From 1ae81367ac666ad571cc41f935af0f54e111ec99 Mon Sep 17 00:00:00 2001 From: Carlos Perez Date: Sun, 25 Jul 2010 01:54:29 +0000 Subject: [PATCH] Forgot, TABS not spaces for indent git-svn-id: file:///home/svn/framework3/trunk@9921 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/scripts/meterpreter/services.rb | 44 +++---- .../meterpreter/extensions/railgun/api.rb | 116 +++++++++--------- 2 files changed, 80 insertions(+), 80 deletions(-) diff --git a/lib/msf/scripts/meterpreter/services.rb b/lib/msf/scripts/meterpreter/services.rb index 95018c2b4e..5f048bbabe 100644 --- a/lib/msf/scripts/meterpreter/services.rb +++ b/lib/msf/scripts/meterpreter/services.rb @@ -76,22 +76,22 @@ end # executable on the host that will execute at startup as string and the startup # type as an integer of 2 for Auto, 3 for Manual or 4 for Disable, default Auto. def service_create(name, display_name, executable_on_host,startup=2) - client.core.use("railgun") - adv = client.railgun.advapi32 - manag = adv.OpenSCManagerA(nil,nil,0x13) - if(manag["return"] != 0) - # SC_MANAGER_CREATE_SERVICE = 0x0002 - newservice = adv.CreateServiceA(manag["return"],name,display_name,0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil) - #SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010 - #SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0 - if newservice["GetLastError"] == 0 - return true + client.core.use("railgun") + adv = client.railgun.advapi32 + manag = adv.OpenSCManagerA(nil,nil,0x13) + if(manag["return"] != 0) + # SC_MANAGER_CREATE_SERVICE = 0x0002 + newservice = adv.CreateServiceA(manag["return"],name,display_name,0x0010,0X00000010,startup,0,executable_on_host,nil,nil,nil,nil,nil) + #SERVICE_START=0x0010 SERVICE_WIN32_OWN_PROCESS= 0X00000010 + #SERVICE_AUTO_START = 2 SERVICE_ERROR_IGNORE = 0 + if newservice["GetLastError"] == 0 + return true else - return false + return false end - else - raise "Could not open Service Control Manager, Access Denied" - end + else + raise "Could not open Service Control Manager, Access Denied" + end end # Function for service startup, returns 0 if service started, 1 if service is # already started and 2 if service is disabled. @@ -112,12 +112,12 @@ def service_start(name) adv.CloseServiceHandle(servhandleret["return"]) adv.CloseServiceHandle(manag["return"]) if retval["GetLastError"] == 0 - return 0 - elsif retval["GetLastError"] == 1056 - return 1 + return 0 + elsif retval["GetLastError"] == 1056 + return 1 elsif retval["GetLastError"] == 1058 - return 2 - end + return 2 + end end @@ -140,11 +140,11 @@ def service_stop(name) adv.CloseServiceHandle(servhandleret["return"]) adv.CloseServiceHandle(manag["return"]) if retval["GetLastError"] == 0 - return 0 + return 0 elsif retval["GetLastError"] == 1062 - return 1 + return 1 elsif retval["GetLastError"] == 1052 - return 2 + return 2 end end end diff --git a/lib/rex/post/meterpreter/extensions/railgun/api.rb b/lib/rex/post/meterpreter/extensions/railgun/api.rb index 874ceed43f..ee99a393b4 100644 --- a/lib/rex/post/meterpreter/extensions/railgun/api.rb +++ b/lib/rex/post/meterpreter/extensions/railgun/api.rb @@ -9295,116 +9295,116 @@ class ApiDefinitions railgun.kernel32.LoadLibraryA("Advapi32.dll") # Function to open the Service Control Database - railgun.add_function( 'advapi32', 'OpenSCManagerA','DWORD',[ + railgun.add_function( 'advapi32', 'OpenSCManagerA','DWORD',[ - [ "PCHAR", "lpMachineName", "inout" ], + [ "PCHAR", "lpMachineName", "inout" ], - [ "PCHAR", "lpDatabaseName", "inout" ], + [ "PCHAR", "lpDatabaseName", "inout" ], - [ "DWORD", "dwDesiredAccess", "in" ] + [ "DWORD", "dwDesiredAccess", "in" ] - ]) - # Function for creating a Service - railgun.add_function( 'advapi32', 'CreateServiceA','DWORD',[ + ]) + # Function for creating a Service + railgun.add_function( 'advapi32', 'CreateServiceA','DWORD',[ - [ "DWORD", "hSCManager", "in" ], + [ "DWORD", "hSCManager", "in" ], - [ "PCHAR", "lpServiceName", "in" ], + [ "PCHAR", "lpServiceName", "in" ], - [ "PCHAR", "lpDisplayName", "in" ], + [ "PCHAR", "lpDisplayName", "in" ], - [ "DWORD", "dwDesiredAccess", "in" ], + [ "DWORD", "dwDesiredAccess", "in" ], - [ "DWORD", "dwServiceType", "in" ], + [ "DWORD", "dwServiceType", "in" ], - [ "DWORD", "dwStartType", "in" ], + [ "DWORD", "dwStartType", "in" ], - [ "DWORD", "dwErrorControl", "in" ], + [ "DWORD", "dwErrorControl", "in" ], - [ "PCHAR", "lpBinaryPathName", "in" ], + [ "PCHAR", "lpBinaryPathName", "in" ], - [ "PCHAR", "lpLoadOrderGroup", "in" ], + [ "PCHAR", "lpLoadOrderGroup", "in" ], - [ "PDWORD", "lpdwTagId", "out" ], + [ "PDWORD", "lpdwTagId", "out" ], - [ "PCHAR", "lpDependencies", "in" ], + [ "PCHAR", "lpDependencies", "in" ], - [ "PCHAR", "lpServiceStartName", "in" ], + [ "PCHAR", "lpServiceStartName", "in" ], - [ "PCHAR", "lpPassword", "in" ] + [ "PCHAR", "lpPassword", "in" ] - ]) + ]) - railgun.add_function( 'advapi32', 'OpenServiceA','DWORD',[ + railgun.add_function( 'advapi32', 'OpenServiceA','DWORD',[ - [ "DWORD", "hSCManager", "in" ], + [ "DWORD", "hSCManager", "in" ], - [ "PCHAR", "lpServiceName", "in" ], + [ "PCHAR", "lpServiceName", "in" ], - [ "DWORD", "dwDesiredAccess", "in" ] + [ "DWORD", "dwDesiredAccess", "in" ] - ]) + ]) - #access rights: SERVICE_CHANGE_CONFIG (0x0002) SERVICE_START (0x0010) - #SERVICE_STOP (0x0020) + #access rights: SERVICE_CHANGE_CONFIG (0x0002) SERVICE_START (0x0010) + #SERVICE_STOP (0x0020) - railgun.add_function( 'advapi32', 'StartServiceA','BOOL',[ + railgun.add_function( 'advapi32', 'StartServiceA','BOOL',[ - [ "DWORD", "hService", "in" ], + [ "DWORD", "hService", "in" ], - [ "DWORD", "dwNumServiceArgs", "in" ], + [ "DWORD", "dwNumServiceArgs", "in" ], - [ "PCHAR", "lpServiceArgVectors", "in" ] + [ "PCHAR", "lpServiceArgVectors", "in" ] - ]) + ]) - railgun.add_function( 'advapi32', 'ControlService','BOOL',[ + railgun.add_function( 'advapi32', 'ControlService','BOOL',[ - [ "DWORD", "hService", "in" ], + [ "DWORD", "hService", "in" ], - [ "DWORD", "dwControl", "in" ], + [ "DWORD", "dwControl", "in" ], - [ "PBLOB", "lpServiceStatus", "out" ] + [ "PBLOB", "lpServiceStatus", "out" ] - ]) + ]) - #SERVICE_CONTROL_STOP = 0x00000001 + #SERVICE_CONTROL_STOP = 0x00000001 - # _SERVICE_STATUS is an array of 7 DWORDS - dwServiceType; - #dwCurrentState; dwControlsAccepted; dwWin32ExitCode; - #dwServiceSpecificExitCode; dwCheckPoint; dwWaitHint; + # _SERVICE_STATUS is an array of 7 DWORDS - dwServiceType; + #dwCurrentState; dwControlsAccepted; dwWin32ExitCode; + #dwServiceSpecificExitCode; dwCheckPoint; dwWaitHint; - railgun.add_function( 'advapi32', 'ChangeServiceConfigA','BOOL',[ + railgun.add_function( 'advapi32', 'ChangeServiceConfigA','BOOL',[ - [ "DWORD", "hService", "in" ], + [ "DWORD", "hService", "in" ], - [ "DWORD", "dwServiceType", "in" ], + [ "DWORD", "dwServiceType", "in" ], - [ "DWORD", "dwStartType", "in" ], + [ "DWORD", "dwStartType", "in" ], - [ "DWORD", "dwErrorControl", "in" ], + [ "DWORD", "dwErrorControl", "in" ], - [ "PCHAR", "lpBinaryPathName", "in" ], + [ "PCHAR", "lpBinaryPathName", "in" ], - [ "PCHAR", "lpLoadOrderGroup", "in" ], + [ "PCHAR", "lpLoadOrderGroup", "in" ], - [ "PDWORD", "lpdwTagId", "out" ], + [ "PDWORD", "lpdwTagId", "out" ], - [ "PCHAR", "lpDependencies", "in" ], + [ "PCHAR", "lpDependencies", "in" ], - [ "PCHAR", "lpServiceStartName", "in" ], + [ "PCHAR", "lpServiceStartName", "in" ], - [ "PCHAR", "lpPassword", "in" ], + [ "PCHAR", "lpPassword", "in" ], - [ "PCHAR", "lpDisplayName", "in" ] + [ "PCHAR", "lpDisplayName", "in" ] - ]) + ]) - railgun.add_function( 'advapi32', 'CloseServiceHandle','BOOL',[ + railgun.add_function( 'advapi32', 'CloseServiceHandle','BOOL',[ - [ "DWORD", "hSCObject", "in" ] + [ "DWORD", "hSCObject", "in" ] - ]) + ]) end # method