def dumptab_nt_objects(self): for child in ntobj("\\").get_all_child_objects(): print child.as_tab()
try: hd = win32service.OpenDesktop(d, 0, False, win32con.READ_CONTROL) s = win32security.GetKernelObjectSecurity(hd, win32security.OWNER_SECURITY_INFORMATION | win32security.GROUP_SECURITY_INFORMATION | win32security.DACL_SECURITY_INFORMATION) s = sd('desktop', s) print s.as_text() except pywintypes.error,details: print "[E] Can't get READ_CONTROL desktop handle: %s" % details print # # Objects # print print "[-] Objects" print root = ntobj("\\") for child in root.get_all_child_objects(): print child.as_text() if (child.get_type() == "Semaphore" or child.get_type() == "Event" or child.get_type() == "Mutant" or child.get_type() == "Timer" or child.get_type() == "Section" or child.get_type() == "Device" or child.get_type() == "SymbolicLink" or child.get_type() == "Key" or child.get_type() == "Directory") and child.get_sd(): print child.get_sd().as_text() else: print "Skipping unknown object type: %s" % child.get_type() print # Type - can't open # Device - can open, has sd # SymbolicLink - can open, has sd # TODO is this redundant now we have --dumptab? def dump_all_files(self): # Record info about all directories