本文整理匯總了Python中impacket.dcerpc.v5.scmr.SERVICE_DEMAND_START屬性的典型用法代碼示例。如果您正苦於以下問題:Python scmr.SERVICE_DEMAND_START屬性的具體用法?Python scmr.SERVICE_DEMAND_START怎麽用?Python scmr.SERVICE_DEMAND_START使用的例子?那麽, 這裏精選的屬性代碼示例或許可以為您提供幫助。您也可以進一步了解該屬性所在類impacket.dcerpc.v5.scmr的用法示例。
在下文中一共展示了scmr.SERVICE_DEMAND_START屬性的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: execute_remote
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def execute_remote(self, data):
to_batch = '{} echo {} ^> {} 2^>^&1 > {}'.format(self.__shell, data, self.__output, self.__batchFile)
command = '{} & {} {}'.format(to_batch, self.__shell, self.__batchFile)
if self.__mode == 'SERVER':
command += ' & ' + self.__copyBack
command = '{} & del {}'.format(command, self.__batchFile )
logging.debug('Executing %s' % command)
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName,
lpBinaryPathName=command, dwStartType=scmr.SERVICE_DEMAND_START)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output()
#print(self.__outputBuffer) 示例2: execute_remote
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def execute_remote(self, data):
command = self.__shell + 'echo ' + data + ' ^> ' + self.__output + ' 2^>^&1 > ' + self.__batchFile + ' & ' + \
self.__shell + self.__batchFile
if self.__mode == 'SERVER':
command += ' & ' + self.__copyBack
command += ' & ' + 'del ' + self.__batchFile
logging.debug('Executing %s' % command)
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName,
lpBinaryPathName=command, dwStartType=scmr.SERVICE_DEMAND_START)
service = resp['lpServiceHandle']
try:
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output() 示例3: test_create_change_delete
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def test_create_change_delete(self):
dce, rpctransport, scHandle = self.connect()
#####################
# Create / Change / Query / Delete a service
lpServiceName = 'TESTSVC\x00'
lpDisplayName = 'DisplayName\x00'
dwDesiredAccess = scmr.SERVICE_ALL_ACCESS
dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS
dwStartType = scmr.SERVICE_DEMAND_START
dwErrorControl = scmr.SERVICE_ERROR_NORMAL
lpBinaryPathName = 'binaryPath\x00'
lpLoadOrderGroup = NULL
lpdwTagId = NULL
lpDependencies = NULL
dwDependSize = 0
lpServiceStartName = NULL
lpPassword = NULL
dwPwSize = 0
resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize)
resp.dump()
newHandle = resp['lpServiceHandle']
# Aca hay que chequear cada uno de los items
cbBufSize = 0
try:
resp = scmr.hRQueryServiceConfigW(dce, newHandle)
except Exception, e:
if str(e).find('ERROR_INSUFFICIENT_BUFFER') <= 0:
raise
else:
resp = e.get_packet() 示例4: execute_fileless
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def execute_fileless(self, data):
self.__output = gen_random_string(6)
self.__batchFile = gen_random_string(6) + '.bat'
local_ip = self.__rpctransport.get_socket().getsockname()[0]
if self.__retOutput:
command = self.__shell + data + ' ^> \\\\{}\\{}\\{}'.format(local_ip, self.__share_name, self.__output)
else:
command = self.__shell + data
with open(os.path.join('/tmp', 'cme_hosted', self.__batchFile), 'w') as batch_file:
batch_file.write(command)
logging.debug('Hosting batch file with command: ' + command)
command = self.__shell + '\\\\{}\\{}\\{}'.format(local_ip,self.__share_name, self.__batchFile)
logging.debug('Command to execute: ' + command)
logging.debug('Remote service {} created.'.format(self.__serviceName))
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName, lpBinaryPathName=command, dwStartType=scmr.SERVICE_DEMAND_START)
service = resp['lpServiceHandle']
try:
logging.debug('Remote service {} started.'.format(self.__serviceName))
scmr.hRStartServiceW(self.__scmr, service)
except:
pass
logging.debug('Remote service {} deleted.'.format(self.__serviceName))
scmr.hRDeleteService(self.__scmr, service)
scmr.hRCloseServiceHandle(self.__scmr, service)
self.get_output_fileless() 示例5: createService
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def createService(self, handle, share, path):
LOG.info("Creating service %s on %s....." % (self.__service_name, self.connection.getRemoteHost()))
# First we try to open the service in case it exists. If it does, we remove it.
try:
resp = scmr.hROpenServiceW(self.rpcsvc, handle, self.__service_name+'\x00')
except Exception as e:
if str(e).find('ERROR_SERVICE_DOES_NOT_EXIST') >= 0:
# We're good, pass the exception
pass
else:
raise e
else:
# It exists, remove it
scmr.hRDeleteService(self.rpcsvc, resp['lpServiceHandle'])
scmr.hRCloseServiceHandle(self.rpcsvc, resp['lpServiceHandle'])
# Create the service
command = '%s\\%s' % (path, self.__binary_service_name)
try:
resp = scmr.hRCreateServiceW(self.rpcsvc, handle,self.__service_name + '\x00', self.__service_name + '\x00',
lpBinaryPathName=command + '\x00', dwStartType=scmr.SERVICE_DEMAND_START)
except:
LOG.critical("Error creating service %s on %s" % (self.__service_name, self.connection.getRemoteHost()))
raise
else:
return resp['lpServiceHandle'] 示例6: __createService
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def __createService(self):
self.__log__(logging.DEBUG, 'Creating service')
try:
resp = scmr.hROpenServiceW(self.__dcerpc, self.__SVCManager, RemoteCmd.REMCOMSVC_SERVICE_NAME + '\x00')
self.__log__(logging.WARNING, 'Service already exists, renewing it')
try:
scmr.hRControlService(self.__dcerpc, resp['lpServiceHandle'], scmr.SERVICE_CONTROL_STOP)
time.sleep(1)
except:
pass
scmr.hRDeleteService(self.__dcerpc, resp['lpServiceHandle'])
scmr.hRCloseServiceHandle(self.__dcerpc, resp['lpServiceHandle'])
except:
pass
resp = scmr.hRCreateServiceW(
self.__dcerpc,
self.__SVCManager,
RemoteCmd.REMCOMSVC_SERVICE_NAME + '\x00',
RemoteCmd.REMCOMSVC_SERVICE_NAME + '\x00',
lpBinaryPathName = self.__getWritableUNCPath() + '\\' + RemoteCmd.REMCOMSVC_REMOTE + '\x00',
dwStartType=scmr.SERVICE_DEMAND_START,
)
resp = scmr.hROpenServiceW(self.__dcerpc, self.__SVCManager, RemoteCmd.REMCOMSVC_SERVICE_NAME + '\x00')
self.__service = resp['lpServiceHandle']
self.__pendingCleanupActions.append((self.__deleteService, 3))
return
# Drops the binary file to register as a service 示例7: execute
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import SERVICE_DEMAND_START [as 別名]
def execute(self, command):
# Init New Command
self.__outputBuffer = ''
if self.noOutput:
cmd = self.__shell + command
else:
cmd = self.__shell + command + " ^> \\\\{}\\{}{} 2>&1".format(self.ip, self.share, self.path + self.outfile)
self.logger.debug("SMBexec: {}".format(cmd))
# Write cmd to Service File for exec
self.logger.debug("Creating {} to execute command".format(self.batchFile))
if self.fileless_output:
# Create bat service on AR3 server share
with open(os.path.join('/tmp', '.ar3', self.batchFile), 'w') as batch_file:
batch_file.write(cmd)
else:
# Create .bat service on target system in /Windows/Temp to execute command
tid = self.smbcon.con.connectTree(self.share)
fid = self.smbcon.con.createFile(tid, "{}{}".format(self.path.replace('\\', '/'), self.batchFile))
self.smbcon.con.writeFile(tid, fid, cmd)
self.smbcon.con.closeFile(tid, fid)
# Create new CMD to execute .bat
service_command = self.__shell + '\\\\{}\\{}{}{}'.format(self.ip, self.share, self.path, self.batchFile)
self.logger.debug('Executing: ' + service_command)
# Create Service
self.logger.debug('Remote service {} created.'.format(self.__serviceName))
resp = scmr.hRCreateServiceW(self.__scmr, self.__scHandle, self.__serviceName, self.__serviceName, lpBinaryPathName=service_command, dwStartType=scmr.SERVICE_DEMAND_START)
service = resp['lpServiceHandle']
# Start Service
try:
self.logger.debug('Remote service {} started.'.format(self.__serviceName))
scmr.hRStartServiceW(self.__scmr, service)
except Exception as e:
pass
#self._outputBuffer += str(e)
# Delete Service
self.logger.debug('Remote service {} deleted.'.format(self.__serviceName))
scmr.hRDeleteService(self.__scmr, service,)
scmr.hRCloseServiceHandle(self.__scmr, service)
# Get output
if self.noOutput:
self.__outputBuffer = "Command executed with no output"
elif self.fileless_output:
self.get_output_fileless()
else:
self.get_output()
self.cleanup()
# Cleanup and return data
self.finish()
return self.__outputBuffer