From ad778bf6477bc2d501a1522a3f26d32b24841ae3 Mon Sep 17 00:00:00 2001 From: Christophe De La Fuente Date: Thu, 13 Aug 2020 18:58:45 +0200 Subject: [PATCH] Add query_service_status example script --- examples/query_service_status.rb | 64 ++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 examples/query_service_status.rb diff --git a/examples/query_service_status.rb b/examples/query_service_status.rb new file mode 100644 index 000000000..5bc2e031c --- /dev/null +++ b/examples/query_service_status.rb @@ -0,0 +1,64 @@ +#!/usr/bin/ruby + +# This example script is used for testing remote service status and start type query. +# It will attempt to connect to a host and query the status and start type of the provided service. +# Example usage: ruby query_service_status.rb 192.168.172.138 msfadmin msfadmin "RemoteRegistry" +# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin credentialas and get the status and start type of the "RemoteRegistry" service. + +require 'bundler/setup' +require 'ruby_smb' + +address = ARGV[0] +username = ARGV[1] +password = ARGV[2] +service = ARGV[3] +smb_versions = ARGV[4]&.split(',') || ['1','2','3'] + +sock = TCPSocket.new address, 445 +dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60) + +client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password) +protocol = client.negotiate +status = client.authenticate + +puts "#{protocol} : #{status}" + +tree = client.tree_connect("\\\\#{address}\\IPC$") +svcctl = tree.open_file(filename: 'svcctl', write: true, read: true) + +puts('Binding to \\svcctl...') +svcctl.bind(endpoint: RubySMB::Dcerpc::Svcctl) +puts('Bound to \\svcctl') + +puts('Opening Service Control Manager') +scm_handle = svcctl.open_sc_manager_w(address) + +svc_handle = svcctl.open_service_w(scm_handle, service) +svc_status = svcctl.query_service_status(svc_handle) + +case svc_status.dw_current_state +when RubySMB::Dcerpc::Svcctl::SERVICE_RUNNING + puts("Service #{service} is running") +when RubySMB::Dcerpc::Svcctl::SERVICE_STOPPED + puts("Service #{service} is in stopped state") +end + +svc_config = svcctl.query_service_config(svc_handle) +case svc_config.dw_start_type +when RubySMB::Dcerpc::Svcctl::SERVICE_DISABLED + puts("Service #{service} is disabled") +when RubySMB::Dcerpc::Svcctl::SERVICE_BOOT_START, RubySMB::Dcerpc::Svcctl::SERVICE_SYSTEM_START + puts("Service #{service} starts when the system boots up (driver)") +when RubySMB::Dcerpc::Svcctl::SERVICE_AUTO_START + puts("Service #{service} starts automatically during system startup") +when RubySMB::Dcerpc::Svcctl::SERVICE_DEMAND_START + puts("Service #{service} starts manually") +end + +if svcctl + svcctl.close_service_handle(svc_handle) if svc_handle + svcctl.close_service_handle(scm_handle) if scm_handle + svcctl.close +end +client.disconnect! +