当前位置: 首页>>代码示例>>Python>>正文


Python rrp.hBaseRegOpenKey方法代码示例

本文整理汇总了Python中impacket.dcerpc.v5.rrp.hBaseRegOpenKey方法的典型用法代码示例。如果您正苦于以下问题:Python rrp.hBaseRegOpenKey方法的具体用法?Python rrp.hBaseRegOpenKey怎么用?Python rrp.hBaseRegOpenKey使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在impacket.dcerpc.v5.rrp的用法示例。


在下文中一共展示了rrp.hBaseRegOpenKey方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: getBootKey

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getBootKey(self):
        bootKey = ''
        ans = rrp.hOpenLocalMachine(self.__rrp)
        self.__regHandle = ans['phKey']
        for key in ['JD','Skew1','GBG','Data']:
            LOG.debug('Retrieving class info for %s'% key)
            ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\%s' % key)
            keyHandle = ans['phkResult']
            ans = rrp.hBaseRegQueryInfoKey(self.__rrp,keyHandle)
            bootKey = bootKey + ans['lpClassOut'][:-1]
            rrp.hBaseRegCloseKey(self.__rrp, keyHandle)

        transforms = [ 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 ]

        bootKey = unhexlify(bootKey)

        for i in xrange(len(bootKey)):
            self.__bootKey += bootKey[transforms[i]]

        LOG.info('Target system bootKey: 0x%s' % hexlify(self.__bootKey))

        return self.__bootKey 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:24,代码来源:secretsdump.py

示例2: checkNoLMHashPolicy

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def checkNoLMHashPolicy(self):
        LOG.debug('Checking NoLMHash Policy')
        ans = rrp.hOpenLocalMachine(self.__rrp)
        self.__regHandle = ans['phKey']

        ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa')
        keyHandle = ans['phkResult']
        try:
            dataType, noLMHash = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'NoLmHash')
        except:
            noLMHash = 0

        if noLMHash != 1:
            LOG.debug('LMHashes are being stored')
            return False

        LOG.debug('LMHashes are NOT being stored')
        return True 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:20,代码来源:secretsdump.py

示例3: test_hBaseRegQueryMultipleValues

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def test_hBaseRegQueryMultipleValues(self):
        dce, rpctransport, phKey = self.connect()

        resp = rrp.hBaseRegOpenKey(dce, phKey, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00')
        resp.dump()


        valueIn = list()
        item1 = {}
        item1['ValueName'] = 'ProductName\x00'
        item1['ValueType'] = rrp.REG_SZ
        valueIn.append(item1)
         
        item2 = {}
        item2['ValueName'] = 'InstallDate\x00'
        item2['ValueType'] = rrp.REG_DWORD
        valueIn.append(item2)

        item3 = {}
        item3['ValueName'] = 'DigitalProductId\x00'
        item3['ValueType'] = rrp.REG_BINARY
        #valueIn.append(item3)

        resp = rrp.hBaseRegQueryMultipleValues(dce, resp['phkResult'], valueIn)
        #print resp 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:27,代码来源:test_rrp.py

示例4: test_hBaseRegLoadKey_hBaseRegUnLoadKey

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def test_hBaseRegLoadKey_hBaseRegUnLoadKey(self):
        dce, rpctransport, phKey = self.connect()

        resp = rrp.hBaseRegOpenKey(dce,phKey, 'SECURITY\x00')
        resp.dump()

        request = rrp.BaseRegSaveKey()
        request['hKey'] = resp['phkResult']
        request['lpFile'] = 'SEC\x00'
        request['pSecurityAttributes'] = NULL
        resp = dce.request(request)
        resp.dump()

        resp = rrp.hBaseRegLoadKey(dce, phKey,'BETUS\x00', 'SEC\x00' )
        resp.dump()

        resp = rrp.hBaseRegUnLoadKey(dce, phKey, 'BETUS\x00')
        resp.dump()

        smb = rpctransport.get_smb_connection()
        smb.deleteFile('ADMIN$', 'System32\\SEC') 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:23,代码来源:test_rrp.py

示例5: wdigest_enable

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def wdigest_enable(self, context, smbconnection):
        remoteOps = RemoteOperations(smbconnection, False)
        remoteOps.enableRegistry()

        if remoteOps._RemoteOperations__rrp:
            ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
            regHandle = ans['phKey']

            ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
            keyHandle = ans['phkResult']

            rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00',  rrp.REG_DWORD, 1)

            rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00')

            if int(data) == 1:
                context.log.success('UseLogonCredential registry key created successfully')

        try:
            remoteOps.finish()
        except:
            pass 
开发者ID:byt3bl33d3r,项目名称:CrackMapExec,代码行数:24,代码来源:wdigest.py

示例6: on_admin_login

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def on_admin_login(self, context, connection):
        remoteOps = RemoteOperations(connection.conn, False)
        remoteOps.enableRegistry()

        ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
        regHandle = ans['phKey']
        ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
        keyHandle = ans['phkResult']
        dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')

        if uac_value == 1:
            context.log.highlight('UAC Status: 1 (UAC Enabled)')
        elif uac_value == 0:
            context.log.highlight('UAC Status: 0 (UAC Disabled)')

        rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
        remoteOps.finish() 
开发者ID:byt3bl33d3r,项目名称:CrackMapExec,代码行数:19,代码来源:uac.py

示例7: rdp_enable

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def rdp_enable(self, context, smbconnection):
        remoteOps = RemoteOperations(smbconnection, False)
        remoteOps.enableRegistry()

        if remoteOps._RemoteOperations__rrp:
            ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
            regHandle = ans['phKey']

            ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Terminal Server')
            keyHandle = ans['phkResult']

            rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00',  rrp.REG_DWORD, 0)

            rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00')

            if int(data) == 0:
                context.log.success('RDP enabled successfully')

        try:
            remoteOps.finish()
        except:
            pass 
开发者ID:byt3bl33d3r,项目名称:CrackMapExec,代码行数:24,代码来源:rdp.py

示例8: rdp_disable

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def rdp_disable(self, context, smbconnection):
        remoteOps = RemoteOperations(smbconnection, False)
        remoteOps.enableRegistry()

        if remoteOps._RemoteOperations__rrp:
            ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
            regHandle = ans['phKey']

            ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Terminal Server')
            keyHandle = ans['phkResult']

            rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00',  rrp.REG_DWORD, 1)

            rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'fDenyTSConnections\x00')

            if int(data) == 1:
                context.log.success('RDP disabled successfully')

        try:
            remoteOps.finish()
        except:
            pass 
开发者ID:byt3bl33d3r,项目名称:CrackMapExec,代码行数:24,代码来源:rdp.py

示例9: getBootKey

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getBootKey(self):
        bootKey = ''
        ans = rrp.hOpenLocalMachine(self.__rrp)
        self.__regHandle = ans['phKey']
        for key in ['JD','Skew1','GBG','Data']:
            logging.debug('Retrieving class info for %s'% key)
            ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\%s' % key)
            keyHandle = ans['phkResult']
            ans = rrp.hBaseRegQueryInfoKey(self.__rrp,keyHandle)
            bootKey = bootKey + ans['lpClassOut'][:-1]
            rrp.hBaseRegCloseKey(self.__rrp, keyHandle)

        transforms = [ 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 ]

        bootKey = unhexlify(bootKey)

        for i in xrange(len(bootKey)):
            self.__bootKey += bootKey[transforms[i]]

        logging.info('Target system bootKey: 0x%s' % hexlify(self.__bootKey))

        return self.__bootKey 
开发者ID:jrmdev,项目名称:smbwrapper,代码行数:24,代码来源:secretsdump.py

示例10: checkNoLMHashPolicy

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def checkNoLMHashPolicy(self):
        logging.debug('Checking NoLMHash Policy')
        ans = rrp.hOpenLocalMachine(self.__rrp)
        self.__regHandle = ans['phKey']

        ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa')
        keyHandle = ans['phkResult']
        try:
            dataType, noLMHash = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'NoLmHash')
        except:
            noLMHash = 0

        if noLMHash != 1:
            logging.debug('LMHashes are being stored')
            return False

        logging.debug('LMHashes are NOT being stored')
        return True 
开发者ID:jrmdev,项目名称:smbwrapper,代码行数:20,代码来源:secretsdump.py

示例11: __print_all_subkeys_and_entries

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, index):
        index = 0
        while True:
            try:
                subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)
                index += 1
                ans = rrp.hBaseRegOpenKey(rpc, keyHandler, subkey['lpNameOut'],
                                          samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS)
                newKeyName = keyName + subkey['lpNameOut'][:-1] + '\\'
                print(newKeyName)
                self.__print_key_values(rpc, ans['phkResult'])
                self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)
            except rrp.DCERPCSessionError as e:
                if e.get_error_code() == ERROR_NO_MORE_ITEMS:
                    break
            except rpcrt.DCERPCException as e:
                if str(e).find('access_denied') >= 0:
                    logging.error('Cannot access subkey %s, bypassing it' % subkey['lpNameOut'][:-1])
                    continue
                elif str(e).find('rpc_x_bad_stub_data') >= 0:
                    logging.error('Fault call, cannot retrieve value for %s, bypassing it' % subkey['lpNameOut'][:-1])
                    return
                raise 
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:25,代码来源:reg.py

示例12: getBootKey

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getBootKey(self):
        bootKey = b''
        ans = rrp.hOpenLocalMachine(self.__rrp)
        self.__regHandle = ans['phKey']
        for key in ['JD','Skew1','GBG','Data']:
            LOG.debug('Retrieving class info for %s'% key)
            ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa\\%s' % key)
            keyHandle = ans['phkResult']
            ans = rrp.hBaseRegQueryInfoKey(self.__rrp,keyHandle)
            bootKey = bootKey + b(ans['lpClassOut'][:-1])
            rrp.hBaseRegCloseKey(self.__rrp, keyHandle)

        transforms = [ 8, 5, 4, 2, 11, 9, 13, 3, 0, 6, 1, 12, 14, 10, 15, 7 ]

        bootKey = unhexlify(bootKey)

        for i in range(len(bootKey)):
            self.__bootKey += bootKey[transforms[i]:transforms[i]+1]

        LOG.info('Target system bootKey: 0x%s' % hexlify(self.__bootKey).decode('utf-8'))

        return self.__bootKey 
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:24,代码来源:secretsdump.py

示例13: test_hBaseRegQueryMultipleValues

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def test_hBaseRegQueryMultipleValues(self):
        dce, rpctransport, phKey = self.connect()

        resp = rrp.hBaseRegOpenKey(dce, phKey, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00')
        resp.dump()


        valueIn = list()
        item1 = {}
        item1['ValueName'] = 'ProductName\x00'
        item1['ValueType'] = rrp.REG_SZ
        valueIn.append(item1)
         
        item2 = {}
        item2['ValueName'] = 'InstallDate\x00'
        item2['ValueType'] = rrp.REG_DWORD
        valueIn.append(item2)

        item3 = {}
        item3['ValueName'] = 'DigitalProductId\x00'
        item3['ValueType'] = rrp.REG_BINARY
        #valueIn.append(item3)

        rrp.hBaseRegQueryMultipleValues(dce, resp['phkResult'], valueIn) 
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:26,代码来源:test_rrp.py

示例14: __print_all_subkeys_and_entries

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def __print_all_subkeys_and_entries(self, rpc, keyName, keyHandler, index):
        index = 0
        while True:
            try:
                subkey = rrp.hBaseRegEnumKey(rpc, keyHandler, index)
                index += 1
                ans = rrp.hBaseRegOpenKey(rpc, keyHandler, subkey['lpNameOut'],
                                          samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS)
                newKeyName = keyName + subkey['lpNameOut'][:-1] + '\\'
                print newKeyName
                self.__print_key_values(rpc, ans['phkResult'])
                self.__print_all_subkeys_and_entries(rpc, newKeyName, ans['phkResult'], 0)
            except rrp.DCERPCSessionError, e:
                if e.get_error_code() == ERROR_NO_MORE_ITEMS:
                    break
            except rpcrt.DCERPCException, e:
                if str(e).find('access_denied') >= 0:
                    logging.error('Cannot access subkey %s, bypassing it' % subkey['lpNameOut'][:-1])
                    continue
                elif str(e).find('rpc_x_bad_stub_data') >= 0:
                    logging.error('Fault call, cannot retrieve value for %s, bypassing it' % subkey['lpNameOut'][:-1])
                    return
                raise 
开发者ID:tholum,项目名称:PiBunny,代码行数:25,代码来源:reg.py

示例15: getDefaultLoginAccount

# 需要导入模块: from impacket.dcerpc.v5 import rrp [as 别名]
# 或者: from impacket.dcerpc.v5.rrp import hBaseRegOpenKey [as 别名]
def getDefaultLoginAccount(self):
        try:
            ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon')
            keyHandle = ans['phkResult']
            dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultUserName')
            username = dataValue[:-1]
            dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultDomainName')
            domain = dataValue[:-1]
            rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
            if len(domain) > 0:
                return '%s\\%s' % (domain,username)
            else:
                return username
        except:
            return None 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:17,代码来源:secretsdump.py


注:本文中的impacket.dcerpc.v5.rrp.hBaseRegOpenKey方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。