search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.29k stars 3.54k forks source link

Error in calling the registry write method SetBinaryValue of wmi's StdRegProv object #1441

Open koushui opened 1 year ago

koushui commented 1 year ago

Hey everynone~!

Configuration

impacket version: v0.10.0 (same error in v0.9.25) Python version: 3.8.10 / 3.9.12 / 3.10.6 Host OS:Windows 11 22000.1098 and Ubuntu 20.04(5.10.60.1-microsoft-standard-WSL2) Target OS: Windows 10 19044.2251

Debug Output With code snippet

My Code Snippet:

keyName = 'filedata'
f = open(‘a.txt’,"rb")
FileData = f.read()
f.close()

iWbemServices.namespace = '//%s/root/default' % address
objRegistry, _ = iWbemServices.GetObject('StdRegProv')
objRegistry = objRegistry.SpawnInstance()
retCode1 = objRegistry.CreateKey(2147483650,'SOFTWARE\\classes\\Hello')     
retCode2 = objRegistry.SetBinaryValue(2147483650,'SOFTWARE\\classes\\Hello', keyName ,FileData )
iWbemServices.RemRelease()
sys.exit(0)

The result is that the value is successfully written to the target machine's registry, but each byte is expanded to 4 bytes,Actually my file content is "#wmiexec-RegOut"

PCAP

1668504278726

Additional context

image

crab2019 commented 6 months ago

Yes, I have the same problem.

binary_value = bytes(range(1, 11)) print("binary_value Hexadecimal representation:") print_hex(binary_value) success = register.SetBinaryValue(2147483650, r'SOFTWARE\Classes', 'test5', binary_value) result = register.GetBinaryValue(2147483650, r'SOFTWARE\Classes', 'test5') if result: print("GetBinaryValue Hexadecimal representation:") print_hex(result.uValue)

Impacket v0.11.0 - Copyright 2023 Fortra

binary_value Hexadecimal representation: 0x1 0x2 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa GetBinaryValue Hexadecimal representation: 0x1 0x0 0x0 0x0 0x2 0x0 0x0 0x0 0x3 0x0