本文整理匯總了Python中impacket.dcerpc.v5.scmr.hREnumServicesStatusW方法的典型用法代碼示例。如果您正苦於以下問題:Python scmr.hREnumServicesStatusW方法的具體用法?Python scmr.hREnumServicesStatusW怎麽用?Python scmr.hREnumServicesStatusW使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類impacket.dcerpc.v5.scmr的用法示例。
在下文中一共展示了scmr.hREnumServicesStatusW方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: test_enumservices
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 別名]
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
cbBufSize = 0
resp = scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
resp = scmr.hRCloseServiceHandle(dce, scHandle) 示例2: test_enumservices
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 別名]
def test_enumservices(self):
dce, rpctransport, scHandle = self.connect()
#####################
# EnumServicesStatusW
dwServiceType = scmr.SERVICE_KERNEL_DRIVER | scmr.SERVICE_FILE_SYSTEM_DRIVER | scmr.SERVICE_WIN32_OWN_PROCESS | scmr.SERVICE_WIN32_SHARE_PROCESS
dwServiceState = scmr.SERVICE_STATE_ALL
scmr.hREnumServicesStatusW(dce, scHandle, dwServiceType, dwServiceState)
scmr.hRCloseServiceHandle(dce, scHandle) 示例3: list_services
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 別名]
def list_services(self):
services = {}
# https://github.com/SecureAuthCorp/impacket/blob/master/examples/services.py
self.create_rpc_con(r'\svcctl')
ans = scmr.hROpenSCManagerW(self.rpc_connection)
scManagerHandle = ans['lpScHandle']
resp = scmr.hREnumServicesStatusW(self.rpc_connection, scManagerHandle)
for i in range(len(resp)):
name = resp[i]['lpServiceName'][:-1]
services[name] = {}
services[name]['Name'] = name
services[name]['Display'] = resp[i]['lpDisplayName'][:-1]
state = resp[i]['ServiceStatus']['dwCurrentState']
if state == scmr.SERVICE_CONTINUE_PENDING:
services[name]['Status'] = "CONTINUE PENDING"
elif state == scmr.SERVICE_PAUSE_PENDING:
services[name]['Status'] = "PAUSE PENDING"
elif state == scmr.SERVICE_PAUSED:
services[name]['Status'] = "PAUSED"
elif state == scmr.SERVICE_RUNNING:
services[name]['Status'] = "RUNNING"
elif state == scmr.SERVICE_START_PENDING:
services[name]['Status'] = "START PENDING"
elif state == scmr.SERVICE_STOP_PENDING:
services[name]['Status'] = "STOP PENDING"
elif state == scmr.SERVICE_STOPPED:
services[name]['Status'] = "STOPPED"
else:
services[name]['Status'] = "UNKNOWN"
self.rpc_connection.disconnect()
return services 示例4: rpc_get_services
# 需要導入模塊: from impacket.dcerpc.v5 import scmr [as 別名]
# 或者: from impacket.dcerpc.v5.scmr import hREnumServicesStatusW [as 別名]
def rpc_get_services(self):
"""
Query services with stored credentials via RPC.
These credentials can be dumped with mimikatz via lsadump::secrets or via secretsdump.py
"""
binding = r'ncacn_np:%s[\PIPE\svcctl]' % self.addr
serviceusers = []
dce = self.dce_rpc_connect(binding, scmr.MSRPC_UUID_SCMR)
if dce is None:
return
try:
resp = scmr.hROpenSCManagerW(dce)
scManagerHandle = resp['lpScHandle']
# TODO: Figure out if filtering out service types makes sense
resp = scmr.hREnumServicesStatusW(dce,
scManagerHandle,
dwServiceType=scmr.SERVICE_WIN32_OWN_PROCESS,
dwServiceState=scmr.SERVICE_STATE_ALL)
# TODO: Skip well-known services to save on traffic
for i in range(len(resp)):
try:
ans = scmr.hROpenServiceW(dce, scManagerHandle, resp[i]['lpServiceName'][:-1])
serviceHandle = ans['lpServiceHandle']
svcresp = scmr.hRQueryServiceConfigW(dce, serviceHandle)
svc_user = svcresp['lpServiceConfig']['lpServiceStartName'][:-1]
if '@' in svc_user:
logging.info("Found user service: %s running as %s on %s",
resp[i]['lpServiceName'][:-1],
svc_user,
self.hostname)
serviceusers.append(svc_user)
except DCERPCException as e:
if 'rpc_s_access_denied' not in str(e):
logging.debug('Exception querying service %s via RPC: %s', resp[i]['lpServiceName'][:-1], e)
except DCERPCException as e:
logging.debug('Exception connecting to RPC: %s', e)
except Exception as e:
if 'connection reset' in str(e):
logging.debug('Connection was reset: %s', e)
else:
raise e
dce.disconnect()
return serviceusers