tis-disable-smb1 22

  • package : tis-disable-smb1
  • version : 22
  • description : Disable SMB1 Server on Windows >= Vista. Install KB4012598 on win XP.
  • maintainer : Hubert TOUVET
  • date : 2017-07-20 11:19:47
  • signer : TRANQUIL IT SYSTEMS
  • signature_date : 20170720-111947
  • min_os_version :
  • min_wapt_version :

setup.py

# -*- coding: utf-8 -*-
from setuphelpers import *
import platform

uninstallkey = []

def pending_reboot_reasons():
    result = []
    reboot_required = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update','RebootRequired',0)
    if reboot_required:
        result.append('Windows Update: %s' % reboot_required)
    reboot_pending = registry_readstring(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing','RebootPending',0)
    if reboot_pending:
        result.append('CBS Updates: %s' % reboot_pending)
    renames_pending = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Control\Session Manager','PendingFileRenameOperations',None)
    if renames_pending:
        result.append('File renames: %s' % renames_pending)
    return result

def is_kb_installed(hotfixid):
    installed_update = installed_windows_updates()
    if [kb for kb in installed_update if kb['HotFixID' ].upper() == hotfixid.upper()]:
        return True
    return False


def install_kb4012598():
    if windows_version() < Version('5.2'):
        install_exe_if_needed('windowsxp-kb4012598-x86-custom-fra_eb47689656c58ab374521babb9bdca07304d87f5.exe','/quiet /norestart',key='',min_version='1')
    elif windows_version() < Version('5.3'):
        if iswin64():
            install_exe_if_needed('WindowsServer2003-KB4012598-x64-custom-ENU.exe','/quiet /norestart',key='',min_version='1')
        else:
            install_exe_if_needed('windowsserver2003-kb4012598-x86-custom-fra_9cf9ac070a1b21bca6757de5d127427c090d581d.exe','/quiet /norestart',key='',min_version='1')
    else:
        error('Please install kb4012598')

def install():
    restart_needed_by = []

    """
    if service_installed('mrxsmb10') and service_is_running('mrxsmb10'):
        print('Disable SMB1 client')
        run('sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi')
        run('sc.exe config mrxsmb10 start= disabled')
        restart_needed_by.append('Disable SMB1 client service')
    else:
        print('OK: SMB1 client not running')
    """

    if windows_version() < Version('8.1',2):
        was_smb1server = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',1)
        registry_setstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',0,type=REG_DWORD)
        if was_smb1server:
            restart_needed_by.append('Disable SMB1 server service')
        else:
            print('OK: SMB1 server disabled in registry')
    else:
        was_smb1server = run_powershell('Get-SmbServerConfiguration | Select EnableSMB1Protocol').get('EnableSMB1Protocol',True)
        print('Current SMB1 status : %s' % (was_smb1server,))
        if was_smb1server:
            print('Disabling SMB1')
            result = run_powershell('Set-SmbServerConfiguration -EnableSMB1Protocol $false  -Force')
            result = run_powershell('Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart')
            # {u'ScratchDirectory': None, u'RestartNeeded': True, u'LogLevel': 2, u'LogPath': u'C:\\Windows\\Logs\\DISM\\dism.log', u'WinPath': None, u'Online': True, u'SysDrivePath': None, u'Path': None}
            if result.get('RestartNeeded',True):
                restart_needed_by.append('Disable SMB1 Server Feature')

    # before Vista, no SMB2, so check patch
    if windows_version() <  Version('6.0'):
        # check if KB4012598 is installed
        if not is_kb_installed('KB4012598'):
            install_kb4012598()

    restart_needed_by.extend(pending_reboot_reasons())
    if was_smb1server or restart_needed_by:
        with disable_file_system_redirection():
            run_notfatal('msg * /time:360 Merci de redemarrer votre ordinateur pour terminer la desactivation du service vulnerable serveur SMB1. Tranquil IT Systems.')
        error('Redemarrage necessaire pour : %s ' % restart_needed_by)
    else:
        print('No reboot required')


def uninstall():
    restart_needed_by = []
    """
    if service_installed('mrxsmb10') and not service_is_running('mrxsmb10'):
        print('Enable SMB1 client')
        # see https://support.microsoft.com/fr-fr/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
        run('sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi')
        run('sc.exe config mrxsmb10 start= auto')
        restart_needed_by.append('Enable SMB1 client service')
    else:
        print('OK: SMB1 client running or not installed')
    """

    if windows_version() < Version('8.1'):
        was_smb1server = registry_readstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',0)
        registry_setstring(HKEY_LOCAL_MACHINE,r'SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters','SMB1',1,type=REG_DWORD)
        if not was_smb1server:
            restart_needed_by.append('Enable SMB1 server service')
        else:
            print('OK: SMB1 server enabled in registry')
    else:
        was_smb1server = run_powershell('Get-SmbServerConfiguration | Select EnableSMB1Protocol').get('EnableSMB1Protocol',True)
        print('Current SMB1 status : %s' % (was_smb1server,))
        if not was_smb1server:
            print('Enabling SMB1')
            result = run_powershell('Set-SmbServerConfiguration -EnableSMB1Protocol $true  -Force')
            result = run_powershell('Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart')
            # {u'ScratchDirectory': None, u'RestartNeeded': True, u'LogLevel': 2, u'LogPath': u'C:\\Windows\\Logs\\DISM\\dism.log', u'WinPath': None, u'Online': True, u'SysDrivePath': None, u'Path': None}
            if result.get('RestartNeeded',True):
                restart_needed_by.append('Enable SMB1 Server Feature')

    restart_needed_by.extend(pending_reboot_reasons())
    if not was_smb1server or restart_needed_by:
        with disable_file_system_redirection():
            run_notfatal('msg * /time:360 Merci de redemarrer votre ordinateur pour terminer la reactivation du service serveur SMB1. Tranquil IT Systems.')
    else:
        print('No reboot required')

    

manifest

[["WindowsServer2003-KB4012598-x64-custom-ENU.exe", "f24d8723f246145524b9030e4752c96430981211"], ["WAPT/certificate.crt", "0db563dc9077b268ca07ba834322d0fc5e21f8e5"], ["WAPT/wapt.psproj", "557e60050809687d56525e6ac46df9c0e02ccae6"], ["windowsserver2003-kb4012598-x86-custom-fra_9cf9ac070a1b21bca6757de5d127427c090d581d.exe", "9cf9ac070a1b21bca6757de5d127427c090d581d"], ["setup.py", "d354e5ff47cd888edb3a68d12310c0c2176a4720"], ["windowsxp-kb4012598-x86-custom-fra_eb47689656c58ab374521babb9bdca07304d87f5.exe", "eb47689656c58ab374521babb9bdca07304d87f5"], ["WAPT/control", "e3dab3b7920ecff7e21a56dd04e31f88a1be416e"]]
    

Forum feed

WAPT Packages / Paquets WAPT • Re: Setup.py de Mblock
myosotis a écrit :
31 décembre 2017, 16:06
Ne peut-on pas interagir avec l'appdata du current user tandis qu'un paquet est déployé?
On peut mais c'est plus compliqué, le session setup rend les chose plus simple:

CODE :

# -*- coding: utf-8 -*-from setuphelpers import *uninstallkey = []key = "{1E9DFEBB-4088-4693-A521-C755318BD492}_is1"profil_name = 'com.makeblock.Scratch3.4.11'profil_mblock_appdata = makepath('c:','ProgramData','mblock',profil_name)profil_mblock = makepath(application_data(),profil_name)def install():        versionpaquet = control['version'].split('-',1)[0]        print('Importation des drivers')        with disable_file_system_redirection():             run('regedit.exe /s usbserial_arduino.reg')             run(r'"%s" /VERYSILENT' % makepath('drivers','Driver_for_Windows.exe'))        print('installing aiz-mblock')        install_exe_if_needed("mBlock_win_V"+versionpaquet+".exe",                            silentflags="/VERYSILENT",                            key=key,                            min_version=versionpaquet,                            killbefore="mBlock.exe")        #suppression de la clé de désinstallation pour pouvoir faire une désinstallation silencieuse. Voir def uninstall():        uninstallkey.remove(key)        #suppression du raccourci bureau        remove_desktop_shortcut('mBlock')        if isdir(profil_mblock_appdata):            remove_tree(profil_mblock_appdata)        copytree2(profil_name,profil_mblock_appdata)def session_setup():    if isdir(profil_mblock):        remove_tree(profil_mblock)    copytree2(profil_mblock_appdata,profil_mblock)def uninstall():    print('uninstalling aiz-mblock')    run(r'"%s\unins000.exe" /VERYSILENT' % install_location(key))

Le profil "com.makeblock.Scratch3.4.11" sera écrasé a la prochaine ouverture de session.
De cette manière même si le profil de l'utilisateur n'existe pas encore ça fonctionnera très bien !

N'oubliez pas d'incrémenter le numéro de version du paquet après chaque modification du session setup !

Statistiques: Posté par sfonteneau — 31 décembre 2017, 18:15


WAPT Packages / Paquets WAPT • Re: Setup.py de Mblock

CODE :

# -*- coding: utf-8 -*-from setuphelpers import *# Importation des fichiers de personalisation copytree2(r'Perso',r'C:\ProgramData\mBlock') #Import du dossier fourni dans le paquetfilecopyto(r'Copy.cmd',r'C:\ProgramData\mBlock') #Import d'un fourni egalement avec le paquetkey = "{1E9DFEBB-4088-4693-A521-C755318BD492}_is1"uninstallkey = ['{1E9DFEBB-4088-4693-A521-C755318BD492}_is1']#Creation d'un targetdir en faisant usage de user_appdata qui selon la doc renvoit à /userX/appdata/roaming/targetdir = makepath(user_appdata(),'com.makeblock.Scratch3.4.11')print targetdir # ça c'est pour moi ;) - ca m'affiche bien le dossier souhaité... malheureusement l'exploit est nulle#uninstallstring = [r' ""C:\Program Files (x86)\mBlock\unins000.exe" /SILENT {1E9DFEBB-4088-4693-A521-C755318BD492}_is1']def install():        versionpaquet = control['version'].split('-',1)[0]        print('Importation de drivers')        with disable_file_system_redirection():             run('regedit.exe /s usbserial_arduino.reg')             run(r'"%s" /VERYSILENT' % makepath('drivers','Driver_for_Windows.exe'))        print('Installation de util-mblock')        install_exe_if_needed("mBlock_win_V"+versionpaquet+".exe",                            silentflags="/VERYSILENT",                            key=key,                            min_version=versionpaquet,                            killbefore="mBlock.exe")#suppression de la clé de désinstallation pour pouvoir faire une désinstallation silencieuse. Voir def uninstall():        #uninstallkey.remove(key) # FONCTION pas dispo dans Setuphelpers v1.3.5        #suppression du raccourci bureau        #remove_desktop_shortcut('mBlock')print "Post installation"lang = makepath(targetdir)if not isdir(lang):os.makedirs(lang)copytree2('Perso','targetdir') #Tentative d'import de com.makeblock.Scratch3.4.11 via fonction copytree2 + user_appdata() : Resultat non probantsession_setup()   def uninstall():    print('Désinstallation de util-mblock')    run(r'"%s\unins000.exe" /VERYSILENT' % install_location(key))def session_setup():targetdir = makepath(user_appdata(),'com.makeblock.Scratch3.4.11')if not isdir(targetdir):print('creation du dossier com.makeblock.Scratch3.4.11')mkdirs(makepath(user_appdata(),'com.makeblock.Scratch3.4.11'))#copytree2('C:\ProgramData\mBlock','targetdir')run(r'C:\ProgramData\mBlock\Copy.cmd')#ci-dessus vs avez mes 2 tentatives : (1) via copytree2;, l'autre via le run d'un cmd que j'ai essayé de runner pour injecter les fichiers adéquats. Ni l'une, ni l'autre des méthodes ne fonctionnent.else:#remove_file(makepath(user_appdata(),'com.makeblock.Scratch3.4.11'))#copytree2('C:\ProgramData\mBlock','targetdir')run(r'C:\ProgramData\mBlock\Copy.cmd')#copytree2(r'C:\ProgramData\mBlock',r'%USERPROFILE%\AppData\Roaming')#Personalisation de mblock pour l'interactive User - Alternative tryrun(r'"Copy.cmd"')
+ Copie de mon cmd

CODE :

if not exist C:\Users\%username%\AppData\Roaming\com.makeblock.Scratch3.4.11 mkdir C:\Users\%username%\AppData\Roaming\com.makeblock.Scratch3.4.11 xcopy C:\ProgramData\mBlock\com.makeblock.Scratch3.4.11 C:\Users\%username%\AppData\Roaming\com.makeblock.Scratch3.4.11 /E /C /Y
..... ça ne fonctionne pas.... pas plus qu'avec %appdata%

:'( .... ne peut-on pas interagir avec l'appdata du current user tandis qu'un paquet est déployé?

Statistiques: Posté par myosotis — 31 décembre 2017, 16:06