From 685d959886093e8eb0ece2465a9231f33acf8704 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Thu, 27 Mar 2014 15:49:22 +1000
Subject: [PATCH] Support refactors of TLVs and adsi nested group changes

---
 .../extensions/extapi/adsi/adsi.rb            | 82 +++++++++++++++++--
 .../post/meterpreter/extensions/extapi/tlv.rb | 38 +++++----
 .../console/command_dispatcher/extapi/adsi.rb | 36 +++++++-
 3 files changed, 133 insertions(+), 23 deletions(-)

diff --git a/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb b/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
index d7a7db2409..75ec0c7f86 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
@@ -48,14 +48,7 @@ class Adsi
 
     response = client.send_request(request)
 
-    results = []
-    response.each(TLV_TYPE_EXT_ADSI_RESULT) { |r|
-      result = []
-      r.each(TLV_TYPE_EXT_ADSI_VALUE) { |v|
-        result << v.value
-      }
-      results << result
-    }
+    results = extract_results(response)
 
     return {
       :fields  => fields,
@@ -65,6 +58,79 @@ class Adsi
 
   attr_accessor :client
 
+protected
+
+  def extract_results(response)
+    results = []
+
+    response.each(TLV_TYPE_EXT_ADSI_RESULT) do |r|
+      results << extract_values(r)
+    end
+
+    results
+  end
+
+  def extract_values(tlv_container)
+    values = []
+    tlv_container.get_tlvs(TLV_TYPE_ANY).each do |v|
+      values << extract_value(v)
+    end
+    values
+  end
+
+  def extract_value(v)
+    value = {
+      :type => :unknown
+    }
+
+    case v.type
+    when TLV_TYPE_EXT_ADSI_STRING
+      value = {
+        :type  => :string,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_NUMBER, TLV_TYPE_EXT_ADSI_BIGNUMBER
+      value = {
+        :type  => :number,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_BOOL
+      value = {
+        :type  => :bool,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_RAW
+      value = {
+        :type  => :raw,
+        :value => v.value
+      }
+    when TLV_TYPE_EXT_ADSI_ARRAY
+      value = {
+        :type  => :array,
+        :value => extract_values(v.value)
+      }
+    when TLV_TYPE_EXT_ADSI_PATH
+      value = {
+        :type     => :path,
+        :volume   => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_VOL),
+        :path     => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_PATH),
+        :vol_type => v.get_tlv_value(TLV_TYPE_EXT_ADSI_PATH_TYPE)
+      }
+    when TLV_TYPE_EXT_ADSI_DN
+      values = v.get_tlvs(TLV_TYPE_ALL)
+      value = {
+        :type   => :dn,
+        :label  => values[0].value
+      }
+
+      if values[1].type == TLV_TYPE_EXT_ADSI_STRING
+        value[:string] = value[1].value
+      else
+        value[:raw] = value[1].value
+    end
+
+    value
+  end
 end
 
 end; end; end; end; end; end
diff --git a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
index 55ad544dc1..0a96954776 100644
--- a/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/extapi/tlv.rb
@@ -54,21 +54,31 @@ TLV_TYPE_EXT_CLIPBOARD_MON_WIN_CLASS        = TLV_META_TYPE_STRING | (TLV_TYPE_E
 TLV_TYPE_EXT_CLIPBOARD_MON_DUMP             = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 52)
 TLV_TYPE_EXT_CLIPBOARD_MON_PURGE            = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 53)
 
-TLV_TYPE_EXT_ADSI_DOMAIN                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 55)
-TLV_TYPE_EXT_ADSI_FILTER                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 56)
-TLV_TYPE_EXT_ADSI_FIELD                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 57)
-TLV_TYPE_EXT_ADSI_VALUE                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 58)
-TLV_TYPE_EXT_ADSI_RESULT                    = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 59)
-TLV_TYPE_EXT_ADSI_MAXRESULTS                = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 60)
-TLV_TYPE_EXT_ADSI_PAGESIZE                  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 61)
+TLV_TYPE_EXT_ADSI_DOMAIN                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 54)
+TLV_TYPE_EXT_ADSI_FILTER                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 55)
+TLV_TYPE_EXT_ADSI_FIELD                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 56)
+TLV_TYPE_EXT_ADSI_RESULT                    = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 57)
+TLV_TYPE_EXT_ADSI_MAXRESULTS                = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 58)
+TLV_TYPE_EXT_ADSI_PAGESIZE                  = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 59)
+TLV_TYPE_EXT_ADSI_ARRAY                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 60)
+TLV_TYPE_EXT_ADSI_STRING                    = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 61)
+TLV_TYPE_EXT_ADSI_NUMBER                    = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 62)
+TLV_TYPE_EXT_ADSI_BIGNUMBER                 = TLV_META_TYPE_QWORD  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 63)
+TLV_TYPE_EXT_ADSI_BOOL                      = TLV_META_TYPE_BOOL   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 64)
+TLV_TYPE_EXT_ADSI_RAW                       = TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 65)
+TLV_TYPE_EXT_ADSI_PATH                      = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 66)
+TLV_TYPE_EXT_ADSI_PATH_VOL                  = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 67)
+TLV_TYPE_EXT_ADSI_PATH_PATH                 = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 68)
+TLV_TYPE_EXT_ADSI_PATH_TYPE                 = TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
+TLV_TYPE_EXT_ADSI_DN                        = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)
 
-TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 65)
-TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 66)
-TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 67)
-TLV_TYPE_EXT_WMI_VALUE                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 68)
-TLV_TYPE_EXT_WMI_FIELDS                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 69)
-TLV_TYPE_EXT_WMI_VALUES                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 70)
-TLV_TYPE_EXT_WMI_ERROR                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 71)
+TLV_TYPE_EXT_WMI_DOMAIN                     = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 90)
+TLV_TYPE_EXT_WMI_QUERY                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 91)
+TLV_TYPE_EXT_WMI_FIELD                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 92)
+TLV_TYPE_EXT_WMI_VALUE                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 93)
+TLV_TYPE_EXT_WMI_FIELDS                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 94)
+TLV_TYPE_EXT_WMI_VALUES                     = TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 95)
+TLV_TYPE_EXT_WMI_ERROR                      = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 96)
 
 end
 end
diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
index a8659650e3..51361e30d9 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb
@@ -176,7 +176,7 @@ class Console::CommandDispatcher::Extapi::Adsi
     )
 
     objects[:results].each do |c|
-      table << c
+      table << to_table_row(c)
     end
 
     print_line
@@ -189,6 +189,40 @@ class Console::CommandDispatcher::Extapi::Adsi
     return true
   end
 
+protected
+
+  def to_table_row(result)
+    values = []
+
+    result.each do |v|
+      case v[:type]
+      when :string, :number, :bool
+        values << v[:value].to_s
+      when :raw
+        # for UI level stuff, rendering raw as hex is really the only option
+        values << Rex::Text.to_hex(v[:value], '')
+      when :array
+        val = "#{to_table_row(v[:value]).join(", ")}"
+
+        # we'll truncate the output of the array because it could be excessive if we
+        # don't. Users who want the detail of this stuff should probably script it.
+        if val.length > 50
+          val = val[0,50] + ' ..."'
+        end
+
+        values << "[#{val}]"
+      when :dn
+        values << "#{value[:string] || Rex::Text.to_hex(value[:raw], '')}"
+      when :path
+        values << "Vol: #{v[:volume]}, Path: #{v[:path]}, Type: #{v[:vol_type]}"
+      when :unknown
+        values << "(unknown)"
+      end
+    end
+
+    values
+  end
+
 end
 
 end