-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add query_service_status example script
- Loading branch information
1 parent
cc1c7b6
commit ad778bf
Showing
1 changed file
with
64 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,64 @@ | ||
| #!/usr/bin/ruby | ||
|
|
||
| # This example script is used for testing remote service status and start type query. | ||
| # It will attempt to connect to a host and query the status and start type of the provided service. | ||
| # Example usage: ruby query_service_status.rb 192.168.172.138 msfadmin msfadmin "RemoteRegistry" | ||
| # This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin credentialas and get the status and start type of the "RemoteRegistry" service. | ||
|
|
||
| require 'bundler/setup' | ||
| require 'ruby_smb' | ||
|
|
||
| address = ARGV[0] | ||
| username = ARGV[1] | ||
| password = ARGV[2] | ||
| service = ARGV[3] | ||
| smb_versions = ARGV[4]&.split(',') || ['1','2','3'] | ||
|
|
||
| sock = TCPSocket.new address, 445 | ||
| dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60) | ||
|
|
||
| client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password) | ||
| protocol = client.negotiate | ||
| status = client.authenticate | ||
|
|
||
| puts "#{protocol} : #{status}" | ||
|
|
||
| tree = client.tree_connect("\\\\#{address}\\IPC$") | ||
| svcctl = tree.open_file(filename: 'svcctl', write: true, read: true) | ||
|
|
||
| puts('Binding to \\svcctl...') | ||
| svcctl.bind(endpoint: RubySMB::Dcerpc::Svcctl) | ||
| puts('Bound to \\svcctl') | ||
|
|
||
| puts('Opening Service Control Manager') | ||
| scm_handle = svcctl.open_sc_manager_w(address) | ||
|
|
||
| svc_handle = svcctl.open_service_w(scm_handle, service) | ||
| svc_status = svcctl.query_service_status(svc_handle) | ||
|
|
||
| case svc_status.dw_current_state | ||
| when RubySMB::Dcerpc::Svcctl::SERVICE_RUNNING | ||
| puts("Service #{service} is running") | ||
| when RubySMB::Dcerpc::Svcctl::SERVICE_STOPPED | ||
| puts("Service #{service} is in stopped state") | ||
| end | ||
|
|
||
| svc_config = svcctl.query_service_config(svc_handle) | ||
| case svc_config.dw_start_type | ||
| when RubySMB::Dcerpc::Svcctl::SERVICE_DISABLED | ||
| puts("Service #{service} is disabled") | ||
| when RubySMB::Dcerpc::Svcctl::SERVICE_BOOT_START, RubySMB::Dcerpc::Svcctl::SERVICE_SYSTEM_START | ||
| puts("Service #{service} starts when the system boots up (driver)") | ||
| when RubySMB::Dcerpc::Svcctl::SERVICE_AUTO_START | ||
| puts("Service #{service} starts automatically during system startup") | ||
| when RubySMB::Dcerpc::Svcctl::SERVICE_DEMAND_START | ||
| puts("Service #{service} starts manually") | ||
| end | ||
|
|
||
| if svcctl | ||
| svcctl.close_service_handle(svc_handle) if svc_handle | ||
| svcctl.close_service_handle(scm_handle) if scm_handle | ||
| svcctl.close | ||
| end | ||
| client.disconnect! | ||
|
|