How to use the pypsexec.rpc.PFlags function in pypsexec
To help you get started, we’ve selected a few pypsexec examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
jborean93 / pypsexec / tests / test_rpc.py View on Github 
def test_create_message(self):
message = BindPDU()
message['pfx_flags'].set_flag(PFlags.PFC_MAYBE)
packed_drep = DataRepresentationFormat()
packed_drep['integer_character'] = \
IntegerCharacterRepresentation.ASCII_LITTLE_ENDIAN
packed_drep['floating_point'] = FloatingPointRepresentation.IEEE
message['packed_drep'] = packed_drep
message['call_id'] = 4
message['assoc_group_id'] = 2
con_elem = ContextElement()
con_elem['context_id'] = 1
syntax = SyntaxIdElement()
syntax['uuid'] = uuid.UUID(bytes=b"\xff" * 16)
con_elem['abstract_syntax'] = syntax
con_elem['transfer_syntaxes'] = [syntax]
message['context_elems'] = [con_elem]
expected = b"\x05" \
b"\x00" \def test_create_message_with_object(self):
message = RequestPDU()
message['pfx_flags'].set_flag(PFlags.PFC_OBJECT_UUID)
message['packed_drep'] = DataRepresentationFormat()
message['call_id'] = 4
message['cont_id'] = 1
message['opnum'] = 10
message['object'] = b"\xff" * 16
message['stub_data'] = b"\x01\x02\x03\x04"
expected = b"\x05" \
b"\x00" \
b"\x00" \
b"\x80" \
b"\x10\x00\x00\x00" \
b"\x2c\x00" \
b"\x00\x00" \
b"\x04\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x01\x00" \def test_create_message(self):
message = FaultPDU()
message['pfx_flags'].set_flag(PFlags.PFC_DID_NOT_EXECUTE)
message['pfx_flags'].set_flag(PFlags.PFC_LAST_FRAG)
message['packed_drep'] = DataRepresentationFormat()
message['call_id'] = 1
message['alloc_hint'] = 32
message['status'] = FaultStatus.NCA_S_FAULT_ADDR_ERROR
expected = b"\x05" \
b"\x00" \
b"\x03" \
b"\x22" \
b"\x10\x00\x00\x00" \
b"\x1c\x00" \
b"\x00\x00" \
b"\x01\x00\x00\x00" \
b"\x20\x00\x00\x00" \
b"\x00\x00" \
b"\x00" \def test_create_message(self):
message = FaultPDU()
message['pfx_flags'].set_flag(PFlags.PFC_DID_NOT_EXECUTE)
message['pfx_flags'].set_flag(PFlags.PFC_LAST_FRAG)
message['packed_drep'] = DataRepresentationFormat()
message['call_id'] = 1
message['alloc_hint'] = 32
message['status'] = FaultStatus.NCA_S_FAULT_ADDR_ERROR
expected = b"\x05" \
b"\x00" \
b"\x03" \
b"\x22" \
b"\x10\x00\x00\x00" \
b"\x1c\x00" \
b"\x00\x00" \
b"\x01\x00\x00\x00" \
b"\x20\x00\x00\x00" \
b"\x00\x00" \
b"\x00" \
b"\x00" \def _invoke(self, function_name, opnum, data):
req = RequestPDU()
req['pfx_flags'].set_flag(PFlags.PFC_FIRST_FRAG)
req['pfx_flags'].set_flag(PFlags.PFC_LAST_FRAG)
req['packed_drep'] = DataRepresentationFormat()
req['call_id'] = self.call_id
self.call_id += 1
req['opnum'] = opnum
req['stub_data'] = data
ioctl_request = SMB2IOCTLRequest()
ioctl_request['ctl_code'] = CtlCode.FSCTL_PIPE_TRANSCEIVE
ioctl_request['file_id'] = self.handle.file_id
ioctl_request['max_output_response'] = 1024
ioctl_request['flags'] = IOCTLFlags.SMB2_0_IOCTL_IS_FSCTL
ioctl_request['buffer'] = req
session_id = self.tree.session.session_idself.tree.connect()
log.debug("Opening handle to svcctl pipe")
self.handle.create(ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ |
FilePipePrinterAccessMask.GENERIC_WRITE,
0,
ShareAccess.FILE_SHARE_READ |
ShareAccess.FILE_SHARE_WRITE |
ShareAccess.FILE_SHARE_DELETE,
CreateDisposition.FILE_OPEN,
CreateOptions.FILE_NON_DIRECTORY_FILE)
# we need to bind svcctl to SCManagerW over DCE/RPC
bind = BindPDU()
bind['pfx_flags'].set_flag(PFlags.PFC_FIRST_FRAG)
bind['pfx_flags'].set_flag(PFlags.PFC_LAST_FRAG)
bind['packed_drep'] = DataRepresentationFormat()
bind['call_id'] = self.call_id
self.call_id += 1
context_ndr = ContextElement()
context_ndr['context_id'] = 0
context_ndr['abstract_syntax'] = SyntaxIdElement()
context_ndr['abstract_syntax']['uuid'] = \
uuid.UUID("367ABB81-9844-35F1-AD32-98F038001003")
context_ndr['abstract_syntax']['version'] = 2
# https://msdn.microsoft.com/en-us/library/cc243843.aspx
ndr_syntax = SyntaxIdElement()
ndr_syntax['uuid'] = uuid.UUID("8a885d04-1ceb-11c9-9fe8-08002b104860")
ndr_syntax['version'] = 2def __init__(self):
self.fields = OrderedDict([
('rpc_vers', IntField(
size=1,
default=5
)),
('rpc_vers_minor', IntField(size=1)),
('ptype', EnumField(
size=1,
enum_type=PType,
default=PType.REQUEST
)),
('pfx_flags', FlagField(
size=1,
flag_type=PFlags
)),
('packed_drep', StructureField(
size=4,
structure_type=DataRepresentationFormat
)),
('frag_length', IntField(
size=2,
default=lambda s: len(s)
)),
('auth_length', IntField(
size=2,
default=lambda s: len(s['auth_verifier'])
)),
('call_id', IntField(size=4)),
('alloc_hint', IntField(size=4)),
('cont_id', IntField(size=2)),log.debug("Opening handle to svcctl pipe")
self.handle.create(ImpersonationLevel.Impersonation,
FilePipePrinterAccessMask.GENERIC_READ |
FilePipePrinterAccessMask.GENERIC_WRITE,
0,
ShareAccess.FILE_SHARE_READ |
ShareAccess.FILE_SHARE_WRITE |
ShareAccess.FILE_SHARE_DELETE,
CreateDisposition.FILE_OPEN,
CreateOptions.FILE_NON_DIRECTORY_FILE)
# we need to bind svcctl to SCManagerW over DCE/RPC
bind = BindPDU()
bind['pfx_flags'].set_flag(PFlags.PFC_FIRST_FRAG)
bind['pfx_flags'].set_flag(PFlags.PFC_LAST_FRAG)
bind['packed_drep'] = DataRepresentationFormat()
bind['call_id'] = self.call_id
self.call_id += 1
context_ndr = ContextElement()
context_ndr['context_id'] = 0
context_ndr['abstract_syntax'] = SyntaxIdElement()
context_ndr['abstract_syntax']['uuid'] = \
uuid.UUID("367ABB81-9844-35F1-AD32-98F038001003")
context_ndr['abstract_syntax']['version'] = 2
# https://msdn.microsoft.com/en-us/library/cc243843.aspx
ndr_syntax = SyntaxIdElement()
ndr_syntax['uuid'] = uuid.UUID("8a885d04-1ceb-11c9-9fe8-08002b104860")
ndr_syntax['version'] = 2
context_ndr['transfer_syntaxes'] = [def _invoke(self, function_name, opnum, data):
req = RequestPDU()
req['pfx_flags'].set_flag(PFlags.PFC_FIRST_FRAG)
req['pfx_flags'].set_flag(PFlags.PFC_LAST_FRAG)
req['packed_drep'] = DataRepresentationFormat()
req['call_id'] = self.call_id
self.call_id += 1
req['opnum'] = opnum
req['stub_data'] = data
ioctl_request = SMB2IOCTLRequest()
ioctl_request['ctl_code'] = CtlCode.FSCTL_PIPE_TRANSCEIVE
ioctl_request['file_id'] = self.handle.file_id
ioctl_request['max_output_response'] = 1024
ioctl_request['flags'] = IOCTLFlags.SMB2_0_IOCTL_IS_FSCTL
ioctl_request['buffer'] = req
session_id = self.tree.session.session_id
tree_id = self.tree.tree_connect_idsize=lambda s:
16 if s['pfx_flags'].has_flag(PFlags.PFC_OBJECT_UUID) else 0
)),pypsexec
Run commands on a remote Windows host using SMB/RPC
Package Health Score
52 / 100Popular pypsexec functions
- pypsexec.client.Client
- pypsexec.exceptions.PypsexecException
- pypsexec.exceptions.SCMRException
- pypsexec.paexec.PAExecFileInfo
- pypsexec.paexec.PAExecMsg
- pypsexec.paexec.PAExecMsgId
- pypsexec.paexec.PAExecSettingsBuffer
- pypsexec.paexec.ProcessPriority
- pypsexec.rpc.BindNakPDU
- pypsexec.rpc.ContextElement
- pypsexec.rpc.DataRepresentationFormat
- pypsexec.rpc.PFlags
- pypsexec.rpc.PType
- pypsexec.rpc.RequestPDU
- pypsexec.rpc.SyntaxIdElement
- pypsexec.scmr.DesiredAccess
- pypsexec.scmr.SCMRApi
- pypsexec.scmr.Service
- pypsexec.scmr.ServiceStatus
- pypsexec.scmr.ServiceType