本文整理匯總了Python中impacket.dcerpc.v5.tsch.hSchRpcEnumTasks方法的典型用法代碼示例。如果您正苦於以下問題:Python tsch.hSchRpcEnumTasks方法的具體用法?Python tsch.hSchRpcEnumTasks怎麽用?Python tsch.hSchRpcEnumTasks使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類impacket.dcerpc.v5.tsch的用法示例。
在下文中一共展示了tsch.hSchRpcEnumTasks方法的3個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: test_hSchRpcEnumTasks
# 需要導入模塊: from impacket.dcerpc.v5 import tsch [as 別名]
# 或者: from impacket.dcerpc.v5.tsch import hSchRpcEnumTasks [as 別名]
def test_hSchRpcEnumTasks(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
jobId = resp['pJobId']
resp = tsch.hSchRpcEnumTasks(dce, '\\')
resp.dump()
resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId)
resp.dump() 示例2: test_hSchRpcEnumTasks
# 需要導入模塊: from impacket.dcerpc.v5 import tsch [as 別名]
# 或者: from impacket.dcerpc.v5.tsch import hSchRpcEnumTasks [as 別名]
def test_hSchRpcEnumTasks(self):
dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS)
dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC)
atInfo = AT_INFO()
atInfo['JobTime'] = NULL
atInfo['DaysOfMonth'] = 0
atInfo['DaysOfWeek'] = 0
atInfo['Flags'] = 0
atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00'
try:
resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo)
resp.dump()
except Exception as e:
if e.get_error_code() != ERROR_NOT_SUPPORTED:
raise
else:
# OpNum not supported, aborting test
return
jobId = resp['pJobId']
resp = tsch.hSchRpcEnumTasks(dce, '\\')
resp.dump()
resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId)
resp.dump() 示例3: rpc_get_schtasks
# 需要導入模塊: from impacket.dcerpc.v5 import tsch [as 別名]
# 或者: from impacket.dcerpc.v5.tsch import hSchRpcEnumTasks [as 別名]
def rpc_get_schtasks(self):
"""
Query the scheduled tasks via RPC. Requires admin privileges.
These credentials can be dumped with mimikatz via vault::cred
"""
# Blacklisted folders (Default ones)
blacklist = [u'Microsoft\x00']
# Start with the root folder
folders = ['\\']
tasks = []
schtaskusers = []
binding = r'ncacn_np:%s[\PIPE\atsvc]' % self.addr
try:
dce = self.dce_rpc_connect(binding, tsch.MSRPC_UUID_TSCHS, True)
if dce is None:
return
# Get root folder
resp = tsch.hSchRpcEnumFolders(dce, '\\')
for item in resp['pNames']:
data = item['Data']
if data not in blacklist:
folders.append('\\'+data)
# Enumerate the folders we found
# subfolders not supported yet
for folder in folders:
try:
resp = tsch.hSchRpcEnumTasks(dce, folder)
for item in resp['pNames']:
data = item['Data']
if folder != '\\':
# Make sure to strip the null byte
tasks.append(folder[:-1]+'\\'+data)
else:
tasks.append(folder+data)
except DCERPCException as e:
logging.debug('Error enumerating task folder %s: %s', folder, e)
for task in tasks:
try:
resp = tsch.hSchRpcRetrieveTask(dce, task)
# This returns a tuple (sid, logontype) or None
userinfo = ADUtils.parse_task_xml(resp['pXml'])
if userinfo:
if userinfo[1] == u'Password':
# Convert to byte string because our cache format is in bytes
schtaskusers.append(str(userinfo[0]))
logging.info('Found scheduled task %s on %s with stored credentials for SID %s',
task,
self.hostname,
userinfo[0])
except DCERPCException as e:
logging.debug('Error querying task %s: %s', task, e)
except DCERPCException as e:
logging.debug('Exception enumerating scheduled tasks: %s', e)
dce.disconnect()
return schtaskusers