def do_rpc_logic(self): try: resp = rrp.hOpenCurrentUser(self.dce) except Exception: return rrp.hBaseRegSaveKey(self.dce, resp['phKey'], f'\\\\{self.target}\\shmores\\file')
def __retrieveHive(self, hiveName): tmpFileName = ''.join([random.choice(string.letters) for _ in range(8)]) + '.tmp' ans = rrp.hOpenLocalMachine(self.__rrp) regHandle = ans['phKey'] try: ans = rrp.hBaseRegCreateKey(self.__rrp, regHandle, hiveName) except: raise Exception("Can't open %s hive" % hiveName) keyHandle = ans['phkResult'] rrp.hBaseRegSaveKey(self.__rrp, keyHandle, tmpFileName) rrp.hBaseRegCloseKey(self.__rrp, keyHandle) rrp.hBaseRegCloseKey(self.__rrp, regHandle) # Now let's open the remote file, so it can be read later remoteFileName = RemoteFile(self.__smbConnection, 'SYSTEM32\\'+tmpFileName) return remoteFileName
def __retrieve_hive(self, hive_name): temp_filename = '%s' % ''.join( [random.choice(string.letters) for i in range(8)]) ans = rrp.hOpenLocalMachine(self.__rrp) regHandle = ans['phKey'] try: ans = rrp.hBaseRegCreateKey(self.__rrp, regHandle, hive_name) except: raise registryKey('Cannot open %s hive' % hive_name) logger.debug('Saving %s hive to %s' % (hive_name, temp_filename)) keyHandle = ans['phkResult'] resp = rrp.hBaseRegSaveKey(self.__rrp, keyHandle, temp_filename) rrp.hBaseRegCloseKey(self.__rrp, keyHandle) rrp.hBaseRegCloseKey(self.__rrp, regHandle) # Open the temporary remote file, so it can be read later # remote_fp = RemoteFile(self.smb, ntpath.join('\\', temp_filename), share=DataStore.writable_share) remote_fp = RemoteFile(self.smb, ntpath.join('System32', temp_filename), share='ADMIN$') return remote_fp
def save(self, dce, keyName): hRootKey, subKey = self.__strip_root_key(dce, keyName) outputFileName = "%s\%s.save" % (self.__options.outputPath, subKey) logging.debug( "Dumping %s, be patient it can take a while for large hives (e.g. HKLM\SYSTEM)" % keyName) try: ans2 = rrp.hBaseRegOpenKey(dce, hRootKey, subKey, dwOptions=rrp.REG_OPTION_BACKUP_RESTORE | rrp.REG_OPTION_OPEN_LINK, samDesired=rrp.KEY_READ) rrp.hBaseRegSaveKey(dce, ans2['phkResult'], outputFileName) logging.info("Saved %s to %s" % (keyName, outputFileName)) except Exception as e: logging.error("Couldn't save %s: %s" % (keyName, e))
def test_hBaseRegSaveKey(self): dce, rpctransport, phKey = self.connect() resp = rrp.hOpenCurrentUser(dce) resp.dump() resp = rrp.hBaseRegSaveKey(dce,resp['phKey'],'BETUSFILE2\x00') resp.dump() # I gotta remove the file now :s smb = rpctransport.get_smb_connection() smb.deleteFile('ADMIN$', 'System32\\BETUSFILE2')
def test_hBaseRegSaveKey(self): dce, rpctransport, phKey = self.connect() resp = rrp.hOpenCurrentUser(dce) resp.dump() resp = rrp.hBaseRegSaveKey(dce, resp['phKey'], 'BETUSFILE2\x00') resp.dump() # I gotta remove the file now :s smb = rpctransport.get_smb_connection() smb.deleteFile('ADMIN$', 'System32\\BETUSFILE2')