infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changes in the comments and added function for deleting windows services 

git-svn-id: file:///home/svn/framework3/trunk@9928 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Carlos Perez 2010-07-25 20:51:24 +00:00
parent 2482a83526
commit 09b73b594e
4 changed files with 72 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/msf/scripts/meterpreter/common.rb
View File

@ -12,6 +12,9 @@ module Common
# All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc) # All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc)
# #
# Checks if UAC is enabled, if it is enabled it will return true y running as
# system or disabled it will return false also if running on a system that does
# not have UAC it will return false.
def is_uac_enabled? def is_uac_enabled?
uac = false uac = false
winversion = client.sys.config.sysinfo['OS'] winversion = client.sys.config.sysinfo['OS']

97
lib/msf/scripts/meterpreter/file.rb
View File

@ -3,60 +3,51 @@ module Scripts
module Meterpreter module Meterpreter
module Common module Common
# #Writes a given string to a file specified
# Commonly used methods and techniques for Meterpreter scripts def file_local_write(file2wrt, data2wrt)
# if not ::File.exists?(file2wrt)
::FileUtils.touch(file2wrt)
end
# output = ::File.open(file2wrt, "a")
# These methods should only print output in the case of an error. All code should be tab indented data2wrt.each_line do |d|
# All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc) output.puts(d)
# end
output.close
#Writes a given string to a file specified end
def file_local_write(file2wrt, data2wrt) #Returns a MD5 checksum of a given local file
if not ::File.exists?(file2wrt) def file_local_digestmd5(file2md5)
::FileUtils.touch(file2wrt) if not ::File.exists?(file2md5)
end raise "File #{file2md5} does not exists!"
else
output = ::File.open(file2wrt, "a") require 'digest/md5'
data2wrt.each_line do |d| chksum = nil
output.puts(d) chksum = Digest::MD5.hexdigest(::File.open(file2md5, "rb") { |f| f.read})
end return chksum
output.close end
end end
#Returns a MD5 checksum of a given local file #Returns a SHA1 checksum of a given local file
def file_local_digestmd5(file2md5) def file_local_digestsha1(file2sha1)
if not ::File.exists?(file2md5) if not ::File.exists?(file2sha1)
raise "File #{file2md5} does not exists!" raise "File #{file2sha1} does not exists!"
else else
require 'digest/md5' require 'digest/sha1'
chksum = nil chksum = nil
chksum = Digest::MD5.hexdigest(::File.open(file2md5, "rb") { |f| f.read}) chksum = Digest::SHA1.hexdigest(::File.open(file2sha1, "rb") { |f| f.read})
return chksum return chksum
end end
end end
#Returns a SHA1 checksum of a given local file #Returns a SHA256 checksum of a given local file
def file_local_digestsha1(file2sha1) def file_local_digestsha2(file2sha2)
if not ::File.exists?(file2sha1) if not ::File.exists?(file2sha2)
raise "File #{file2sha1} does not exists!" raise "File #{file2sha2} does not exists!"
else else
require 'digest/sha1' require 'digest/sha2'
chksum = nil chksum = nil
chksum = Digest::SHA1.hexdigest(::File.open(file2sha1, "rb") { |f| f.read}) chksum = Digest::SHA256.hexdigest(::File.open(file2sha2, "rb") { |f| f.read})
return chksum return chksum
end end
end end
#Returns a SHA256 checksum of a given local file
def file_local_digestsha2(file2sha2)
if not ::File.exists?(file2sha2)
raise "File #{file2sha2} does not exists!"
else
require 'digest/sha2'
chksum = nil
chksum = Digest::SHA256.hexdigest(::File.open(file2sha2, "rb") { |f| f.read})
return chksum
end
end
end end
end end

9
lib/msf/scripts/meterpreter/registry.rb
View File

@ -3,15 +3,6 @@ module Scripts
module Meterpreter module Meterpreter
module Common module Common
#
# Commonly used methods and techniques for Meterpreter scripts
#
#
# These methods should only print output in the case of an error. All code should be tab indented
# All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc)
#
#Returns the data and type of a given registry key and value #Returns the data and type of a given registry key and value
def registry_getvalinfo(key,valname) def registry_getvalinfo(key,valname)
value = {} value = {}

39
lib/msf/scripts/meterpreter/services.rb
View File

@ -3,14 +3,7 @@ module Scripts
module Meterpreter module Meterpreter
module Common module Common
#
# Commonly used methods and techniques for Meterpreter scripts
#
#
# These methods should only print output in the case of an error. All code should be tab indented
# All methods should follow the naming coventions below (separate words with "_", end queries with a ?, etc)
#
#List all Windows Services present. Returns an Array containing the names of the services. #List all Windows Services present. Returns an Array containing the names of the services.
def service_list def service_list
@ -81,14 +74,15 @@ def service_create(name, display_name, executable_on_host,startup=2)
manag = adv.OpenSCManagerA(nil,nil,0x13) manag = adv.OpenSCManagerA(nil,nil,0x13)
if(manag["return"] != 0) if(manag["return"] != 0)
# SC_MANAGER_CREATE_SERVICE = 0x0002 # SC_MANAGER_CREATE_SERVICE = 0x0002
newservice = adv.CreateServiceA(manag["return"],name,display_name,0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil) newservice = adv.CreateServiceA(manag["return"],name,display_name,
0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil)
#SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010 #SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010
#SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0 #SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0
if newservice["GetLastError"] == 0 if newservice["GetLastError"] == 0
return true return true
else else
return false return false
end end
else else
raise "Could not open Service Control Manager, Access Denied" raise "Could not open Service Control Manager, Access Denied"
end end
@ -115,7 +109,7 @@ def service_start(name)
return 0 return 0
elsif retval["GetLastError"] == 1056 elsif retval["GetLastError"] == 1056
return 1 return 1
elsif retval["GetLastError"] == 1058 elsif retval["GetLastError"] == 1058
return 2 return 2
end end
end end
@ -141,11 +135,28 @@ def service_stop(name)
adv.CloseServiceHandle(manag["return"]) adv.CloseServiceHandle(manag["return"])
if retval["GetLastError"] == 0 if retval["GetLastError"] == 0
return 0 return 0
elsif retval["GetLastError"] == 1062 elsif retval["GetLastError"] == 1062
return 1 return 1
elsif retval["GetLastError"] == 1052 elsif retval["GetLastError"] == 1052
return 2 return 2
end end
end
# Function for deleting service, by deleting the key in the registry.
def service_delete(name)
begin
basekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services"
if registry_enumkeys(basekey).index(name)
servicekey = "HKLM\\SYSTEM\\CurrentControlSet\\Services\\#{name.chomp}"
registry_delkey(servicekey)
return true
else
return false
end
rescue::Exception => e
print_error(e)
return false
end
end end
end end
end end