本文整理汇总了Python中impacket.dcerpc.v5.scmr.hREnumServicesStatusW方法的典型用法代码示例。如果您正苦于以下问题:Python scmr.hREnumServicesStatusW方法的具体用法?Python scmr.hREnumServicesStatusW怎么用?Python scmr.hREnumServicesStatusW使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.scmr的用法示例。
在下文中一共展示了scmr.hREnumServicesStatusW方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_enumservices
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 别名]
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
cbBufSize = 0
resp = scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
resp = scmr.hRCloseServiceHandle(dce, scHandle) 示例2: test_enumservices
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 别名]
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
scmr.hRCloseServiceHandle(dce, scHandle) 示例3: list_services
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 别名]
def list_services(self):
services = {}
# https://github.com/SecureAuthCorp/impacket/blob/master/examples/services.py
self.create_rpc_con(r'\svcctl')
ans = scmr.hROpenSCManagerW(self.rpc_connection)
scManagerHandle = ans['lpScHandle']
resp = scmr.hREnumServicesStatusW(self.rpc_connection, scManagerHandle)
for i in range(len(resp)):
name = resp[i]['lpServiceName'][:-1]
services[name] = {}
services[name]['Name'] = name
services[name]['Display'] = resp[i]['lpDisplayName'][:-1]
state = resp[i]['ServiceStatus']['dwCurrentState']
if state == scmr.SERVICE_CONTINUE_PENDING:
services[name]['Status'] = "CONTINUE PENDING"
elif state == scmr.SERVICE_PAUSE_PENDING:
services[name]['Status'] = "PAUSE PENDING"
elif state == scmr.SERVICE_PAUSED:
services[name]['Status'] = "PAUSED"
elif state == scmr.SERVICE_RUNNING:
services[name]['Status'] = "RUNNING"
elif state == scmr.SERVICE_START_PENDING:
services[name]['Status'] = "START PENDING"
elif state == scmr.SERVICE_STOP_PENDING:
services[name]['Status'] = "STOP PENDING"
elif state == scmr.SERVICE_STOPPED:
services[name]['Status'] = "STOPPED"
else:
services[name]['Status'] = "UNKNOWN"
self.rpc_connection.disconnect()
return services 示例4: rpc_get_services
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 别名]
def rpc_get_services(self):
"""
Query services with stored credentials via RPC.
These credentials can be dumped with mimikatz via lsadump::secrets or via secretsdump.py
"""
binding = r'ncacn_np:%s[\PIPE\svcctl]' % self.addr
serviceusers = []
dce = self.dce_rpc_connect(binding, scmr.MSRPC_UUID_SCMR)
if dce is None:
return
try:
resp = scmr.hROpenSCManagerW(dce)
scManagerHandle = resp['lpScHandle']
# TODO: Figure out if filtering out service types makes sense
resp = scmr.hREnumServicesStatusW(dce,
scManagerHandle,
dwServiceType=scmr.SERVICE_WIN32_OWN_PROCESS,
dwServiceState=scmr.SERVICE_STATE_ALL)
# TODO: Skip well-known services to save on traffic
for i in range(len(resp)):
try:
ans = scmr.hROpenServiceW(dce, scManagerHandle, resp[i]['lpServiceName'][:-1])
serviceHandle = ans['lpServiceHandle']
svcresp = scmr.hRQueryServiceConfigW(dce, serviceHandle)
svc_user = svcresp['lpServiceConfig']['lpServiceStartName'][:-1]
if '@' in svc_user:
logging.info("Found user service: %s running as %s on %s",
resp[i]['lpServiceName'][:-1],
svc_user,
self.hostname)
serviceusers.append(svc_user)
except DCERPCException as e:
if 'rpc_s_access_denied' not in str(e):
logging.debug('Exception querying service %s via RPC: %s', resp[i]['lpServiceName'][:-1], e)
except DCERPCException as e:
logging.debug('Exception connecting to RPC: %s', e)
except Exception as e:
if 'connection reset' in str(e):
logging.debug('Connection was reset: %s', e)
else:
raise e
dce.disconnect()
return serviceusers