def te_RNotifyServiceStatusChange(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RNotifyServiceStatusChange() request['hService'] =serviceHandle request['NotifyParams']['tag'] = 1 request['NotifyParams']['pStatusChangeParam1']['dwNotifyMask'] = scmr.SERVICE_NOTIFY_RUNNING request['pClientProcessGuid'] = '0'*16 #request.dump() resp = dce.request(request) resp.dump() request = scmr.RCloseNotifyHandle() request['phNotify'] = resp['phNotify'] resp = dce.request(request) resp.dump() request = scmr.RGetNotifyResults() request['hNotify'] = resp['phNotify'] resp = dce.request(request) resp.dump()
def te_RNotifyServiceStatusChange(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RNotifyServiceStatusChange() request['hService'] = serviceHandle request['NotifyParams']['tag'] = 1 request['NotifyParams']['pStatusChangeParam1'][ 'dwNotifyMask'] = scmr.SERVICE_NOTIFY_RUNNING request['pClientProcessGuid'] = '0' * 16 #request.dump() resp = dce.request(request) resp.dump() request = scmr.RCloseNotifyHandle() request['phNotify'] = resp['phNotify'] resp = dce.request(request) resp.dump() request = scmr.RGetNotifyResults() request['hNotify'] = resp['phNotify'] resp = dce.request(request) resp.dump()
def test_query(self): dce, rpctransport, scHandle = self.connect() ############################ # Query Service Status / Enum Dependent lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] resp = scmr.hRQueryServiceStatus(dce, serviceHandle) cbBufSize = 0 try: resp = scmr.hREnumDependentServicesW(dce, serviceHandle, scmr.SERVICE_STATE_ALL, cbBufSize) resp.dump() except scmr.DCERPCSessionError, e: if str(e).find('ERROR_MORE_DATA') <= 0: raise else: resp = e.get_packet()
def createService(self, handle, share, path): LOG.info("Creating service %s on %s....." % (self.__service_name, self.connection.getRemoteHost())) # First we try to open the service in case it exists. If it does, we remove it. try: resp = scmr.hROpenServiceW(self.rpcsvc, handle, self.__service_name+'\x00') except Exception, e: if str(e).find('ERROR_SERVICE_DOES_NOT_EXIST') >= 0: # We're good, pass the exception pass else: raise e
def createService(self, handle, share, path): LOG.info("Creating service %s on %s....." % (self.__service_name, self.connection.getRemoteHost())) # First we try to open the service in case it exists. If it does, we remove it. try: resp = scmr.hROpenServiceW(self.rpcsvc, handle, self.__service_name + '\x00') except Exception, e: if str(e).find('ERROR_SERVICE_DOES_NOT_EXIST') >= 0: # We're good, pass the exception pass else: raise e
def test_RStartServiceW(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] try: resp = scmr.hRStartServiceW(dce, serviceHandle, 3, ['arg1\x00', 'arg2\x00', 'arg3\x00'] ) except Exception, e: if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') <= 0: raise
def test_RStartServiceW(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] try: resp = scmr.hRStartServiceW(dce, serviceHandle, 3, ['arg1\x00', 'arg2\x00', 'arg3\x00']) except Exception, e: if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') <= 0: raise
def test_RQueryServiceConfigEx(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'RemoteRegistry\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RQueryServiceConfigEx() request['hService'] = serviceHandle request['dwInfoLevel'] = 0x00000008 #request.dump() resp = dce.request(request) resp.dump()
def test_RQueryServiceConfigEx(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'RemoteRegistry\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RQueryServiceConfigEx() request['hService'] = serviceHandle request['dwInfoLevel'] = 0x00000008 #request.dump() resp = dce.request(request) resp.dump()
def uninstall(self): fileCopied = True serviceCreated = True # Do the stuff here try: # Let's get the shares svcManager = self.openSvcManager() if svcManager != 0: resp = scmr.hROpenServiceW(self.rpcsvc, svcManager, self.__service_name + '\x00') service = resp['lpServiceHandle'] LOG.info('Stoping service %s.....' % self.__service_name) try: scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP) except: pass LOG.info('Removing service %s.....' % self.__service_name) scmr.hRDeleteService(self.rpcsvc, service) scmr.hRCloseServiceHandle(self.rpcsvc, service) scmr.hRCloseServiceHandle(self.rpcsvc, svcManager) LOG.info('Removing file %s.....' % self.__binary_service_name) self.connection.deleteFile(self.share, self.__binary_service_name) except Exception: LOG.critical("Error performing the uninstallation, cleaning up") try: scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP) except: pass if fileCopied is True: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: pass pass if serviceCreated is True: try: scmr.hRDeleteService(self.rpcsvc, service) except: pass
def test_RQueryServiceStatusEx(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RQueryServiceStatusEx() request['hService'] = serviceHandle request['InfoLevel'] = scmr.SC_STATUS_PROCESS_INFO request['cbBufSize'] = 100 resp = dce.request(request) array = ''.join(resp['lpBuffer']) status = scmr.SERVICE_STATUS_PROCESS(array)
def test_RQueryServiceStatusEx(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RQueryServiceStatusEx() request['hService'] = serviceHandle request['InfoLevel'] = scmr.SC_STATUS_PROCESS_INFO request['cbBufSize'] = 100 resp = dce.request(request) array = ''.join(resp['lpBuffer']) status = scmr.SERVICE_STATUS_PROCESS(array)
def test_RControlServiceCall(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'CryptSvc\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] try: req = scmr.RControlService() req['hService'] = serviceHandle req['dwControl'] = scmr.SERVICE_CONTROL_STOP resp = dce.request(req) except Exception, e: if str(e).find('ERROR_DEPENDENT_SERVICES_RUNNING') < 0: raise pass
def test_RControlServiceCall(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'CryptSvc\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] try: req = scmr.RControlService() req['hService'] = serviceHandle req['dwControl'] = scmr.SERVICE_CONTROL_STOP resp = dce.request(req) except Exception, e: if str(e).find('ERROR_DEPENDENT_SERVICES_RUNNING') < 0: raise pass
def uninstall(self): fileCopied = True serviceCreated = True # Do the stuff here try: # Let's get the shares svcManager = self.openSvcManager() if svcManager != 0: resp = scmr.hROpenServiceW(self.rpcsvc, svcManager, self.__service_name+'\x00') service = resp['lpServiceHandle'] LOG.info('Stoping service %s.....' % self.__service_name) try: scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP) except: pass LOG.info('Removing service %s.....' % self.__service_name) scmr.hRDeleteService(self.rpcsvc, service) scmr.hRCloseServiceHandle(self.rpcsvc, service) scmr.hRCloseServiceHandle(self.rpcsvc, svcManager) LOG.info('Removing file %s.....' % self.__binary_service_name) self.connection.deleteFile(self.share, self.__binary_service_name) except Exception: LOG.critical("Error performing the uninstallation, cleaning up" ) try: scmr.hRControlService(self.rpcsvc, service, scmr.SERVICE_CONTROL_STOP) except: pass if fileCopied is True: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: try: self.connection.deleteFile(self.share, self.__binary_service_name) except: pass pass if serviceCreated is True: try: scmr.hRDeleteService(self.rpcsvc, service) except: pass
def te_RControlServiceExW(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RControlServiceExW() request['hService'] = serviceHandle request['dwControl'] = scmr.SERVICE_CONTROL_STOP request['dwInfoLevel'] = 1 # This is not working, don't know exactly why request['pControlInParams']['dwReason'] = 0x20000000 request['pControlInParams']['pszComment'] = 'nada\x00' request['pControlInParams'] = NULL resp = dce.request(request) resp.dump()
def te_RControlServiceExW(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] request = scmr.RControlServiceExW() request['hService'] = serviceHandle request['dwControl'] = scmr.SERVICE_CONTROL_STOP request['dwInfoLevel'] = 1 # This is not working, don't know exactly why request['pControlInParams']['dwReason'] = 0x20000000 request['pControlInParams']['pszComment'] = 'nada\x00' request['pControlInParams'] = NULL resp = dce.request(request) resp.dump()
def test_query(self): dce, rpctransport, scHandle = self.connect() ############################ # Query Service Status / Enum Dependent lpServiceName = 'PlugPlay\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] resp = scmr.hRQueryServiceStatus(dce, serviceHandle) cbBufSize = 0 try: resp = scmr.hREnumDependentServicesW(dce, serviceHandle, scmr.SERVICE_STATE_ALL,cbBufSize ) resp.dump() except scmr.DCERPCSessionError, e: if str(e).find('ERROR_MORE_DATA') <= 0: raise else: resp = e.get_packet()
serviceHandle = resp['lpServiceHandle'] try: req = scmr.RControlService() req['hService'] = serviceHandle req['dwControl'] = scmr.SERVICE_CONTROL_STOP resp = dce.request(req) except Exception, e: if str(e).find('ERROR_DEPENDENT_SERVICES_RUNNING') < 0: raise pass resp = scmr.hRCloseServiceHandle(dce, serviceHandle) import time time.sleep(1) resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess ) resp.dump() serviceHandle = resp['lpServiceHandle'] try: resp = scmr.hRStartServiceW(dce, serviceHandle, 0, NULL ) resp.dump() except Exception, e: if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') < 0: raise return class SMBTransport(SCMRTests): def setUp(self): SCMRTests.setUp(self)
serviceHandle = resp['lpServiceHandle'] try: req = scmr.RControlService() req['hService'] = serviceHandle req['dwControl'] = scmr.SERVICE_CONTROL_STOP resp = dce.request(req) except Exception, e: if str(e).find('ERROR_DEPENDENT_SERVICES_RUNNING') < 0: raise pass resp = scmr.hRCloseServiceHandle(dce, serviceHandle) import time time.sleep(1) resp = scmr.hROpenServiceW(dce, scHandle, lpServiceName, desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] try: resp = scmr.hRStartServiceW(dce, serviceHandle, 0, NULL) resp.dump() except Exception, e: if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') < 0: raise return class SMBTransport(SCMRTests): def setUp(self):