本文整理汇总了Python中impacket.dcerpc.v5.rrp.hBaseRegOpenKey方法的典型用法代码示例。如果您正苦于以下问题:Python rrp.hBaseRegOpenKey方法的具体用法?Python rrp.hBaseRegOpenKey怎么用?Python rrp.hBaseRegOpenKey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.rrp
的用法示例。
在下文中一共展示了rrp.hBaseRegOpenKey方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getBootKey
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getBootKey(self):
bootKey = ''
ans = rrp.hOpenLocalMachine(self.__rrp)
self.__regHandle = ans['phKey']
for key in ['JD','Skew1','GBG','Data']:
LOG.debug('Retrieving class info for %s'% key)
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\%s' % key)
keyHandle = ans['phkResult']
ans = rrp.hBaseRegQueryInfoKey(self.__rrp,keyHandle)
bootKey = bootKey + ans['lpClassOut'][:-1]
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
transforms = [ 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 ]
bootKey = unhexlify(bootKey)
for i in xrange(len(bootKey)):
self.__bootKey += bootKey[transforms[i]]
LOG.info('Target system bootKey: 0x%s' % hexlify(self.__bootKey))
return self.__bootKey
示例2: checkNoLMHashPolicy
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def checkNoLMHashPolicy(self):
LOG.debug('Checking NoLMHash Policy')
ans = rrp.hOpenLocalMachine(self.__rrp)
self.__regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa')
keyHandle = ans['phkResult']
try:
dataType, noLMHash = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'NoLmHash')
except:
noLMHash = 0
if noLMHash != 1:
LOG.debug('LMHashes are being stored')
return False
LOG.debug('LMHashes are NOT being stored')
return True
示例3: test_hBaseRegQueryMultipleValues
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def test_hBaseRegQueryMultipleValues(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hBaseRegOpenKey(dce, phKey, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00')
resp.dump()
valueIn = list()
item1 = {}
item1['ValueName'] = 'ProductName\x00'
item1['ValueType'] = rrp.REG_SZ
valueIn.append(item1)
item2 = {}
item2['ValueName'] = 'InstallDate\x00'
item2['ValueType'] = rrp.REG_DWORD
valueIn.append(item2)
item3 = {}
item3['ValueName'] = 'DigitalProductId\x00'
item3['ValueType'] = rrp.REG_BINARY
#valueIn.append(item3)
resp = rrp.hBaseRegQueryMultipleValues(dce, resp['phkResult'], valueIn)
#print resp
示例4: test_hBaseRegLoadKey_hBaseRegUnLoadKey
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def test_hBaseRegLoadKey_hBaseRegUnLoadKey(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hBaseRegOpenKey(dce,phKey, 'SECURITY\x00')
resp.dump()
request = rrp.BaseRegSaveKey()
request['hKey'] = resp['phkResult']
request['lpFile'] = 'SEC\x00'
request['pSecurityAttributes'] = NULL
resp = dce.request(request)
resp.dump()
resp = rrp.hBaseRegLoadKey(dce, phKey,'BETUS\x00', 'SEC\x00' )
resp.dump()
resp = rrp.hBaseRegUnLoadKey(dce, phKey, 'BETUS\x00')
resp.dump()
smb = rpctransport.get_smb_connection()
smb.deleteFile('ADMIN$', 'System32\\SEC')
示例5: wdigest_enable
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def wdigest_enable(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, 1)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00')
if int(data) == 1:
context.log.success('UseLogonCredential registry key created successfully')
try:
remoteOps.finish()
except:
pass
示例6: on_admin_login
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def on_admin_login(self, context, connection):
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
if uac_value == 1:
context.log.highlight('UAC Status: 1 (UAC Enabled)')
elif uac_value == 0:
context.log.highlight('UAC Status: 0 (UAC Disabled)')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
示例7: rdp_enable
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def rdp_enable(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Terminal Server')
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00', rrp.REG_DWORD, 0)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00')
if int(data) == 0:
context.log.success('RDP enabled successfully')
try:
remoteOps.finish()
except:
pass
示例8: rdp_disable
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def rdp_disable(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Terminal Server')
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00', rrp.REG_DWORD, 1)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00')
if int(data) == 1:
context.log.success('RDP disabled successfully')
try:
remoteOps.finish()
except:
pass
示例9: getBootKey
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getBootKey(self):
bootKey = ''
ans = rrp.hOpenLocalMachine(self.__rrp)
self.__regHandle = ans['phKey']
for key in ['JD','Skew1','GBG','Data']:
logging.debug('Retrieving class info for %s'% key)
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\%s' % key)
keyHandle = ans['phkResult']
ans = rrp.hBaseRegQueryInfoKey(self.__rrp,keyHandle)
bootKey = bootKey + ans['lpClassOut'][:-1]
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
transforms = [ 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 ]
bootKey = unhexlify(bootKey)
for i in xrange(len(bootKey)):
self.__bootKey += bootKey[transforms[i]]
logging.info('Target system bootKey: 0x%s' % hexlify(self.__bootKey))
return self.__bootKey
示例10: checkNoLMHashPolicy
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def checkNoLMHashPolicy(self):
logging.debug('Checking NoLMHash Policy')
ans = rrp.hOpenLocalMachine(self.__rrp)
self.__regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa')
keyHandle = ans['phkResult']
try:
dataType, noLMHash = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'NoLmHash')
except:
noLMHash = 0
if noLMHash != 1:
logging.debug('LMHashes are being stored')
return False
logging.debug('LMHashes are NOT being stored')
return True
示例11: __print_all_subkeys_and_entries
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, index):
index = 0
while True:
try:
subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)
index += 1
ans = rrp.hBaseRegOpenKey(rpc, keyHandler, subkey['lpNameOut'],
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS)
newKeyName = keyName + subkey['lpNameOut'][:-1] + '\\'
print(newKeyName)
self.__print_key_values(rpc, ans['phkResult'])
self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)
except rrp.DCERPCSessionError as e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
except rpcrt.DCERPCException as e:
if str(e).find('access_denied') >= 0:
logging.error('Cannot access subkey %s, bypassing it' % subkey['lpNameOut'][:-1])
continue
elif str(e).find('rpc_x_bad_stub_data') >= 0:
logging.error('Fault call, cannot retrieve value for %s, bypassing it' % subkey['lpNameOut'][:-1])
return
raise
示例12: getBootKey
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getBootKey(self):
bootKey = b''
ans = rrp.hOpenLocalMachine(self.__rrp)
self.__regHandle = ans['phKey']
for key in ['JD','Skew1','GBG','Data']:
LOG.debug('Retrieving class info for %s'% key)
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\%s' % key)
keyHandle = ans['phkResult']
ans = rrp.hBaseRegQueryInfoKey(self.__rrp,keyHandle)
bootKey = bootKey + b(ans['lpClassOut'][:-1])
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
transforms = [ 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 ]
bootKey = unhexlify(bootKey)
for i in range(len(bootKey)):
self.__bootKey += bootKey[transforms[i]:transforms[i]+1]
LOG.info('Target system bootKey: 0x%s' % hexlify(self.__bootKey).decode('utf-8'))
return self.__bootKey
示例13: test_hBaseRegQueryMultipleValues
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def test_hBaseRegQueryMultipleValues(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hBaseRegOpenKey(dce, phKey, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00')
resp.dump()
valueIn = list()
item1 = {}
item1['ValueName'] = 'ProductName\x00'
item1['ValueType'] = rrp.REG_SZ
valueIn.append(item1)
item2 = {}
item2['ValueName'] = 'InstallDate\x00'
item2['ValueType'] = rrp.REG_DWORD
valueIn.append(item2)
item3 = {}
item3['ValueName'] = 'DigitalProductId\x00'
item3['ValueType'] = rrp.REG_BINARY
#valueIn.append(item3)
rrp.hBaseRegQueryMultipleValues(dce, resp['phkResult'], valueIn)
示例14: __print_all_subkeys_and_entries
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, index):
index = 0
while True:
try:
subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)
index += 1
ans = rrp.hBaseRegOpenKey(rpc, keyHandler, subkey['lpNameOut'],
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS)
newKeyName = keyName + subkey['lpNameOut'][:-1] + '\\'
print newKeyName
self.__print_key_values(rpc, ans['phkResult'])
self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)
except rrp.DCERPCSessionError, e:
if e.get_error_code() == ERROR_NO_MORE_ITEMS:
break
except rpcrt.DCERPCException, e:
if str(e).find('access_denied') >= 0:
logging.error('Cannot access subkey %s, bypassing it' % subkey['lpNameOut'][:-1])
continue
elif str(e).find('rpc_x_bad_stub_data') >= 0:
logging.error('Fault call, cannot retrieve value for %s, bypassing it' % subkey['lpNameOut'][:-1])
return
raise
示例15: getDefaultLoginAccount
# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getDefaultLoginAccount(self):
try:
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon')
keyHandle = ans['phkResult']
dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultUserName')
username = dataValue[:-1]
dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultDomainName')
domain = dataValue[:-1]
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
if len(domain) > 0:
return '%s\\%s' % (domain,username)
else:
return username
except:
return None