How to use the pypsexec.scmr.ServiceType function in pypsexec
To help you get started, we’ve selected a few pypsexec examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
jborean93 / pypsexec / tests / test_client.py View on Github 
def _get_paexec_files_and_services(self, client):
server = os.environ['PYPSEXEC_SERVER']
username = os.environ['PYPSEXEC_USERNAME']
password = os.environ['PYPSEXEC_PASSWORD']
paexec_services = []
# need to close and reopen the connection to ensure deletes are
# processed
client.disconnect()
client = Client(server, username=username, password=password)
client.connect()
scmr = client._service._scmr
scmr_handle = client._service._scmr_handle
services = scmr.enum_services_status_w(scmr_handle,
ServiceType.
SERVICE_WIN32_OWN_PROCESS,
EnumServiceState.
SERVICE_STATE_ALL)
for service in services:
if service['service_name'].lower().startswith("paexec"):
paexec_services.append(service['service_name'])
smb_tree = TreeConnect(client.session,
r"\\%s\ADMIN$" % client.connection.server_name)
smb_tree.connect()
share = Open(smb_tree, "")
share.create(ImpersonationLevel.Impersonation,
DirectoryAccessMask.FILE_READ_ATTRIBUTES |
DirectoryAccessMask.SYNCHRONIZE |
DirectoryAccessMask.FILE_LIST_DIRECTORY,def test_enumerate_services_small_buffer(self, session):
scmr = SCMRApi(session)
scmr.open()
try:
scmr_handle = scmr.open_sc_manager_w(
session.connection.server_name,
None,
DesiredAccess.SC_MANAGER_CONNECT |
DesiredAccess.SC_MANAGER_CREATE_SERVICE |
DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)
actual = scmr.enum_services_status_w(scmr_handle,
ServiceType.
SERVICE_INTERACTIVE_PROCESS,
EnumServiceState.
SERVICE_STATE_ALL)
assert len(actual) > 0
assert isinstance(actual[0]['display_name'], string_types)
assert isinstance(actual[0]['service_name'], string_types)
assert isinstance(actual[0]['service_status'], ServiceStatus)
finally:
if scmr_handle:
scmr.close_service_handle_w(scmr_handle)
scmr.close()def test_enumerate_services(self, session):
scmr = SCMRApi(session)
scmr.open()
try:
scmr_handle = scmr.open_sc_manager_w(
session.connection.server_name,
None,
DesiredAccess.SC_MANAGER_CONNECT |
DesiredAccess.SC_MANAGER_CREATE_SERVICE |
DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)
types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
ServiceType.SERVICE_KERNEL_DRIVER | \
ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
ServiceType.SERVICE_WIN32_OWN_PROCESS | \
ServiceType.SERVICE_FILE_SYSTEM_DRIVER
actual = scmr.enum_services_status_w(scmr_handle,
types,
EnumServiceState.
SERVICE_STATE_ALL)
assert len(actual) > 0
assert isinstance(actual[0]['display_name'], string_types)
assert isinstance(actual[0]['service_name'], string_types)
assert isinstance(actual[0]['service_status'], ServiceStatus)
finally:
if scmr_handle:
scmr.close_service_handle_w(scmr_handle)
scmr.close()def test_enumerate_services(self, session):
scmr = SCMRApi(session)
scmr.open()
try:
scmr_handle = scmr.open_sc_manager_w(
session.connection.server_name,
None,
DesiredAccess.SC_MANAGER_CONNECT |
DesiredAccess.SC_MANAGER_CREATE_SERVICE |
DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)
types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
ServiceType.SERVICE_KERNEL_DRIVER | \
ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
ServiceType.SERVICE_WIN32_OWN_PROCESS | \
ServiceType.SERVICE_FILE_SYSTEM_DRIVER
actual = scmr.enum_services_status_w(scmr_handle,
types,
EnumServiceState.
SERVICE_STATE_ALL)
assert len(actual) > 0
assert isinstance(actual[0]['display_name'], string_types)
assert isinstance(actual[0]['service_name'], string_types)
assert isinstance(actual[0]['service_status'], ServiceStatus)
finally:
if scmr_handle:
scmr.close_service_handle_w(scmr_handle)
scmr.close()def test_enumerate_services(self, session):
scmr = SCMRApi(session)
scmr.open()
try:
scmr_handle = scmr.open_sc_manager_w(
session.connection.server_name,
None,
DesiredAccess.SC_MANAGER_CONNECT |
DesiredAccess.SC_MANAGER_CREATE_SERVICE |
DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)
types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
ServiceType.SERVICE_KERNEL_DRIVER | \
ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
ServiceType.SERVICE_WIN32_OWN_PROCESS | \
ServiceType.SERVICE_FILE_SYSTEM_DRIVER
actual = scmr.enum_services_status_w(scmr_handle,
types,
EnumServiceState.
SERVICE_STATE_ALL)
assert len(actual) > 0
assert isinstance(actual[0]['display_name'], string_types)
assert isinstance(actual[0]['service_name'], string_types)
assert isinstance(actual[0]['service_status'], ServiceStatus)
finally:
if scmr_handle:
scmr.close_service_handle_w(scmr_handle)
scmr.close()def test_unpack_status(self):
actual = ServiceStatus()
data = b"\x10\x00\x00\x00" \
b"\x04\x00\x00\x00" \
b"\x01\x00\x00\x00" \
b"\x00\x00\x00\x00" \
b"\x01\x00\x00\x00" \
b"\x02\x00\x00\x00" \
b"\x03\x00\x00\x00"
data = actual.unpack(data)
assert len(actual) == 28
assert data == b""
assert actual['service_type'].get_value() == \
ServiceType.SERVICE_WIN32_OWN_PROCESS
assert actual['current_state'].get_value() == \
CurrentState.SERVICE_RUNNING
assert actual['controls_accepted'].get_value() == \
ControlsAccepted.SERVICE_ACCEPT_STOP
assert actual['win32_exit_code'].get_value() == 0
assert actual['service_specified_exit_code'].get_value() == 1
assert actual['check_point'].get_value() == 2
assert actual['wait_hint'].get_value() == 3def test_enumerate_services(self, session):
scmr = SCMRApi(session)
scmr.open()
try:
scmr_handle = scmr.open_sc_manager_w(
session.connection.server_name,
None,
DesiredAccess.SC_MANAGER_CONNECT |
DesiredAccess.SC_MANAGER_CREATE_SERVICE |
DesiredAccess.SC_MANAGER_ENUMERATE_SERVICE)
types = ServiceType.SERVICE_INTERACTIVE_PROCESS | \
ServiceType.SERVICE_KERNEL_DRIVER | \
ServiceType.SERVICE_WIN32_SHARE_PROCESS | \
ServiceType.SERVICE_WIN32_OWN_PROCESS | \
ServiceType.SERVICE_FILE_SYSTEM_DRIVER
actual = scmr.enum_services_status_w(scmr_handle,
types,
EnumServiceState.
SERVICE_STATE_ALL)
assert len(actual) > 0
assert isinstance(actual[0]['display_name'], string_types)
assert isinstance(actual[0]['service_name'], string_types)
assert isinstance(actual[0]['service_status'], ServiceStatus)
finally:
if scmr_handle:
scmr.close_service_handle_w(scmr_handle)
scmr.close()def __init__(self):
self.fields = OrderedDict([
('service_type', FlagField(
size=4,
flag_type=ServiceType,
flag_strict=False
)),
('current_state', EnumField(
size=4,
enum_type=CurrentState
)),
('controls_accepted', FlagField(
size=4,
flag_type=ControlsAccepted,
flag_strict=False
)),
('win32_exit_code', IntField(size=4)),
('service_specified_exit_code', IntField(size=4)),
('check_point', IntField(size=4)),
('wait_hint', IntField(size=4))
])def create(self, path):
self._open_service()
if self._handle:
return
self._handle = self._scmr.create_service_w(
self._scmr_handle,
self.name,
self.name,
DesiredAccess.SERVICE_QUERY_STATUS | DesiredAccess.SERVICE_START |
DesiredAccess.SERVICE_STOP | DesiredAccess.DELETE,
ServiceType.SERVICE_WIN32_OWN_PROCESS,
StartType.SERVICE_DEMAND_START,
ErrorControl.SERVICE_ERROR_NORMAL,
path,
None,
0,
None,
None,
None
)[1]def cleanup(self):
"""
Cleans up any old services or payloads that may have been left behind
on a previous failure. This will search C:\\Windows for any files
starting with PAExec-*.exe and delete them. It will also stop and
remove any services that start with PAExec-* if they exist.
Before calling this function, the connect() function must have already
been called.
"""
scmr = self._service._scmr
services = scmr.enum_services_status_w(
self._service._scmr_handle,
ServiceType.SERVICE_WIN32_OWN_PROCESS,
EnumServiceState.SERVICE_STATE_ALL)
for service in services:
if service['service_name'].lower().startswith("paexec"):
svc = Service(service['service_name'], self.session)
svc.open()
svc.delete()
smb_tree = TreeConnect(self.session,
r"\\%s\ADMIN$" % self.connection.server_name)
smb_tree.connect()
share = Open(smb_tree, "")
query_msgs = [
share.create(ImpersonationLevel.Impersonation,
DirectoryAccessMask.FILE_READ_ATTRIBUTES |
DirectoryAccessMask.SYNCHRONIZE |pypsexec
Run commands on a remote Windows host using SMB/RPC
Package Health Score
52 / 100Popular pypsexec functions
- pypsexec.client.Client
- pypsexec.exceptions.PypsexecException
- pypsexec.exceptions.SCMRException
- pypsexec.paexec.PAExecFileInfo
- pypsexec.paexec.PAExecMsg
- pypsexec.paexec.PAExecMsgId
- pypsexec.paexec.PAExecSettingsBuffer
- pypsexec.paexec.ProcessPriority
- pypsexec.rpc.BindNakPDU
- pypsexec.rpc.ContextElement
- pypsexec.rpc.DataRepresentationFormat
- pypsexec.rpc.PFlags
- pypsexec.rpc.PType
- pypsexec.rpc.RequestPDU
- pypsexec.rpc.SyntaxIdElement
- pypsexec.scmr.DesiredAccess
- pypsexec.scmr.SCMRApi
- pypsexec.scmr.Service
- pypsexec.scmr.ServiceStatus
- pypsexec.scmr.ServiceType