-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrip_system.py
77 lines (63 loc) · 2.41 KB
/
rip_system.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# This will open an nt authority system on your computer
# python rip_system.py install
# python rip_system.py start
import base64
import os
import socket
import subprocess
import time
import psutil
import pyscreenshot
import servicemanager
import win32api
import win32con
import win32event
import win32file
import win32pipe
import win32process
import win32profile
import win32security
import win32service
import win32serviceutil
import win32ts
def get_pid(proc_name):
for proc in psutil.process_iter():
if proc.name() == proc_name:
return proc.pid
return 0
def getusertoken():
print("Getting winlogon pid...")
winlogon_pid = get_pid('winlogon.exe')
print("PID:" + str(winlogon_pid))
p = win32api.OpenProcess(1024, 0, get_pid('winlogon.exe'))
t = win32security.OpenProcessToken(p, win32security.TOKEN_DUPLICATE)
primaryToken = win32security.DuplicateTokenEx(t,
win32security.SecurityImpersonation,
win32security.TOKEN_ALL_ACCESS,
win32security.TokenPrimary)
return primaryToken
class AppServerSvc (win32serviceutil.ServiceFramework):
_svc_name_ = "SystemRIP"
_svc_display_name_ = "SystemRIP"
def __init__(self,args):
win32serviceutil.ServiceFramework.__init__(self,args)
self.hWaitStop = win32event.CreateEvent(None,0,0,None)
socket.setdefaulttimeout(20)
def SvcStop(self):
self.ReportServiceStatus(win32service.SERVICE_STOP_PENDING)
win32event.SetEvent(self.hWaitStop)
def SvcDoRun(self):
servicemanager.LogMsg(servicemanager.EVENTLOG_INFORMATION_TYPE,
servicemanager.PYS_SERVICE_STARTED,
(self._svc_name_,''))
self.main()
def main(self):
#my_app_path = 'C:\\Windows\\System32\\cmd.exe'
my_app_path = r'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
startup = win32process.STARTUPINFO()
priority = win32con.NORMAL_PRIORITY_CLASS
console_user_token = getusertoken()
environment = win32profile.CreateEnvironmentBlock(console_user_token, False)
handle, thread_id ,pid, tid = win32process.CreateProcessAsUser(console_user_token, my_app_path, None, None, None, True, priority, environment, None, startup)
if __name__ == '__main__':
win32serviceutil.HandleCommandLine(AppServerSvc)