def run(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(remoteOps._RemoteOperations__rrp, regHandle, 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
self.logger.success("Enumerating UAC status")
if uac_value == 1:
self.logger.results('1 - UAC Enabled')
elif uac_value == 0:
self.logger.results('0 - UAC Disabled')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
def disable(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
self.rrp = remoteOps._RemoteOperations__rrp
if self.rrp is not None:
ans = rrp.hOpenLocalMachine(self.rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(
self.rrp, regHandle,
'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest'
)
keyHandle = ans['phkResult']
rrp.hBaseRegDeleteValue(self.rrp, keyHandle,
'UseLogonCredential\x00')
try:
#Check to make sure the reg key is actually deleted
rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle,
'UseLogonCredential\x00')
except DCERPCException:
self.logger.success(
'UseLogonCredential registry key deleted successfully')
try:
remoteOps.finish()
except:
pass
def enable(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
self.rrp = remoteOps._RemoteOperations__rrp
if self.rrp is not None:
ans = rrp.hOpenLocalMachine(self.rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(
self.rrp, regHandle,
'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest'
)
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00',
rrp.REG_DWORD, '\x01\x00')
rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle,
'UseLogonCredential\x00')
if int(data) == 1:
self.logger.success(
'UseLogonCredential registry key created successfully')
try:
remoteOps.finish()
except:
pass
def enable(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
self.rrp = remoteOps._RemoteOperations__rrp
if self.rrp is not None:
ans = rrp.hOpenLocalMachine(self.rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
keyHandle = ans['phkResult']
rrp.hBaseRegSetValue(self.rrp, keyHandle, 'UseLogonCredential\x00', rrp.REG_DWORD, '\x01\x00')
rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00')
if int(data) == 1:
print_succ('{} UseLogonCredential registry key created successfully'.format(self.peer))
try:
remoteOps.finish()
except:
pass
def disable(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
self.rrp = remoteOps._RemoteOperations__rrp
if self.rrp is not None:
ans = rrp.hOpenLocalMachine(self.rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(self.rrp, regHandle, 'SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest')
keyHandle = ans['phkResult']
rrp.hBaseRegDeleteValue(self.rrp, keyHandle, 'UseLogonCredential\x00')
try:
#Check to make sure the reg key is actually deleted
rtype, data = rrp.hBaseRegQueryValue(self.rrp, keyHandle, 'UseLogonCredential\x00')
except DCERPCException:
print_succ('{} UseLogonCredential registry key deleted successfully'.format(self.peer))
try:
remoteOps.finish()
except:
pass
def run(self):
remoteOps = RemoteOperations(self.smbconnection, self.doKerb)
remoteOps.enableRegistry()
ans = rrp.hOpenLocalMachine(remoteOps._RemoteOperations__rrp)
regHandle = ans['phKey']
ans = rrp.hBaseRegOpenKey(
remoteOps._RemoteOperations__rrp, regHandle,
'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System')
keyHandle = ans['phkResult']
dataType, uac_value = rrp.hBaseRegQueryValue(
remoteOps._RemoteOperations__rrp, keyHandle, 'EnableLUA')
print_succ("{} UAC status:".format(self.peer))
if uac_value == 1:
print_att('1 - UAC Enabled')
elif uac_value == 0:
print_att('0 - UAC Disabled')
rrp.hBaseRegCloseKey(remoteOps._RemoteOperations__rrp, keyHandle)
remoteOps.finish()
