = resp['lpScHandle']
resp = scmr.hROpenServiceW(self.__scmr, self.__scHandle, self.__serviceName)
service = resp['lpServiceHandle']
scmr.hRDeleteService(self.__scmr, service)
scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)
scmr.hRCloseServiceHandle(self.__scmr, service)
except:
pass
Example #22
| Source File: smbexec.py From PiBunny with MIT License | 5 votes |
|
def finish(self):
# Just in case the service is still created
try:
self.__scmr = self.__rpc.get_dce_rpc()
self.__scmr.connect()
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
resp = scmr.hROpenSCManagerW(self.__scmr)
self.__scHandle = resp['lpScHandle']
resp = scmr.hROpenServiceW(self.__scmr, self.__scHandle, self.__serviceName)
service = resp['lpServiceHandle']
scmr.hRDeleteService(self.__scmr, service)
scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)
scmr.hRCloseServiceHandle(self.__scmr, service)
except:
pass
Example #23
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def atest_notify_config(self):
dce, rpctransport, scHandle = self.connect()
lpMachineName = 'DUMMY\x00'
try:
resp = scmr.hRNotifyBootConfigStatus(dce, lpMachineName, 0x0)
resp.dump()
except scmr.DCERPCSessionError as e:
if str(e).find('ERROR_BOOT_ALREADY_ACCEPTED') <= 0:
raise
scmr.hRCloseServiceHandle(dce, scHandle)
Example #24
| Source File: dump.py From CVE-2019-1040 with MIT License | 5 votes |
|
def __restore(self):
# First of all stop the service if it was originally stopped
if self.__shouldStop is True:
LOG.info('Stopping service %s' % self.__serviceName)
scmr.hRControlService(self.__scmr, self.__serviceHandle, scmr.SERVICE_CONTROL_STOP)
if self.__disabled is True:
LOG.info('Restoring the disabled state for service %s' % self.__serviceName)
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType = 0x4)
if self.__serviceDeleted is False:
# Check again the service we created does not exist, starting a new connection
# Why?.. Hitting CTRL+C might break the whole existing DCE connection
try:
rpc = transport.DCERPCTransportFactory(r'ncacn_np:%s[\pipe\svcctl]' % self.__smbConnection.getRemoteHost())
if hasattr(rpc, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpc.set_credentials(*self.__smbConnection.getCredentials())
rpc.set_kerberos(self.__doKerberos, self.__kdcHost)
self.__scmr = rpc.get_dce_rpc()
self.__scmr.connect()
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
resp = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__tmpServiceName)
service = resp['lpServiceHandle']
scmr.hRDeleteService(self.__scmr, service)
scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)
scmr.hRCloseServiceHandle(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, self.__serviceHandle)
scmr.hRCloseServiceHandle(self.__scmr, self.__scManagerHandle)
rpc.disconnect()
except Exception as e:
# If service is stopped it'll trigger an exception
# If service does not exist it'll trigger an exception
# So. we just wanna be sure we delete it, no need to
# show this exception message
pass
Example #25
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_query(self):
dce, rpctransport, scHandle = self.connect()
############################
# Query Service Status / Enum Dependent
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
scmr.hRQueryServiceStatus(dce, serviceHandle)
cbBufSize = 0
try:
resp = scmr.hREnumDependentServicesW(dce, serviceHandle, scmr.SERVICE_STATE_ALL,cbBufSize )
resp.dump()
except scmr.DCERPCSessionError as e:
if str(e).find('ERROR_MORE_DATA') <= 0:
raise
else:
resp = e.get_packet()
resp.dump()
cbBufSize = resp['pcbBytesNeeded']
resp = scmr.hREnumDependentServicesW(dce, serviceHandle, scmr.SERVICE_STATE_ALL,cbBufSize )
resp.dump()
scmr.hRCloseServiceHandle(dce, serviceHandle)
scmr.hRCloseServiceHandle(dce, scHandle)
Example #26
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
scmr.hRCloseServiceHandle(dce, scHandle)
Example #27
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_RQueryServiceLockStatusW(self):
dce, rpctransport, scHandle = self.connect()
pcbBytesNeeded = 1000
scmr.hRQueryServiceLockStatusW(dce, scHandle, pcbBytesNeeded)
scmr.hRCloseServiceHandle(dce, scHandle)
Example #28
| Source File: test_scmr.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def test_RGetServiceDisplayNameW(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
lpcchBuffer = len(lpServiceName)+100
scmr.hRGetServiceDisplayNameW(dce, scHandle, lpServiceName, lpcchBuffer)
scmr.hRCloseServiceHandle(dce, scHandle)
Example #29
| Source File: test_rrp.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def connect(self):
if self.rrpStarted is not True:
dce, rpctransport, scHandle = self.connect_scmr()
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | \
scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, 'RemoteRegistry\x00', desiredAccess)
resp.dump()
serviceHandle = resp['lpServiceHandle']
try:
resp = scmr.hRStartServiceW(dce, serviceHandle )
except Exception as e:
if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') >=0:
pass
else:
raise
resp = scmr.hRCloseServiceHandle(dce, scHandle)
self.rrpStarted = True
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(rrp.MSRPC_UUID_RRP, transfer_syntax = self.ts)
resp = rrp.hOpenLocalMachine(dce, MAXIMUM_ALLOWED | rrp.KEY_WOW64_32KEY | rrp.KEY_ENUMERATE_SUB_KEYS)
return dce, rpctransport, resp['phKey']
Example #30
| Source File: serviceinstall.py From Slackor with GNU General Public License v3.0 | 5 votes |
|
def uninstall(self):
fileCopied = True
serviceCreated = True
# Do the stuff here
try:
# Let's get the shares
svcManager = self.openSvcManager()
if svcManager != 0:
resp = scmr.hROpenServiceW(self.rpcsvc, svcManager, self.__service_name+'\x00')
service = resp['lpServiceHandle']
LOG.info('Stopping service %s.....' % self.__service_name)
try:
scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP)
except:
pass
LOG.info('Removing service %s.....' % self.__service_name)
scmr.hRDeleteService(self.rpcsvc, service)
scmr.hRCloseServiceHandle(self.rpcsvc, service)
scmr.hRCloseServiceHandle(self.rpcsvc, svcManager)
LOG.info('Removing file %s.....' % self.__binary_service_name)
self.connection.deleteFile(self.share, self.__binary_service_name)
except Exception:
LOG.critical("Error performing the uninstallation, cleaning up" )
try:
scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP)
except:
pass
if fileCopied is True:
try:
self.connection.deleteFile(self.share, self.__binary_service_name)
except:
try:
self.connection.deleteFile(self.share, self.__binary_service_name)
except:
pass
pass
if serviceCreated is True:
try:
scmr.hRDeleteService(self.rpcsvc, service)
except:
pass
