def test_create_change_delete(self): dce, rpctransport, scHandle = self.connect() ##################### # Create / Change / Query / Delete a service lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] # Aca hay que chequear cada uno de los items cbBufSize = 0 try: resp = scmr.hRQueryServiceConfigW(dce, newHandle) except Exception, e: if str(e).find('ERROR_INSUFFICIENT_BUFFER') <= 0: raise else: resp = e.get_packet()
def test_create_change_delete(self): dce, rpctransport, scHandle = self.connect() ##################### # Create / Change / Query / Delete a service lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW( dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] # Aca hay que chequear cada uno de los items cbBufSize = 0 try: resp = scmr.hRQueryServiceConfigW(dce, newHandle) except Exception, e: if str(e).find('ERROR_INSUFFICIENT_BUFFER') <= 0: raise else: resp = e.get_packet()
def test_RChangeServiceConfig2W(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW( dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] error = False try: request = scmr.RChangeServiceConfig2W() request['hService'] = newHandle request['Info']['dwInfoLevel'] = 1 request['Info']['Union']['tag'] = 1 request['Info']['Union']['psd']['lpDescription'] = u'betobeto\x00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psd']['lpDescription']) request['Info']['dwInfoLevel'] = 2 request['Info']['Union']['tag'] = 2 request['Info']['Union']['psfa']['lpRebootMsg'] = u'rebootMsg\00' request['Info']['Union']['psfa']['lpCommand'] = u'lpCommand\00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psfa']['lpRebootMsg']) request['Info']['dwInfoLevel'] = 3 request['Info']['Union']['tag'] = 3 request['Info']['Union']['psda']['fDelayedAutostart'] = 1 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psda']['fDelayedAutostart']) request['Info']['dwInfoLevel'] = 4 request['Info']['Union']['tag'] = 4 request['Info']['Union']['psfaf'][ 'fFailureActionsOnNonCrashFailures'] = 1 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psfaf'] ['fFailureActionsOnNonCrashFailures']) request['Info']['dwInfoLevel'] = 5 request['Info']['Union']['tag'] = 5 request['Info']['Union']['pssid']['dwServiceSidType'] = 1 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['pssid']['dwServiceSidType']) request['Info']['dwInfoLevel'] = 6 request['Info']['Union']['tag'] = 6 request['Info']['Union']['psrp']['pRequiredPrivileges'] = list( u'SeAssignPrimaryTokenPrivilege\x00\x00'.encode('utf-16le')) resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psrp']['pRequiredPrivileges']) request['Info']['dwInfoLevel'] = 7 request['Info']['Union']['tag'] = 7 request['Info']['Union']['psps']['dwPreshutdownTimeout'] = 22 resp = dce.request(request) self.changeServiceAndQuery2( dce, request, request['Info']['Union']['psps']['dwPreshutdownTimeout']) request['Info']['dwInfoLevel'] = 8 request['Info']['Union']['tag'] = 8 #request.dump() trigger = scmr.SERVICE_TRIGGER() trigger['dwTriggerType'] = scmr.SERVICE_TRIGGER_TYPE_DOMAIN_JOIN trigger['dwAction'] = scmr.SERVICE_TRIGGER_ACTION_SERVICE_START trigger['pTriggerSubtype'] = string_to_bin(scmr.DOMAIN_JOIN_GUID) item = scmr.SERVICE_TRIGGER_SPECIFIC_DATA_ITEM() item['dwDataType'] = scmr.SERVICE_TRIGGER_DATA_TYPE_STRING item['pData'] = list(u'FREEFLY\x00'.encode('utf-16le')) #trigger['pDataItems'].append(item) trigger['pDataItems'] = NULL request['Info']['Union']['psti']['pTriggers'].append(trigger) resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, '\x00') request['Info']['dwInfoLevel'] = 9 request['Info']['Union']['tag'] = 9 request['Info']['Union']['pspn']['usPreferredNode'] = 22 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pspn']['usPreferredNode']) request['Info']['dwInfoLevel'] = 10 request['Info']['Union']['tag'] = 10 request['Info']['Union']['psri']['eLowestRunLevel'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psri']['eLowestRunLevel']) request['Info']['dwInfoLevel'] = 11 request['Info']['Union']['tag'] = 11 request['Info']['Union']['psma']['fIsManagedAccount'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psma']['fIsManagedAccount']) except Exception, e: import traceback traceback.print_exc() print e error = True pass
resp = scmr.hROpenServiceW(self.rpcsvc, handle, self.__service_name+'\x00') except Exception, e: if str(e).find('ERROR_SERVICE_DOES_NOT_EXIST') >= 0: # We're good, pass the exception pass else: raise e else: # It exists, remove it scmr.hRDeleteService(self.rpcsvc, resp['lpServiceHandle']) scmr.hRCloseServiceHandle(self.rpcsvc, resp['lpServiceHandle']) # Create the service command = '%s\\%s' % (path, self.__binary_service_name) try: resp = scmr.hRCreateServiceW(self.rpcsvc, handle,self.__service_name + '\x00', self.__service_name + '\x00', lpBinaryPathName=command + '\x00') except: LOG.critical("Error creating service %s on %s" % (self.__service_name, self.connection.getRemoteHost())) raise else: return resp['lpServiceHandle'] def openSvcManager(self): LOG.info("Opening SVCManager on %s....." % self.connection.getRemoteHost()) # Setup up a DCE SMBTransport with the connection already in place self._rpctransport = transport.SMBTransport(self.connection.getRemoteHost(), self.connection.getRemoteHost(),filename = r'\svcctl', smb_connection = self.connection) self.rpcsvc = self._rpctransport.get_dce_rpc() self.rpcsvc.connect() self.rpcsvc.bind(scmr.MSRPC_UUID_SCMR) try: resp = scmr.hROpenSCManagerW(self.rpcsvc)
if str(e).find('ERROR_SERVICE_DOES_NOT_EXIST') >= 0: # We're good, pass the exception pass else: raise e else: # It exists, remove it scmr.hRDeleteService(self.rpcsvc, resp['lpServiceHandle']) scmr.hRCloseServiceHandle(self.rpcsvc, resp['lpServiceHandle']) # Create the service command = '%s\\%s' % (path, self.__binary_service_name) try: resp = scmr.hRCreateServiceW(self.rpcsvc, handle, self.__service_name + '\x00', self.__service_name + '\x00', lpBinaryPathName=command + '\x00') except: LOG.critical( "Error creating service %s on %s" % (self.__service_name, self.connection.getRemoteHost())) raise else: return resp['lpServiceHandle'] def openSvcManager(self): LOG.info("Opening SVCManager on %s....." % self.connection.getRemoteHost()) # Setup up a DCE SMBTransport with the connection already in place self._rpctransport = transport.SMBTransport(
def test_RChangeServiceConfig2W(self): dce, rpctransport, scHandle = self.connect() lpServiceName = 'TESTSVC\x00' lpDisplayName = 'DisplayName\x00' dwDesiredAccess = scmr.SERVICE_ALL_ACCESS dwServiceType = scmr.SERVICE_WIN32_OWN_PROCESS dwStartType = scmr.SERVICE_DEMAND_START dwErrorControl = scmr.SERVICE_ERROR_NORMAL lpBinaryPathName = 'binaryPath\x00' lpLoadOrderGroup = NULL lpdwTagId = NULL lpDependencies = NULL dwDependSize = 0 lpServiceStartName = NULL lpPassword = NULL dwPwSize = 0 resp = scmr.hRCreateServiceW(dce, scHandle, lpServiceName, lpDisplayName, dwDesiredAccess, dwServiceType, dwStartType, dwErrorControl, lpBinaryPathName, lpLoadOrderGroup, lpdwTagId, lpDependencies, dwDependSize, lpServiceStartName, lpPassword, dwPwSize) resp.dump() newHandle = resp['lpServiceHandle'] error = False try: request = scmr.RChangeServiceConfig2W() request['hService'] = newHandle request['Info']['dwInfoLevel'] = 1 request['Info']['Union']['tag'] = 1 request['Info']['Union']['psd']['lpDescription'] = u'betobeto\x00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psd']['lpDescription']) request['Info']['dwInfoLevel'] = 2 request['Info']['Union']['tag'] = 2 request['Info']['Union']['psfa']['lpRebootMsg'] = u'rebootMsg\00' request['Info']['Union']['psfa']['lpCommand'] = u'lpCommand\00' resp = dce.request(request) resp.dump() self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psfa']['lpRebootMsg']) request['Info']['dwInfoLevel'] = 3 request['Info']['Union']['tag'] = 3 request['Info']['Union']['psda']['fDelayedAutostart'] = 1 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psda']['fDelayedAutostart']) request['Info']['dwInfoLevel'] = 4 request['Info']['Union']['tag'] = 4 request['Info']['Union']['psfaf']['fFailureActionsOnNonCrashFailures'] = 1 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psfaf']['fFailureActionsOnNonCrashFailures']) request['Info']['dwInfoLevel'] = 5 request['Info']['Union']['tag'] = 5 request['Info']['Union']['pssid']['dwServiceSidType'] = 1 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pssid']['dwServiceSidType']) request['Info']['dwInfoLevel'] = 6 request['Info']['Union']['tag'] = 6 request['Info']['Union']['psrp']['pRequiredPrivileges'] = list(u'SeAssignPrimaryTokenPrivilege\x00\x00'.encode('utf-16le')) resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psrp']['pRequiredPrivileges']) request['Info']['dwInfoLevel'] = 7 request['Info']['Union']['tag'] = 7 request['Info']['Union']['psps']['dwPreshutdownTimeout'] = 22 resp = dce.request(request) self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psps']['dwPreshutdownTimeout']) request['Info']['dwInfoLevel'] = 8 request['Info']['Union']['tag'] = 8 #request.dump() trigger = scmr.SERVICE_TRIGGER() trigger['dwTriggerType'] = scmr.SERVICE_TRIGGER_TYPE_DOMAIN_JOIN trigger['dwAction'] = scmr.SERVICE_TRIGGER_ACTION_SERVICE_START trigger['pTriggerSubtype'] = string_to_bin(scmr.DOMAIN_JOIN_GUID) item = scmr.SERVICE_TRIGGER_SPECIFIC_DATA_ITEM() item['dwDataType'] = scmr.SERVICE_TRIGGER_DATA_TYPE_STRING item['pData'] = list(u'FREEFLY\x00'.encode('utf-16le')) #trigger['pDataItems'].append(item) trigger['pDataItems'] = NULL request['Info']['Union']['psti']['pTriggers'].append(trigger) resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, '\x00') request['Info']['dwInfoLevel'] = 9 request['Info']['Union']['tag'] = 9 request['Info']['Union']['pspn']['usPreferredNode'] = 22 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['pspn']['usPreferredNode']) request['Info']['dwInfoLevel'] = 10 request['Info']['Union']['tag'] = 10 request['Info']['Union']['psri']['eLowestRunLevel'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psri']['eLowestRunLevel']) request['Info']['dwInfoLevel'] = 11 request['Info']['Union']['tag'] = 11 request['Info']['Union']['psma']['fIsManagedAccount'] = 1 # This one doesn't work #resp = dce.request(request) #self.changeServiceAndQuery2(dce, request, request['Info']['Union']['psma']['fIsManagedAccount']) except Exception, e: import traceback traceback.print_exc() print e error = True pass