コード例 #1
0
    def NetrShareGetInfo(self, serverName, netName):
        """
        retrieves information about a particular shared resource on the server (info struct level 2 only supported)

        :param UNICODE serverName: the NetBIOS name of the remote machine. '' would do the work as well
        :param UNICODE netName: Unicode string that specifies the name of the share to return information for

        :return: a SHARE_INFO_2 like structure (strings in UNICODE). For the meaning of each field see [MS-SRVS] Section 2.2.4.24

        """
        shareGetInfo = SRVSVCShareGetInfo()
        shareGetInfo['ServerName'] = ndrutils.NDRUniqueStringW()
        shareGetInfo['ServerName']['Data'] = serverName + '\x00'.encode(
            'utf-16le')
        shareGetInfo['ServerName'].alignment = 4
        shareGetInfo['NetName'] = ndrutils.NDRStringW()
        shareGetInfo['NetName']['Data'] = netName + '\x00'.encode('utf-16le')
        shareGetInfo['NetName'].alignment = 4
        shareGetInfo['Level'] = 2

        data = self.doRequest(shareGetInfo, checkReturn=1)
        ans = SRVSVCShareGetInfoResponse(data)

        entry = {}
        entry['Type'] = ans['InfoStruct']['ShareInfo2']['shi2_type']
        entry['NetName'] = ans['InfoStruct']['ShareInfo2']['netname']['Data']
        entry['Remark'] = ans['InfoStruct']['ShareInfo2']['remark']['Data']
        entry['Permissions'] = ans['InfoStruct']['ShareInfo2'][
            'shi2_permissions']
        entry['MaxUses'] = ans['InfoStruct']['ShareInfo2']['shi2_max_uses']
        entry['CurrentUses'] = ans['InfoStruct']['ShareInfo2'][
            'shi2_current_uses']
        entry['Path'] = ans['InfoStruct']['ShareInfo2']['path']['Data']

        return entry
コード例 #2
0
ファイル: svcctl.py プロジェクト: Liljhon241/MITMf
    def StartServiceW(self, handle, arguments=''):
        """
        starts a service

        :param HANDLE handle: a valid HANDLE to the service (see OpenServiceW)
        :param STRING arguments: arguments to be passed to the service

        :return: On error it raises an exception. Otherwise it was successful
        """

        # TODO: argv has to be a pointer to a buffer that contains an array
        # of pointers to null-terminated UNICODE strings that are passed as
        # arguments to the service
        startService = SVCCTLRStartServiceW()
        startService['ContextHandle'] = handle
        startService['argc'] = len(arguments)
        if len(arguments) == 0:
            startService['argv'] = '\x00' * 4
        else:
            args_data = pack('<LL', id(arguments) & 0xffffffff, len(arguments))

            for argument in arguments:
                args_data += pack('<L', id(argument) & 0xffffffff)

            for i in range(len(arguments)):
                item = ndrutils.NDRStringW()
                item['Data'] = arguments[i] + '\x00'.encode('utf-16le')
                args_data += str(item)
            startService['argv'] = args_data

        ans = self.doRequest(startService, checkReturn=1)

        return ans
コード例 #3
0
 def SchRpcEnumTasks(self, path, startIndex=0, flags=0):
     enumTasks = ATSVCSchRpcEnumTasks()
     enumTasks['Path'] = ndrutils.NDRStringW()
     enumTasks['Path']['Data'] = (path+'\x00').encode('utf-16le')
     enumTasks['StartIndex'] = startIndex
     enumTasks['Flags'] = 0
     packet = self.doRequest(enumTasks, checkReturn = 0)
     ans = ATSVCSchRpcEnumTasksResp(packet)
     return ans
コード例 #4
0
 def formatDict(self):
     resp = {}
     resp['name'] = None
     resp['sid'] = None
     data = self['Data']
     if self['pName'] != 0:
         name = ndrutils.NDRStringW(data)
         data = data[name['ActualCount'] * 2 + 12:]
         if name['ActualCount'] % 2 == 1:
             data = data[2:]
         resp['name'] = name['Data']
     if self['pSid'] != 0:
         resp['sid'] = SAMR_RPC_SID(data[4:])
     return resp
コード例 #5
0
ファイル: svcctl.py プロジェクト: Liljhon241/MITMf
    def CreateServiceW(self,
                       handle,
                       serviceName,
                       displayName,
                       binaryPathName,
                       serviceType=SERVICE_WIN32_OWN_PROCESS):
        """
        creates a service

        :param HANDLE handle: a valid HANDLE to the SCM database (see OpenSCManagerW)
        :param UNICODE serviceName: the name of the service to create
        :param UNICODE displayName: the display name of the service to create
        :param UNICODE binaryPathName: the pathname for the binary to be executed when starting the service
        :param INT serviceType: the type of service to be created. See service types within this file or [MS-SCMR] section 3.1.4.12.

        :return: returns an SVCCTLRCreateServiceWResponse structure with the service handle. Call dump() method to see its contents. On error it raises an exception
        """
        # We MUST receive Unicode data here
        createService = SVCCTLRCreateServiceW()
        createService['SCManager'] = handle
        createService['ServiceName'] = ndrutils.NDRStringW()
        createService['ServiceName']['Data'] = (serviceName +
                                                '\x00'.encode('utf-16le'))
        createService['DisplayName'] = ndrutils.NDRUniqueStringW()
        createService['DisplayName']['Data'] = (displayName +
                                                '\x00'.encode('utf-16le'))
        createService['DesiredAccess'] = SERVICE_ALL_ACCESS
        createService['ServiceType'] = serviceType
        createService['StartType'] = SERVICE_AUTO_START
        #createService['StartType']      = SERVICE_DEMAND_START
        createService['ErrorControl'] = SERVICE_ERROR_IGNORE
        createService['BinaryPathName'] = ndrutils.NDRStringW()
        createService['BinaryPathName']['Data'] = (binaryPathName +
                                                   '\x00'.encode('utf-16le'))
        createService['TagID'] = 0
        ans = self.doRequest(createService, checkReturn=1)
        return SVCCTLRCreateServiceWResponse(ans)
コード例 #6
0
 def NetrWkstaTransportEnum(self, serverName):
     transportEnum = WKSSVCNetrWkstaTransportEnum()
     transportEnum['ServerName'] = ndrutils.NDRUniqueStringW()
     transportEnum['ServerName']['Data'] = (serverName +
                                            '\x00').encode('utf-16le')
     transportEnum[
         'TransportInfo'] = '\x00' * 8 + '\x04\x00\x04\x00' + '\x00' * 8
     data = self.doRequest(transportEnum, checkReturn=1)
     ans = WKSSVCNetrWkstaTransportEnumResponse(data)
     data = ans['Array']
     transportList = []
     for i in range(ans['Count']):
         ll = WKSTA_TRANSPORT_INFO_0(data)
         transportList.append(ll)
         data = data[len(ll):]
     for i in range(ans['Count']):
         transName = ndrutils.NDRStringW(data)
         transportList[i]['TransportName'] = transName
         data = data[len(transName):]
         transAddress = ndrutils.NDRStringW(data)
         transportList[i]['TransportAddress'] = transAddress
         data = data[len(transAddress):]
     ans['Array'] = transportList
     return ans
コード例 #7
0
ファイル: svcctl.py プロジェクト: Liljhon241/MITMf
    def OpenServiceW(self, handle, name):
        """
        opens a service

        :param HANDLE handle: a valid HANDLE to the SCM database (see OpenSCManagerW)
        :param UNICODE name: name of the service

        :return: returns an SVCCTLROpenServiceResponse structure with the service handle. Call dump() method to see its contents. On error it raises an exception

        """
        # We MUST receive Unicode data here
        openService = SVCCTLROpenServiceW()
        openService['SCManager'] = handle
        openService['ServiceName'] = ndrutils.NDRStringW()
        openService['ServiceName']['Data'] = (name + '\x00'.encode('utf-16le'))
        openService['DesiredAccess'] = SERVICE_ALL_ACCESS

        ans = self.doRequest(openService, checkReturn=1)
        return SVCCTLROpenServiceResponse(ans)
コード例 #8
0
 def SchRpcRun(self, path):
     rpcRun = ATSVCSchRpcRun()
     rpcRun['Path'] = ndrutils.NDRStringW()
     rpcRun['Path']['Data'] = (path+'\x00').encode('utf-16le')
     packet = self.doRequest(rpcRun, checkReturn = 0)
     return packet