infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

standardized comment format 

git-svn-id: file:///home/svn/incoming/trunk@2372 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Matt Miller 2005-04-12 05:53:29 +00:00
parent 6c1a8e51e5
commit 63213353f0
10 changed files with 153 additions and 197 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
lib/rex/post/meterpreter/extensions/stdapi/Dir.rb
View File

@ -9,26 +9,44 @@ module Meterpreter
module Extensions module Extensions
module Stdapi module Stdapi
###
#
# Dir
# ---
#
# This class implements directory operations against the remote endpoint
#
###
class Dir < Rex::Post::Dir class Dir < Rex::Post::Dir
class <<self class <<self
attr_accessor :client attr_accessor :client
end end
##
#
# Constructor
#
##
# Initializes the directory instance
def initialize(path) def initialize(path)
self.path = path self.path = path
self.client = self.class.client self.client = self.class.client
end end
##
#
# Enumeration
#
##
# Enumerates all of the contents of the directory
def each(&block) def each(&block)
client.dir.foreach(self.path, &block) client.dir.foreach(self.path, &block)
end end
=begin # Enumerates all of the files/folders in a given directory.
entries(name)
Enumerates all of the files/folders in a given directory.
=end
def Dir.entries(name) def Dir.entries(name)
request = Packet.create_request('stdapi_fs_ls') request = Packet.create_request('stdapi_fs_ls')
files = [] files = []
@ -44,11 +62,7 @@ class Dir < Rex::Post::Dir
return files return files
end end
=begin # Changes the working directory of the remote process.
chdir(path)
Changes the working directory of the remote process.
=end
def Dir.chdir(path) def Dir.chdir(path)
request = Packet.create_request('stdapi_fs_chdir') request = Packet.create_request('stdapi_fs_chdir')
@ -59,11 +73,7 @@ class Dir < Rex::Post::Dir
return 0 return 0
end end
=begin # Creates a directory.
mkdir(path)
Creates a directory.
=end
def Dir.mkdir(path) def Dir.mkdir(path)
request = Packet.create_request('stdapi_fs_mkdir') request = Packet.create_request('stdapi_fs_mkdir')
@ -74,11 +84,7 @@ class Dir < Rex::Post::Dir
return 0 return 0
end end
=begin # Returns the current working directory of the remote process.
pwd
Returns the current working directory of the remote process.
=end
def Dir.pwd def Dir.pwd
request = Packet.create_request('stdapi_fs_getwd') request = Packet.create_request('stdapi_fs_getwd')
@ -87,18 +93,12 @@ class Dir < Rex::Post::Dir
return response.get_tlv(TLV_TYPE_DIRECTORY_PATH).value return response.get_tlv(TLV_TYPE_DIRECTORY_PATH).value
end end
=begin # Synonym for pwd
Synonym for pwd
=end
def Dir.getwd def Dir.getwd
pwd pwd
end end
=begin # Removes the supplied directory if it's empty
delete
Removes the supplied directory if it's empty
=end
def Dir.delete(path) def Dir.delete(path)
request = Packet.create_request('stdapi_fs_delete_dir') request = Packet.create_request('stdapi_fs_delete_dir')
@ -109,15 +109,12 @@ class Dir < Rex::Post::Dir
return 0 return 0
end end
=begin # Synonyms for delete
rmdir, unlink
Synonyms for delete
=end
def Dir.rmdir(path) def Dir.rmdir(path)
delete(path) delete(path)
end end
# Synonyms for delete
def Dir.unlink(path) def Dir.unlink(path)
delete(path) delete(path)
end end
@ -127,7 +124,6 @@ protected
attr_accessor :client attr_accessor :client
attr_writer :path attr_writer :path
end end
end; end; end; end; end end; end; end; end; end

15
lib/rex/post/meterpreter/extensions/stdapi/File.rb
View File

@ -53,26 +53,11 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::IO
return self.sysseek(offset, whence) return self.sysseek(offset, whence)
end end
# Reads, at most, the supplied number of bytes from the file
def sysread(length)
return self.filed.read(length)
end
# Seeks to the supplied offset based on the supplied relativity # Seeks to the supplied offset based on the supplied relativity
def sysseek(offset, whence = SEEK_SET) def sysseek(offset, whence = SEEK_SET)
return self.filed.seek(offset, whence) return self.filed.seek(offset, whence)
end end
# Writes the supplied buffer to the file
def syswrite(buf)
return self.filed.write(buf)
end
# Closes the file descriptor
def close
return self.filed.close
end
protected protected
## ##

24
lib/rex/post/meterpreter/extensions/stdapi/FileStat.rb
View File

@ -9,6 +9,14 @@ module Meterpreter
module Extensions module Extensions
module Stdapi module Stdapi
###
#
# FileStat
# --------
#
# This class wrappers gathering information about a given file
#
###
class FileStat < Rex::Post::FileStat class FileStat < Rex::Post::FileStat
@@struct_stat = [ @@struct_stat = [
@ -30,12 +38,26 @@ class FileStat < Rex::Post::FileStat
attr_accessor :client attr_accessor :client
end end
##
#
# Constructor
#
##
def initialize(file) def initialize(file)
self.stathash = stat(file) self.stathash = stat(file)
end end
protected protected
##
#
# Initializer
#
##
# Gets information about the supplied file and returns a populated
# hash to the requestor
def stat(file) def stat(file)
request = Packet.create_request('stdapi_fs_stat') request = Packet.create_request('stdapi_fs_stat')

35
lib/rex/post/meterpreter/extensions/stdapi/IO.rb
View File

@ -8,28 +8,41 @@ module Meterpreter
module Extensions module Extensions
module Stdapi module Stdapi
##
#
# IO
# --
#
# The IO class acts as a base class for things that would normally implement
# the IO interface. The methods it implements are for general operations that
# are common to all channels, such as read, write, and close.
#
##
class IO < Rex::Post::IO class IO < Rex::Post::IO
def read(length = nil, flags = nil) # Read the specified number of bytes from the channel
filed.read(length) def sysread(length = nil)
self.filed.read(length)
end end
# Synonym for read # Synonym for sysread
def recv(length = nil, flags = nil) def read(length = nil)
read(length, flags) sysread
end end
def write(buf, length = nil, flags = nil) # Writes the supplied buffer to the channel
filed.write(buf, length) def syswrite(buf)
self.filed.write(buf)
end end
# Synonym for write # Synonym for syswrite
def send(buf, length = nil, flags = nil) def write(buf)
write(buf, length, flags) syswrite
end end
# Closes the channel
def close def close
filed.close self.filed.close
end end
end end

17
lib/rex/post/meterpreter/extensions/stdapi/Process.rb
View File

@ -11,24 +11,27 @@ module Meterpreter
module Extensions module Extensions
module Stdapi module Stdapi
##
#
# Process
# -------
#
# This class implements the Rex::Post::Process interface.
#
##
class Process < Rex::Post::Process class Process < Rex::Post::Process
class <<self class <<self
attr_accessor :client attr_accessor :client
end end
# Gets the process id that the remote side is executing under
def Process.getpid def Process.getpid
request = Packet.create_request('stdapi_process_getpid') request = Packet.create_request('stdapi_process_getpid')
response = client.send_request(request) response = client.send_request(request)
tlv = response.get_tlv(TLV_TYPE_PID) return response.get_tlv_value(TLV_TYPE_PID)
if (tlv != nil)
return tlv.value
else
return 0
end
end end
end end

73
lib/rex/post/meterpreter/extensions/stdapi/Registry.rb
View File

@ -14,6 +14,15 @@ module Meterpreter
module Extensions module Extensions
module Stdapi module Stdapi
###
#
# Registry
# --------
#
# This class provides access to the Windows registry on the remote
# machine.
#
###
class Registry class Registry
class <<self class <<self
@ -26,22 +35,14 @@ class Registry
# #
## ##
=begin # Opens the supplied registry key relative to the root key with
open_key(root_key, base_key, perm) # the supplied permissions. Right now this is merely a wrapper around
# create_key.
Opens the supplied registry key relative to the root key with
the supplied permissions. Right now this is merely a wrapper around
create_key.
=end
def Registry.open_key(root_key, base_key, perm = KEY_READ) def Registry.open_key(root_key, base_key, perm = KEY_READ)
return self.create_key(root_key, base_key, perm) return self.create_key(root_key, base_key, perm)
end end
=begin # Creates the supplied registry key or opens it if it already exists.
create_key(root_key, base_key, perm)
Creates the supplied registry key or opens it if it already exists.
=end
def Registry.create_key(root_key, base_key, perm = KEY_READ) def Registry.create_key(root_key, base_key, perm = KEY_READ)
request = Packet.create_request('stdapi_registry_create_key') request = Packet.create_request('stdapi_registry_create_key')
@ -55,11 +56,7 @@ class Registry
response.get_tlv(TLV_TYPE_HKEY).value) response.get_tlv(TLV_TYPE_HKEY).value)
end end
=begin # Deletes the supplied registry key.
delete_key(root_key, base_key, recursive)
Deletes the supplied registry key.
=end
def Registry.delete_key(root_key, base_key, recursive = true) def Registry.delete_key(root_key, base_key, recursive = true)
request = Packet.create_request('stdapi_registry_delete_key') request = Packet.create_request('stdapi_registry_delete_key')
flags = 0 flags = 0
@ -79,11 +76,7 @@ class Registry
return false return false
end end
=begin # Closes the supplied registry key.
close_key(hkey)
Closes the supplied registry key.
=end
def Registry.close_key(hkey) def Registry.close_key(hkey)
request = Packet.create_request('stdapi_registry_close_key') request = Packet.create_request('stdapi_registry_close_key')
@ -94,11 +87,7 @@ class Registry
return true return true
end end
=begin # Enumerates the supplied registry key returning an array of key names
enum_key(hkey)
Enumerates the supplied registry key returning an array of key names
=end
def Registry.enum_key(hkey) def Registry.enum_key(hkey)
keys = [] keys = []
request = Packet.create_request('stdapi_registry_enum_key') request = Packet.create_request('stdapi_registry_enum_key')
@ -121,11 +110,7 @@ class Registry
# #
## ##
=begin # Sets the registry value relative to the supplied hkey.
set_value(hkey, name, type, data)
Sets the registry value relative to the supplied hkey.
=end
def Registry.set_value(hkey, name, type, data) def Registry.set_value(hkey, name, type, data)
request = Packet.create_request('stdapi_registry_set_value') request = Packet.create_request('stdapi_registry_set_value')
@ -146,12 +131,8 @@ class Registry
return true return true
end end
=begin # Queries the registry value supplied in name and returns an
query_value(hkey, name) # initialized RegistryValue instance if a match is found.
Queries the registry value supplied in name and returns an
initialized RegistryValue instance if a match is found.
=end
def Registry.query_value(hkey, name) def Registry.query_value(hkey, name)
request = Packet.create_request('stdapi_registry_query_value') request = Packet.create_request('stdapi_registry_query_value')
@ -172,12 +153,8 @@ class Registry
return RegistryValue.new(client, hkey, name, type, data) return RegistryValue.new(client, hkey, name, type, data)
end end
=begin # Deletes the registry value supplied in name from the supplied
delete_value(hkey, name) # registry key.
Deletes the registry value supplied in name from the supplied
registry key.
=end
def Registry.delete_value(hkey, name) def Registry.delete_value(hkey, name)
request = Packet.create_request('stdapi_registry_delete_value') request = Packet.create_request('stdapi_registry_delete_value')
@ -191,12 +168,8 @@ class Registry
return false return false
end end
=begin # Enumerates all of the values at the supplied hkey including their
enum_value(hkey) # names. An array of RegistryValue's is returned.
Enumerates all of the values at the supplied hkey including their
names. An array of RegistryValue's is returned.
=end
def Registry.enum_value(hkey) def Registry.enum_value(hkey)
request = Packet.create_request('stdapi_registry_enum_value') request = Packet.create_request('stdapi_registry_enum_value')
values = [] values = []

69
lib/rex/post/meterpreter/extensions/stdapi/RegistryKey.rb
View File

@ -32,40 +32,24 @@ class RegistryKey
# #
## ##
=begin # Enumerates all of the child keys within this registry key.
each_key(&block)
Enumerates all of the child keys within this registry key.
=end
def each_key(&block) def each_key(&block)
return enum_key.each(&block) return enum_key.each(&block)
end end
=begin # Enumerates all of the child values within this registry key.
each_value(&block)
Enumerates all of the child values within this registry key.
=end
def each_value(&block) def each_value(&block)
return enum_value.each(&block) return enum_value.each(&block)
end end
=begin # Retrieves all of the registry keys that are direct descendents of
enum_key() # the class' registry key.
Retrieves all of the registry keys that are direct descendents of
the class' registry key.
=end
def enum_key() def enum_key()
return self.client.registry.enum_key(self.hkey) return self.client.registry.enum_key(self.hkey)
end end
=begin # Retrieves all of the registry values that exist within the opened
enum_value # registry key.
Retrieves all of the registry values that exist within the opened
registry key.
=end
def enum_value() def enum_value()
return self.client.registry.enum_value(self.hkey) return self.client.registry.enum_value(self.hkey)
end end
@ -77,39 +61,23 @@ class RegistryKey
# #
## ##
=begin # Opens a registry key that is relative to this registry key.
open_key(base_key, perm)
Opens a registry key that is relative to this registry key.
=end
def open_key(base_key, perm = KEY_READ) def open_key(base_key, perm = KEY_READ)
return self.client.registry.open_key(self.hkey, base_key, perm) return self.client.registry.open_key(self.hkey, base_key, perm)
end end
=begin # Creates a registry key that is relative to this registry key.
create_key(base_key, perm)
Creates a registry key that is relative to this registry key.
=end
def create_key(base_key, perm = KEY_READ) def create_key(base_key, perm = KEY_READ)
return self.client.registry.create_key(self.hkey, base_key, perm) return self.client.registry.create_key(self.hkey, base_key, perm)
end end
=begin # Deletes a registry key that is relative to this registry key.
delete_key(base_key, recursive)
Deletes a registry key that is relative to this registry key.
=end
def delete_key(base_key, recursive = true) def delete_key(base_key, recursive = true)
return self.client.registry.delete_key(self.hkey, base_key, recursive) return self.client.registry.delete_key(self.hkey, base_key, recursive)
end end
=begin # Closes the open key. This must be called if the registry
close() # key was opened.
Closes the open key. This must be called if the registry
key was opened.
=end
def close() def close()
if (self.hkey != nil) if (self.hkey != nil)
return self.client.registry.close_key(hkey) return self.client.registry.close_key(hkey)
@ -124,21 +92,13 @@ class RegistryKey
# #
## ##
=begin # Sets a value relative to the opened registry key.
set_value(name, type, data)
Sets a value relative to the opened registry key.
=end
def set_value(name, type, data) def set_value(name, type, data)
return self.client.registry.set_value(self.hkey, name, type, data) return self.client.registry.set_value(self.hkey, name, type, data)
end end
=begin # Queries the attributes of the supplied registry value relative to
query_value(name) # the opened registry key.
Queries the attributes of the supplied registry value relative to
the opened registry key.
=end
def query_value(name) def query_value(name)
return self.client.registry.query_value(self.hkey, name) return self.client.registry.query_value(self.hkey, name)
end end
@ -149,6 +109,7 @@ class RegistryKey
# #
## ##
# Returns the path to the key
def to_s def to_s
return self.root_key.to_s + "\\" + self.base_key return self.root_key.to_s + "\\" + self.base_key
end end

26
lib/rex/post/meterpreter/extensions/stdapi/RegistryValue.rb
View File

@ -26,11 +26,7 @@ class RegistryValue
self.data = data self.data = data
end end
=begin # Sets the value's data.
set(data, type)
Sets the value's data.
=end
def set(data, type = nil) def set(data, type = nil)
if (type == nil) if (type == nil)
type = self.type type = self.type
@ -46,11 +42,7 @@ class RegistryValue
return false return false
end end
=begin # Queries the value's data.
query()
Queries the value's data.
=end
def query() def query()
val = self.client.registry.query_value(self.hkey, self.name) val = self.client.registry.query_value(self.hkey, self.name)
@ -62,23 +54,13 @@ class RegistryValue
return self.data return self.data
end end
=begin # Deletes the value.
delete()
Deletes the value.
=end
def delete() def delete()
return self.client.registry.delete_value(self.hkey, self.name) return self.client.registry.delete_value(self.hkey, self.name)
end end
##
#
# Attributes
#
##
attr_reader :hkey, :name, :type, :data attr_reader :hkey, :name, :type, :data
protected protected
attr_accessor :client attr_accessor :client
attr_writer :hkey, :name, :type, :data attr_writer :hkey, :name, :type, :data
end end

18
lib/rex/post/meterpreter/extensions/stdapi/constants.rb
View File

@ -1,9 +1,17 @@
#!/usr/bin/ruby #!/usr/bin/ruby
###
#
# These are put into the global namespace for now # These are put into the global namespace for now
# so that they can be referenced globally # so that they can be referenced globally
#
###
##
#
# Permissions # Permissions
#
##
DELETE = 0x00010000 DELETE = 0x00010000
READ_CONTROL = 0x00020000 READ_CONTROL = 0x00020000
WRITE_DAC = 0x00040000 WRITE_DAC = 0x00040000
@ -21,7 +29,11 @@ GENERIC_WRITE = 0x40000000
GENERIC_EXECUTE = 0x20000000 GENERIC_EXECUTE = 0x20000000
GENERIC_ALL = 0x10000000 GENERIC_ALL = 0x10000000
##
#
# Registry Permissions # Registry Permissions
#
##
KEY_QUERY_VALUE = 0x00000001 KEY_QUERY_VALUE = 0x00000001
KEY_SET_VALUE = 0x00000002 KEY_SET_VALUE = 0x00000002
KEY_CREATE_SUB_KEY = 0x00000004 KEY_CREATE_SUB_KEY = 0x00000004
@ -37,8 +49,12 @@ KEY_ALL_ACCESS = (STANDARD_RIGHTS_ALL | KEY_QUERY_VALUE |
KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_SET_VALUE | KEY_CREATE_SUB_KEY |
KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY |
KEY_CREATE_LINK) & ~SYNCHRONIZE KEY_CREATE_LINK) & ~SYNCHRONIZE
##
#
# Registry # Registry
#
##
HKEY_CLASSES_ROOT = 0x80000000 HKEY_CLASSES_ROOT = 0x80000000
HKEY_CURRENT_USER = 0x80000001 HKEY_CURRENT_USER = 0x80000001
HKEY_LOCAL_MACHINE = 0x80000002 HKEY_LOCAL_MACHINE = 0x80000002

9
lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb
View File

@ -33,7 +33,6 @@ TLV_TYPE_FILE_PATH = TLV_META_TYPE_STRING | 1202
TLV_TYPE_FILE_MODE = TLV_META_TYPE_STRING | 1203 TLV_TYPE_FILE_MODE = TLV_META_TYPE_STRING | 1203
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220 TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220
DELETE_KEY_FLAG_RECURSIVE = (1 << 0) DELETE_KEY_FLAG_RECURSIVE = (1 << 0)
### ###
@ -57,28 +56,34 @@ class Stdapi < Extension
client.register_extension_alias('registry', self.registry) client.register_extension_alias('registry', self.registry)
end end
# Sets the client instance on a duplicated copy of the supplied class
def brand(klass) def brand(klass)
klass = klass.dup klass = klass.dup
klass.client = self.client klass.client = self.client
return klass return klass
end end
# Returns a copy of the Dir class
def dir def dir
brand(Rex::Post::Meterpreter::Extensions::Stdapi::Dir) brand(Rex::Post::Meterpreter::Extensions::Stdapi::Dir)
end end
# Returns a copy of the File class
def file def file
brand(Rex::Post::Meterpreter::Extensions::Stdapi::File) brand(Rex::Post::Meterpreter::Extensions::Stdapi::File)
end end
# Returns a copy of the FileStat class
def filestat def filestat
brand(Rex::Post::Meterpreter::Extensions::Stdapi::FileStat) brand(Rex::Post::Meterpreter::Extensions::Stdapi::FileStat)
end end
# Returns a copy of the Process class
def process def process
brand(Rex::Post::Meterpreter::Extensions::Stdapi::Process) brand(Rex::Post::Meterpreter::Extensions::Stdapi::Process)
end end
# Returns a copy of the Registry class
def registry def registry
brand(Rex::Post::Meterpreter::Extensions::Stdapi::Registry) brand(Rex::Post::Meterpreter::Extensions::Stdapi::Registry)
end end