Adds const_reverse_lookup and error_lookup methods to the railgun instance, also adds test/modules/post/test/railgun_reverse_lookups.rb, tested, working great
parent
e11ca43c37
commit
8bdf76a87b
|
@ -277,6 +277,22 @@ class Railgun
|
|||
def const(str)
|
||||
return constant_manager.parse(str)
|
||||
end
|
||||
|
||||
#
|
||||
# Return an array of windows constants names matching +winconst+
|
||||
#
|
||||
|
||||
def const_reverse_lookup(winconst,filter_regex=nil)
|
||||
return constant_manager.rev_lookup(winconst,filter_regex)
|
||||
end
|
||||
|
||||
#
|
||||
# Returns an array of windows error code names for a given windows error code matching +err_code+
|
||||
#
|
||||
|
||||
def error_lookup (err_code,filter_regex=/^ERROR_/)
|
||||
return constant_manager.rev_lookup(err_code,filter_regex)
|
||||
end
|
||||
|
||||
#
|
||||
# The multi-call shorthand (["kernel32", "ExitProcess", [0]])
|
||||
|
|
|
@ -70,6 +70,30 @@ class WinConstManager
|
|||
def is_parseable(s)
|
||||
return parse(s) != nil
|
||||
end
|
||||
|
||||
# looks up a windows constant (integer or hex) and returns an array of matching winconstant names
|
||||
#
|
||||
# this function will NOT throw an exception but return "nil" if it can't find an error code
|
||||
def rev_lookup(winconst, filter_regex=nil)
|
||||
c = winconst.to_i # this is what we're gonna reverse lookup
|
||||
arr = [] # results array
|
||||
@consts.each_pair do |k,v|
|
||||
arr << k if v == c
|
||||
end
|
||||
if filter_regex # this is how we're going to filter the results
|
||||
# in case we get passed a string instead of a Regexp
|
||||
filter_regex = Regexp.new(filter_regex) unless filter_regex.class == Regexp
|
||||
# do the actual filtering
|
||||
arr.select! do |item|
|
||||
item if item =~ filter_regex
|
||||
end
|
||||
end
|
||||
return arr
|
||||
end
|
||||
|
||||
def is_parseable(s)
|
||||
return parse(s) != nil
|
||||
end
|
||||
end
|
||||
|
||||
end; end; end; end; end; end
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
|
||||
##
|
||||
# $Id$
|
||||
##
|
||||
|
||||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'rex'
|
||||
|
||||
class Metasploit3 < Msf::Post
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
'Name' => 'railgun_testing',
|
||||
'Description' => %q{ This module will test railgun code used in post modules},
|
||||
'License' => MSF_LICENSE,
|
||||
'Author' => [ 'kernelsmith'],
|
||||
'Version' => '$Revision$',
|
||||
'Platform' => [ 'windows' ]
|
||||
))
|
||||
register_options(
|
||||
[
|
||||
OptInt.new("ERR_CODE" , [true, "Error code to reverse lookup", 4]),
|
||||
OptInt.new("WIN_CONST", [true, "Windows constant to reverse lookup", 4]),
|
||||
OptString.new("WCREGEX", [false,"Regexp to apply to constant rev lookup", "^SERVICE_"]),
|
||||
OptString.new("ECREGEX", [false,"Regexp to apply to error code lookup", "^ERROR_SERVICE_"]),
|
||||
], self.class)
|
||||
|
||||
end
|
||||
|
||||
def run
|
||||
print_status("Running against session #{datastore["SESSION"]}")
|
||||
print_status("Session type is #{session.type}")
|
||||
|
||||
@rg = session.railgun
|
||||
|
||||
print_status()
|
||||
print_status("TESTING: const_reverse_lookup on #{datastore['WIN_CONST']}")
|
||||
results = @rg.const_reverse_lookup(datastore['WIN_CONST'],datastore['REGEX'])
|
||||
print_status("RESULTS: #{results.class} #{results.pretty_inspect}")
|
||||
|
||||
print_status()
|
||||
print_status("TESTING: error_lookup on #{datastore['ERR_CODE']}")
|
||||
results = @rg.error_lookup(datastore['ERR_CODE'])
|
||||
print_status("RESULTS: #{results.class} #{results.inspect}")
|
||||
|
||||
print_status()
|
||||
print_status("Testing Complete!")
|
||||
end
|
||||
end
|
||||
|
||||
|
Loading…
Reference in New Issue