def do_rpc_logic(self):
try:
resp = rrp.hOpenCurrentUser(self.dce)
except Exception:
return
rrp.hBaseRegSaveKey(self.dce, resp['phKey'],
f'\\\\{self.target}\\shmores\\file')
def query(self, dce, keyName):
# Let's strip the root key
try:
rootKey = keyName.split('\\')[0]
subKey = '\\'.join(keyName.split('\\')[1:])
except Exception:
raise Exception('Error parsing keyName %s' % keyName)
if rootKey.upper() == 'HKLM':
ans = rrp.hOpenLocalMachine(dce)
elif rootKey.upper() == 'HKU':
ans = rrp.hOpenCurrentUser(dce)
elif rootKey.upper() == 'HKCR':
ans = rrp.hOpenClassesRoot(dce)
else:
raise Exception('Invalid root key %s ' % rootKey)
hRootKey = ans['phKey']
ans2 = rrp.hBaseRegOpenKey(dce,
hRootKey,
subKey,
samDesired=rrp.MAXIMUM_ALLOWED
| rrp.KEY_ENUMERATE_SUB_KEYS
| rrp.KEY_QUERY_VALUE)
if self.__options.v:
print(keyName)
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'],
self.__options.v)
print(
'\t' + self.__options.v + '\t' +
self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t',
str(value[1]))
elif self.__options.ve:
print(keyName)
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')
print(
'\t' + '(Default)' + '\t' +
self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t',
str(value[1]))
elif self.__options.s:
self.__print_all_subkeys_and_entries(dce, subKey + '\\',
ans2['phkResult'], 0)
else:
print(keyName)
self.__print_key_values(dce, ans2['phkResult'])
i = 0
while True:
try:
key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)
print(keyName + '\\' + key['lpNameOut'][:-1])
i += 1
except Exception:
break
def test_hBaseRegSaveKeyEx(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hOpenCurrentUser(dce)
resp.dump()
resp = rrp.hBaseRegSaveKeyEx(dce, resp['phKey'], 'BETUSFILE2\x00')
resp.dump()
# I gotta remove the file now :s
smb = rpctransport.get_smb_connection()
smb.deleteFile('ADMIN$', 'System32\\BETUSFILE2')
def test_hBaseRegSaveKeyEx(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hOpenCurrentUser(dce)
resp.dump()
resp = rrp.hBaseRegSaveKeyEx(dce, resp['phKey'], 'BETUSFILE2\x00')
resp.dump()
# I gotta remove the file now :s
smb = rpctransport.get_smb_connection()
smb.deleteFile('ADMIN$', 'System32\\BETUSFILE2')
def __strip_root_key(self, dce, keyName):
# Let's strip the root key
try:
rootKey = keyName.split('\\')[0]
subKey = '\\'.join(keyName.split('\\')[1:])
except Exception:
raise Exception('Error parsing keyName %s' % keyName)
if rootKey.upper() == 'HKLM':
ans = rrp.hOpenLocalMachine(dce)
elif rootKey.upper() == 'HKU':
ans = rrp.hOpenCurrentUser(dce)
elif rootKey.upper() == 'HKCR':
ans = rrp.hOpenClassesRoot(dce)
else:
raise Exception('Invalid root key %s ' % rootKey)
hRootKey = ans['phKey']
return hRootKey, subKey
def query(self, dce, keyName):
# Let's strip the root key
try:
rootKey = keyName.split('\\')[0]
subKey = '\\'.join(keyName.split('\\')[1:])
except Exception:
raise Exception('Error parsing keyName %s' % keyName)
if rootKey.upper() == 'HKLM':
ans = rrp.hOpenLocalMachine(dce)
elif rootKey.upper() == 'HKU':
ans = rrp.hOpenCurrentUser(dce)
elif rootKey.upper() == 'HKCR':
ans = rrp.hOpenClassesRoot(dce)
else:
raise Exception('Invalid root key %s ' % rootKey)
hRootKey = ans['phKey']
ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey,
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS | rrp.KEY_QUERY_VALUE)
if self.__options.v:
print keyName
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], self.__options.v)
print '\t' + self.__options.v + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1])
elif self.__options.ve:
print keyName
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')
print '\t' + '(Default)' + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1])
elif self.__options.s:
self.__print_all_subkeys_and_entries(dce, subKey + '\\', ans2['phkResult'], 0)
else:
print keyName
self.__print_key_values(dce, ans2['phkResult'])
i = 0
while True:
try:
key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)
print keyName + '\\' + key['lpNameOut'][:-1]
i += 1
except Exception:
break
