github.com/n00py/Slackor@v0.0.0-20200610224921-d007fcea1740/impacket/tests/SMB_RPC/test_tsch.py (about) 1 ############################################################################### 2 # Tested so far: 3 # 4 # NetrJobEnum 5 # NetrJobAdd 6 # NetrJobDel 7 # NetrJobGetInfo 8 # hNetrJobEnum 9 # hNetrJobAdd 10 # hNetrJobDel 11 # hNetrJobGetInfo 12 # SASetAccountInformation 13 # hSASetAccountInformation 14 # SASetNSAccountInformation 15 # hSASetNSAccountInformation 16 # SAGetNSAccountInformation 17 # hSAGetNSAccountInformation 18 # SAGetAccountInformation 19 # hSAGetAccountInformation 20 # SchRpcHighestVersion 21 # hSchRpcHighestVersion 22 # SchRpcRetrieveTask 23 # hSchRpcRetrieveTask 24 # SchRpcCreateFolder 25 # hSchRpcCreateFolder 26 # SchRpcDelete 27 # hSchRpcDelete 28 # SchRpcEnumFolders 29 # hSchRpcEnumFolders 30 # SchRpcEnumTasks 31 # hSchRpcEnumTasks 32 # SchRpcEnumInstances 33 # hSchRpcEnumInstances 34 # SchRpcRun 35 # hSchRpcRun 36 # SchRpcGetInstanceInfo 37 # hSchRpcGetInstanceInfo 38 # SchRpcStopInstance 39 # hSchRpcStopInstance 40 # SchRpcStop 41 # hSchRpcStop 42 # SchRpcRename 43 # hSchRpcRename 44 # SchRpcScheduledRuntimes 45 # hSchRpcScheduledRuntimes 46 # SchRpcGetLastRunInfo 47 # hSchRpcGetLastRunInfo 48 # SchRpcGetTaskInfo 49 # hSchRpcGetTaskInfo 50 # SchRpcGetNumberOfMissedRuns 51 # hSchRpcGetNumberOfMissedRuns 52 # SchRpcEnableTask 53 # hSchRpcEnableTask 54 # 55 # Not yet: 56 # 57 # Shouldn't dump errors against a win7 58 # 59 ################################################################################ 60 61 from __future__ import division 62 from __future__ import print_function 63 64 import unittest 65 66 try: 67 import ConfigParser 68 except ImportError: 69 import configparser as ConfigParser 70 71 from impacket.dcerpc.v5 import transport 72 from impacket.dcerpc.v5 import tsch, atsvc, sasec 73 from impacket.dcerpc.v5.atsvc import AT_INFO 74 from impacket.dcerpc.v5.dtypes import NULL 75 from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_INTEGRITY 76 from impacket.system_errors import ERROR_NOT_SUPPORTED 77 78 79 class TSCHTests(unittest.TestCase): 80 def connect(self, stringBinding, bindUUID): 81 rpctransport = transport.DCERPCTransportFactory(stringBinding ) 82 if len(self.hashes) > 0: 83 lmhash, nthash = self.hashes.split(':') 84 else: 85 lmhash = '' 86 nthash = '' 87 if hasattr(rpctransport, 'set_credentials'): 88 # This method exists only for selected protocol sequences. 89 rpctransport.set_credentials(self.username,self.password, self.domain, lmhash, nthash) 90 dce = rpctransport.get_dce_rpc() 91 dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_INTEGRITY) 92 dce.connect() 93 dce.bind(bindUUID, transfer_syntax = self.ts) 94 95 return dce, rpctransport 96 97 def test_NetrJobEnum(self): 98 dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 99 100 request = atsvc.NetrJobEnum() 101 request['ServerName'] = NULL 102 request['pEnumContainer']['Buffer'] = NULL 103 request['PreferedMaximumLength'] = 0xffffffff 104 try: 105 resp = dce.request(request) 106 resp.dump() 107 except Exception as e: 108 if e.get_error_code() != ERROR_NOT_SUPPORTED: 109 raise 110 else: 111 # OpNum not supported, aborting test 112 return 113 114 def test_hNetrJobEnum(self): 115 dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 116 117 try: 118 resp = atsvc.hNetrJobEnum(dce, NULL, NULL, 0xffffffff) 119 resp.dump() 120 except Exception as e: 121 if e.get_error_code() != ERROR_NOT_SUPPORTED: 122 raise 123 else: 124 # OpNum not supported, aborting test 125 return 126 127 def test_hNetrJobAdd_hNetrJobEnum_hNetrJobDel(self): 128 dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 129 130 atInfo = AT_INFO() 131 atInfo['JobTime'] = NULL 132 atInfo['DaysOfMonth'] = 0 133 atInfo['DaysOfWeek'] = 0 134 atInfo['Flags'] = 0 135 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 136 137 try: 138 resp = atsvc.hNetrJobAdd(dce, NULL, atInfo) 139 resp.dump() 140 except Exception as e: 141 if e.get_error_code() != ERROR_NOT_SUPPORTED: 142 raise 143 else: 144 # OpNum not supported, aborting test 145 return 146 147 resp = atsvc.hNetrJobEnum(dce) 148 resp.dump() 149 150 for job in resp['pEnumContainer']['Buffer']: 151 resp = atsvc.hNetrJobDel(dce, NULL, job['JobId'], job['JobId'] ) 152 resp.dump() 153 154 def test_NetrJobAdd_NetrJobEnum_NetrJobDel(self): 155 dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 156 157 request = atsvc.NetrJobAdd() 158 request['ServerName'] = NULL 159 request['pAtInfo']['JobTime'] = NULL 160 request['pAtInfo']['DaysOfMonth'] = 0 161 request['pAtInfo']['DaysOfWeek'] = 0 162 request['pAtInfo']['Flags'] = 0 163 request['pAtInfo']['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 164 try: 165 resp = dce.request(request) 166 resp.dump() 167 except Exception as e: 168 if e.get_error_code() != ERROR_NOT_SUPPORTED: 169 raise 170 else: 171 # OpNum not supported, aborting test 172 return 173 174 request = atsvc.NetrJobEnum() 175 request['ServerName'] = NULL 176 request['pEnumContainer']['Buffer'] = NULL 177 request['PreferedMaximumLength'] = 0xffffffff 178 resp = dce.request(request) 179 resp.dump() 180 181 for job in resp['pEnumContainer']['Buffer']: 182 request = atsvc.NetrJobDel() 183 request['ServerName'] = NULL 184 request['MinJobId'] = job['JobId'] 185 request['MaxJobId'] = job['JobId'] 186 resp = dce.request(request) 187 resp.dump() 188 189 def test_NetrJobAdd_NetrJobGetInfo_NetrJobDel(self): 190 dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 191 192 request = atsvc.NetrJobAdd() 193 request['ServerName'] = NULL 194 request['pAtInfo']['JobTime'] = NULL 195 request['pAtInfo']['DaysOfMonth'] = 0 196 request['pAtInfo']['DaysOfWeek'] = 0 197 request['pAtInfo']['Flags'] = 0 198 request['pAtInfo']['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 199 try: 200 resp = dce.request(request) 201 resp.dump() 202 except Exception as e: 203 if e.get_error_code() != ERROR_NOT_SUPPORTED: 204 raise 205 else: 206 # OpNum not supported, aborting test 207 return 208 209 request = atsvc.NetrJobGetInfo() 210 request['ServerName'] = NULL 211 request['JobId'] = resp['pJobId'] 212 resp2 = dce.request(request) 213 resp2.dump() 214 215 request = atsvc.NetrJobDel() 216 request['ServerName'] = NULL 217 request['MinJobId'] = resp['pJobId'] 218 request['MaxJobId'] = resp['pJobId'] 219 resp = dce.request(request) 220 resp.dump() 221 222 def test_hNetrJobAdd_hNetrJobGetInfo_hNetrJobDel(self): 223 dce, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 224 225 atInfo = AT_INFO() 226 atInfo['JobTime'] = NULL 227 atInfo['DaysOfMonth'] = 0 228 atInfo['DaysOfWeek'] = 0 229 atInfo['Flags'] = 0 230 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 231 232 try: 233 resp = atsvc.hNetrJobAdd(dce, NULL, atInfo) 234 resp.dump() 235 except Exception as e: 236 if e.get_error_code() != ERROR_NOT_SUPPORTED: 237 raise 238 else: 239 # OpNum not supported, aborting test 240 return 241 242 resp2 = atsvc.hNetrJobGetInfo(dce, NULL, resp['pJobId']) 243 resp2.dump() 244 245 resp = atsvc.hNetrJobDel(dce, NULL, resp['pJobId'], resp['pJobId']) 246 resp.dump() 247 248 def test_SASetAccountInformation(self): 249 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 250 251 request = sasec.SASetAccountInformation() 252 request['Handle'] = NULL 253 request['pwszJobName'] = 'MyJob.job\x00' 254 request['pwszAccount'] = self.username + '\0' 255 request['pwszPassword'] = self.password + '\0' 256 request['dwJobFlags'] = sasec.TASK_FLAG_RUN_ONLY_IF_LOGGED_ON 257 try: 258 resp = dce.request(request) 259 resp.dump() 260 except Exception as e: 261 if e.get_error_code() != 0x80070002: 262 raise 263 264 def test_hSASetAccountInformation(self): 265 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 266 267 try: 268 resp = sasec.hSASetAccountInformation(dce, NULL, 'MyJob.job', self.username, self.password, 0) 269 resp.dump() 270 except Exception as e: 271 if e.get_error_code() != 0x80070002: 272 raise 273 274 def test_SASetNSAccountInformation(self): 275 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 276 277 request = sasec.SASetNSAccountInformation() 278 request['Handle'] = NULL 279 request['pwszAccount'] = self.username + '\0' 280 request['pwszPassword'] = self.password + '\0' 281 resp = dce.request(request) 282 resp.dump() 283 284 def test_hSASetNSAccountInformation(self): 285 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 286 287 resp = sasec.hSASetNSAccountInformation(dce, NULL, self.username, self.password) 288 resp.dump() 289 290 def test_SAGetNSAccountInformation(self): 291 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 292 293 request = sasec.SAGetNSAccountInformation() 294 request['Handle'] = NULL 295 request['ccBufferSize'] = 25 296 for i in range(request['ccBufferSize'] ): 297 request['wszBuffer'].append(0) 298 resp = dce.request(request) 299 resp.dump() 300 301 def test_hSAGetNSAccountInformation(self): 302 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 303 304 resp = sasec.hSAGetNSAccountInformation(dce, NULL, 25) 305 resp.dump() 306 307 def test_SAGetAccountInformation(self): 308 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 309 310 request = sasec.SAGetAccountInformation() 311 request['Handle'] = NULL 312 request['pwszJobName'] = 'MyJob.job\x00' 313 request['ccBufferSize'] = 15 314 for i in range(request['ccBufferSize'] ): 315 request['wszBuffer'].append(0) 316 try: 317 resp = dce.request(request) 318 resp.dump() 319 except Exception as e: 320 if e.get_error_code() != 0x80070002: 321 raise 322 323 def test_hSAGetAccountInformation(self): 324 dce, rpctransport = self.connect(self.stringBindingAtSvc, sasec.MSRPC_UUID_SASEC) 325 326 try: 327 resp = sasec.hSAGetAccountInformation(dce, NULL, 'MyJob.job', 15) 328 resp.dump() 329 except Exception as e: 330 if e.get_error_code() != 0x80070002: 331 raise 332 333 def test_SchRpcHighestVersion(self): 334 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 335 336 request = tsch.SchRpcHighestVersion() 337 resp = dce.request(request) 338 resp.dump() 339 340 def test_hSchRpcHighestVersion(self): 341 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 342 343 resp = tsch.hSchRpcHighestVersion(dce) 344 resp.dump() 345 346 def tes_SchRpcRegisterTask(self): 347 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 348 349 xml = """ 350 <!-- Task --> 351 <xs:complexType name="taskType"> 352 <xs:all> 353 <xs:element name="RegistrationInfo" type="registrationInfoType" minOccurs="0"/> 354 <xs:element name="Triggers" type="triggersType" minOccurs="0"/> 355 <xs:element name="Settings" type="settingsType" minOccurs="0"/> 356 <xs:element name="Data" type="dataType" minOccurs="0"/> 357 <xs:element name="Principals" type="principalsType" minOccurs="0"/> 358 <xs:element name="Actions" type="actionsType"/> 359 </xs:all> 360 <xs:attribute name="version" type="versionType" use="optional"/> </xs:complexType>\x00 361 """ 362 request = tsch.SchRpcRegisterTask() 363 request['path'] =NULL 364 request['xml'] = xml 365 request['flags'] = 1 366 request['sddl'] = NULL 367 request['logonType'] = tsch.TASK_LOGON_NONE 368 request['cCreds'] = 0 369 request['pCreds'] = NULL 370 resp = dce.request(request) 371 resp.dump() 372 373 def test_SchRpcRetrieveTask(self): 374 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 375 376 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 377 378 atInfo = AT_INFO() 379 atInfo['JobTime'] = NULL 380 atInfo['DaysOfMonth'] = 0 381 atInfo['DaysOfWeek'] = 0 382 atInfo['Flags'] = 0 383 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 384 385 try: 386 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 387 resp.dump() 388 except Exception as e: 389 if e.get_error_code() != ERROR_NOT_SUPPORTED: 390 raise 391 else: 392 # OpNum not supported, aborting test 393 return 394 jobId = resp['pJobId'] 395 396 request = tsch.SchRpcRetrieveTask() 397 request['path'] = '\\At%d.job\x00' % jobId 398 request['lpcwszLanguagesBuffer'] = '\x00' 399 request['pulNumLanguages'] = 0 400 try: 401 resp = dce.request(request) 402 resp.dump() 403 except Exception as e: 404 if e.get_error_code() != 0x80070002: 405 raise 406 407 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 408 resp.dump() 409 410 def test_hSchRpcRetrieveTask(self): 411 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 412 413 try: 414 resp = tsch.hSchRpcRetrieveTask(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00') 415 resp.dump() 416 except Exception as e: 417 print(e) 418 pass 419 420 def test_SchRpcCreateFolder_SchRpcEnumFolders_SchRpcDelete(self): 421 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 422 423 request = tsch.SchRpcCreateFolder() 424 request['path'] = '\\Beto\x00' 425 request['sddl'] = NULL 426 request['flags'] = 0 427 resp = dce.request(request) 428 resp.dump() 429 430 request = tsch.SchRpcEnumFolders() 431 request['path'] = '\\\x00' 432 request['flags'] = tsch.TASK_ENUM_HIDDEN 433 request['startIndex'] = 0 434 request['cRequested'] = 10 435 try: 436 resp = dce.request(request) 437 resp.dump() 438 except Exception as e: 439 print(e) 440 pass 441 442 request = tsch.SchRpcDelete() 443 request['path'] = '\\Beto\x00' 444 request['flags'] = 0 445 resp = dce.request(request) 446 resp.dump() 447 448 def test_hSchRpcCreateFolder_hSchRpcEnumFolders_hSchRpcDelete(self): 449 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 450 451 resp = tsch.hSchRpcCreateFolder(dce, '\\Beto') 452 resp.dump() 453 454 resp = tsch.hSchRpcEnumFolders(dce, '\\') 455 resp.dump() 456 457 resp = tsch.hSchRpcDelete(dce, '\\Beto') 458 resp.dump() 459 460 def test_SchRpcEnumTasks(self): 461 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 462 463 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 464 465 atInfo = AT_INFO() 466 atInfo['JobTime'] = NULL 467 atInfo['DaysOfMonth'] = 0 468 atInfo['DaysOfWeek'] = 0 469 atInfo['Flags'] = 0 470 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 471 472 try: 473 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 474 resp.dump() 475 except Exception as e: 476 if e.get_error_code() != ERROR_NOT_SUPPORTED: 477 raise 478 else: 479 # OpNum not supported, aborting test 480 return 481 jobId = resp['pJobId'] 482 483 request = tsch.SchRpcEnumTasks() 484 request['path'] = '\\\x00' 485 request['flags'] = tsch.TASK_ENUM_HIDDEN 486 request['startIndex'] = 0 487 request['cRequested'] = 10 488 resp = dce.request(request) 489 resp.dump() 490 491 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 492 resp.dump() 493 494 def test_hSchRpcEnumTasks(self): 495 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 496 497 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 498 499 atInfo = AT_INFO() 500 atInfo['JobTime'] = NULL 501 atInfo['DaysOfMonth'] = 0 502 atInfo['DaysOfWeek'] = 0 503 atInfo['Flags'] = 0 504 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\BTO\x00' 505 506 try: 507 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 508 resp.dump() 509 except Exception as e: 510 if e.get_error_code() != ERROR_NOT_SUPPORTED: 511 raise 512 else: 513 # OpNum not supported, aborting test 514 return 515 jobId = resp['pJobId'] 516 517 resp = tsch.hSchRpcEnumTasks(dce, '\\') 518 resp.dump() 519 520 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 521 resp.dump() 522 523 def test_SchRpcEnumInstances(self): 524 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 525 526 request = tsch.SchRpcEnumInstances() 527 request['path'] = '\\\x00' 528 request['flags'] = tsch.TASK_ENUM_HIDDEN 529 try: 530 resp = dce.request(request) 531 resp.dump() 532 except Exception as e: 533 if e.get_error_code() != 0x80070002: 534 raise 535 536 def test_hSchRpcEnumInstances(self): 537 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 538 539 try: 540 resp = tsch.hSchRpcEnumInstances(dce, '\\') 541 resp.dump() 542 except Exception as e: 543 if e.get_error_code() != 0x80070002: 544 raise 545 546 def test_SchRpcRun(self): 547 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 548 549 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 550 551 atInfo = AT_INFO() 552 atInfo['JobTime'] = NULL 553 atInfo['DaysOfMonth'] = 0 554 atInfo['DaysOfWeek'] = 0 555 atInfo['Flags'] = 0 556 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 557 558 try: 559 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 560 resp.dump() 561 except Exception as e: 562 if e.get_error_code() != ERROR_NOT_SUPPORTED: 563 raise 564 else: 565 # OpNum not supported, aborting test 566 return 567 jobId = resp['pJobId'] 568 569 request = tsch.SchRpcRun() 570 request['path'] = '\\At%d\x00' % jobId 571 #request['cArgs'] = 2 572 #arg0 = LPWSTR() 573 #arg0['Data'] = 'arg0\x00' 574 #arg1 = LPWSTR() 575 #arg1['Data'] = 'arg1\x00' 576 #request['pArgs'].append(arg0) 577 #request['pArgs'].append(arg1) 578 request['cArgs'] = 0 579 request['pArgs'] = NULL 580 request['flags'] = tsch.TASK_RUN_AS_SELF 581 request['sessionId'] = 0 582 request['user'] = NULL 583 try: 584 resp = dce.request(request) 585 resp.dump() 586 except Exception as e: 587 print(e) 588 pass 589 590 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 591 resp.dump() 592 593 def test_hSchRpcRun(self): 594 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 595 596 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 597 598 atInfo = AT_INFO() 599 atInfo['JobTime'] = NULL 600 atInfo['DaysOfMonth'] = 0 601 atInfo['DaysOfWeek'] = 0 602 atInfo['Flags'] = 0 603 atInfo['Command'] = '%%COMSPEC%% /C dir > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 604 605 try: 606 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 607 resp.dump() 608 except Exception as e: 609 if e.get_error_code() != ERROR_NOT_SUPPORTED: 610 raise 611 else: 612 # OpNum not supported, aborting test 613 return 614 jobId = resp['pJobId'] 615 616 try: 617 resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1')) 618 resp.dump() 619 except Exception as e: 620 print(e) 621 pass 622 623 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 624 resp.dump() 625 626 def test_SchRpcGetInstanceInfo(self): 627 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 628 629 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 630 631 atInfo = AT_INFO() 632 atInfo['JobTime'] = NULL 633 atInfo['DaysOfMonth'] = 0 634 atInfo['DaysOfWeek'] = 0 635 atInfo['Flags'] = 0 636 atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 637 638 try: 639 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 640 resp.dump() 641 except Exception as e: 642 if e.get_error_code() != ERROR_NOT_SUPPORTED: 643 raise 644 else: 645 # OpNum not supported, aborting test 646 return 647 jobId = resp['pJobId'] 648 649 try: 650 resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1')) 651 resp.dump() 652 except Exception as e: 653 print(e) 654 pass 655 656 request = tsch.SchRpcGetInstanceInfo() 657 request['guid'] = resp['pGuid'] 658 try: 659 resp = dce.request(request) 660 resp.dump() 661 except Exception as e: 662 if str(e).find('SCHED_E_TASK_NOT_RUNNING') <= 0: 663 raise 664 pass 665 666 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 667 resp.dump() 668 669 def test_hSchRpcGetInstanceInfo(self): 670 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 671 672 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 673 674 atInfo = AT_INFO() 675 atInfo['JobTime'] = NULL 676 atInfo['DaysOfMonth'] = 0 677 atInfo['DaysOfWeek'] = 0 678 atInfo['Flags'] = 0 679 atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 680 681 try: 682 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 683 resp.dump() 684 except Exception as e: 685 if e.get_error_code() != ERROR_NOT_SUPPORTED: 686 raise 687 else: 688 # OpNum not supported, aborting test 689 return 690 jobId = resp['pJobId'] 691 692 try: 693 resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1')) 694 resp.dump() 695 except Exception as e: 696 print(e) 697 pass 698 699 try: 700 resp = tsch.hSchRpcGetInstanceInfo(dce, resp['pGuid']) 701 resp.dump() 702 except Exception as e: 703 if str(e).find('SCHED_E_TASK_NOT_RUNNING') <= 0: 704 raise 705 pass 706 707 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 708 resp.dump() 709 710 def test_SchRpcStopInstance(self): 711 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 712 713 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 714 715 atInfo = AT_INFO() 716 atInfo['JobTime'] = NULL 717 atInfo['DaysOfMonth'] = 0 718 atInfo['DaysOfWeek'] = 0 719 atInfo['Flags'] = 0 720 atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 721 722 try: 723 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 724 resp.dump() 725 except Exception as e: 726 if e.get_error_code() != ERROR_NOT_SUPPORTED: 727 raise 728 else: 729 # OpNum not supported, aborting test 730 return 731 jobId = resp['pJobId'] 732 733 try: 734 resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1')) 735 resp.dump() 736 except Exception as e: 737 print(e) 738 pass 739 740 request = tsch.SchRpcStopInstance() 741 request['guid'] = resp['pGuid'] 742 request['flags'] = 0 743 try: 744 resp = dce.request(request) 745 resp.dump() 746 except Exception as e: 747 if str(e).find('SCHED_E_TASK_NOT_RUNNING') <= 0: 748 raise 749 pass 750 751 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 752 resp.dump() 753 754 def test_hSchRpcStopInstance(self): 755 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 756 757 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 758 759 atInfo = AT_INFO() 760 atInfo['JobTime'] = NULL 761 atInfo['DaysOfMonth'] = 0 762 atInfo['DaysOfWeek'] = 0 763 atInfo['Flags'] = 0 764 atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 765 766 try: 767 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 768 resp.dump() 769 except Exception as e: 770 if e.get_error_code() != ERROR_NOT_SUPPORTED: 771 raise 772 else: 773 # OpNum not supported, aborting test 774 return 775 jobId = resp['pJobId'] 776 777 try: 778 resp = tsch.hSchRpcRun(dce, '\\At%d\x00' % jobId, ('arg0','arg1')) 779 resp.dump() 780 except Exception as e: 781 print(e) 782 pass 783 784 try: 785 resp = tsch.hSchRpcStopInstance(dce, resp['pGuid']) 786 resp.dump() 787 except Exception as e: 788 if str(e).find('SCHED_E_TASK_NOT_RUNNING') <= 0: 789 raise 790 pass 791 792 try: 793 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 794 resp.dump() 795 except Exception as e: 796 if e.get_error_code() != ERROR_NOT_SUPPORTED: 797 raise 798 else: 799 # OpNum not supported, aborting test 800 return 801 802 def test_SchRpcStop(self): 803 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 804 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 805 806 atInfo = AT_INFO() 807 atInfo['JobTime'] = NULL 808 atInfo['DaysOfMonth'] = 0 809 atInfo['DaysOfWeek'] = 0 810 atInfo['Flags'] = 0 811 atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 812 813 try: 814 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 815 resp.dump() 816 except Exception as e: 817 if e.get_error_code() != ERROR_NOT_SUPPORTED: 818 raise 819 else: 820 # OpNum not supported, aborting test 821 return 822 jobId = resp['pJobId'] 823 824 request = tsch.SchRpcStop() 825 request['path'] = '\\At%d\x00' % jobId 826 request['flags'] = 0 827 try: 828 resp = dce.request(request) 829 resp.dump() 830 except Exception as e: 831 # It is actually S_FALSE 832 if str(e).find('ERROR_INVALID_FUNCTION') <= 0: 833 raise 834 pass 835 836 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 837 resp.dump() 838 839 def test_hSchRpcStop(self): 840 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 841 dce2, rpctransport = self.connect(self.stringBindingAtSvc, atsvc.MSRPC_UUID_ATSVC) 842 843 atInfo = AT_INFO() 844 atInfo['JobTime'] = NULL 845 atInfo['DaysOfMonth'] = 0 846 atInfo['DaysOfWeek'] = 0 847 atInfo['Flags'] = 0 848 atInfo['Command'] = '%%COMSPEC%% /C vssadmin > %%SYSTEMROOT%%\\Temp\\ANI 2>&1\x00' 849 850 try: 851 resp = atsvc.hNetrJobAdd(dce2, NULL, atInfo) 852 resp.dump() 853 except Exception as e: 854 if e.get_error_code() != ERROR_NOT_SUPPORTED: 855 raise 856 else: 857 # OpNum not supported, aborting test 858 return 859 jobId = resp['pJobId'] 860 861 try: 862 resp = tsch.hSchRpcStop(dce, '\\At%d\x00' % jobId) 863 resp.dump() 864 except Exception as e: 865 # It is actually S_FALSE 866 if str(e).find('ERROR_INVALID_FUNCTION') <= 0: 867 raise 868 pass 869 870 resp = atsvc.hNetrJobDel(dce2, NULL, jobId, jobId) 871 resp.dump() 872 873 def test_SchRpcRename(self): 874 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 875 876 resp = tsch.hSchRpcCreateFolder(dce, '\\Beto') 877 resp.dump() 878 879 request = tsch.SchRpcRename() 880 request['path'] = '\\Beto\x00' 881 request['newName'] = '\\Anita\x00' 882 request['flags'] = 0 883 try: 884 resp = dce.request(request) 885 resp.dump() 886 except Exception as e: 887 if str(e).find('E_NOTIMPL') <= 0: 888 raise 889 pass 890 891 resp = tsch.hSchRpcDelete(dce, '\\Beto') 892 resp.dump() 893 894 def test_hSchRpcRename(self): 895 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 896 897 resp = tsch.hSchRpcCreateFolder(dce, '\\Beto') 898 resp.dump() 899 900 try: 901 resp = tsch.hSchRpcRename(dce, '\\Beto', '\\Anita') 902 resp.dump() 903 except Exception as e: 904 if str(e).find('E_NOTIMPL') <= 0: 905 raise 906 pass 907 908 resp = tsch.hSchRpcDelete(dce, '\\Beto') 909 resp.dump() 910 911 def test_SchRpcScheduledRuntimes(self): 912 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 913 request = tsch.SchRpcScheduledRuntimes() 914 #request['path'] = '\\BBB\\Beto Task\x00' 915 request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00' 916 request['start'] = NULL 917 request['end'] = NULL 918 request['flags'] = 0 919 request['cRequested'] = 10 920 try: 921 resp = dce.request(request) 922 resp.dump() 923 except Exception as e: 924 # It is actually S_FALSE 925 if str(e).find('ERROR_INVALID_FUNCTIO') <= 0 and str(e).find('SCHED_S_TASK_NOT_SCHEDULED') < 0: 926 raise 927 e.get_packet().dump() 928 pass 929 930 def test_hSchRpcScheduledRuntimes(self): 931 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 932 933 request = tsch.SchRpcScheduledRuntimes() 934 #request['path'] = '\\BBB\\Beto Task\x00' 935 request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00' 936 request['start'] = NULL 937 request['end'] = NULL 938 request['flags'] = 0 939 request['cRequested'] = 10 940 try: 941 resp = tsch.hSchRpcScheduledRuntimes(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag', NULL, NULL, 0, 10) 942 resp.dump() 943 except Exception as e: 944 # It is actually S_FALSE 945 if str(e).find('ERROR_INVALID_FUNCTIO') <= 0 and str(e).find('SCHED_S_TASK_NOT_SCHEDULED') < 0: 946 raise 947 e.get_packet().dump() 948 pass 949 950 def test_SchRpcGetLastRunInfo(self): 951 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 952 request = tsch.SchRpcGetLastRunInfo() 953 #request['path'] = '\\BBB\\Beto Task\x00' 954 request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00' 955 try: 956 resp = dce.request(request) 957 resp.dump() 958 except Exception as e: 959 if str(e).find('SCHED_S_TASK_HAS_NOT_RUN') <= 0: 960 raise 961 pass 962 963 def test_hSchRpcGetLastRunInfo(self): 964 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 965 try: 966 resp = tsch.hSchRpcGetLastRunInfo(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag') 967 resp.dump() 968 except Exception as e: 969 if str(e).find('SCHED_S_TASK_HAS_NOT_RUN') <= 0: 970 raise 971 pass 972 973 def test_SchRpcGetTaskInfo(self): 974 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 975 request = tsch.SchRpcGetTaskInfo() 976 request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00' 977 request['flags'] = tsch.SCH_FLAG_STATE 978 try: 979 resp = dce.request(request) 980 resp.dump() 981 except Exception as e: 982 print(e) 983 pass 984 985 def test_hSchRpcGetTaskInfo(self): 986 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 987 try: 988 resp = tsch.hSchRpcGetTaskInfo(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag', tsch.SCH_FLAG_STATE) 989 resp.dump() 990 except Exception as e: 991 print(e) 992 pass 993 994 def test_SchRpcGetNumberOfMissedRuns(self): 995 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 996 request = tsch.SchRpcGetNumberOfMissedRuns() 997 request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00' 998 try: 999 resp = dce.request(request) 1000 resp.dump() 1001 except Exception as e: 1002 print(e) 1003 pass 1004 1005 def test_hSchRpcGetNumberOfMissedRuns(self): 1006 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 1007 try: 1008 resp = tsch.hSchRpcGetNumberOfMissedRuns(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag') 1009 resp.dump() 1010 except Exception as e: 1011 print(e) 1012 pass 1013 1014 def test_SchRpcEnableTask(self): 1015 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 1016 request = tsch.SchRpcEnableTask() 1017 request['path'] = '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag\x00' 1018 request['enabled'] = 1 1019 try: 1020 resp = dce.request(request) 1021 resp.dump() 1022 except Exception as e: 1023 print(e) 1024 pass 1025 1026 def test_hSchRpcEnableTask(self): 1027 dce, rpctransport = self.connect(self.stringBindingAtSvc, tsch.MSRPC_UUID_TSCHS) 1028 try: 1029 resp = tsch.hSchRpcEnableTask(dce, '\\Microsoft\\Windows\\Defrag\\ScheduledDefrag', True) 1030 resp.dump() 1031 except Exception as e: 1032 print(e) 1033 pass 1034 1035 class SMBTransport(TSCHTests): 1036 def setUp(self): 1037 TSCHTests.setUp(self) 1038 configFile = ConfigParser.ConfigParser() 1039 configFile.read('dcetests.cfg') 1040 self.username = configFile.get('SMBTransport', 'username') 1041 self.domain = configFile.get('SMBTransport', 'domain') 1042 self.serverName = configFile.get('SMBTransport', 'servername') 1043 self.password = configFile.get('SMBTransport', 'password') 1044 self.machine = configFile.get('SMBTransport', 'machine') 1045 self.hashes = configFile.get('SMBTransport', 'hashes') 1046 self.stringBindingAtSvc = r'ncacn_np:%s[\PIPE\atsvc]' % self.machine 1047 self.stringBindingAtSvc = r'ncacn_np:%s[\PIPE\atsvc]' % self.machine 1048 self.ts = ('8a885d04-1ceb-11c9-9fe8-08002b104860', '2.0') 1049 1050 class SMBTransport64(TSCHTests): 1051 def setUp(self): 1052 TSCHTests.setUp(self) 1053 configFile = ConfigParser.ConfigParser() 1054 configFile.read('dcetests.cfg') 1055 self.username = configFile.get('SMBTransport', 'username') 1056 self.domain = configFile.get('SMBTransport', 'domain') 1057 self.serverName = configFile.get('SMBTransport', 'servername') 1058 self.password = configFile.get('SMBTransport', 'password') 1059 self.machine = configFile.get('SMBTransport', 'machine') 1060 self.hashes = configFile.get('SMBTransport', 'hashes') 1061 1062 self.stringBindingAtSvc = r'ncacn_np:%s[\PIPE\atsvc]' % self.machine 1063 self.stringBindingAtSvc = r'ncacn_np:%s[\PIPE\atsvc]' % self.machine 1064 self.ts = ('71710533-BEBA-4937-8319-B5DBEF9CCC36', '1.0') 1065 1066 1067 # Process command-line arguments. 1068 if __name__ == '__main__': 1069 import sys 1070 if len(sys.argv) > 1: 1071 testcase = sys.argv[1] 1072 suite = unittest.TestLoader().loadTestsFromTestCase(globals()[testcase]) 1073 else: 1074 suite = unittest.TestLoader().loadTestsFromTestCase(SMBTransport) 1075 #suite.addTests(unittest.TestLoader().loadTestsFromTestCase(SMBTransport64)) 1076 unittest.TextTestRunner(verbosity=1).run(suite)