def disable(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() self.rrp = remoteOps._RemoteOperations__rrp if self.rrp is not None: ans = rrp.hOpenLocalMachine(self.rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey( self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest' ) keyHandle = ans['phkResult'] rrp.hBaseRegDeleteValue(self.rrp, keyHandle, 'UseLogonCredential\x00') try: #Check to make sure the reg key is actually deleted rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00') except DCERPCException: self.logger.success( 'UseLogonCredential registry key deleted successfully') try: remoteOps.finish() except: pass
def enable(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() self.rrp = remoteOps._RemoteOperations__rrp if self.rrp is not None: ans = rrp.hOpenLocalMachine(self.rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey( self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest' ) keyHandle = ans['phkResult'] rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, '\x01\x00') rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00') if int(data) == 1: self.logger.success( 'UseLogonCredential registry key created successfully') try: remoteOps.finish() except: pass
def run(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System') keyHandle = ans['phkResult'] dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA') self.logger.success("Enumerating UAC status") if uac_value == 1: self.logger.results('1 - UAC Enabled') elif uac_value == 0: self.logger.results('0 - UAC Disabled') rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle) remoteOps.finish()
def run(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey( remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System') keyHandle = ans['phkResult'] dataType, uac_value = rrp.hBaseRegQueryValue( remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA') print_succ("{} UAC status:".format(self.peer)) if uac_value == 1: print_att('1 - UAC Enabled') elif uac_value == 0: print_att('0 - UAC Disabled') rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle) remoteOps.finish()
def enable(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() self.rrp = remoteOps._RemoteOperations__rrp if self.rrp is not None: ans = rrp.hOpenLocalMachine(self.rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest') keyHandle = ans['phkResult'] rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, '\x01\x00') rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00') if int(data) == 1: print_succ('{} UseLogonCredential registry key created successfully'.format(self.peer)) try: remoteOps.finish() except: pass
def disable(self): remoteOps = RemoteOperations(self.smbconnection, self.doKerb) remoteOps.enableRegistry() self.rrp = remoteOps._RemoteOperations__rrp if self.rrp is not None: ans = rrp.hOpenLocalMachine(self.rrp) regHandle = ans['phKey'] ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest') keyHandle = ans['phkResult'] rrp.hBaseRegDeleteValue(self.rrp, keyHandle, 'UseLogonCredential\x00') try: #Check to make sure the reg key is actually deleted rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00') except DCERPCException: print_succ('{} UseLogonCredential registry key deleted successfully'.format(self.peer)) try: remoteOps.finish() except: pass