本文整理汇总了Python中impacket.dcerpc.v5.scmr.hRQueryServiceConfigW方法的典型用法代码示例。如果您正苦于以下问题:Python scmr.hRQueryServiceConfigW方法的具体用法?Python scmr.hRQueryServiceConfigW怎么用?Python scmr.hRQueryServiceConfigW使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类impacket.dcerpc.v5.scmr的用法示例。
在下文中一共展示了scmr.hRQueryServiceConfigW方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None 示例2: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception as e:
# Don't log if history service is not found, that should be normal
if serviceName.endswith("_history") is False:
LOG.error(e)
return None 示例3: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
LOG.error(e)
return None 示例4: __checkServiceStatus
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def __checkServiceStatus(self):
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__serviceName)
self.__serviceHandle = ans['lpServiceHandle']
# Let's check its status
ans = scmr.hRQueryServiceStatus(self.__scmr, self.__serviceHandle)
if ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_STOPPED:
LOG.info('Service %s is in stopped state'% self.__serviceName)
self.__shouldStop = True
self.__started = False
elif ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_RUNNING:
LOG.debug('Service %s is already running'% self.__serviceName)
self.__shouldStop = False
self.__started = True
else:
raise Exception('Unknown service state 0x%x - Aborting' % ans['CurrentState'])
# Let's check its configuration if service is stopped, maybe it's disabled :s
if self.__started is False:
ans = scmr.hRQueryServiceConfigW(self.__scmr,self.__serviceHandle)
if ans['lpServiceConfig']['dwStartType'] == 0x4:
LOG.info('Service %s is disabled, enabling it'% self.__serviceName)
self.__disabled = True
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType = 0x3)
LOG.info('Starting service %s' % self.__serviceName)
scmr.hRStartServiceW(self.__scmr,self.__serviceHandle)
time.sleep(1) 示例5: changeServiceAndQuery
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def changeServiceAndQuery(self, dce, cbBufSize, hService, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName):
try:
resp = scmr.hRChangeServiceConfigW( dce, hService, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName)
resp = scmr.hRQueryServiceConfigW(dce, hService)
resp.dump()
# Now let's compare all the results
if dwServiceType != scmr.SERVICE_NO_CHANGE:
self.assertTrue( resp['lpServiceConfig']['dwServiceType'] == dwServiceType )
if dwStartType != scmr.SERVICE_NO_CHANGE:
self.assertTrue( resp['lpServiceConfig']['dwStartType'] == dwStartType )
if dwErrorControl != scmr.SERVICE_NO_CHANGE:
self.assertTrue( resp['lpServiceConfig']['dwErrorControl'] == dwErrorControl )
if lpBinaryPathName != NULL:
self.assertTrue( resp['lpServiceConfig']['lpBinaryPathName'] == lpBinaryPathName )
if lpBinaryPathName != NULL:
self.assertTrue( resp['lpServiceConfig']['lpBinaryPathName'] == lpBinaryPathName )
if lpLoadOrderGroup != NULL:
self.assertTrue( resp['lpServiceConfig']['lpLoadOrderGroup'] == lpLoadOrderGroup )
#if lpDependencies != '':
# self.assertTrue( resp['lpServiceConfig']['lpDependencies'] == lpDependencies[:-4]+'/\x00\x00\x00')
if lpServiceStartName != NULL:
self.assertTrue( resp['lpServiceConfig']['lpServiceStartName'] == lpServiceStartName )
if lpDisplayName != NULL:
self.assertTrue( resp['lpServiceConfig']['lpDisplayName'] == lpDisplayName )
#if lpdwTagId != scmr.SERVICE_NO_CHANGE:
# if resp['lpServiceConfig']['dwTagId']['Data'] != lpdwTagId:
# print "ERROR %s" % 'lpdwTagId'
except:
resp = scmr.hRDeleteService(dce, hService)
raise 示例6: test_create_change_delete
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def test_create_change_delete(self):
dce, rpctransport, scHandle = self.connect()
#####################
# Create / Change / Query / Delete a service
lpServiceName = 'TESTSVC\x00'
lpDisplayName = 'DisplayName\x00'
dwDesiredAccess = scmr.SERVICE_ALL_ACCESS
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwStartType = scmr.SERVICE_DEMAND_START
dwErrorControl = scmr.SERVICE_ERROR_NORMAL
lpBinaryPathName = 'binaryPath\x00'
lpLoadOrderGroup = NULL
lpdwTagId = NULL
lpDependencies = NULL
dwDependSize = 0
lpServiceStartName = NULL
lpPassword = NULL
dwPwSize = 0
resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize)
resp.dump()
newHandle = resp['lpServiceHandle']
# Aca hay que chequear cada uno de los items
cbBufSize = 0
try:
resp = scmr.hRQueryServiceConfigW(dce, newHandle)
except Exception, e:
if str(e).find('ERROR_INSUFFICIENT_BUFFER') <= 0:
raise
else:
resp = e.get_packet() 示例7: getServiceAccount
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def getServiceAccount(self, serviceName):
try:
# Open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, serviceName)
serviceHandle = ans['lpServiceHandle']
resp = scmr.hRQueryServiceConfigW(self.__scmr, serviceHandle)
account = resp['lpServiceConfig']['lpServiceStartName'][:-1]
scmr.hRCloseServiceHandle(self.__scmr, serviceHandle)
if account.startswith('.\\'):
account = account[2:]
return account
except Exception, e:
logging.error(e)
return None 示例8: __checkServiceStatus
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def __checkServiceStatus(self):
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__serviceName)
self.__serviceHandle = ans['lpServiceHandle']
# Let's check its status
ans = scmr.hRQueryServiceStatus(self.__scmr, self.__serviceHandle)
if ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_STOPPED:
logging.info('Service %s is in stopped state'% self.__serviceName)
self.__shouldStop = True
self.__started = False
elif ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_RUNNING:
logging.debug('Service %s is already running'% self.__serviceName)
self.__shouldStop = False
self.__started = True
else:
raise Exception('Unknown service state 0x%x - Aborting' % ans['CurrentState'])
# Let's check its configuration if service is stopped, maybe it's disabled :s
if self.__started is False:
ans = scmr.hRQueryServiceConfigW(self.__scmr,self.__serviceHandle)
if ans['lpServiceConfig']['dwStartType'] == 0x4:
logging.info('Service %s is disabled, enabling it'% self.__serviceName)
self.__disabled = True
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType = 0x3)
logging.info('Starting service %s' % self.__serviceName)
scmr.hRStartServiceW(self.__scmr,self.__serviceHandle)
time.sleep(1) 示例9: __checkServiceStatus
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def __checkServiceStatus(self):
# Open SC Manager
ans = scmr.hROpenSCManagerW(self.__scmr)
self.__scManagerHandle = ans['lpScHandle']
# Now let's open the service
ans = scmr.hROpenServiceW(self.__scmr, self.__scManagerHandle, self.__serviceName)
self.__serviceHandle = ans['lpServiceHandle']
# Let's check its status
ans = scmr.hRQueryServiceStatus(self.__scmr, self.__serviceHandle)
if ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_STOPPED:
logging.info('Service %s is in stopped state' % self.__serviceName)
self.__shouldStop = True
self.__started = False
elif ans['lpServiceStatus']['dwCurrentState'] == scmr.SERVICE_RUNNING:
logging.debug('Service %s is already running' % self.__serviceName)
self.__shouldStop = False
self.__started = True
else:
raise Exception('Unknown service state 0x%x - Aborting' % ans['CurrentState'])
# Let's check its configuration if service is stopped, maybe it's disabled :s
if self.__started is False:
ans = scmr.hRQueryServiceConfigW(self.__scmr, self.__serviceHandle)
if ans['lpServiceConfig']['dwStartType'] == 0x4:
logging.info('Service %s is disabled, enabling it' % self.__serviceName)
self.__disabled = True
scmr.hRChangeServiceConfigW(self.__scmr, self.__serviceHandle, dwStartType=0x3)
logging.info('Starting service %s' % self.__serviceName)
scmr.hRStartServiceW(self.__scmr, self.__serviceHandle)
time.sleep(1) 示例10: rpc_get_services
# 需要导入模块: from impacket.dcerpc.v5 import scmr [as 别名]
# 或者: from impacket.dcerpc.v5.scmr import hRQueryServiceConfigW [as 别名]
def rpc_get_services(self):
"""
Query services with stored credentials via RPC.
These credentials can be dumped with mimikatz via lsadump::secrets or via secretsdump.py
"""
binding = r'ncacn_np:%s[\PIPE\svcctl]' % self.addr
serviceusers = []
dce = self.dce_rpc_connect(binding, scmr.MSRPC_UUID_SCMR)
if dce is None:
return
try:
resp = scmr.hROpenSCManagerW(dce)
scManagerHandle = resp['lpScHandle']
# TODO: Figure out if filtering out service types makes sense
resp = scmr.hREnumServicesStatusW(dce,
scManagerHandle,
dwServiceType=scmr.SERVICE_WIN32_OWN_PROCESS,
dwServiceState=scmr.SERVICE_STATE_ALL)
# TODO: Skip well-known services to save on traffic
for i in range(len(resp)):
try:
ans = scmr.hROpenServiceW(dce, scManagerHandle, resp[i]['lpServiceName'][:-1])
serviceHandle = ans['lpServiceHandle']
svcresp = scmr.hRQueryServiceConfigW(dce, serviceHandle)
svc_user = svcresp['lpServiceConfig']['lpServiceStartName'][:-1]
if '@' in svc_user:
logging.info("Found user service: %s running as %s on %s",
resp[i]['lpServiceName'][:-1],
svc_user,
self.hostname)
serviceusers.append(svc_user)
except DCERPCException as e:
if 'rpc_s_access_denied' not in str(e):
logging.debug('Exception querying service %s via RPC: %s', resp[i]['lpServiceName'][:-1], e)
except DCERPCException as e:
logging.debug('Exception connecting to RPC: %s', e)
except Exception as e:
if 'connection reset' in str(e):
logging.debug('Connection was reset: %s', e)
else:
raise e
dce.disconnect()
return serviceusers