public CreateServiceW(Rpc.PolicyHandle scmanager_handle, String service_name, String display_name, int access_mask, int service_type, int start_type, int error_control, String binary_path_name, String load_order_group, NdrLong lpdwTagId, byte[] lpDependencies, int dependency_size, String lpServiceStartName, byte[] password, int password_size, Rpc.PolicyHandle service_handle) { this.scmanager_handle = scmanager_handle; this.service_name = service_name; this.display_name = display_name; this.access_mask = access_mask; this.service_type = service_type; this.start_type = start_type; this.error_control = error_control; this.binary_path_name = binary_path_name; this.load_order_group = load_order_group; this.lpdwTagId = lpdwTagId; this.lpDependencies = lpDependencies; this.dependency_size = dependency_size; this.lpServiceStartName = lpServiceStartName; this.password = password; this.password_size = password_size; this.service_handle = service_handle; this.Ptype = 0; }
public StartService(Rpc.PolicyHandle handle, int num_service_args, String[] service_arg_vectors) { this.handle = handle; this.num_service_args = num_service_args; this.service_arg_vectors = service_arg_vectors; this.Ptype = 0; }
public LsarQueryInformationPolicy(Rpc.PolicyHandle handle, short level, NdrObject info) { this.Handle = handle; this.Level = level; this.Info = info; }
public SamrConnect4(string systemName, int unknown, int accessMask, Rpc.PolicyHandle handle) { this.SystemName = systemName; this.Unknown = unknown; this.AccessMask = accessMask; this.Handle = handle; }
public SamrOpenAlias(Rpc.PolicyHandle domainHandle, int accessMask, int rid, Rpc.PolicyHandle aliasHandle) { this.DomainHandle = domainHandle; this.AccessMask = accessMask; this.Rid = rid; this.AliasHandle = aliasHandle; }
public SamrOpenDomain(Rpc.PolicyHandle handle, int accessMask, Rpc.SidT sid, Rpc.PolicyHandle domainHandle) { this.Handle = handle; this.AccessMask = accessMask; this.Sid = sid; this.DomainHandle = domainHandle; }
public LsarOpenPolicy2(string systemName, LsarObjectAttributes objectAttributes , int desiredAccess, Rpc.PolicyHandle policyHandle) { this.SystemName = systemName; this.ObjectAttributes = objectAttributes; this.DesiredAccess = desiredAccess; this.PolicyHandle = policyHandle; }
public SamrEnumerateAliasesInDomain(Rpc.PolicyHandle domainHandle, int resumeHandle , int acctFlags, SamrSamArray sam, int numEntries) { this.DomainHandle = domainHandle; this.ResumeHandle = resumeHandle; this.AcctFlags = acctFlags; this.Sam = sam; this.NumEntries = numEntries; }
public LsarLookupSids(Rpc.PolicyHandle handle, LsarSidArray sids, LsarRefDomainList domains, LsarTransNameArray names, short level, int count) { this.Handle = handle; this.Sids = sids; this.Domains = domains; this.Names = names; this.Level = level; this.Count = count; }
public OpenService(Rpc.PolicyHandle scmanager_handle, String service_name, int access_mask, Rpc.PolicyHandle handle) { this.scmanager_handle = scmanager_handle; this.service_name = service_name; this.access_mask = access_mask; this.handle = handle; this.Ptype = 0; }
public OpenSCManager(String machine_name, String database_name, int access_mask, Rpc.PolicyHandle handle) { this.machine_name = machine_name; this.database_name = database_name; this.access_mask = access_mask; this.handle = handle; this.Ptype = 0; }
public bool doPsexec(String binPath, NtlmPasswordAuthentication auth, String cmd) { Random rnd = new Random(); int randInt = rnd.Next(1, 10000000); String host = "127.0.0.1"; DcerpcHandle handle = DcerpcHandle.GetHandle("ncacn_np:" + host + "[\\pipe\\svcctl]", auth); // Open the SCManager on the remote machine and get a handle // for that open instance (scManagerHandle). Rpc.PolicyHandle scManagerHandle = new Rpc.PolicyHandle(); svcctl.OpenSCManager openSCManagerRpc = new svcctl.OpenSCManager("\\\\" + host, null, (0x000F0000 | 0x0001 | 0x0002 | 0x0004 | 0x0008 | 0x0010 | 0x0020), scManagerHandle); handle.Sendrecv(openSCManagerRpc); if (openSCManagerRpc.retval != 0) { throw new SmbException(openSCManagerRpc.retval, true); } Rpc.PolicyHandle svcHandle = new Rpc.PolicyHandle(); svcctl.OpenService openServiceRpc = new svcctl.OpenService(scManagerHandle, "GetShell" + randInt, svcctl.SC_MANAGER_ALL_ACCESS, svcHandle); handle.Sendrecv(openServiceRpc); // If the service didn't exist, create it. if (openServiceRpc.retval == 1060) { // Create a new service. svcHandle = new Rpc.PolicyHandle(); //code 272 is for an interactive, own process service this was originally svcctl.SC_TYPE_SERVICE_WIN32_OWN_PROCESS svcctl.CreateServiceW createServiceWRpc = new svcctl.CreateServiceW( scManagerHandle, "GetShell" + randInt, "GetShell" + randInt, svcctl.SC_MANAGER_ALL_ACCESS, 272, svcctl.SC_START_TYPE_SERVICE_DEMAND_START, svcctl.SC_SERVICE_ERROR_NORMAL, cmd, null, null, null, 0, null, null, 0, svcHandle); handle.Sendrecv(createServiceWRpc); if (createServiceWRpc.retval != 0) { throw new SmbException(createServiceWRpc.retval, true); } } svcctl.StartService startServiceRpc = new svcctl.StartService(svcHandle, 0, new String[0]); handle.Sendrecv(startServiceRpc); return(true); }
public EnumServicesStatus(Rpc.PolicyHandle handle, int type, int state, int buf_size, byte[] service, int bytes_needed, int services_returned, int resume_handle) { this.handle = handle; this.type = type; this.state = state; this.buf_size = buf_size; this.service = service; this.bytes_needed = bytes_needed; this.services_returned = services_returned; this.resume_handle = resume_handle; this.Ptype = 0; }
public SetServiceStatus(Rpc.PolicyHandle service_handle, service_status status) { this.service_handle = service_handle; this.status = status; this.Ptype = 0; }
public SamrGetMembersInAlias(Rpc.PolicyHandle aliasHandle, Lsarpc.LsarSidArray sids) { this.AliasHandle = aliasHandle; this.Sids = sids; }
public LsarClose(Rpc.PolicyHandle handle) { this.Handle = handle; }
public SamrCloseHandle(Rpc.PolicyHandle handle) { this.Handle = handle; }
public DeleteService(Rpc.PolicyHandle service_handle) { this.service_handle = service_handle; this.Ptype = 0; }