Add support for optional image downloading

Without -d, `CF_DIB` types will just show image dimensions. Running
with -d will result in the image being looted.

lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb

@@ -22,11 +22,15 @@ class Clipboard
 
   # Get the target clipboard data in whichever format we can
   # (if it's supported.
-  def get_data()
+  def get_data(download = false)
     results = []
 
     request = Packet.create_request('extapi_clipboard_get_data')
 
+    if download
+      request.add_tlv(TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD, true)
+    end
+
     response = client.send_request(request)
 
     text = response.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT)
@@ -38,8 +42,6 @@ class Clipboard
       }
     end
 
-    files = response.get_tlv_values(TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE)
-
     files = []
     response.each(TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE) { |f|
       files << {
@@ -55,13 +57,15 @@ class Clipboard
       }
     end
 
-    jpg = response.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_JPG)
+    response.each(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG) do |jpg|
-
+      if not jpg.nil?
-    if not jpg.nil?
+        results << {
-      results << {
+          :type   => :jpg,
-        :type => :jpg,
+          :width  => jpg.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMX),
-        :data => jpg
+          :height => jpg.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY),
-      }
+          :data   => jpg.get_tlv_value(TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA)
+        }
+      end
     end
 
     return results

lib/rex/post/meterpreter/extensions/extapi/tlv.rb

@@ -28,11 +28,17 @@ TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP   = TLV_META_TYPE_STRING | (TLV_TYPE_E
 TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE      = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 25)
 TLV_TYPE_EXT_SERVICE_QUERY_DACL             = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 26)
 
+TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD             = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 35)
+
 TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT            = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 40)
 TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE            = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 41)
 TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_NAME       = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 42)
 TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_SIZE       = TLV_META_TYPE_QWORD  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 43)
-TLV_TYPE_EXT_CLIPBOARD_TYPE_JPG             = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 44)
+
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG       = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 45)
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMX  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 46)
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 47)
+TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA  = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 48)
 
 end
 end

lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb

@@ -39,7 +39,7 @@ class Console::CommandDispatcher::Extapi::Clipboard
   #
   @@get_data_opts = Rex::Parser::Arguments.new(
     "-h" => [ false, "Help banner" ],
-    "-d" => [ false, "Download content, such as files (if applicable)" ]
+    "-d" => [ false, "Download content, such as files, bitmap info (if applicable)" ]
   )
 
   def print_clipboard_get_data_usage()
@@ -66,7 +66,7 @@ class Console::CommandDispatcher::Extapi::Clipboard
     }
 
     # currently we only support text values
-    results = client.extapi.clipboard.get_data()
+    results = client.extapi.clipboard.get_data(download_content)
 
     if results.length == 0
       print_error( "The current Clipboard data format is not supported." )
@@ -84,18 +84,24 @@ class Console::CommandDispatcher::Extapi::Clipboard
           print_line()
 
         when :jpg
-          loot_dir = generate_loot_dir( true )
+          print_line()
-          file = Rex::Text.rand_text_alpha(8) + ".jpg"
+          print_line( "Clipboard Image Dimensions: #{r[:width]}x#{r[:height]}" )
-          path = File.join( loot_dir, file )
+
-          path = ::File.expand_path( path )
+          if download_content
-          ::File.open( path, 'wb' ) do |f|
+            loot_dir = generate_loot_dir( true )
-            f.write r[:data]
+            file = Rex::Text.rand_text_alpha(8) + ".jpg"
+            path = File.join( loot_dir, file )
+            path = ::File.expand_path( path )
+            ::File.open( path, 'wb' ) do |f|
+              f.write r[:data]
+            end
+            print_good( "Clipboard image saved to #{path}" )
+
+            Rex::Compat.open_file( path )
+          else
+            print_line( "Re-run with -d to download image." )
           end
           print_line()
-          print_good( "Clipboard image saved to #{path}" )
-          print_line()
-
-          Rex::Compat.open_file( path )
 
         when :files
           if download_content
@@ -117,12 +123,16 @@ class Console::CommandDispatcher::Extapi::Clipboard
               ]
             )
 
+            total = 0
             r[:data].each { |f|
               table << [f[:name], f[:size]]
+              total += f[:size]
             }
 
             print_line()
             print_line(table.to_s)
+
+            print_line( "#{r[:data].length} file(s) totalling #{total} bytes" )
           end
       end