dissect.target 3.14.dev22__py3-none-any.whl → 3.14.dev24__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dissect/target/loaders/smb.py +23 -13
- dissect/target/plugins/os/windows/_os.py +2 -1
- dissect/target/target.py +5 -4
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/METADATA +1 -1
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/RECORD +10 -10
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/COPYRIGHT +0 -0
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/LICENSE +0 -0
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/WHEEL +0 -0
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/entry_points.txt +0 -0
- {dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/top_level.txt +0 -0
dissect/target/loaders/smb.py
CHANGED
@@ -11,6 +11,7 @@ from urllib.parse import ParseResult, parse_qsl
|
|
11
11
|
from dissect.regf import regf
|
12
12
|
from dissect.util import ts
|
13
13
|
from impacket.dcerpc.v5 import rpcrt, rrp, scmr, transport
|
14
|
+
from impacket.dcerpc.v5.rpcrt import DCERPCException
|
14
15
|
from impacket.smbconnection import SessionError, SMBConnection
|
15
16
|
|
16
17
|
from dissect.target import Target
|
@@ -189,18 +190,24 @@ class SmbRegistry(RegistryPlugin):
|
|
189
190
|
return False
|
190
191
|
|
191
192
|
def _init_registry(self) -> None:
|
192
|
-
|
193
|
-
|
193
|
+
try:
|
194
|
+
self._svcctl = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\svcctl]", scmr.MSRPC_UUID_SCMR)
|
195
|
+
self._check_service_status()
|
194
196
|
|
195
|
-
|
197
|
+
self._winreg = _connect_rpc(self.conn, "ncacn_np:445[\\pipe\\winreg]", rrp.MSRPC_UUID_RRP)
|
196
198
|
|
197
|
-
|
198
|
-
|
199
|
+
hklm_hive = SmbRegistryHive(
|
200
|
+
self._winreg, "HKEY_LOCAL_MACHINE", rrp.hOpenLocalMachine(self._winreg)["phKey"]
|
201
|
+
)
|
202
|
+
hku_hive = SmbRegistryHive(self._winreg, "HKEY_USERS", rrp.hOpenUsers(self._winreg)["phKey"])
|
199
203
|
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
+
self._add_hive("HKLM", hklm_hive, TargetPath(self.target.fs, "HKLM"))
|
205
|
+
self._add_hive("HKU", hku_hive, TargetPath(self.target.fs, "HKU"))
|
206
|
+
self._map_hive("HKEY_LOCAL_MACHINE", hklm_hive)
|
207
|
+
self._map_hive("HKEY_USERS", hku_hive)
|
208
|
+
except SessionError:
|
209
|
+
self.target.log.info("Failed to open remote registry, registry will not be available")
|
210
|
+
return # no registry access, probably no access rights
|
204
211
|
|
205
212
|
def _init_users(self) -> None:
|
206
213
|
pass
|
@@ -212,15 +219,18 @@ class SmbRegistry(RegistryPlugin):
|
|
212
219
|
if hasattr(self, "_was_disabled") and self._was_disabled:
|
213
220
|
scmr.hRChangeServiceConfigW(self._svcctl, self._svc_handle, dwStartType=0x4)
|
214
221
|
|
215
|
-
if
|
222
|
+
if getattr(self, "_svcctl", None):
|
216
223
|
self._svcctl.disconnect()
|
217
224
|
|
218
|
-
if
|
225
|
+
if getattr(self, "_winreg", None):
|
219
226
|
self._winreg.disconnect()
|
220
227
|
|
221
228
|
def _check_service_status(self) -> None:
|
222
|
-
|
223
|
-
|
229
|
+
try:
|
230
|
+
manager_handle = scmr.hROpenSCManagerW(self._svcctl)["lpScHandle"]
|
231
|
+
self._svc_handle = scmr.hROpenServiceW(self._svcctl, manager_handle, "RemoteRegistry")["lpServiceHandle"]
|
232
|
+
except DCERPCException:
|
233
|
+
return
|
224
234
|
|
225
235
|
current_state = scmr.hRQueryServiceStatus(self._svcctl, self._svc_handle)["lpServiceStatus"]["dwCurrentState"]
|
226
236
|
if current_state == scmr.SERVICE_STOPPED:
|
@@ -77,7 +77,8 @@ class WindowsPlugin(OSPlugin):
|
|
77
77
|
self.target.fs.mount(drive, volume.fs)
|
78
78
|
break
|
79
79
|
except Exception as e:
|
80
|
-
self.target.log.warning("Failed to map drive letters"
|
80
|
+
self.target.log.warning("Failed to map drive letters")
|
81
|
+
self.target.log.debug("", exc_info=e)
|
81
82
|
|
82
83
|
@export(property=True)
|
83
84
|
def hostname(self) -> Optional[str]:
|
dissect/target/target.py
CHANGED
@@ -426,7 +426,8 @@ class Target:
|
|
426
426
|
if isinstance(os_plugin, plugin.OSPlugin):
|
427
427
|
self._os_plugin = os_plugin.__class__
|
428
428
|
elif issubclass(os_plugin, plugin.OSPlugin):
|
429
|
-
|
429
|
+
if fs := os_plugin.detect(self):
|
430
|
+
os_plugin = os_plugin.create(self, fs)
|
430
431
|
|
431
432
|
self._os = self.add_plugin(os_plugin)
|
432
433
|
return
|
@@ -757,22 +758,22 @@ class VolumeCollection(Collection[volume.Volume]):
|
|
757
758
|
# If we opened an empty volume system, it might also be the case that a filesystem actually
|
758
759
|
# "starts" at offset 0
|
759
760
|
|
761
|
+
# Regardless of what happens, we want to try to open it as a filesystem later on
|
762
|
+
fs_volumes.append(vol)
|
763
|
+
|
760
764
|
if vol.offset == 0 and vol.vs and vol.vs.__type__ == "disk":
|
761
765
|
# We are going to re-open a volume system on itself, bail out
|
762
766
|
self.target.log.info("Found volume with offset 0, opening as raw volume instead")
|
763
|
-
fs_volumes.append(vol)
|
764
767
|
continue
|
765
768
|
|
766
769
|
try:
|
767
770
|
vs = volume.open(vol)
|
768
771
|
except Exception:
|
769
772
|
# If opening a volume system fails, there's likely none, so open as a filesystem instead
|
770
|
-
fs_volumes.append(vol)
|
771
773
|
continue
|
772
774
|
|
773
775
|
if not len(vs.volumes):
|
774
776
|
# We opened an empty volume system, discard
|
775
|
-
fs_volumes.append(vol)
|
776
777
|
continue
|
777
778
|
|
778
779
|
self.entries.extend(vs.volumes)
|
@@ -1,6 +1,6 @@
|
|
1
1
|
Metadata-Version: 2.1
|
2
2
|
Name: dissect.target
|
3
|
-
Version: 3.14.
|
3
|
+
Version: 3.14.dev24
|
4
4
|
Summary: This module ties all other Dissect modules together, it provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets)
|
5
5
|
Author-email: Dissect Team <dissect@fox-it.com>
|
6
6
|
License: Affero General Public License v3
|
@@ -5,7 +5,7 @@ dissect/target/filesystem.py,sha256=8qbXNbhnE9Y1cz-5OH-67Z5eDJMXKQwy7dNYTw1ST5o,
|
|
5
5
|
dissect/target/loader.py,sha256=4ZdX-QJY83NPswTyNG31LUwYXdV1tuByrR2vKKg7d5k,7214
|
6
6
|
dissect/target/plugin.py,sha256=5EtUEU8feYSak7NRWocByPFWKsU0yeUJio6L72Ekw5c,40914
|
7
7
|
dissect/target/report.py,sha256=06uiP4MbNI8cWMVrC1SasNS-Yg6ptjVjckwj8Yhe0Js,7958
|
8
|
-
dissect/target/target.py,sha256=
|
8
|
+
dissect/target/target.py,sha256=CuqLTD3fwr4HIxtDgN_fwJ3UHSqe5PhNJlLTVGsluB8,31908
|
9
9
|
dissect/target/volume.py,sha256=aQZAJiny8jjwkc9UtwIRwy7nINXjCxwpO-_UDfh6-BA,15801
|
10
10
|
dissect/target/containers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
11
11
|
dissect/target/containers/asdf.py,sha256=DJp0QEFwUjy2MFwKYcYqIR_BS1fQT1Yi9Kcmqt0aChM,1366
|
@@ -79,7 +79,7 @@ dissect/target/loaders/pvs.py,sha256=dMqdYSBQtH9QLM3tdu0mokLBcn73edg_HUtYtqrdi6E
|
|
79
79
|
dissect/target/loaders/raw.py,sha256=03OXVlvkqwR29XYu7WPg3pmGtYd_4QJEGnkAuvIrdPs,355
|
80
80
|
dissect/target/loaders/remote.py,sha256=AoI7-RxH2UMjNWnuHbNaieZycApTY3YZmk4wkQAwFt0,8820
|
81
81
|
dissect/target/loaders/res.py,sha256=8b178x05t9K31wOeP8yGD1IdR3RpiMGz7wcvtHmmHjk,8819
|
82
|
-
dissect/target/loaders/smb.py,sha256=
|
82
|
+
dissect/target/loaders/smb.py,sha256=qP8m4Jq7hvAvUCF9jB4yr2Zut7p_R02_vxziNN3R1to,13070
|
83
83
|
dissect/target/loaders/tanium.py,sha256=P9euiQzvVaQQtMQlEmNe0V25w1BkQFRZBuS-0-ksHpY,1585
|
84
84
|
dissect/target/loaders/tar.py,sha256=4-ouVKnNCmW1o3I0OhF4DUyjvpZ7qLIon848gmRWR1M,3103
|
85
85
|
dissect/target/loaders/target.py,sha256=Bp3kcfW-ntkgDZ9IpYPMoR-4FDBPqcLD_W88Z9IU--o,692
|
@@ -219,7 +219,7 @@ dissect/target/plugins/os/unix/log/lastlog.py,sha256=eL_dbB1sPoy0tyavIjT457ZLVfX
|
|
219
219
|
dissect/target/plugins/os/unix/log/messages.py,sha256=W3CeI0tchdRql9SKLFDxk9AKwUvqIrnpCujcERvDt90,2846
|
220
220
|
dissect/target/plugins/os/unix/log/utmp.py,sha256=21tvzG977LqzRShV6uAoU-83WDcLUrI_Tv__2ZVi9rw,7756
|
221
221
|
dissect/target/plugins/os/windows/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
222
|
-
dissect/target/plugins/os/windows/_os.py,sha256
|
222
|
+
dissect/target/plugins/os/windows/_os.py,sha256=agGbApfaSrU2klBYJH_ncOOpBWm0a2dxb8r7b1R4d1w,12144
|
223
223
|
dissect/target/plugins/os/windows/activitiescache.py,sha256=yY41YdCZk9e97Q8_rjZHknMUeOVDxgBG9VtXQHANUsQ,6710
|
224
224
|
dissect/target/plugins/os/windows/adpolicy.py,sha256=rvsvywChfms7d2kMwXRVHZaf8zJ46WmMwYplGAYEax8,6984
|
225
225
|
dissect/target/plugins/os/windows/amcache.py,sha256=ZZNOs3bILTf0AGkDkhoatndl0j39DXkstN7oOyxJECU,27188
|
@@ -304,10 +304,10 @@ dissect/target/volumes/luks.py,sha256=v_mHW05KM5iG8JDe47i2V4Q9O0r4rnAMA9m_qc9cYw
|
|
304
304
|
dissect/target/volumes/lvm.py,sha256=wwQVR9I3G9YzmY6UxFsH2Y4MXGBcKL9aayWGCDTiWMU,2269
|
305
305
|
dissect/target/volumes/md.py,sha256=j1K1iKmspl0C_OJFc7-Q1BMWN2OCC5EVANIgVlJ_fIE,1673
|
306
306
|
dissect/target/volumes/vmfs.py,sha256=-LoUbn9WNwTtLi_4K34uV_-wDw2W5hgaqxZNj4UmqAQ,1730
|
307
|
-
dissect.target-3.14.
|
308
|
-
dissect.target-3.14.
|
309
|
-
dissect.target-3.14.
|
310
|
-
dissect.target-3.14.
|
311
|
-
dissect.target-3.14.
|
312
|
-
dissect.target-3.14.
|
313
|
-
dissect.target-3.14.
|
307
|
+
dissect.target-3.14.dev24.dist-info/COPYRIGHT,sha256=m-9ih2RVhMiXHI2bf_oNSSgHgkeIvaYRVfKTwFbnJPA,301
|
308
|
+
dissect.target-3.14.dev24.dist-info/LICENSE,sha256=DZak_2itbUtvHzD3E7GNUYSRK6jdOJ-GqncQ2weavLA,34523
|
309
|
+
dissect.target-3.14.dev24.dist-info/METADATA,sha256=IoeJMsu7Fw2GBiPaPrlIU7ctHA0R2ja2jtckDBBZ1y0,11042
|
310
|
+
dissect.target-3.14.dev24.dist-info/WHEEL,sha256=oiQVh_5PnQM0E3gPdiz09WCNmwiHDMaGer_elqB3coM,92
|
311
|
+
dissect.target-3.14.dev24.dist-info/entry_points.txt,sha256=tvFPa-Ap-gakjaPwRc6Fl6mxHzxEZ_arAVU-IUYeo_s,447
|
312
|
+
dissect.target-3.14.dev24.dist-info/top_level.txt,sha256=Mn-CQzEYsAbkxrUI0TnplHuXnGVKzxpDw_po_sXpvv4,8
|
313
|
+
dissect.target-3.14.dev24.dist-info/RECORD,,
|
File without changes
|
File without changes
|
File without changes
|
{dissect.target-3.14.dev22.dist-info → dissect.target-3.14.dev24.dist-info}/entry_points.txt
RENAMED
File without changes
|
File without changes
|