当前位置: 首页>>代码示例>>Python>>正文


Python tsch.hSchRpcEnumTasks方法代码示例

本文整理汇总了Python中impacket.dcerpc.v5.tsch.hSchRpcEnumTasks方法的典型用法代码示例。如果您正苦于以下问题:Python tsch.hSchRpcEnumTasks方法的具体用法?Python tsch.hSchRpcEnumTasks怎么用?Python tsch.hSchRpcEnumTasks使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在impacket.dcerpc.v5.tsch的用法示例。


在下文中一共展示了tsch.hSchRpcEnumTasks方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: test_hSchRpcEnumTasks

# 需要导入模块: from impacket.dcerpc.v5 import tsch [as 别名]
# 或者: from impacket.dcerpc.v5.tsch import hSchRpcEnumTasks [as 别名]
def test_hSchRpcEnumTasks(self):
        dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)

        dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)

        atInfo = AT_INFO()
        atInfo['JobTime'] = NULL
        atInfo['DaysOfMonth'] = 0
        atInfo['DaysOfWeek'] = 0
        atInfo['Flags'] = 0
        atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'

        resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
        resp.dump()
        jobId = resp['pJobId']

        resp = tsch.hSchRpcEnumTasks(dce, '\\')
        resp.dump()

        resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId)
        resp.dump() 
开发者ID:joxeankoret,项目名称:CVE-2017-7494,代码行数:23,代码来源:test_tsch.py

示例2: test_hSchRpcEnumTasks

# 需要导入模块: from impacket.dcerpc.v5 import tsch [as 别名]
# 或者: from impacket.dcerpc.v5.tsch import hSchRpcEnumTasks [as 别名]
def test_hSchRpcEnumTasks(self):
        dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)

        dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)

        atInfo = AT_INFO()
        atInfo['JobTime'] = NULL
        atInfo['DaysOfMonth'] = 0
        atInfo['DaysOfWeek'] = 0
        atInfo['Flags'] = 0
        atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'

        try:
            resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
            resp.dump()
        except Exception as e:
            if e.get_error_code() != ERROR_NOT_SUPPORTED:
                raise
            else:
                # OpNum not supported, aborting test
                return
        jobId = resp['pJobId']

        resp = tsch.hSchRpcEnumTasks(dce, '\\')
        resp.dump()

        resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId)
        resp.dump() 
开发者ID:Coalfire-Research,项目名称:Slackor,代码行数:30,代码来源:test_tsch.py

示例3: rpc_get_schtasks

# 需要导入模块: from impacket.dcerpc.v5 import tsch [as 别名]
# 或者: from impacket.dcerpc.v5.tsch import hSchRpcEnumTasks [as 别名]
def rpc_get_schtasks(self):
        """
        Query the scheduled tasks via RPC. Requires admin privileges.
        These credentials can be dumped with mimikatz via vault::cred
        """
        # Blacklisted folders (Default ones)
        blacklist = [u'Microsoft\x00']
        # Start with the root folder
        folders = ['\\']
        tasks = []
        schtaskusers = []
        binding = r'ncacn_np:%s[\PIPE\atsvc]' % self.addr
        try:
            dce = self.dce_rpc_connect(binding, tsch.MSRPC_UUID_TSCHS, True)
            if dce is None:
                return
            # Get root folder
            resp = tsch.hSchRpcEnumFolders(dce, '\\')
            for item in resp['pNames']:
                data = item['Data']
                if data not in blacklist:
                    folders.append('\\'+data)

            # Enumerate the folders we found
            # subfolders not supported yet
            for folder in folders:
                try:
                    resp = tsch.hSchRpcEnumTasks(dce, folder)
                    for item in resp['pNames']:
                        data = item['Data']
                        if folder != '\\':
                            # Make sure to strip the null byte
                            tasks.append(folder[:-1]+'\\'+data)
                        else:
                            tasks.append(folder+data)
                except DCERPCException as e:
                    logging.debug('Error enumerating task folder %s: %s', folder, e)
            for task in tasks:
                try:
                    resp = tsch.hSchRpcRetrieveTask(dce, task)
                    # This returns a tuple (sid, logontype) or None
                    userinfo = ADUtils.parse_task_xml(resp['pXml'])
                    if userinfo:
                        if userinfo[1] == u'Password':
                            # Convert to byte string because our cache format is in bytes
                            schtaskusers.append(str(userinfo[0]))
                            logging.info('Found scheduled task %s on %s with stored credentials for SID %s',
                                         task,
                                         self.hostname,
                                         userinfo[0])
                except DCERPCException as e:
                    logging.debug('Error querying task %s: %s', task, e)
        except DCERPCException as e:
            logging.debug('Exception enumerating scheduled tasks: %s', e)

        dce.disconnect()
        return schtaskusers 
开发者ID:fox-it,项目名称:BloodHound.py,代码行数:59,代码来源:computer.py


注:本文中的impacket.dcerpc.v5.tsch.hSchRpcEnumTasks方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。