def test_BaseRegLoadKey_BaseRegUnLoadKey(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SECURITY\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() request = rrp.BaseRegSaveKey() request['hKey'] = resp['phkResult'] request['lpFile'] = 'SEC\x00' request['pSecurityAttributes'] = NULL resp = dce.request(request) resp.dump() request = rrp.BaseRegLoadKey() request['hKey'] = phKey request['lpSubKey'] = 'BETUS\x00' request['lpFile'] = 'SEC\x00' resp = dce.request(request) resp.dump() request = rrp.BaseRegUnLoadKey() request['hKey'] = phKey request['lpSubKey'] = 'BETUS\x00' resp = dce.request(request) resp.dump() smb = rpctransport.get_smb_connection() smb.deleteFile('ADMIN$', 'System32\\SEC')
def test_BaseRegOpenKey(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump()
def test_hBaseRegEnumKey(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS resp = dce.request(request) resp = rrp.hBaseRegEnumKey(dce, resp['phkResult'], 1 ) resp.dump()
def test_hBaseRegEnumValue(self): dce, rpctransport = self.connect() phKey = self.open_local_machine(dce) request = rrp.BaseRegOpenKey() request['hKey'] = phKey request[ 'lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp = rrp.hBaseRegEnumValue(dce, resp['phkResult'], 6, 100) resp.dump()
def test_BaseRegQueryValue(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) resp.dump() request = rrp.BaseRegQueryValue() request['hKey'] = resp['phkResult'] request['lpValueName'] = 'ProductName\x00' request['lpData'] = b' '*100 request['lpcbData'] = 100 request['lpcbLen'] = 100 resp = dce.request(request) resp.dump()
def test_BaseRegQueryMultipleValues2(self): dce, rpctransport = self.connect() phKey = self.open_local_machine(dce) request = rrp.BaseRegOpenKey() request['hKey'] = phKey request[ 'lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED | rrp.KEY_QUERY_VALUE resp = dce.request(request) resp.dump() request = rrp.BaseRegQueryMultipleValues2() item1 = rrp.RVALENT() item1['ve_valuename'] = 'ProductName\x00' item1['ve_valuelen'] = len('ProductName\x00') item1['ve_valueptr'] = NULL item1['ve_type'] = rrp.REG_SZ item2 = rrp.RVALENT() item2['ve_valuename'] = 'SystemRoot\x00' item2['ve_valuelen'] = len('SystemRoot\x00') item1['ve_valueptr'] = NULL item2['ve_type'] = rrp.REG_SZ item3 = rrp.RVALENT() item3['ve_valuename'] = 'EditionID\x00' item3['ve_valuelen'] = len('EditionID\x00') item3['ve_valueptr'] = NULL item3['ve_type'] = rrp.REG_SZ request['hKey'] = resp['phkResult'] request['val_listIn'].append(item1) request['val_listIn'].append(item2) request['val_listIn'].append(item3) request['num_vals'] = len(request['val_listIn']) request['lpvalueBuf'] = list(b' ' * 128) request['ldwTotsize'] = 128 resp = dce.request(request) resp.dump()
def test_BaseRegEnumKey(self): dce, rpctransport, phKey = self.connect() request = rrp.BaseRegOpenKey() request['hKey'] = phKey request['lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS resp = dce.request(request) request = rrp.BaseRegEnumKey() request['hKey'] = resp['phkResult'] request['dwIndex'] = 1 # I gotta access the fields manually :s request.fields['lpNameIn'].fields['MaximumLength'] = 510 request.fields['lpNameIn'].fields['Data'].fields['Data'].fields['MaximumCount'] = 255 request['lpClassIn'] = ' '*100 request['lpftLastWriteTime'] = NULL resp = dce.request(request) resp.dump()
def test_BaseRegEnumValue(self): dce, rpctransport = self.connect() phKey = self.open_local_machine(dce) request = rrp.BaseRegOpenKey() request['hKey'] = phKey request[ 'lpSubKey'] = 'SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\x00' request['dwOptions'] = 0x00000001 request['samDesired'] = MAXIMUM_ALLOWED resp = dce.request(request) request = rrp.BaseRegEnumValue() request['hKey'] = resp['phkResult'] request['dwIndex'] = 6 request['lpValueNameIn'] = ' ' * 100 request['lpData'] = b' ' * 100 request['lpcbData'] = 100 request['lpcbLen'] = 100 resp = dce.request(request) resp.dump()