diff --git a/lib/msf/scripts/meterpreter/common.rb b/lib/msf/scripts/meterpreter/common.rb index e31efdbcd8..29542ff2f2 100644 --- a/lib/msf/scripts/meterpreter/common.rb +++ b/lib/msf/scripts/meterpreter/common.rb @@ -12,6 +12,9 @@ module Common # All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc) # +# Checks if UAC is enabled, if it is enabled it will return true y running as +# system or disabled it will return false also if running on a system that does +# not have UAC it will return false. def is_uac_enabled? uac = false winversion = client.sys.config.sysinfo['OS'] diff --git a/lib/msf/scripts/meterpreter/file.rb b/lib/msf/scripts/meterpreter/file.rb index 8395a6ae72..df1c8bafee 100644 --- a/lib/msf/scripts/meterpreter/file.rb +++ b/lib/msf/scripts/meterpreter/file.rb @@ -3,60 +3,51 @@ module Scripts module Meterpreter module Common - # - # Commonly used methods and techniques for Meterpreter scripts - # +#Writes a given string to a file specified +def file_local_write(file2wrt, data2wrt) + if not ::File.exists?(file2wrt) + ::FileUtils.touch(file2wrt) + end - # - # These methods should only print output in the case of an error. All code should be tab indented - # All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc) - # - - #Writes a given string to a file specified - def file_local_write(file2wrt, data2wrt) - if not ::File.exists?(file2wrt) - ::FileUtils.touch(file2wrt) - end - - output = ::File.open(file2wrt, "a") - data2wrt.each_line do |d| - output.puts(d) - end - output.close - end - #Returns a MD5 checksum of a given local file - def file_local_digestmd5(file2md5) - if not ::File.exists?(file2md5) - raise "File #{file2md5} does not exists!" - else - require 'digest/md5' - chksum = nil - chksum = Digest::MD5.hexdigest(::File.open(file2md5, "rb") { |f| f.read}) - return chksum - end - end - #Returns a SHA1 checksum of a given local file - def file_local_digestsha1(file2sha1) - if not ::File.exists?(file2sha1) - raise "File #{file2sha1} does not exists!" - else - require 'digest/sha1' - chksum = nil - chksum = Digest::SHA1.hexdigest(::File.open(file2sha1, "rb") { |f| f.read}) - return chksum - end - end - #Returns a SHA256 checksum of a given local file - def file_local_digestsha2(file2sha2) - if not ::File.exists?(file2sha2) - raise "File #{file2sha2} does not exists!" - else - require 'digest/sha2' - chksum = nil - chksum = Digest::SHA256.hexdigest(::File.open(file2sha2, "rb") { |f| f.read}) - return chksum - end - end + output = ::File.open(file2wrt, "a") + data2wrt.each_line do |d| + output.puts(d) + end + output.close +end +#Returns a MD5 checksum of a given local file +def file_local_digestmd5(file2md5) + if not ::File.exists?(file2md5) + raise "File #{file2md5} does not exists!" + else + require 'digest/md5' + chksum = nil + chksum = Digest::MD5.hexdigest(::File.open(file2md5, "rb") { |f| f.read}) + return chksum + end +end +#Returns a SHA1 checksum of a given local file +def file_local_digestsha1(file2sha1) + if not ::File.exists?(file2sha1) + raise "File #{file2sha1} does not exists!" + else + require 'digest/sha1' + chksum = nil + chksum = Digest::SHA1.hexdigest(::File.open(file2sha1, "rb") { |f| f.read}) + return chksum + end +end +#Returns a SHA256 checksum of a given local file +def file_local_digestsha2(file2sha2) + if not ::File.exists?(file2sha2) + raise "File #{file2sha2} does not exists!" + else + require 'digest/sha2' + chksum = nil + chksum = Digest::SHA256.hexdigest(::File.open(file2sha2, "rb") { |f| f.read}) + return chksum + end +end end end diff --git a/lib/msf/scripts/meterpreter/registry.rb b/lib/msf/scripts/meterpreter/registry.rb index 740a6b2aeb..6418537df7 100644 --- a/lib/msf/scripts/meterpreter/registry.rb +++ b/lib/msf/scripts/meterpreter/registry.rb @@ -3,15 +3,6 @@ module Scripts module Meterpreter module Common -# -# Commonly used methods and techniques for Meterpreter scripts -# - -# -# These methods should only print output in the case of an error. All code should be tab indented -# All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc) -# - #Returns the data and type of a given registry key and value def registry_getvalinfo(key,valname) value = {} diff --git a/lib/msf/scripts/meterpreter/services.rb b/lib/msf/scripts/meterpreter/services.rb index 5f048bbabe..3c1c4f08c2 100644 --- a/lib/msf/scripts/meterpreter/services.rb +++ b/lib/msf/scripts/meterpreter/services.rb @@ -3,14 +3,7 @@ module Scripts module Meterpreter module Common -# -# Commonly used methods and techniques for Meterpreter scripts -# -# -# These methods should only print output in the case of an error. All code should be tab indented -# All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc) -# #List all Windows Services present. Returns an Array containing the names of the services. def service_list @@ -81,14 +74,15 @@ def service_create(name, display_name, executable_on_host,startup=2) manag = adv.OpenSCManagerA(nil,nil,0x13) if(manag["return"] != 0) # SC_MANAGER_CREATE_SERVICE = 0x0002 - newservice = adv.CreateServiceA(manag["return"],name,display_name,0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil) + newservice = adv.CreateServiceA(manag["return"],name,display_name, + 0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil) #SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010 #SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0 if newservice["GetLastError"] == 0 return true - else + else return false - end + end else raise "Could not open Service Control Manager, Access Denied" end @@ -115,7 +109,7 @@ def service_start(name) return 0 elsif retval["GetLastError"] == 1056 return 1 - elsif retval["GetLastError"] == 1058 + elsif retval["GetLastError"] == 1058 return 2 end end @@ -141,11 +135,28 @@ def service_stop(name) adv.CloseServiceHandle(manag["return"]) if retval["GetLastError"] == 0 return 0 - elsif retval["GetLastError"] == 1062 + elsif retval["GetLastError"] == 1062 return 1 - elsif retval["GetLastError"] == 1052 + elsif retval["GetLastError"] == 1052 return 2 - end + end +end + +# Function for deleting service, by deleting the key in the registry. +def service_delete(name) + begin + basekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services" + if registry_enumkeys(basekey).index(name) + servicekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\#{name.chomp}" + registry_delkey(servicekey) + return true + else + return false + end + rescue::Exception => e + print_error(e) + return false + end end end end