def __scmr_change(self, display=None, path=None, service_type=None, start_type=None, start_name=None, password=None): ''' Change the configuration of a service ''' if start_type is not None: start_type = int(start_type) else: start_type = scmr.SERVICE_NO_CHANGE if service_type is not None: service_type = int(service_type) else: service_type = scmr.SERVICE_NO_CHANGE if display is not None: display = '%s\x00' % display else: display = NULL if path is not None: path = '%s\x00' % path else: path = NULL if start_name is not None: start_name = '%s\x00' % start_name else: start_name = NULL if password is not None: s = self.trans.get_smb_connection() key = s.getSessionKey() password = ('%s\x00' % password).encode('utf-16le') password = encryptSecret(key, password) else: password = NULL scmr.hRChangeServiceConfigW(self.__rpc, self.__service_handle, service_type, start_type, scmr.SERVICE_ERROR_IGNORE, path, NULL, NULL, NULL, 0, start_name, password, 0, display)
dwDependSize = 0 lpServiceStartName = '.\\Administrator\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpServiceStartName = NULL if self.__class__.__name__ == 'SMBTransport': lpPassword = '******'.encode('utf-16le') s = rpctransport.get_smb_connection() key = s.getSessionKey() lpPassword = encryptSecret(key, lpPassword) dwPwSize = len(lpPassword) self.changeServiceAndQuery( dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpPassword = NULL dwPwSize = 0 lpDisplayName = 'MANOLO\x00' self.changeServiceAndQuery( dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName)
def doStuff(self, rpctransport): dce = rpctransport.get_dce_rpc() #dce.set_credentials(self.__username, self.__password) dce.connect() #dce.set_max_fragment_size(1) #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) dce.bind(scmr.MSRPC_UUID_SCMR) #rpc = svcctl.DCERPCSvcCtl(dce) rpc = dce ans = scmr.hROpenSCManagerW(rpc) scManagerHandle = ans['lpScHandle'] if self.__action != 'LIST' and self.__action != 'CREATE': ans = scmr.hROpenServiceW(rpc, scManagerHandle, self.__options.name + '\x00') serviceHandle = ans['lpServiceHandle'] if self.__action == 'START': logging.info("Starting service %s" % self.__options.name) scmr.hRStartServiceW(rpc, serviceHandle) scmr.hRCloseServiceHandle(rpc, serviceHandle) elif self.__action == 'STOP': logging.info("Stopping service %s" % self.__options.name) scmr.hRControlService(rpc, serviceHandle, scmr.SERVICE_CONTROL_STOP) scmr.hRCloseServiceHandle(rpc, serviceHandle) elif self.__action == 'DELETE': logging.info("Deleting service %s" % self.__options.name) scmr.hRDeleteService(rpc, serviceHandle) scmr.hRCloseServiceHandle(rpc, serviceHandle) elif self.__action == 'CONFIG': logging.info("Querying service config for %s" % self.__options.name) resp = scmr.hRQueryServiceConfigW(rpc, serviceHandle) print("TYPE : %2d - " % resp['lpServiceConfig']['dwServiceType'], end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x1: print("SERVICE_KERNEL_DRIVER ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x2: print("SERVICE_FILE_SYSTEM_DRIVER ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x10: print("SERVICE_WIN32_OWN_PROCESS ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x20: print("SERVICE_WIN32_SHARE_PROCESS ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x100: print("SERVICE_INTERACTIVE_PROCESS ", end=' ') print("") print("START_TYPE : %2d - " % resp['lpServiceConfig']['dwStartType'], end=' ') if resp['lpServiceConfig']['dwStartType'] == 0x0: print("BOOT START") elif resp['lpServiceConfig']['dwStartType'] == 0x1: print("SYSTEM START") elif resp['lpServiceConfig']['dwStartType'] == 0x2: print("AUTO START") elif resp['lpServiceConfig']['dwStartType'] == 0x3: print("DEMAND START") elif resp['lpServiceConfig']['dwStartType'] == 0x4: print("DISABLED") else: print("UNKNOWN") print("ERROR_CONTROL : %2d - " % resp['lpServiceConfig']['dwErrorControl'], end=' ') if resp['lpServiceConfig']['dwErrorControl'] == 0x0: print("IGNORE") elif resp['lpServiceConfig']['dwErrorControl'] == 0x1: print("NORMAL") elif resp['lpServiceConfig']['dwErrorControl'] == 0x2: print("SEVERE") elif resp['lpServiceConfig']['dwErrorControl'] == 0x3: print("CRITICAL") else: print("UNKNOWN") print("BINARY_PATH_NAME : %s" % resp['lpServiceConfig']['lpBinaryPathName'][:-1]) print("LOAD_ORDER_GROUP : %s" % resp['lpServiceConfig']['lpLoadOrderGroup'][:-1]) print("TAG : %d" % resp['lpServiceConfig']['dwTagId']) print("DISPLAY_NAME : %s" % resp['lpServiceConfig']['lpDisplayName'][:-1]) print("DEPENDENCIES : %s" % resp['lpServiceConfig']['lpDependencies'][:-1]) print("SERVICE_START_NAME: %s" % resp['lpServiceConfig']['lpServiceStartName'][:-1]) elif self.__action == 'STATUS': print("Querying status for %s" % self.__options.name) resp = scmr.hRQueryServiceStatus(rpc, serviceHandle) print("%30s - " % self.__options.name, end=' ') state = resp['lpServiceStatus']['dwCurrentState'] if state == scmr.SERVICE_CONTINUE_PENDING: print("CONTINUE PENDING") elif state == scmr.SERVICE_PAUSE_PENDING: print("PAUSE PENDING") elif state == scmr.SERVICE_PAUSED: print("PAUSED") elif state == scmr.SERVICE_RUNNING: print("RUNNING") elif state == scmr.SERVICE_START_PENDING: print("START PENDING") elif state == scmr.SERVICE_STOP_PENDING: print("STOP PENDING") elif state == scmr.SERVICE_STOPPED: print("STOPPED") else: print("UNKNOWN") elif self.__action == 'LIST': logging.info("Listing services available on target") #resp = rpc.EnumServicesStatusW(scManagerHandle, svcctl.SERVICE_WIN32_SHARE_PROCESS ) #resp = rpc.EnumServicesStatusW(scManagerHandle, svcctl.SERVICE_WIN32_OWN_PROCESS ) #resp = rpc.EnumServicesStatusW(scManagerHandle, serviceType = svcctl.SERVICE_FILE_SYSTEM_DRIVER, serviceState = svcctl.SERVICE_STATE_ALL ) resp = scmr.hREnumServicesStatusW(rpc, scManagerHandle) for i in range(len(resp)): print("%30s - %70s - " % (resp[i]['lpServiceName'][:-1], resp[i]['lpDisplayName'][:-1]), end=' ') state = resp[i]['ServiceStatus']['dwCurrentState'] if state == scmr.SERVICE_CONTINUE_PENDING: print("CONTINUE PENDING") elif state == scmr.SERVICE_PAUSE_PENDING: print("PAUSE PENDING") elif state == scmr.SERVICE_PAUSED: print("PAUSED") elif state == scmr.SERVICE_RUNNING: print("RUNNING") elif state == scmr.SERVICE_START_PENDING: print("START PENDING") elif state == scmr.SERVICE_STOP_PENDING: print("STOP PENDING") elif state == scmr.SERVICE_STOPPED: print("STOPPED") else: print("UNKNOWN") print("Total Services: %d" % len(resp)) elif self.__action == 'CREATE': logging.info("Creating service %s" % self.__options.name) scmr.hRCreateServiceW(rpc, scManagerHandle, self.__options.name + '\x00', self.__options.display + '\x00', lpBinaryPathName=self.__options.path + '\x00') elif self.__action == 'CHANGE': logging.info("Changing service config for %s" % self.__options.name) if self.__options.start_type is not None: start_type = int(self.__options.start_type) else: start_type = scmr.SERVICE_NO_CHANGE if self.__options.service_type is not None: service_type = int(self.__options.service_type) else: service_type = scmr.SERVICE_NO_CHANGE if self.__options.display is not None: display = self.__options.display + '\x00' else: display = NULL if self.__options.path is not None: path = self.__options.path + '\x00' else: path = NULL if self.__options.start_name is not None: start_name = self.__options.start_name + '\x00' else: start_name = NULL if self.__options.password is not None: s = rpctransport.get_smb_connection() key = s.getSessionKey() try: password = (self.__options.password + '\x00').encode('utf-16le') except UnicodeDecodeError: import sys password = (self.__options.password + '\x00').decode( sys.getfilesystemencoding()).encode('utf-16le') password = encryptSecret(key, password) else: password = NULL #resp = scmr.hRChangeServiceConfigW(rpc, serviceHandle, display, path, service_type, start_type, start_name, password) scmr.hRChangeServiceConfigW(rpc, serviceHandle, service_type, start_type, scmr.SERVICE_ERROR_IGNORE, path, NULL, NULL, NULL, 0, start_name, password, 0, display) scmr.hRCloseServiceHandle(rpc, serviceHandle) else: logging.error("Unknown action %s" % self.__action) scmr.hRCloseServiceHandle(rpc, scManagerHandle) dce.disconnect() return
lpDependencies = 'RemoteRegistry\x00\x00'.encode('utf-16le') dwDependSize = len(lpDependencies) self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpDependencies = NULL dwDependSize = 0 lpServiceStartName = '.\\Administrator\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpServiceStartName = NULL if self.__class__.__name__ == 'SMBTransport': lpPassword = '******'.encode('utf-16le') s = rpctransport.get_smb_connection() key = s.getSessionKey() lpPassword = encryptSecret(key, lpPassword) dwPwSize = len(lpPassword) self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpPassword = NULL dwPwSize = 0 lpDisplayName = 'MANOLO\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpDisplayName = NULL resp = scmr.hRDeleteService(dce, newHandle) resp = scmr.hRCloseServiceHandle(dce, newHandle) resp = scmr.hRCloseServiceHandle(dce, scHandle) def test_query(self): dce, rpctransport, scHandle = self.connect()
def test_create_change_delete(self): dce, rpctransport, scHandle = self.connect() ##################### # Create / Change / Query / Delete a service lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] # Aca hay que chequear cada uno de los items cbBufSize = 0 try: resp = scmr.hRQueryServiceConfigW(dce, newHandle) except Exception as e: if str(e).find('ERROR_INSUFFICIENT_BUFFER') <= 0: raise else: resp = e.get_packet() resp.dump() cbBufSize = resp['pcbBytesNeeded']+100 # Now that we have cbBufSize, let's start changing everything on the service dwServiceType = scmr.SERVICE_WIN32_SHARE_PROCESS dwStartType = scmr.SERVICE_NO_CHANGE dwErrorControl = scmr.SERVICE_NO_CHANGE lpBinaryPathName = NULL lpLoadOrderGroup = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 lpDisplayName = NULL lpdwTagId = NULL self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) dwServiceType = scmr.SERVICE_NO_CHANGE dwStartType = scmr.SERVICE_DISABLED self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) dwStartType = scmr.SERVICE_NO_CHANGE dwErrorControl = scmr.SERVICE_ERROR_SEVERE self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) dwErrorControl = scmr.SERVICE_NO_CHANGE lpBinaryPathName = 'BETOBETO\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpBinaryPathName = NULL lpLoadOrderGroup = 'KKKK\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpLoadOrderGroup = NULL #lpdwTagId = [0] #self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) #lpdwTagId = '' lpDependencies = 'RemoteRegistry\x00\x00'.encode('utf-16le') dwDependSize = len(lpDependencies) self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpDependencies = NULL dwDependSize = 0 lpServiceStartName = '.\\Administrator\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpServiceStartName = NULL if self.__class__.__name__ == 'SMBTransport': lpPassword = '******'.encode('utf-16le') s = rpctransport.get_smb_connection() key = s.getSessionKey() lpPassword = encryptSecret(key, lpPassword) dwPwSize = len(lpPassword) self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) lpPassword = NULL dwPwSize = 0 lpDisplayName = 'MANOLO\x00' self.changeServiceAndQuery(dce, cbBufSize, newHandle, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize, lpDisplayName) scmr.hRDeleteService(dce, newHandle) scmr.hRCloseServiceHandle(dce, newHandle) scmr.hRCloseServiceHandle(dce, scHandle)
def doStuff(self, rpctransport): dce = rpctransport.get_dce_rpc() #dce.set_credentials(self.__username, self.__password) dce.connect() #dce.set_max_fragment_size(1) #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_PRIVACY) #dce.set_auth_level(ntlm.NTLM_AUTH_PKT_INTEGRITY) dce.bind(scmr.MSRPC_UUID_SCMR) #rpc = svcctl.DCERPCSvcCtl(dce) rpc = dce ans = scmr.hROpenSCManagerW(rpc) scManagerHandle = ans['lpScHandle'] if self.__action != 'LIST' and self.__action != 'CREATE': ans = scmr.hROpenServiceW(rpc, scManagerHandle, self.__options.name+'\x00') serviceHandle = ans['lpServiceHandle'] if self.__action == 'START': logging.info("Starting service %s" % self.__options.name) scmr.hRStartServiceW(rpc, serviceHandle) scmr.hRCloseServiceHandle(rpc, serviceHandle) elif self.__action == 'STOP': logging.info("Stopping service %s" % self.__options.name) scmr.hRControlService(rpc, serviceHandle, scmr.SERVICE_CONTROL_STOP) scmr.hRCloseServiceHandle(rpc, serviceHandle) elif self.__action == 'DELETE': logging.info("Deleting service %s" % self.__options.name) scmr.hRDeleteService(rpc, serviceHandle) scmr.hRCloseServiceHandle(rpc, serviceHandle) elif self.__action == 'CONFIG': logging.info("Querying service config for %s" % self.__options.name) resp = scmr.hRQueryServiceConfigW(rpc, serviceHandle) print("TYPE : %2d - " % resp['lpServiceConfig']['dwServiceType'], end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x1: print("SERVICE_KERNEL_DRIVER ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x2: print("SERVICE_FILE_SYSTEM_DRIVER ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x10: print("SERVICE_WIN32_OWN_PROCESS ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x20: print("SERVICE_WIN32_SHARE_PROCESS ", end=' ') if resp['lpServiceConfig']['dwServiceType'] & 0x100: print("SERVICE_INTERACTIVE_PROCESS ", end=' ') print("") print("START_TYPE : %2d - " % resp['lpServiceConfig']['dwStartType'], end=' ') if resp['lpServiceConfig']['dwStartType'] == 0x0: print("BOOT START") elif resp['lpServiceConfig']['dwStartType'] == 0x1: print("SYSTEM START") elif resp['lpServiceConfig']['dwStartType'] == 0x2: print("AUTO START") elif resp['lpServiceConfig']['dwStartType'] == 0x3: print("DEMAND START") elif resp['lpServiceConfig']['dwStartType'] == 0x4: print("DISABLED") else: print("UNKNOWN") print("ERROR_CONTROL : %2d - " % resp['lpServiceConfig']['dwErrorControl'], end=' ') if resp['lpServiceConfig']['dwErrorControl'] == 0x0: print("IGNORE") elif resp['lpServiceConfig']['dwErrorControl'] == 0x1: print("NORMAL") elif resp['lpServiceConfig']['dwErrorControl'] == 0x2: print("SEVERE") elif resp['lpServiceConfig']['dwErrorControl'] == 0x3: print("CRITICAL") else: print("UNKNOWN") print("BINARY_PATH_NAME : %s" % resp['lpServiceConfig']['lpBinaryPathName'][:-1]) print("LOAD_ORDER_GROUP : %s" % resp['lpServiceConfig']['lpLoadOrderGroup'][:-1]) print("TAG : %d" % resp['lpServiceConfig']['dwTagId']) print("DISPLAY_NAME : %s" % resp['lpServiceConfig']['lpDisplayName'][:-1]) print("DEPENDENCIES : %s" % resp['lpServiceConfig']['lpDependencies'][:-1]) print("SERVICE_START_NAME: %s" % resp['lpServiceConfig']['lpServiceStartName'][:-1]) elif self.__action == 'STATUS': print("Querying status for %s" % self.__options.name) resp = scmr.hRQueryServiceStatus(rpc, serviceHandle) print("%30s - " % self.__options.name, end=' ') state = resp['lpServiceStatus']['dwCurrentState'] if state == scmr.SERVICE_CONTINUE_PENDING: print("CONTINUE PENDING") elif state == scmr.SERVICE_PAUSE_PENDING: print("PAUSE PENDING") elif state == scmr.SERVICE_PAUSED: print("PAUSED") elif state == scmr.SERVICE_RUNNING: print("RUNNING") elif state == scmr.SERVICE_START_PENDING: print("START PENDING") elif state == scmr.SERVICE_STOP_PENDING: print("STOP PENDING") elif state == scmr.SERVICE_STOPPED: print("STOPPED") else: print("UNKNOWN") elif self.__action == 'LIST': logging.info("Listing services available on target") #resp = rpc.EnumServicesStatusW(scManagerHandle, svcctl.SERVICE_WIN32_SHARE_PROCESS ) #resp = rpc.EnumServicesStatusW(scManagerHandle, svcctl.SERVICE_WIN32_OWN_PROCESS ) #resp = rpc.EnumServicesStatusW(scManagerHandle, serviceType = svcctl.SERVICE_FILE_SYSTEM_DRIVER, serviceState = svcctl.SERVICE_STATE_ALL ) resp = scmr.hREnumServicesStatusW(rpc, scManagerHandle) for i in range(len(resp)): print("%30s - %70s - " % (resp[i]['lpServiceName'][:-1], resp[i]['lpDisplayName'][:-1]), end=' ') state = resp[i]['ServiceStatus']['dwCurrentState'] if state == scmr.SERVICE_CONTINUE_PENDING: print("CONTINUE PENDING") elif state == scmr.SERVICE_PAUSE_PENDING: print("PAUSE PENDING") elif state == scmr.SERVICE_PAUSED: print("PAUSED") elif state == scmr.SERVICE_RUNNING: print("RUNNING") elif state == scmr.SERVICE_START_PENDING: print("START PENDING") elif state == scmr.SERVICE_STOP_PENDING: print("STOP PENDING") elif state == scmr.SERVICE_STOPPED: print("STOPPED") else: print("UNKNOWN") print("Total Services: %d" % len(resp)) elif self.__action == 'CREATE': logging.info("Creating service %s" % self.__options.name) scmr.hRCreateServiceW(rpc, scManagerHandle, self.__options.name + '\x00', self.__options.display + '\x00', lpBinaryPathName=self.__options.path + '\x00') elif self.__action == 'CHANGE': logging.info("Changing service config for %s" % self.__options.name) if self.__options.start_type is not None: start_type = int(self.__options.start_type) else: start_type = scmr.SERVICE_NO_CHANGE if self.__options.service_type is not None: service_type = int(self.__options.service_type) else: service_type = scmr.SERVICE_NO_CHANGE if self.__options.display is not None: display = self.__options.display + '\x00' else: display = NULL if self.__options.path is not None: path = self.__options.path + '\x00' else: path = NULL if self.__options.start_name is not None: start_name = self.__options.start_name + '\x00' else: start_name = NULL if self.__options.password is not None: s = rpctransport.get_smb_connection() key = s.getSessionKey() try: password = (self.__options.password+'\x00').encode('utf-16le') except UnicodeDecodeError: import sys password = (self.__options.password+'\x00').decode(sys.getfilesystemencoding()).encode('utf-16le') password = encryptSecret(key, password) else: password = NULL #resp = scmr.hRChangeServiceConfigW(rpc, serviceHandle, display, path, service_type, start_type, start_name, password) scmr.hRChangeServiceConfigW(rpc, serviceHandle, service_type, start_type, scmr.SERVICE_ERROR_IGNORE, path, NULL, NULL, NULL, 0, start_name, password, 0, display) scmr.hRCloseServiceHandle(rpc, serviceHandle) else: logging.error("Unknown action %s" % self.__action) scmr.hRCloseServiceHandle(rpc, scManagerHandle) dce.disconnect() return
def crypt(string,password): try: return crypto.encryptSecret(password,string) except Exception as e: print e