def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.survey.cmd.sidlookup', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('SidLookup', 'sidlookup', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True result = Result() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Sid') xml.AddSubElementWithText('Id', result.id) xml.AddSubElementWithText('Name', result.name) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handleDuplicateTokenSteal(msg, output): import mcl.data.env if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True info = ResultSteal() info.Demarshal(msg) try: alias = 'proc%u' % info.id mcl.data.env.SetValue('_USER_%s' % alias, '0x%08x' % info.hUser, globalValue=True) aliasSet = True except: output.RecordError('Failed to set alias for user') aliasSet = False from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Logon') xml.AddAttribute('handle', '0x%08x' % info.hUser) if aliasSet: xml.AddAttribute('alias', alias) output.RecordXml(xml) output.GoToBackground() output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.copy', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Copy', 'copy', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Results') xml.AddSubElementWithText('Source', results.fullSrcPath) xml.AddSubElementWithText('Destination', results.fullDstPath) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.process.cmd.remoteexecute', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('RemoteExecute', 'remoteexecute', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('RemoteProcess') xml.AddSubElementWithText('Id', '%u' % results.processId) xml.AddSubElementWithText('RetVal', '%d' % results.returnValue) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.rmdir', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Rmdir', 'rmdir', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True result = Result() result.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('TargetDir') xml.SetText('%s' % result.fullPath) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.gezu.cmd.GeZu_KernelMemory', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('GeZu_KernelMemory', 'GeZu_KernelMemory', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('GeZu_KernelMemoryResponse') results = Result() results.Demarshal(msg) sub = xml.AddSubElement('MemDump') sub.SetTextAsData(results.memDump) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handleSchedulerDelete(output, msg): from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Deleted') output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.security.cmd.eventlogclear', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('EventLogClear', 'eventlogclear', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True results = Result() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Cleared') if len(results.target) > 0: xml.AddAttribute('target', results.target) xml.SetText(results.logName) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.uptime', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('UpTime', 'uptime', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True data = Result() data.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Uptime') xml.AddTimeElement('Duration', data.upTime) if data.idleTime.GetTimeType() != data.idleTime.MCL_TIME_TYPE_NOT_A_TIME: xml.AddTimeElement('IdleTime', data.idleTime) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.data.env import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.put', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Put', 'put', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: mcl.data.env.SetValue(LP_ENV_PUT_COMPLETE, 'true') return True results = Result() try: results.Demarshal(msg) except: output.RecordError('Failed to get callback parameters') mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true') output.EndWithStatus(mcl.target.CALL_FAILED) return True if len(results.filePath) > 0: from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Results') xml.AddSubElementWithText('File', results.filePath) output.RecordXml(xml) mcl.data.env.SetValue(LP_ENV_FILE_OPENED, 'true') bytesLeft = int(mcl.data.env.GetValue(LP_ENV_BYTES_LEFT)) totalBytes = int(mcl.data.env.GetValue(LP_ENV_FILE_SIZE)) if results.bytesWritten > bytesLeft: output.RecordError('Target reported more data written than is left?!') mcl.data.env.SetValue(LP_ENV_ERROR_ENCOUNTERED, 'true') output.EndWithStatus(mcl.target.CALL_FAILED) return True if results.bytesWritten > 0: bytesLeft -= results.bytesWritten from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Results') xml.AddAttribute('bytesWritten', '%u' % results.bytesWritten) xml.AddAttribute('bytesLeft', '%u' % bytesLeft) xml.AddAttribute('totalBytes', '%u' % totalBytes) output.RecordXml(xml) mcl.data.env.SetValue(LP_ENV_BYTES_LEFT, '%u' % bytesLeft) output.End() return True
def _handleWindowStationData(msg, output): from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('WindowStations') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): return mcl.target.CALL_FAILED submsg = msg.FindMessage(MSG_KEY_RESULT_WINDOW_STATION) info = ResultWindowStations() info.Demarshal(submsg) sub = xml.AddSubElement('WindowStation') sub.AddAttribute('name', info.name) if info.openStatus != 0: error = output.TranslateOsError(info.openStatus) sub.AddAttribute('status', error) else: sub.AddAttribute('flags', '0x%08x' % info.flags) if info.flags & RESULT_WINSTA_FLAG_VISIBLE: sub.AddSubElement('WindowStationFlag_Visible') while submsg.GetNumRetrieved() < submsg.GetCount(): if mcl.CheckForStop(): return mcl.target.CALL_FAILED desktop = submsg.FindString(MSG_KEY_RESULT_WINDOW_STATION_DESKTOP) sub.AddSubElementWithText('Desktop', desktop) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handlePacket(mca, sock, pktSize, tgtParams): import mcl import mcl.tasking import array import socket recvBuffer = array.array('B') i = 0 while i < pktSize: recvBuffer.append(0) i = i + 1 packetToSend = array.array('B') total = 0 while total < pktSize: if mcl.CheckForStop(): mcl.tasking.TaskSetStatus(mcl.target.CALL_FAILED) raise RuntimeError('Context is no longer valid') numRcvd = sock.recv_into(recvBuffer, pktSize - total) if numRcvd == 0: raise socket.error('Connection closed by remote host') i = 0 while i < numRcvd: packetToSend.append(recvBuffer[i]) i = i + 1 total = total + numRcvd from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('PacketData') xml.AddAttribute('size', '%u' % pktSize) xml.SetTextAsData(packetToSend) mcl.tasking.OutputXml(xml) _sendPacket(mca, tgtParams, packetToSend)
def _handleWindowsData(msg, output): from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Windows') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): return mcl.target.CALL_FAILED info = ResultWindowInfo() info.Demarshal(msg) sub = xml.AddSubElement('Window') sub.AddAttribute('hWnd', '0x%x' % info.hWnd) sub.AddAttribute('hParent', '0x%x' % info.hParent) sub.AddAttribute('pid', '%u' % info.owningPid) sub.AddAttribute('title', info.text) sub.AddAttribute('x', '%d' % info.x) sub.AddAttribute('y', '%d' % info.y) sub.AddAttribute('width', '%u' % info.width) sub.AddAttribute('height', '%u' % info.height) if info.flags & RESULT_WININFO_FLAG_IS_VISIBLE: sub.AddSubElement('WindowIsVisible') if info.flags & RESULT_WININFO_FLAG_IS_MINIMIZED: sub.AddSubElement('WindowIsMinimized') output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handleList(namespace, output, msg): import mcl.imports from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuEnumeration') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): return mcl.target.CALL_FAILED result = ResultInstance() result.Demarshal(msg) if result.id != 0: sub = xml.AddSubElement('KiSu') sub.AddAttribute('id', '0x%08x' % result.id) sub.AddAttribute('versionMajor', '%u' % result.versionMajor) sub.AddAttribute('versionMinor', '%u' % result.versionMinor) sub.AddAttribute('versionFix', '%u' % result.versionFix) sub.AddAttribute('versionBuild', '%u' % result.versionBuild) mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.ids', globals()) for name in mcf.kisu.ids.nameTable: if mcf.kisu.ids.nameTable[name] == result.id: sub.AddAttribute('name', name) break output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handleQueryData(msg, output): from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('QueryResponse') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False data = ResultQuery() data.Demarshal(msg) sub = xml.AddSubElement('Resource') sub.AddSubElementWithText('Name', data.name) if data.hasPath: sub.AddSubElementWithText('Path', data.path) type = sub.AddSubElement('Type') if data.admin: type.AddAttribute('admin', 'true') else: type.AddAttribute('admin', 'false') if data.type == RESULT_QUERY_TYPE_DISK: type.SetText('Disk') elif data.type == RESULT_QUERY_TYPE_DEVICE: type.SetText('Device') elif data.type == RESULT_QUERY_TYPE_PRINT: type.SetText('Print') elif data.type == RESULT_QUERY_TYPE_IPC: type.SetText('IPC') else: type.SetText('Unknown') sub.AddSubElementWithText('Caption', data.caption) sub.AddSubElementWithText('Description', data.description) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handlePersistence(namespace, output, msg): from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('KiSuSurveyPersistence') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False result = ResultPersistence() result.Demarshal(msg) sub = xml.AddSubElement('Method') if result.type == RESULT_PERSISTENCE_TYPE_LAUNCHER: sub.AddSubElementWithText('Type', 'DRIVER') elif result.type == RESULT_PERSISTENCE_TYPE_SOTI: sub.AddSubElementWithText('Type', 'SOTI') elif result.type == RESULT_PERSISTENCE_TYPE_JUVI: sub.AddSubElementWithText('Type', 'JUVI') else: sub.AddSubElementWithText('Type', 'UNKNOWN') if result.compatible: sub.AddSubElementWithText('Compatible', 'true') else: sub.AddSubElementWithText('Compatible', 'false') if result.reason != 0: mcl.imports.ImportWithNamespace(namespace, 'mcf.kisu.diba_errors', globals()) if mcf.kisu.diba_errors.errorStrings.has_key(result.reason): reasonStr = mcf.kisu.diba_errors.errorStrings[result.reason] else: reasonStr = 'Unknown (0x%08x)' % result.reason sub.AddSubElementWithText('Reason', reasonStr) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.packetredirect', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('PacketRedirect', 'packetredirect', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) else: from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('PacketSent') output.RecordXml(xml) output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.objects', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Objects', 'objects', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True else: from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Objects') gotValidDir = False objectList = list() sub = None while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_FAILED) return False result = Result() try: result.Demarshal(msg) except: output.RecordXml(xml) raise if result.flags & RESULT_FLAG_DIR_START: _dumpObjects(sub, objectList) _deleteObjects(objectList) sub = xml.AddSubElement('ObjectDirectory') sub.AddAttribute('name', result.name) if result.status != 0: errorStr = output.TranslateOsError(result.status) sub.AddSubElementWithText('QueryFailure', errorStr) else: gotValidDir = True elif sub != None: _addObject(objectList, result) _dumpObjects(sub, objectList) _deleteObjects(objectList) output.RecordXml(xml) if gotValidDir: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) else: output.EndWithStatus(mcl.target.CALL_FAILED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.status.cmd.windows', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Windows', 'windows', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) if input.GetStatus() == ERR_INJECT_SETUP_FAILED or input.GetStatus( ) == ERR_INJECT_FAILED: import mcl.injection.errors output.RecordModuleError(moduleError, 0, errorStrings) output.RecordModuleError(osError, 0, mcl.injection.errors.errorStrings) else: output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Info') xml.SetText('Action completed') output.RecordXml(xml) output.EndWithStatus(input.GetStatus()) return True rtn = mcl.target.CALL_SUCCEEDED for entry in msg: if entry['key'] == MSG_KEY_RESULT_BUTTON: if _handleButtonsData(msg, output) != mcl.target.CALL_SUCCEEDED: rtn = mcl.target.CALL_FAILED elif entry['key'] == MSG_KEY_RESULT_SCREENSHOT: if _handleScreenShotData(msg, output) != mcl.target.CALL_SUCCEEDED: rtn = mcl.target.CALL_FAILED elif entry['key'] == MSG_KEY_RESULT_WINDOW_STATION: if _handleWindowStationData(msg, output) != mcl.target.CALL_SUCCEEDED: rtn = mcl.target.CALL_FAILED elif entry['key'] == MSG_KEY_RESULT_WINDOW_INFO: if _handleWindowsData(msg, output) != mcl.target.CALL_SUCCEEDED: rtn = mcl.target.CALL_FAILED else: output.RecordError('Unhandled data key (0x%08x)' % entry['key']) rtn = mcl.target.CALL_FAILED output.EndWithStatus(rtn) return True
def _handleString(output, msg): results = StringResult() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('String') xml.SetText(results.str) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handleGetFilter(output, msg): results = ResultGetFilter() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Filter') _printFilter(results.adapterFilter, results.filter, xml) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def _handleAdapters(output, msg): if msg.GetCount() == 0: output.RecordError('No status values returned') return mcl.target.CALL_FAILED submsg = msg.FindMessage(MSG_KEY_RESULT_ADAPTERS) results = ResultFilterInfo() results.Demarshal(submsg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('AdaptersInfo') if results.threadRunning: xml.AddAttribute('threadRunning', 'true') else: xml.AddAttribute('threadRunning', 'false') if results.filterActive: xml.AddAttribute('filterActive', 'true') else: xml.AddAttribute('filterActive', 'false') xml.AddAttribute('numAdapters', '%u' % submsg.GetCount(MSG_KEY_RESULT_ADAPTER_NAME)) while submsg.GetNumRetrieved() < submsg.GetCount(): if mcl.CheckForStop(): return mcl.target.CALL_FAILED name = submsg.FindString(MSG_KEY_RESULT_ADAPTER_NAME) xml.AddSubElementWithText('Adapter', name) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def processSuspended(msg, output): if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Suspended') output.RecordXml(xml) output.GoToBackground() output.End() return True
def _handleNoAction(msg, output): results = ResultNoAction() results.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('NoAction') output.RecordXml(xml) if results.cleanup: output.GoToBackground() output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.survey.cmd.registryhive', globals()) mcl.imports.ImportWithNamespace(namespace, 'mca.survey.cmd.registryhive.types', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('RegistryHive', 'registryhive', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('CommandAction') hive = ResultHive() hive.Demarshal(msg) action = 'Unknown' if hive.action == mca.survey.cmd.registryhive.types.ACTION_LOAD: action = 'Load' elif hive.action == mca.survey.cmd.registryhive.types.ACTION_UNLOAD: action = 'Unload' elif hive.action == mca.survey.cmd.registryhive.types.ACTION_SAVE: action = 'Save' xml.AddAttribute('action', action) sub = xml.AddSubElement('Hive') sub.AddAttribute('key', hive.key) sub.AddAttribute('hive', _getHiveString(hive.hive)) sub.AddAttribute('file', hive.file) if hive.permanent: sub.AddAttribute('permanent', 'true') else: sub.AddAttribute('permanent', 'false') output.RecordXml(xml) if action == 'Load' and hive.permanent == False: output.GoToBackground() output.End() return True
def _handleVersion(output, msg): version = ResultVersion() version.Demarshal(msg) from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Version') xml.AddSubElementWithText('Major', '%u' % version.major) xml.AddSubElementWithText('Minor', '%u' % version.minor) xml.AddSubElementWithText('Fix', '%u' % version.fix) output.RecordXml(xml) return mcl.target.CALL_SUCCEEDED
def _handleAuditModifyData(msg, output): if msg.GetCount() == 0: output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('TurnedOff') output.RecordXml(xml) output.GoToBackground() output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.file.cmd.drives', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Drives', 'drives', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('Drives') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_FAILED) return False data = Result() data.Demarshal(msg) sub = xml.AddSubElement('Drive') sub.AddSubElementWithText('Path', data.location) sub.AddSubElementWithText('Type', _getDriveType(data.type)) if len(data.source) > 0: sub.AddSubElementWithText('Source', data.source) if len(data.filesystem) > 0: sub.AddSubElementWithText('FileSystem', data.filesystem) if len(data.options) > 0: sub.AddSubElementWithText('Options', data.options) if data.maxComponentLength > 0: sub.AddSubElementWithText('MaximumComponentLength', '%u' % data.maxComponentLength) if data.volumeSerialNumber != 0: sub.AddSubElementWithText( 'SerialNumber', '%04x-%04x' % (data.volumeSerialNumber >> 16 & 65535, data.volumeSerialNumber & 65535)) if data.flags != 0: _addFlags(sub, data.flags) output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.arp', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Arp', 'arp', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True else: if msg.GetCount() == 0: output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() initialResult = Result() initialResult.Demarshal(msg) moreData = initialResult.moreData xml.Start('ArpEntries') if initialResult.listType == RESULT_INITIAL_LIST: xml.AddSubElement('ArpHeader') _addArpEntry(xml, initialResult) while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False result = Result() result.Demarshal(msg) moreData = result.moreData _addArpEntry(xml, result) output.RecordXml(xml) if moreData: if initialResult.listType == RESULT_INITIAL_LIST: output.GoToBackground() output.End() return True output.SetTaskStatus(mcl.target.CALL_SUCCEEDED) output.End() return True
def DataHandlerMain(namespace, InputFilename, OutputFilename): import mcl.imports import mcl.data.Input import mcl.data.Output import mcl.msgtype import mcl.status import mcl.target import mcl.object.Message mcl.imports.ImportNamesWithNamespace(namespace, 'mca.network.cmd.ping', globals()) input = mcl.data.Input.GetInput(InputFilename) output = mcl.data.Output.StartOutput(OutputFilename, input) output.Start('Ping', 'ping', []) msg = mcl.object.Message.DemarshalMessage(input.GetData()) if input.GetStatus() != mcl.status.MCL_SUCCESS: errorMsg = msg.FindMessage(mcl.object.Message.MSG_KEY_RESULT_ERROR) moduleError = errorMsg.FindU32( mcl.object.Message.MSG_KEY_RESULT_ERROR_MODULE) osError = errorMsg.FindU32(mcl.object.Message.MSG_KEY_RESULT_ERROR_OS) output.RecordModuleError(moduleError, osError, errorStrings) output.EndWithStatus(input.GetStatus()) return True from mcl.object.XmlOutput import XmlOutput xml = XmlOutput() xml.Start('PingResponse') while msg.GetNumRetrieved() < msg.GetCount(): if mcl.CheckForStop(): output.EndWithStatus(mcl.target.CALL_FAILED) return False results = Result() results.Demarshal(msg) sub = xml.AddSubElement('Response') sub.AddTimeElement('Elapsed', results.time) sub.AddAttribute('length', '%u' % len(results.rawData)) if results.ttl != 0: sub.AddAttribute('ttl', '%u' % results.ttl) dataSub = sub.AddSubElement('Data') dataSub.SetTextAsData(results.rawData) sub.AddAddressIP('FromAddr', results.fromAddr) sub.AddAddressIP('ToAddr', results.toAddr) if results.type == REPLY_TYPE_REPLY: sub.AddAttribute('type', 'REPLY') elif results.type == REPLY_TYPE_DEST_UNREACH: sub.AddAttribute('type', 'DESTINATION_UNREACHABLE') else: sub.AddAttribute('type', 'UNKNOWN') output.RecordXml(xml) output.EndWithStatus(mcl.target.CALL_SUCCEEDED) return True