本文整理汇总了Python中impacket.dcerpc.v5.scmr.hROpenServiceW方法的典型用法代码示例。如果您正苦于以下问题:Python scmr.hROpenServiceW方法的具体用法?Python scmr.hROpenServiceW怎么用?Python scmr.hROpenServiceW使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.scmr的用法示例。
在下文中一共展示了scmr.hROpenServiceW方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: test_RQueryServiceConfigEx
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def test_RQueryServiceConfigEx(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'RemoteRegistry\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
request = scmr.RQueryServiceConfigEx()
request['hService'] = serviceHandle
request['dwInfoLevel'] = 0x00000008
#request.dump()
resp = dce.request(request)
resp.dump()
# ToDo 示例2: te_RControlServiceExW
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def te_RControlServiceExW(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
request = scmr.RControlServiceExW()
request['hService'] = serviceHandle
request['dwControl'] = scmr.SERVICE_CONTROL_STOP
request['dwInfoLevel'] = 1
# This is not working, don't know exactly why
request['pControlInParams']['dwReason'] = 0x20000000
request['pControlInParams']['pszComment'] = 'nada\x00'
request['pControlInParams'] = NULL
resp = dce.request(request)
resp.dump()
# ToDo 示例3: test_query
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def test_query(self):
dce, rpctransport, scHandle = self.connect()
############################
# Query Service Status / Enum Dependent
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
resp = scmr.hRQueryServiceStatus(dce, serviceHandle)
cbBufSize = 0
try:
resp = scmr.hREnumDependentServicesW(dce, serviceHandle, scmr.SERVICE_STATE_ALL,cbBufSize )
resp.dump()
except scmr.DCERPCSessionError, e:
if str(e).find('ERROR_MORE_DATA') <= 0:
raise
else:
resp = e.get_packet() 示例4: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None 示例5: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception as e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None 示例6: test_RQueryServiceStatusEx
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def test_RQueryServiceStatusEx(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
request = scmr.RQueryServiceStatusEx()
request['hService'] = serviceHandle
request['InfoLevel'] = scmr.SC_STATUS_PROCESS_INFO
request['cbBufSize'] = 100
resp = dce.request(request)
array = b''.join(resp['lpBuffer'])
scmr.SERVICE_STATUS_PROCESS(array)
# ToDo 示例7: test_RStartServiceW
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def test_RStartServiceW(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(dce, serviceHandle, 3, ['arg1\x00', 'arg2\x00', 'arg3\x00'] )
except Exception as e:
if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') <= 0:
raise
scmr.hRCloseServiceHandle(dce, scHandle) 示例8: test_RQueryServiceStatusEx
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def test_RQueryServiceStatusEx(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
request = scmr.RQueryServiceStatusEx()
request['hService'] = serviceHandle
request['InfoLevel'] = scmr.SC_STATUS_PROCESS_INFO
request['cbBufSize'] = 100
resp = dce.request(request)
array = ''.join(resp['lpBuffer'])
status = scmr.SERVICE_STATUS_PROCESS(array)
#status.dump()
# ToDo 示例9: test_RControlServiceCall
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def test_RControlServiceCall(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'CryptSvc\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
try:
req = scmr.RControlService()
req['hService'] = serviceHandle
req['dwControl'] = scmr.SERVICE_CONTROL_STOP
resp = dce.request(req)
except Exception, e:
if str(e).find('ERROR_DEPENDENT_SERVICES_RUNNING') < 0:
raise
pass 示例10: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
LOG.error(e)
return None 示例11: __checkServiceStatus
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def __checkServiceStatus(self):
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__serviceName)
self.__serviceHandle = ans['lpServiceHandle']
# Let's check its status
ans = scmr.hRQueryServiceStatus(self.__scmr, self.__serviceHandle)
if ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_STOPPED:
LOG.info('Service %s is in stopped state'% self.__serviceName)
self.__shouldStop = True
self.__started = False
elif ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_RUNNING:
LOG.debug('Service %s is already running'% self.__serviceName)
self.__shouldStop = False
self.__started = True
else:
raise Exception('Unknown service state 0x%x - Aborting' % ans['CurrentState'])
# Let's check its configuration if service is stopped, maybe it's disabled :s
if self.__started is False:
ans = scmr.hRQueryServiceConfigW(self.__scmr,self.__serviceHandle)
if ans['lpServiceConfig']['dwStartType'] == 0x4:
LOG.info('Service %s is disabled, enabling it'% self.__serviceName)
self.__disabled = True
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType = 0x3)
LOG.info('Starting service %s' % self.__serviceName)
scmr.hRStartServiceW(self.__scmr,self.__serviceHandle)
time.sleep(1) 示例12: __restore
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def __restore(self):
# First of all stop the service if it was originally stopped
if self.__shouldStop is True:
LOG.info('Stopping service %s' % self.__serviceName)
scmr.hRControlService(self.__scmr, self.__serviceHandle, scmr.SERVICE_CONTROL_STOP)
if self.__disabled is True:
LOG.info('Restoring the disabled state for service %s' % self.__serviceName)
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType = 0x4)
if self.__serviceDeleted is False:
# Check again the service we created does not exist, starting a new connection
# Why?.. Hitting CTRL+C might break the whole existing DCE connection
try:
rpc = transport.DCERPCTransportFactory(r'ncacn_np:%s[\pipe\svcctl]' % self.__smbConnection.getRemoteHost())
if hasattr(rpc, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpc.set_credentials(*self.__smbConnection.getCredentials())
rpc.set_kerberos(self.__doKerberos, self.__kdcHost)
self.__scmr = rpc.get_dce_rpc()
self.__scmr.connect()
self.__scmr.bind(scmr.MSRPC_UUID_SCMR)
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
resp = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__tmpServiceName)
service = resp['lpServiceHandle']
scmr.hRDeleteService(self.__scmr, service)
scmr.hRControlService(self.__scmr, service, scmr.SERVICE_CONTROL_STOP)
scmr.hRCloseServiceHandle(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, self.__serviceHandle)
scmr.hRCloseServiceHandle(self.__scmr, self.__scManagerHandle)
rpc.disconnect()
except Exception, e:
# If service is stopped it'll trigger an exception
# If service does not exist it'll trigger an exception
# So. we just wanna be sure we delete it, no need to
# show this exception message
pass 示例13: createService
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def createService(self, handle, share, path):
LOG.info("Creating service %s on %s....." % (self.__service_name, self.connection.getRemoteHost()))
# First we try to open the service in case it exists. If it does, we remove it.
try:
resp = scmr.hROpenServiceW(self.rpcsvc, handle, self.__service_name+'\x00')
except Exception, e:
if str(e).find('ERROR_SERVICE_DOES_NOT_EXIST') >= 0:
# We're good, pass the exception
pass
else:
raise e 示例14: uninstall
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def uninstall(self):
fileCopied = True
serviceCreated = True
# Do the stuff here
try:
# Let's get the shares
svcManager = self.openSvcManager()
if svcManager != 0:
resp = scmr.hROpenServiceW(self.rpcsvc, svcManager, self.__service_name+'\x00')
service = resp['lpServiceHandle']
LOG.info('Stoping service %s.....' % self.__service_name)
try:
scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP)
except:
pass
LOG.info('Removing service %s.....' % self.__service_name)
scmr.hRDeleteService(self.rpcsvc, service)
scmr.hRCloseServiceHandle(self.rpcsvc, service)
scmr.hRCloseServiceHandle(self.rpcsvc, svcManager)
LOG.info('Removing file %s.....' % self.__binary_service_name)
self.connection.deleteFile(self.share, self.__binary_service_name)
except Exception:
LOG.critical("Error performing the uninstallation, cleaning up" )
try:
scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP)
except:
pass
if fileCopied is True:
try:
self.connection.deleteFile(self.share, self.__binary_service_name)
except:
try:
self.connection.deleteFile(self.share, self.__binary_service_name)
except:
pass
pass
if serviceCreated is True:
try:
scmr.hRDeleteService(self.rpcsvc, service)
except:
pass 示例15: te_RNotifyServiceStatusChange
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hROpenServiceW [as 别名]
def te_RNotifyServiceStatusChange(self):
dce, rpctransport, scHandle = self.connect()
lpServiceName = 'PlugPlay\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess )
resp.dump()
serviceHandle = resp['lpServiceHandle']
request = scmr.RNotifyServiceStatusChange()
request['hService'] =serviceHandle
request['NotifyParams']['tag'] = 1
request['NotifyParams']['pStatusChangeParam1']['dwNotifyMask'] = scmr.SERVICE_NOTIFY_RUNNING
request['pClientProcessGuid'] = '0'*16
#request.dump()
resp = dce.request(request)
resp.dump()
request = scmr.RCloseNotifyHandle()
request['phNotify'] = resp['phNotify']
resp = dce.request(request)
resp.dump()
request = scmr.RGetNotifyResults()
request['hNotify'] = resp['phNotify']
resp = dce.request(request)
resp.dump()