How to use the pypsexec.scmr.ServiceType function in pypsexec

To help you get started, we’ve selected a few pypsexec examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github jborean93 / pypsexec / tests / test_client.py View on Github external
def _get_paexec_files_and_services(self, client):
        server = os.environ['PYPSEXEC_SERVER']
        username = os.environ['PYPSEXEC_USERNAME']
        password = os.environ['PYPSEXEC_PASSWORD']
        paexec_services = []

        # need to close and reopen the connection to ensure deletes are
        # processed
        client.disconnect()
        client = Client(server, username=username, password=password)
        client.connect()
        scmr = client._service._scmr
        scmr_handle = client._service._scmr_handle

        services = scmr.enum_services_status_w(scmr_handle,
                                               ServiceType.
                                               SERVICE_WIN32_OWN_PROCESS,
                                               EnumServiceState.
                                               SERVICE_STATE_ALL)
        for service in services:
            if service['service_name'].lower().startswith("paexec"):
                paexec_services.append(service['service_name'])

        smb_tree = TreeConnect(client.session,
                               r"\\%s\ADMIN$" % client.connection.server_name)
        smb_tree.connect()

        share = Open(smb_tree, "")
        share.create(ImpersonationLevel.Impersonation,
                     DirectoryAccessMask.FILE_READ_ATTRIBUTES |
                     DirectoryAccessMask.SYNCHRONIZE |
                     DirectoryAccessMask.FILE_LIST_DIRECTORY,
github jborean93 / pypsexec / tests / test_scmr.py View on Github external
def test_enumerate_services_small_buffer(self, session):
        scmr = SCMRApi(session)
        scmr.open()
        try:
            scmr_handle = scmr.open_sc_manager_w(
                session.connection.server_name,
                None,
                DesiredAccess.SC_MANAGER_CONNECT |
                DesiredAccess.SC_MANAGER_CREATE_SERVICE |
                DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)

            actual = scmr.enum_services_status_w(scmr_handle,
                                                 ServiceType.
                                                 SERVICE_INTERACTIVE_PROCESS,
                                                 EnumServiceState.
                                                 SERVICE_STATE_ALL)
            assert len(actual) > 0
            assert isinstance(actual[0]['display_name'], string_types)
            assert isinstance(actual[0]['service_name'], string_types)
            assert isinstance(actual[0]['service_status'], ServiceStatus)
        finally:
            if scmr_handle:
                scmr.close_service_handle_w(scmr_handle)
            scmr.close()
github jborean93 / pypsexec / tests / test_scmr.py View on Github external
def test_enumerate_services(self, session):
        scmr = SCMRApi(session)
        scmr.open()
        try:
            scmr_handle = scmr.open_sc_manager_w(
                session.connection.server_name,
                None,
                DesiredAccess.SC_MANAGER_CONNECT |
                DesiredAccess.SC_MANAGER_CREATE_SERVICE |
                DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)

            types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
                ServiceType.SERVICE_KERNEL_DRIVER | \
                ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
                ServiceType.SERVICE_WIN32_OWN_PROCESS | \
                ServiceType.SERVICE_FILE_SYSTEM_DRIVER
            actual = scmr.enum_services_status_w(scmr_handle,
                                                 types,
                                                 EnumServiceState.
                                                 SERVICE_STATE_ALL)

            assert len(actual) > 0
            assert isinstance(actual[0]['display_name'], string_types)
            assert isinstance(actual[0]['service_name'], string_types)
            assert isinstance(actual[0]['service_status'], ServiceStatus)
        finally:
            if scmr_handle:
                scmr.close_service_handle_w(scmr_handle)
            scmr.close()
github jborean93 / pypsexec / tests / test_scmr.py View on Github external
def test_enumerate_services(self, session):
        scmr = SCMRApi(session)
        scmr.open()
        try:
            scmr_handle = scmr.open_sc_manager_w(
                session.connection.server_name,
                None,
                DesiredAccess.SC_MANAGER_CONNECT |
                DesiredAccess.SC_MANAGER_CREATE_SERVICE |
                DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)

            types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
                ServiceType.SERVICE_KERNEL_DRIVER | \
                ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
                ServiceType.SERVICE_WIN32_OWN_PROCESS | \
                ServiceType.SERVICE_FILE_SYSTEM_DRIVER
            actual = scmr.enum_services_status_w(scmr_handle,
                                                 types,
                                                 EnumServiceState.
                                                 SERVICE_STATE_ALL)

            assert len(actual) > 0
            assert isinstance(actual[0]['display_name'], string_types)
            assert isinstance(actual[0]['service_name'], string_types)
            assert isinstance(actual[0]['service_status'], ServiceStatus)
        finally:
            if scmr_handle:
                scmr.close_service_handle_w(scmr_handle)
            scmr.close()
github jborean93 / pypsexec / tests / test_scmr.py View on Github external
def test_enumerate_services(self, session):
        scmr = SCMRApi(session)
        scmr.open()
        try:
            scmr_handle = scmr.open_sc_manager_w(
                session.connection.server_name,
                None,
                DesiredAccess.SC_MANAGER_CONNECT |
                DesiredAccess.SC_MANAGER_CREATE_SERVICE |
                DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)

            types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
                ServiceType.SERVICE_KERNEL_DRIVER | \
                ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
                ServiceType.SERVICE_WIN32_OWN_PROCESS | \
                ServiceType.SERVICE_FILE_SYSTEM_DRIVER
            actual = scmr.enum_services_status_w(scmr_handle,
                                                 types,
                                                 EnumServiceState.
                                                 SERVICE_STATE_ALL)

            assert len(actual) > 0
            assert isinstance(actual[0]['display_name'], string_types)
            assert isinstance(actual[0]['service_name'], string_types)
            assert isinstance(actual[0]['service_status'], ServiceStatus)
        finally:
            if scmr_handle:
                scmr.close_service_handle_w(scmr_handle)
            scmr.close()
github jborean93 / pypsexec / tests / test_scmr.py View on Github external
def test_unpack_status(self):
        actual = ServiceStatus()
        data = b"\x10\x00\x00\x00" \
               b"\x04\x00\x00\x00" \
               b"\x01\x00\x00\x00" \
               b"\x00\x00\x00\x00" \
               b"\x01\x00\x00\x00" \
               b"\x02\x00\x00\x00" \
               b"\x03\x00\x00\x00"
        data = actual.unpack(data)
        assert len(actual) == 28
        assert data == b""
        assert actual['service_type'].get_value() == \
            ServiceType.SERVICE_WIN32_OWN_PROCESS
        assert actual['current_state'].get_value() == \
            CurrentState.SERVICE_RUNNING
        assert actual['controls_accepted'].get_value() == \
            ControlsAccepted.SERVICE_ACCEPT_STOP
        assert actual['win32_exit_code'].get_value() == 0
        assert actual['service_specified_exit_code'].get_value() == 1
        assert actual['check_point'].get_value() == 2
        assert actual['wait_hint'].get_value() == 3
github jborean93 / pypsexec / tests / test_scmr.py View on Github external
def test_enumerate_services(self, session):
        scmr = SCMRApi(session)
        scmr.open()
        try:
            scmr_handle = scmr.open_sc_manager_w(
                session.connection.server_name,
                None,
                DesiredAccess.SC_MANAGER_CONNECT |
                DesiredAccess.SC_MANAGER_CREATE_SERVICE |
                DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)

            types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
                ServiceType.SERVICE_KERNEL_DRIVER | \
                ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
                ServiceType.SERVICE_WIN32_OWN_PROCESS | \
                ServiceType.SERVICE_FILE_SYSTEM_DRIVER
            actual = scmr.enum_services_status_w(scmr_handle,
                                                 types,
                                                 EnumServiceState.
                                                 SERVICE_STATE_ALL)

            assert len(actual) > 0
            assert isinstance(actual[0]['display_name'], string_types)
            assert isinstance(actual[0]['service_name'], string_types)
            assert isinstance(actual[0]['service_status'], ServiceStatus)
        finally:
            if scmr_handle:
                scmr.close_service_handle_w(scmr_handle)
            scmr.close()
github jborean93 / pypsexec / pypsexec / scmr.py View on Github external
def __init__(self):
        self.fields = OrderedDict([
            ('service_type', FlagField(
                size=4,
                flag_type=ServiceType,
                flag_strict=False
            )),
            ('current_state', EnumField(
                size=4,
                enum_type=CurrentState
            )),
            ('controls_accepted', FlagField(
                size=4,
                flag_type=ControlsAccepted,
                flag_strict=False
            )),
            ('win32_exit_code', IntField(size=4)),
            ('service_specified_exit_code', IntField(size=4)),
            ('check_point', IntField(size=4)),
            ('wait_hint', IntField(size=4))
        ])
github jborean93 / pypsexec / pypsexec / scmr.py View on Github external
def create(self, path):
        self._open_service()
        if self._handle:
            return

        self._handle = self._scmr.create_service_w(
            self._scmr_handle,
            self.name,
            self.name,
            DesiredAccess.SERVICE_QUERY_STATUS | DesiredAccess.SERVICE_START |
            DesiredAccess.SERVICE_STOP | DesiredAccess.DELETE,
            ServiceType.SERVICE_WIN32_OWN_PROCESS,
            StartType.SERVICE_DEMAND_START,
            ErrorControl.SERVICE_ERROR_NORMAL,
            path,
            None,
            0,
            None,
            None,
            None
        )[1]
github jborean93 / pypsexec / pypsexec / client.py View on Github external
def cleanup(self):
        """
        Cleans up any old services or payloads that may have been left behind
        on a previous failure. This will search C:\\Windows for any files
        starting with PAExec-*.exe and delete them. It will also stop and
        remove any services that start with PAExec-* if they exist.

        Before calling this function, the connect() function must have already
        been called.
        """
        scmr = self._service._scmr
        services = scmr.enum_services_status_w(
            self._service._scmr_handle,
            ServiceType.SERVICE_WIN32_OWN_PROCESS,
            EnumServiceState.SERVICE_STATE_ALL)
        for service in services:
            if service['service_name'].lower().startswith("paexec"):
                svc = Service(service['service_name'], self.session)
                svc.open()
                svc.delete()

        smb_tree = TreeConnect(self.session,
                               r"\\%s\ADMIN$" % self.connection.server_name)
        smb_tree.connect()

        share = Open(smb_tree, "")
        query_msgs = [
            share.create(ImpersonationLevel.Impersonation,
                         DirectoryAccessMask.FILE_READ_ATTRIBUTES |
                         DirectoryAccessMask.SYNCHRONIZE |