def ReloadData(self): service = self.GetSelService() self.listCtrl.SetRedraw(0) self.listCtrl.ResetContent() svcs = win32service.EnumServicesStatus(self.scm) i = 0 self.data = [] for svc in svcs: try: status = ('Unknown', 'Stopped', 'Starting', 'Stopping', 'Running', 'Continuing', 'Pausing', 'Paused')[svc[2][1]] except: status = 'Unknown' s = win32service.OpenService(self.scm, svc[0], win32service.SERVICE_ALL_ACCESS) cfg = win32service.QueryServiceConfig(s) try: startup = ('Boot', 'System', 'Automatic', 'Manual', 'Disabled')[cfg[1]] except: startup = 'Unknown' win32service.CloseServiceHandle(s) # svc[2][2] control buttons pos = self.listCtrl.AddString(str(svc[1]) + '\t' + status + '\t' + startup) self.listCtrl.SetItemData(pos, i) self.data.append(tuple(svc[2]) + (svc[1], svc[0], )) i = i + 1 if service and service[1] == svc[0]: self.listCtrl.SetCurSel(pos) self.OnListEvent(self.IDC_LIST, win32con.LBN_SELCHANGE) self.listCtrl.SetRedraw(1)
def ListServices(filter): manager = None try: manager = win32service.OpenSCManager( 'localhost', None, win32service.SC_MANAGER_ENUMERATE_SERVICE) services = list( win32service.EnumServicesStatus(manager, win32service.SERVICE_WIN32)) nameLen = max([len(service[0]) for service in services]) displayLen = max([len(service[1]) for service in services]) + 2 services.sort(cmp=lambda x, y: cmp(x[0].lower(), y[0].lower())) format = '%-' + str(nameLen) + 's %-' + str(displayLen) + 's : %s' for service in services: if filter and not fnmatch.fnmatch(service[0], filter): continue status = GetCurrentStateStr(service[2][1]) print((format % (service[0], '"' + service[1] + '"', status[0]))) except Exception as inst: if len(inst.args) == 3: number = inst.args[0] function = inst.args[1] message = inst.args[2] print(('ERROR enumerating services: %#08x (%s): %s' % (number, function, message))) else: print(('ERROR enumerating services: %s' % inst)) finally: if manager: win32service.CloseServiceHandle(manager)
def get_services(self, services_loaded): scm = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ENUMERATE_SERVICE) svcs = win32service.EnumServicesStatus(scm) for svc in svcs: try: sh_query_config = win32service.OpenService( scm, svc[0], win32service.SERVICE_QUERY_CONFIG) service_info = win32service.QueryServiceConfig(sh_query_config) short_name = svc[0] full_path = service_info[3] sv = self.check_if_service_already_loaded( short_name, full_path, services_loaded) if sv: sv.permissions = self.get_service_permissions(sv) if not sv: sk = Service() sk.name = short_name sk.display_name = svc[1] sk.full_path = full_path sk.paths = get_path_info(full_path) sk.permissions = self.get_service_permissions(sv) services_loaded.append(sk) except: pass return services_loaded
def check(self, instance): services = set(instance.get('services', [])) custom_tags = instance.get('tags', []) if not services: raise ValueError('No services defined in configuration.') # Old-style WMI wildcards if 'host' in instance: services = set(service.replace('%', '.*') for service in services) service_patterns = { service: re.compile(service, SERVICE_PATTERN_FLAGS) for service in services } services_unseen = set(services) try: scm_handle = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ENUMERATE_SERVICE) except Exception as e: # no cov raise Exception('Unable to open SCManager: {}'.format(e)) type_filter = win32service.SERVICE_WIN32 state_filter = win32service.SERVICE_STATE_ALL service_statuses = win32service.EnumServicesStatus( scm_handle, type_filter, state_filter) for short_name, _, service_status in service_statuses: if 'ALL' not in services: for service, service_pattern in sorted( iteritems(service_patterns), reverse=True): self.log.debug( 'Service: %s with Short Name: %s and Pattern: %s', service, short_name, service_pattern.pattern) if service_pattern.match(short_name): services_unseen.discard(service) break else: continue state = service_status[1] status = self.STATE_TO_STATUS.get(state, self.UNKNOWN) tags = ['service:{}'.format(short_name)] tags.extend(custom_tags) self.service_check(self.SERVICE_CHECK_NAME, status, tags=tags) self.log.debug('service state for %s %s', short_name, status) if 'ALL' not in services: for service in services_unseen: status = self.CRITICAL tags = ['service:{}'.format(service)] tags.extend(custom_tags) self.service_check(self.SERVICE_CHECK_NAME, status, tags=tags) self.log.debug('service state for %s %s', service, status)
def is_exists(self): """windows服务是否已安装""" statuses = win32service.EnumServicesStatus(self.scm, win32service.SERVICE_WIN32, win32service.SERVICE_STATE_ALL) for (short_name, desc, status) in statuses: if short_name == self.name: return True return False
def getname(self): for i in ws.EnumServicesStatus(self.scmhandle): if i[0].lower() == self.userv.lower(): return i[0], i[1] if i[1].lower() == self.userv.lower(): return i[0], i[1] return None, None
def check_windows_service_exists(service_name): typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus(_schSCManager, typeFilter, stateFilter) for (short_name, desc, status) in statuses: if short_name == service_name: return True return False
def is_exists(self): """Check service whether installed""" statuses = win32service.EnumServicesStatus( self.scm, win32service.SERVICE_WIN32, win32service.SERVICE_STATE_ALL) for (short_name, desc, status) in statuses: if short_name == self.name: return True return False
def get_by_name(self, name): statuses = win32service.EnumServicesStatus( self.scm, win32service.SERVICE_WIN32, win32service.SERVICE_STATE_ALL) for (short_name, desc, status) in statuses: if name.lower() in short_name.lower(): self.name = short_name self.desc = desc return
def getname(self): self.snames=ws.EnumServicesStatus(self.scmhandle) for i in self.snames: if i[0].lower() == self.userv.lower(): return i[0], i[1]; break if i[1].lower() == self.userv.lower(): return i[0], i[1]; break print "Error: The %s service doesn't seem to exist." % self.userv return None, None
def _build_srv_dict(hscm, machineName): # One node for each service name. dict_service_to_node = {} try: # Old versions of this library do not have this function. statuses = win32service.EnumServicesStatusEx(hscm, _type_filter, _state_filter) # li={'ControlsAccepted': 0, 'ServiceType': 32, 'DisplayName': 'WWAN AutoConfig', 'ServiceSpecificExitCode': 0, # 'ProcessId': 0, 'ServiceFlags': 0, 'CheckPoint': 0, 'ServiceName': 'WwanSvc', 'Win32ExitCode': 1077, # 'WaitHint': 0, 'CurrentState': 1}, for lst in statuses: service_name = lst['ServiceName'] lst["depends_in"] = [] lst["depends_out"] = [] dict_service_to_node[service_name] = lst # except AttributeError: except Exception: statuses = win32service.EnumServicesStatus(hscm, _type_filter, _state_filter) # li=('wuauserv', 'Windows Update', (32, 4, 453, 0, 0, 0, 0)) for svc in statuses: logging.debug("service=%s", str(svc)) # TODO: This must match the keys of EnumServicesStatusEx # lst = { "ServiceName":service_name, "DisplayName":descript, "CurrentState": status} lst = {"ServiceName":svc[0], "DisplayName":svc[1], "CurrentState": svc[2][1]} lst["depends_in"] = [] lst["depends_out"] = [] # A Win32 service status object is represented by a tuple # 0: serviceType # 1: serviceState # 2: controlsAccepted # 3: win32ExitCode # 4: serviceSpecificErrorCode # 5: checkPoint # 6: waitHint dict_service_to_node[svc[0]] = lst try: hsvc = win32service.OpenService(hscm, svc[0], win32service.SERVICE_CHANGE_CONFIG) # TODO: WHY DOING THIS ????? MAYBE FOR TESTING THE SERVICE PRESENCE ?? #win32service.ChangeServiceConfig(hsvc, win32service.SERVICE_NO_CHANGE, # win32service.SERVICE_DISABLED, win32service.SERVICE_NO_CHANGE, None, None,0, # None,None,None,None) win32service.CloseServiceHandle(hsvc) except Exception: # Might receive "Access is denied" if this is on a remote machine. lst["ProcessId"] = 999999 pass return dict_service_to_node
def check_windows_service_exists(service_name): _schSCManager = safe_open_scmanager() try: typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus(_schSCManager, typeFilter, stateFilter) for (short_name, desc, status) in statuses: if short_name == service_name: return True return False finally: win32service.CloseServiceHandle(_schSCManager)
def _get_services(): ''' Returns a list of all services on the system. ''' handle_scm = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ENUMERATE_SERVICE) try: services = win32service.EnumServicesStatusEx(handle_scm) except AttributeError: services = win32service.EnumServicesStatus(handle_scm) finally: win32service.CloseServiceHandle(handle_scm) return services
def ListServices(): resume = 0 accessSCM = win32con.GENERIC_READ accessSrv = win32service.SC_MANAGER_ALL_ACCESS #Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) #Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) for (short_name, desc, status) in statuses: print(short_name, desc, status)
def listServices(self): resume = 0 accessSCM = win32con.GENERIC_READ accessSrv = win32service.SC_MANAGER_ALL_ACCESS #Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) #Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) return statuses
def ListServices(finto,action): actionOnFile = action accessSCM = win32con.GENERIC_READ #Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) #Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) now = datetime.datetime.now() f=open(finto,actionOnFile) sl=open("serviceList.txt","a") f.write("________________________________________________________________________________________________________\n") f.write("Check time: "+ str(now)[2:19]+"\n") f.write("________________________________________________________________________________________________________\n") sl.write("________________________________________________________________________________________________________\n") sl.write("Check time: "+ str(now)[2:19]+"\n") sl.write("________________________________________________________________________________________________________\n") for (status) in statuses: if status[2][1]==1: continue # print("Service:",status[1],"| Status: Paused") # f.write("Service: "+status[1]+"| Status: Paused\n") # sl.write("Service: "+status[1]+"| Status: Paused\n") elif status[2][1]==4: # print("Service:",status[1],"| Status: Running") f.write("Service: "+status[1]+"| Status: Running\n") sl.write("Service: "+status[1]+"| Status: Running\n") else: print ("Service: "+status[1]+"| Status: "+str(status[2][1])+"\n") os.chmod(sl.name,stat.S_IREAD) os.chmod(sl.name,stat.S_IREAD) f.close() sl.close()
def Win_ListServices(): import win32con import win32service resume = 0 accessSCM = win32con.GENERIC_READ accessSrv = win32service.SERVICE_ACTIVE #Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) #Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_RUNNING statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) for (short_name, desc, status) in statuses: print(short_name)
def Windows_Active_Services(): import win32con import win32service list = [] resume = 0 accessSCM = win32con.GENERIC_READ accessSrv = win32service.SERVICE_RUNNING # Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) # Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_ACTIVE statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) for (short_name, desc, status) in statuses: list.append(short_name) # print(list) return list
def vm_driver_services(self): serviceList = ["VBoxWddm", "VBoxSF", "VBoxMouse", "VBoxGuest", "vmci", "vmhgfs", "vmmouse", "vmmemctl", "vmusb", "vmusbmouse", "vmx_svga", "vmxnet", "vmx86"] resume = 0 accessSCM = win32con.GENERIC_READ accessSrv = win32service.SC_MANAGER_ALL_ACCESS # Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) # Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus( hscm, typeFilter, stateFilter) for (short_name, desc, status) in statuses: if short_name in serviceList: return True return False
def __init__(self, service_names): accessSCM = win32con.GENERIC_READ self.logger = MidaxLogger.midaxlogger() self.service_names = service_names #Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) try: #Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) present_names = [ short_name for (short_name, desc, status) in statuses ] self.service_names = [ name for name in service_names if name in present_names ] finally: win32service.CloseServiceHandle(hscm)
def folders_for_midax_services(): resume = 0 accessSCM = win32con.GENERIC_READ accessSrv = win32service.SC_MANAGER_ALL_ACCESS #Open Service Control Manager hscm = win32service.OpenSCManager(None, None, accessSCM) try: #Enumerate Service Control Manager DB typeFilter = win32service.SERVICE_WIN32 stateFilter = win32service.SERVICE_STATE_ALL disabled = win32service.SERVICE_DISABLED statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter) for (short_name, desc, status) in statuses: if desc.lower().startswith('midax'): shandle = win32service.OpenService(hscm, short_name, accessSCM) try: (service_type, start_type, error_control, path, load_order_group, tag_id, dependencies, start_name, display_name) = win32service.QueryServiceConfig(shandle) if '/SM' in path: path = path.split('/SM', 1)[0] path = path.strip('"') if start_type == disabled: continue path = os.path.dirname(os.path.normcase(os.path.normpath(path))) if os.path.isdir(path): yield path, short_name finally: win32service.CloseServiceHandle(shandle) finally: win32service.CloseServiceHandle(hscm)
item("Server", "%s" % s) p2 = self.ctx.popen(self._cmd("-e", "server state %s" % s)) # popen p2.wait() io2 = p2.communicate() if io2[1]: self.ctx.err(io2[1].strip()) elif io2[0]: self.ctx.out(io2[0].strip()) else: self.ctx.err("UNKNOWN!") if self._isWindows(): # Print the OMERO server Windows service details hscm = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ALL_ACCESS) services = win32service.EnumServicesStatus(hscm) omesvcs = tuple((sname, fname) for sname, fname, status in services if "OMERO" in fname) for sname, fname in omesvcs: item("Server", fname) hsc = win32service.OpenService( hscm, sname, win32service.SC_MANAGER_ALL_ACCESS) logonuser = win32service.QueryServiceConfig(hsc)[7] if win32service.QueryServiceStatus(hsc)[1] == \ win32service.SERVICE_RUNNING: self.ctx.out("active (running as %s)" % logonuser) else: self.ctx.out("inactive") win32service.CloseServiceHandle(hsc) win32service.CloseServiceHandle(hscm)
def analyze_all_services(self): try: df = pd.DataFrame(columns=[ "Short Name", "Long Name", "Service Type", "Start Type", "Dependencies", "Full Command", "Bin Path", "ACLS", "Vulnerable Permissions", "Can Edit Binpath", "Is Unquoted Path" ]) total_services = 0 # Total Number of services vuln_perms = 0 # Total number of services that have suspect/vulnerable permissions (ACLS) vuln_conf = 0 # Total number of services where we can change the binpath as a standard user. vuln_unquote = 0 # Total number of services with unquoted service paths vuln_services = [ ] # List of all services tht can potentially be exploited service_config_manager = win32service.OpenSCManager( "", None, win32service.SC_MANAGER_CONNECT | win32service.SC_MANAGER_ENUMERATE_SERVICE | win32service.SC_MANAGER_QUERY_LOCK_STATUS | win32service.SERVICE_QUERY_CONFIG, ) service_manager = win32service.OpenSCManager( None, None, win32service.SC_MANAGER_ENUMERATE_SERVICE) # Hacky way to get the total number of services for service in win32service.EnumServicesStatus( service_manager, win32service.SERVICE_WIN32, win32service.SERVICE_STATE_ALL, ): total_services += 1 pbar = tqdm(total=total_services) pbar.set_description("Analyzing Services") # For each service, enumerate its values and check ACL's / binpath edits. for service in win32service.EnumServicesStatus( service_manager, win32service.SERVICE_WIN32, win32service.SERVICE_STATE_ALL, ): acls = "" # Holds all ACL's obtained from filepaths.py conf_check = False # Can we edit the current services configuration? unquote_check = False # Check for unquoted service paths access = win32service.OpenService( service_config_manager, service[0], win32service.SERVICE_QUERY_CONFIG, ) config = win32service.QueryServiceConfig(access) service_short_name = str(service[0]).replace('"', "").strip() service_long_name = str(service[1]).replace('"', "").strip() service_type = self.__access_from_int(config[0]) service_start_type = self.__windows_objects.START_TYPE[ config[2]] service_dependencies = str(config[6]).replace('"', "").strip() raw_bin_path = str(config[3]) cleaned_bin_path = str(config[3]).replace('"', "").strip() # find and cleanup the bin path due to CLI argument being present. service_bin_path = re.findall(self.__windows_file_path, cleaned_bin_path)[0] service_bin_path = os.path.join( service_bin_path[0] + ":\\", service_bin_path[1] + service_bin_path[2]) # Analyze ACL's for the Bin Path: #acl_list = fp.get_acl_list_return(service_bin_path) acl_dict = self.__perms.get_file_path_acl(service_bin_path) acl_list = acl_dict["acls"] for i, acl in enumerate(acl_list): if i == (len(acl_list) - 1): acls += acl else: acls += f"{acl}\n" # Check for bad ACL permissions: suspect_service = self.__analysis.analyze_acls_from_list( acl_list) if suspect_service: vuln_perms += 1 if service_short_name not in vuln_services: vuln_services.append(service_short_name) # Check if we can change the config: try: test = win32service.OpenService( service_config_manager, service[0], win32service.SERVICE_CHANGE_CONFIG, ) conf_check = True vuln_conf += 1 if service_short_name not in vuln_services: vuln_services.append(service_short_name) except: pass # Check for unquoted service paths: if ("program files" in raw_bin_path.lower() and '"' not in raw_bin_path.lower()): unquote_check = True vuln_unquote += 1 if service_short_name not in vuln_services: vuln_services.append(service_short_name) # Write the final data to a file. data = { "Short Name": service_short_name, "Long Name": service_long_name, "Service Type": f"{config[0]} {service_type}", "Start Type": service_start_type, "Dependencies": service_dependencies, "Full Command": cleaned_bin_path, "Bin Path": service_bin_path, "ACLS": acls, "Vulnerable Permissions": suspect_service, "Can Edit Binpath": conf_check, "Is Unquoted Path": unquote_check } df = df.append(data, ignore_index=True) pbar.update(1) return { "name": "Service Analysis", "description": "Analyze all services for weak ACLs, ability to change bin-path, and unquoted paths", "dataframe": df, "total_services": total_services, "vuln_perms": vuln_perms, "vuln_conf": vuln_conf, "vuln_unquote": vuln_unquote, "vuln_services": vuln_services } except Exception as e: self.__print_exception() exit(1)
def GetServiceNames(self, startsWith=""): startsWith = startsWith.lower() services = win32service.EnumServicesStatus(self.handle) return [str(n) for n, d, i in services \ if n.lower().startswith(startsWith)]
""" return win32security.MapGenericMask(mask, (SERVICE_GENERIC_READ, SERVICE_GENERIC_WRITE, SERVICE_GENERIC_EXECUTE, win32service.SERVICE_ALL_ACCESS)) def GetInheritTypes(self): """Specifies which types of ACE inheritance are supported. Services don't use any inheritance """ return ((IID_NULL, 0, 'Only current object'),) def PropertySheetPageCallback(self, hwnd, msg, pagetype): """Invoked each time a property sheet page is created or destroyed.""" ## page types from SI_PAGE_TYPE enum: SI_PAGE_PERM SI_PAGE_ADVPERM SI_PAGE_AUDIT SI_PAGE_OWNER ## msg: PSPCB_CREATE, PSPCB_RELEASE, PSPCB_SI_INITDIALOG return None def EditSecurity(self, owner_hwnd=0): """Creates an ACL editor dialog based on parameters returned by interface methods""" isi=pythoncom.WrapObject(self, authorization.IID_ISecurityInformation, pythoncom.IID_IUnknown) authorization.EditSecurity(owner_hwnd, isi) if __name__=='__main__': # Find the first service on local machine and edit its permissions scm = win32service.OpenSCManager(None, None, win32service.SC_MANAGER_ENUMERATE_SERVICE) svcs=win32service.EnumServicesStatus(scm) win32service.CloseServiceHandle(scm) si=ServiceSecurity(svcs[0][0]) si.EditSecurity()
def add_all(self): for s in win32service.EnumServicesStatus( self.get_scm(), self.get_type(), win32service.SERVICE_STATE_ALL): short_name = s[0] self.add(service(self.get_scm(), short_name))