def tes_oaut(self): dce, rpctransport = self.connect() IID_IDispatch = string_to_bin('00020400-0000-0000-C000-000000000046') IID_ITypeInfo = string_to_bin('00020401-0000-0000-C000-000000000046') scm = dcomrt.IRemoteSCMActivator(dce) iInterface = scm.RemoteCreateInstance(string_to_bin('4E14FBA2-2E22-11D1-9964-00C04FBBB345'), IID_IDispatch) iDispatch = oaut.IDispatch(iInterface) kk = iDispatch.GetTypeInfoCount() kk.dump() iTypeInfo = iDispatch.GetTypeInfo() iTypeInfo.GetTypeAttr()
def tes_oaut(self): dce, rpctransport = self.connect() IID_IDispatch = string_to_bin('00020400-0000-0000-C000-000000000046') IID_ITypeInfo = string_to_bin('00020401-0000-0000-C000-000000000046') scm = dcomrt.IRemoteSCMActivator(dce) iInterface = scm.RemoteCreateInstance( string_to_bin('4E14FBA2-2E22-11D1-9964-00C04FBBB345'), IID_IDispatch) iDispatch = oaut.IDispatch(iInterface) kk = iDispatch.GetTypeInfoCount() kk.dump() iTypeInfo = iDispatch.GetTypeInfo() iTypeInfo.GetTypeAttr()
def tes_ie(self): dce, rpctransport = self.connect() scm = dcomrt.IRemoteSCMActivator(dce) #iInterface = scm.RemoteCreateInstance(string_to_bin('0002DF01-0000-0000-C000-000000000046'),ie.IID_WebBrowser) iInterface = scm.RemoteCreateInstance( string_to_bin('72C24DD5-D70A-438B-8A42-98424B88AFB8'), dcomrt.IID_IRemUnknown) iDispatch = ie.IWebBrowser(iInterface) resp = iDispatch.GetIDsOfNames(('Navigate', )) print resp #sys.exit(1) iTypeInfo = iDispatch.GetTypeInfo() resp = iTypeInfo.GetTypeAttr() #resp.dump() for i in range(0, resp['ppTypeAttr']['cFuncs']): resp = iTypeInfo.GetFuncDesc(i) #resp.dump() #resp2 = iTypeInfo.GetNames(resp['ppFuncDesc']['memid']) #print resp2['rgBstrNames'][0]['asData'] resp = iTypeInfo.GetDocumentation(resp['ppFuncDesc']['memid']) print resp['pBstrName']['asData'] #iEventSystem.get_EventObjectChangeEventClassID() print "ACA" iTypeInfo.RemRelease() iDispatch.RemRelease() sys.exit(1)
def tes_ie(self): dce, rpctransport = self.connect() scm = dcomrt.IRemoteSCMActivator(dce) #iInterface = scm.RemoteCreateInstance(string_to_bin('0002DF01-0000-0000-C000-000000000046'),ie.IID_WebBrowser) iInterface = scm.RemoteCreateInstance(string_to_bin('72C24DD5-D70A-438B-8A42-98424B88AFB8'),dcomrt.IID_IRemUnknown) iDispatch = ie.IWebBrowser(iInterface) resp = iDispatch.GetIDsOfNames(('Navigate',)) print resp #sys.exit(1) iTypeInfo = iDispatch.GetTypeInfo() resp = iTypeInfo.GetTypeAttr() #resp.dump() for i in range(0,resp['ppTypeAttr']['cFuncs']): resp = iTypeInfo.GetFuncDesc(i) #resp.dump() #resp2 = iTypeInfo.GetNames(resp['ppFuncDesc']['memid']) #print resp2['rgBstrNames'][0]['asData'] resp = iTypeInfo.GetDocumentation(resp['ppFuncDesc']['memid']) print resp['pBstrName']['asData'] #iEventSystem.get_EventObjectChangeEventClassID() print "ACA" iTypeInfo.RemRelease() iDispatch.RemRelease() sys.exit(1)
def test_map(self): dce, rpctransport = self.connect() tower2 = '\x04\x00\x13\x00\r\xac\xbe\x00\xc1:\xd3KJ\xbf#\xbb\xefFc\xd0\x17\x01\x00\x02\x00\x00\x00\x13\x00\r\x04]\x88\x8a\xeb\x1c\xc9\x11\x9f\xe8\x08\x00+\x10H`\x02\x00\x02\x00\x00\x00\x01\x00\x0c\x02\x00\x00\x00\x01\x00\x10\x18\x00LRPC-26b184043749be8892\x00' tower = epm.EPMTower() interface = epm.EPMRPCInterface() interface['InterfaceUUID'] = string_to_bin('12345778-1234-ABCD-EF00-0123456789AC') interface['MajorVersion'] = 1 interface['MinorVersion'] = 0 dataRep = epm.EPMRPCDataRepresentation() dataRep['DataRepUuid'] = string_to_bin('8a885d04-1ceb-11c9-9fe8-08002b104860') dataRep['MajorVersion'] = 2 dataRep['MinorVersion'] = 0 protId = epm.EPMProtocolIdentifier() protId['ProtIdentifier'] = 0xb pipeName = epm.EPMPipeName() pipeName['PipeName'] = '\x00' portAddr = epm.EPMPortAddr() portAddr['IpPort'] = 0 hostAddr = epm.EPMHostAddr() import socket hostAddr['Ip4addr'] = socket.inet_aton('0.0.0.0') hostName = epm.EPMHostName() hostName['HostName'] = '\x00' tower['NumberOfFloors'] = 5 tower['Floors'] = interface.getData() + dataRep.getData() + protId.getData() + portAddr.getData() + hostAddr.getData() #tower['Floors'] = interface.getData() + dataRep.getData() + protId.getData() + pipeName.getData() + hostName.getData() request = epm.ept_map() request['max_towers'] = 4 request['map_tower']['tower_length'] = len(tower) request['map_tower']['tower_octet_string'] = str(tower) #request.dumpRaw() resp = dce.request(request) resp.dump()
def test_RChangeServiceConfig2W(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW( dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] error = False try: request = scmr.RChangeServiceConfig2W() request['hService'] = newHandle request['Info']['dwInfoLevel'] = 1 request['Info']['Union']['tag'] = 1 request['Info']['Union']['psd']['lpDescription'] = u'betobeto\x00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psd']['lpDescription']) request['Info']['dwInfoLevel'] = 2 request['Info']['Union']['tag'] = 2 request['Info']['Union']['psfa']['lpRebootMsg'] = u'rebootMsg\00' request['Info']['Union']['psfa']['lpCommand'] = u'lpCommand\00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psfa']['lpRebootMsg']) request['Info']['dwInfoLevel'] = 3 request['Info']['Union']['tag'] = 3 request['Info']['Union']['psda']['fDelayedAutostart'] = 1 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psda']['fDelayedAutostart']) request['Info']['dwInfoLevel'] = 4 request['Info']['Union']['tag'] = 4 request['Info']['Union']['psfaf'][ 'fFailureActionsOnNonCrashFailures'] = 1 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psfaf'] ['fFailureActionsOnNonCrashFailures']) request['Info']['dwInfoLevel'] = 5 request['Info']['Union']['tag'] = 5 request['Info']['Union']['pssid']['dwServiceSidType'] = 1 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['pssid']['dwServiceSidType']) request['Info']['dwInfoLevel'] = 6 request['Info']['Union']['tag'] = 6 request['Info']['Union']['psrp']['pRequiredPrivileges'] = list( u'SeAssignPrimaryTokenPrivilege\x00\x00'.encode('utf-16le')) resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psrp']['pRequiredPrivileges']) request['Info']['dwInfoLevel'] = 7 request['Info']['Union']['tag'] = 7 request['Info']['Union']['psps']['dwPreshutdownTimeout'] = 22 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psps']['dwPreshutdownTimeout']) request['Info']['dwInfoLevel'] = 8 request['Info']['Union']['tag'] = 8 #request.dump() trigger = scmr.SERVICE_TRIGGER() trigger['dwTriggerType'] = scmr.SERVICE_TRIGGER_TYPE_DOMAIN_JOIN trigger['dwAction'] = scmr.SERVICE_TRIGGER_ACTION_SERVICE_START trigger['pTriggerSubtype'] = string_to_bin(scmr.DOMAIN_JOIN_GUID) item = scmr.SERVICE_TRIGGER_SPECIFIC_DATA_ITEM() item['dwDataType'] = scmr.SERVICE_TRIGGER_DATA_TYPE_STRING item['pData'] = list(u'FREEFLY\x00'.encode('utf-16le')) #trigger['pDataItems'].append(item) trigger['pDataItems'] = NULL request['Info']['Union']['psti']['pTriggers'].append(trigger) resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, '\x00') request['Info']['dwInfoLevel'] = 9 request['Info']['Union']['tag'] = 9 request['Info']['Union']['pspn']['usPreferredNode'] = 22 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pspn']['usPreferredNode']) request['Info']['dwInfoLevel'] = 10 request['Info']['Union']['tag'] = 10 request['Info']['Union']['psri']['eLowestRunLevel'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psri']['eLowestRunLevel']) request['Info']['dwInfoLevel'] = 11 request['Info']['Union']['tag'] = 11 request['Info']['Union']['psma']['fIsManagedAccount'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psma']['fIsManagedAccount']) except Exception, e: import traceback traceback.print_exc() print e error = True pass
DCERPCException.__init__(self, error_string, error_code, packet) def __str__(self): if hresult_errors.ERROR_MESSAGES.has_key(self.error_code): error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1] return "OAUT SessionError: code: 0x%x - %s - %s" % (self.error_code, error_msg_short, error_msg_verbose) else: return "OAUT SessionError: unknown error code: 0x%x" % (self.error_code) ################################################################################ # CONSTANTS ################################################################################ # 1.9 Standards Assignments IID_IDispatch = string_to_bin("00020400-0000-0000-C000-000000000046") IID_ITypeInfo = string_to_bin("00020401-0000-0000-C000-000000000046") IID_ITypeComp = string_to_bin("00020403-0000-0000-C000-000000000046") IID_NULL = string_to_bin("00000000-0000-0000-0000-000000000000") error_status_t = ULONG LCID = DWORD WORD = NDRUSHORT # 2.2.2 IID IID = GUID # 2.2.3 LPOLESTR LPOLESTR = LPWSTR OLESTR = WSTR
if hresult_errors.ERROR_MESSAGES.has_key(self.error_code): error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[ self.error_code][1] return 'OAUT SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'OAUT SessionError: unknown error code: 0x%x' % ( self.error_code) ################################################################################ # CONSTANTS ################################################################################ # 1.9 Standards Assignments IID_IDispatch = string_to_bin('00020400-0000-0000-C000-000000000046') IID_ITypeInfo = string_to_bin('00020401-0000-0000-C000-000000000046') IID_ITypeComp = string_to_bin('00020403-0000-0000-C000-000000000046') IID_NULL = string_to_bin('00000000-0000-0000-0000-000000000000') error_status_t = ULONG LCID = DWORD WORD = NDRUSHORT # 2.2.2 IID IID = GUID # 2.2.3 LPOLESTR LPOLESTR = LPWSTR OLESTR = WSTR
def __str__(self): if hresult_errors.ERROR_MESSAGES.has_key(self.error_code): error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[ self.error_code][1] return 'SCMP SessionError: code: 0x%x - %s - %s' % ( self.error_code, error_msg_short, error_msg_verbose) else: return 'SCMP SessionError: unknown error code: 0x%x' % self.error_code ################################################################################ # CONSTANTS ################################################################################ # 1.9 Standards Assignments CLSID_ShadowCopyProvider = string_to_bin( '0b5a2c52-3eb9-470a-96e2-6c6d4570e40f') IID_IVssSnapshotMgmt = string_to_bin('FA7DF749-66E7-4986-A27F-E2F04AE53772') IID_IVssEnumObject = string_to_bin('AE1C7110-2F60-11d3-8A39-00C04F72D8E3') IID_IVssDifferentialSoftwareSnapshotMgmt = string_to_bin( '214A0F28-B737-4026-B847-4F9E37D79529') IID_IVssEnumMgmtObject = string_to_bin('01954E6B-9254-4e6e-808C-C9E05D007696') IID_ShadowCopyProvider = string_to_bin('B5946137-7B9F-4925-AF80-51ABD60B20D5') # 2.2.1.1 VSS_ID class VSS_ID(NDRSTRUCT): structure = (('Data', '16s=""'), ) def getAlignment(self): return 2
def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__( self ): if hresult_errors.ERROR_MESSAGES.has_key(self.error_code): error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1] return 'VDS SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: return 'VDS SessionError: unknown error code: 0x%x' % (self.error_code) ################################################################################ # CONSTANTS ################################################################################ # 1.9 Standards Assignments CLSID_VirtualDiskService = string_to_bin('7D1933CB-86F6-4A98-8628-01BE94C9A575') IID_IEnumVdsObject = string_to_bin('118610B7-8D94-4030-B5B8-500889788E4E') IID_IVdsAdviseSink = string_to_bin('8326CD1D-CF59-4936-B786-5EFC08798E25') IID_IVdsAsync = string_to_bin('D5D23B6D-5A55-4492-9889-397A3C2D2DBC') IID_IVdsServiceInitialization = string_to_bin('4AFC3636-DB01-4052-80C3-03BBCB8D3C69') IID_IVdsService = string_to_bin('0818A8EF-9BA9-40D8-A6F9-E22833CC771E') IID_IVdsSwProvider = string_to_bin('9AA58360-CE33-4F92-B658-ED24B14425B8') IID_IVdsProvider = string_to_bin('10C5E575-7984-4E81-A56B-431F5F92AE42') error_status_t = ULONG # 2.2.1.1.3 VDS_OBJECT_ID VDS_OBJECT_ID = GUID ################################################################################ # STRUCTURES
def test_RChangeServiceConfig2W(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] error = False try: request = scmr.RChangeServiceConfig2W() request['hService'] = newHandle request['Info']['dwInfoLevel'] = 1 request['Info']['Union']['tag'] = 1 request['Info']['Union']['psd']['lpDescription'] = u'betobeto\x00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psd']['lpDescription']) request['Info']['dwInfoLevel'] = 2 request['Info']['Union']['tag'] = 2 request['Info']['Union']['psfa']['lpRebootMsg'] = u'rebootMsg\00' request['Info']['Union']['psfa']['lpCommand'] = u'lpCommand\00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psfa']['lpRebootMsg']) request['Info']['dwInfoLevel'] = 3 request['Info']['Union']['tag'] = 3 request['Info']['Union']['psda']['fDelayedAutostart'] = 1 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psda']['fDelayedAutostart']) request['Info']['dwInfoLevel'] = 4 request['Info']['Union']['tag'] = 4 request['Info']['Union']['psfaf']['fFailureActionsOnNonCrashFailures'] = 1 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psfaf']['fFailureActionsOnNonCrashFailures']) request['Info']['dwInfoLevel'] = 5 request['Info']['Union']['tag'] = 5 request['Info']['Union']['pssid']['dwServiceSidType'] = 1 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pssid']['dwServiceSidType']) request['Info']['dwInfoLevel'] = 6 request['Info']['Union']['tag'] = 6 request['Info']['Union']['psrp']['pRequiredPrivileges'] = list(u'SeAssignPrimaryTokenPrivilege\x00\x00'.encode('utf-16le')) resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psrp']['pRequiredPrivileges']) request['Info']['dwInfoLevel'] = 7 request['Info']['Union']['tag'] = 7 request['Info']['Union']['psps']['dwPreshutdownTimeout'] = 22 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psps']['dwPreshutdownTimeout']) request['Info']['dwInfoLevel'] = 8 request['Info']['Union']['tag'] = 8 #request.dump() trigger = scmr.SERVICE_TRIGGER() trigger['dwTriggerType'] = scmr.SERVICE_TRIGGER_TYPE_DOMAIN_JOIN trigger['dwAction'] = scmr.SERVICE_TRIGGER_ACTION_SERVICE_START trigger['pTriggerSubtype'] = string_to_bin(scmr.DOMAIN_JOIN_GUID) item = scmr.SERVICE_TRIGGER_SPECIFIC_DATA_ITEM() item['dwDataType'] = scmr.SERVICE_TRIGGER_DATA_TYPE_STRING item['pData'] = list(u'FREEFLY\x00'.encode('utf-16le')) #trigger['pDataItems'].append(item) trigger['pDataItems'] = NULL request['Info']['Union']['psti']['pTriggers'].append(trigger) resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, '\x00') request['Info']['dwInfoLevel'] = 9 request['Info']['Union']['tag'] = 9 request['Info']['Union']['pspn']['usPreferredNode'] = 22 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pspn']['usPreferredNode']) request['Info']['dwInfoLevel'] = 10 request['Info']['Union']['tag'] = 10 request['Info']['Union']['psri']['eLowestRunLevel'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psri']['eLowestRunLevel']) request['Info']['dwInfoLevel'] = 11 request['Info']['Union']['tag'] = 11 request['Info']['Union']['psma']['fIsManagedAccount'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psma']['fIsManagedAccount']) except Exception, e: import traceback traceback.print_exc() print e error = True pass
def __init__(self, error_string=None, error_code=None, packet=None): DCERPCException.__init__(self, error_string, error_code, packet) def __str__( self ): if hresult_errors.ERROR_MESSAGES.has_key(self.error_code): error_msg_short = hresult_errors.ERROR_MESSAGES[self.error_code][0] error_msg_verbose = hresult_errors.ERROR_MESSAGES[self.error_code][1] return 'SCMP SessionError: code: 0x%x - %s - %s' % (self.error_code, error_msg_short, error_msg_verbose) else: return 'SCMP SessionError: unknown error code: 0x%x' % self.error_code ################################################################################ # CONSTANTS ################################################################################ # 1.9 Standards Assignments CLSID_ShadowCopyProvider = string_to_bin('0b5a2c52-3eb9-470a-96e2-6c6d4570e40f') IID_IVssSnapshotMgmt = string_to_bin('FA7DF749-66E7-4986-A27F-E2F04AE53772') IID_IVssEnumObject = string_to_bin('AE1C7110-2F60-11d3-8A39-00C04F72D8E3') IID_IVssDifferentialSoftwareSnapshotMgmt = string_to_bin('214A0F28-B737-4026-B847-4F9E37D79529') IID_IVssEnumMgmtObject = string_to_bin('01954E6B-9254-4e6e-808C-C9E05D007696') IID_ShadowCopyProvider = string_to_bin('B5946137-7B9F-4925-AF80-51ABD60B20D5') # 2.2.1.1 VSS_ID class VSS_ID(NDRSTRUCT): structure = ( ('Data','16s=""'), ) def getAlignment(self): return 2