本文整理汇总了Python中impacket.dcerpc.v5.scmr.SERVICE_WIN32_OWN_PROCESS属性的典型用法代码示例。如果您正苦于以下问题:Python scmr.SERVICE_WIN32_OWN_PROCESS属性的具体用法?Python scmr.SERVICE_WIN32_OWN_PROCESS怎么用?Python scmr.SERVICE_WIN32_OWN_PROCESS使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类impacket.dcerpc.v5.scmr的用法示例。
在下文中一共展示了scmr.SERVICE_WIN32_OWN_PROCESS属性的8个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_REnumServicesStatusExW
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def test_REnumServicesStatusExW(self):
dce, rpctransport, scHandle = self.connect()
request = scmr.REnumServicesStatusExW()
request['hSCManager'] = scHandle
request['InfoLevel'] = scmr.SC_STATUS_PROCESS_INFO
request['dwServiceType'] = scmr.SERVICE_WIN32_OWN_PROCESS
request['dwServiceState'] = scmr.SERVICE_STATE_ALL
request['lpResumeIndex'] = NULL
request['pszGroupName'] = NULL
request['cbBufSize'] = 0
#request.dump()
#print "\n"
# Request again with the right bufSize
try:
resp = dce.request(request)
except Exception, e:
if str(e).find('ERROR_MORE_DATA') <= 0:
raise
else:
resp = e.get_packet() 示例2: te_REnumServiceGroupW
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def te_REnumServiceGroupW(self):
dce, rpctransport, scHandle = self.connect()
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
cbBufSize = 10
lpResumeIndex = 0
pszGroupName = 'RemoteRegistry\x00'
try:
resp = scmr.hREnumServiceGroupW(dce, scHandle, dwServiceType, dwServiceState, cbBufSize, lpResumeIndex, pszGroupName )
resp.dump()
except Exception, e:
if str(e).find('ERROR_SERVICE_DOES_NOT_EXISTS') <= 0:
raise 示例3: te_REnumServiceGroupW
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def te_REnumServiceGroupW(self):
dce, rpctransport, scHandle = self.connect()
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
cbBufSize = 10
lpResumeIndex = 0
pszGroupName = 'RemoteRegistry\x00'
try:
resp = scmr.hREnumServiceGroupW(dce, scHandle, dwServiceType, dwServiceState, cbBufSize, lpResumeIndex, pszGroupName )
resp.dump()
except Exception as e:
if str(e).find('ERROR_SERVICE_DOES_NOT_EXISTS') <= 0:
raise
scmr.hRCloseServiceHandle(dce, scHandle) 示例4: test_enumservices
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
cbBufSize = 0
resp = scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
resp = scmr.hRCloseServiceHandle(dce, scHandle) 示例5: test_create_change_delete
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def test_create_change_delete(self):
dce, rpctransport, scHandle = self.connect()
#####################
# Create / Change / Query / Delete a service
lpServiceName = 'TESTSVC\x00'
lpDisplayName = 'DisplayName\x00'
dwDesiredAccess = scmr.SERVICE_ALL_ACCESS
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwStartType = scmr.SERVICE_DEMAND_START
dwErrorControl = scmr.SERVICE_ERROR_NORMAL
lpBinaryPathName = 'binaryPath\x00'
lpLoadOrderGroup = NULL
lpdwTagId = NULL
lpDependencies = NULL
dwDependSize = 0
lpServiceStartName = NULL
lpPassword = NULL
dwPwSize = 0
resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize)
resp.dump()
newHandle = resp['lpServiceHandle']
# Aca hay que chequear cada uno de los items
cbBufSize = 0
try:
resp = scmr.hRQueryServiceConfigW(dce, newHandle)
except Exception, e:
if str(e).find('ERROR_INSUFFICIENT_BUFFER') <= 0:
raise
else:
resp = e.get_packet() 示例6: test_REnumServicesStatusExW
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def test_REnumServicesStatusExW(self):
dce, rpctransport, scHandle = self.connect()
request = scmr.REnumServicesStatusExW()
request['hSCManager'] = scHandle
request['InfoLevel'] = scmr.SC_STATUS_PROCESS_INFO
request['dwServiceType'] = scmr.SERVICE_WIN32_OWN_PROCESS
request['dwServiceState'] = scmr.SERVICE_STATE_ALL
request['lpResumeIndex'] = NULL
request['pszGroupName'] = NULL
request['cbBufSize'] = 0
#request.dump()
#print "\n"
# Request again with the right bufSize
try:
resp = dce.request(request)
except Exception as e:
if str(e).find('ERROR_MORE_DATA') <= 0:
raise
else:
resp = e.get_packet()
resp.dump()
request['cbBufSize'] = resp['pcbBytesNeeded']
resp = dce.request(request)
resp.dump() 示例7: test_enumservices
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
scmr.hRCloseServiceHandle(dce, scHandle) 示例8: rpc_get_services
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_WIN32_OWN_PROCESS [as 别名]
def rpc_get_services(self):
"""
Query services with stored credentials via RPC.
These credentials can be dumped with mimikatz via lsadump::secrets or via secretsdump.py
"""
binding = r'ncacn_np:%s[\PIPE\svcctl]' % self.addr
serviceusers = []
dce = self.dce_rpc_connect(binding, scmr.MSRPC_UUID_SCMR)
if dce is None:
return
try:
resp = scmr.hROpenSCManagerW(dce)
scManagerHandle = resp['lpScHandle']
# TODO: Figure out if filtering out service types makes sense
resp = scmr.hREnumServicesStatusW(dce,
scManagerHandle,
dwServiceType=scmr.SERVICE_WIN32_OWN_PROCESS,
dwServiceState=scmr.SERVICE_STATE_ALL)
# TODO: Skip well-known services to save on traffic
for i in range(len(resp)):
try:
ans = scmr.hROpenServiceW(dce, scManagerHandle, resp[i]['lpServiceName'][:-1])
serviceHandle = ans['lpServiceHandle']
svcresp = scmr.hRQueryServiceConfigW(dce, serviceHandle)
svc_user = svcresp['lpServiceConfig']['lpServiceStartName'][:-1]
if '@' in svc_user:
logging.info("Found user service: %s running as %s on %s",
resp[i]['lpServiceName'][:-1],
svc_user,
self.hostname)
serviceusers.append(svc_user)
except DCERPCException as e:
if 'rpc_s_access_denied' not in str(e):
logging.debug('Exception querying service %s via RPC: %s', resp[i]['lpServiceName'][:-1], e)
except DCERPCException as e:
logging.debug('Exception connecting to RPC: %s', e)
except Exception as e:
if 'connection reset' in str(e):
logging.debug('Connection was reset: %s', e)
else:
raise e
dce.disconnect()
return serviceusers