Adds reg queryclass
git-svn-id: file:///home/svn/framework3/trunk@8046 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
64e524545e
commit
98f83bbab1
Binary file not shown.
|
@ -282,7 +282,7 @@ DWORD request_fs_delete_file(Remote *remote, Packet *packet)
|
|||
|
||||
if (!path)
|
||||
result = ERROR_INVALID_PARAMETER;
|
||||
#ifdef __WIN32__
|
||||
#ifdef _WIN32
|
||||
else if (!DeleteFile(path))
|
||||
#else
|
||||
else if (!unlink(path))
|
||||
|
|
|
@ -213,6 +213,10 @@ Command customCommands[] =
|
|||
{ request_registry_query_value, { 0 }, 0 },
|
||||
{ EMPTY_DISPATCH_HANDLER },
|
||||
},
|
||||
{ "stdapi_registry_query_class",
|
||||
{ request_registry_query_class, { 0 }, 0 },
|
||||
{ EMPTY_DISPATCH_HANDLER },
|
||||
},
|
||||
{ "stdapi_registry_enum_value",
|
||||
{ request_registry_enum_value, { 0 }, 0 },
|
||||
{ EMPTY_DISPATCH_HANDLER },
|
||||
|
|
|
@ -437,3 +437,42 @@ DWORD request_registry_delete_value(Remote *remote, Packet *packet)
|
|||
|
||||
return ERROR_SUCCESS;
|
||||
}
|
||||
|
||||
/*
|
||||
* Queries a registry class for a given HKEY.
|
||||
*
|
||||
* TLVs:
|
||||
*
|
||||
* req: TLV_TYPE_HKEY - The HKEY to query the class on
|
||||
*/
|
||||
DWORD request_registry_query_class(Remote *remote, Packet *packet)
|
||||
{
|
||||
Packet *response = packet_create_response(packet);
|
||||
LPCSTR valueName = NULL;
|
||||
BYTE valueData[4096];
|
||||
DWORD valueDataSize = 4096;
|
||||
DWORD result = ERROR_SUCCESS;
|
||||
DWORD valueType = 0;
|
||||
HKEY hkey = NULL;
|
||||
|
||||
// Acquire the standard TLVs
|
||||
hkey = (HKEY)packet_get_tlv_value_uint(packet, TLV_TYPE_HKEY);
|
||||
|
||||
do
|
||||
{
|
||||
// Get the size of the value data
|
||||
if ((result = RegQueryInfoKey(hkey, valueData, &valueDataSize, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL)) != ERROR_SUCCESS)
|
||||
break;
|
||||
|
||||
packet_add_tlv_string(response, TLV_TYPE_VALUE_DATA, (LPCSTR)valueData);
|
||||
|
||||
} while (0);
|
||||
|
||||
// Populate the result code
|
||||
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
|
||||
|
||||
// Transmit the response
|
||||
packet_transmit(remote, response, NULL);
|
||||
|
||||
return ERROR_SUCCESS;
|
||||
}
|
|
@ -11,6 +11,7 @@ DWORD request_registry_delete_key(Remote *remote, Packet *packet);
|
|||
DWORD request_registry_close_key(Remote *remote, Packet *packet);
|
||||
DWORD request_registry_set_value(Remote *remote, Packet *packet);
|
||||
DWORD request_registry_query_value(Remote *remote, Packet *packet);
|
||||
DWORD request_registry_query_class(Remote *remote, Packet *packet);
|
||||
DWORD request_registry_enum_value(Remote *remote, Packet *packet);
|
||||
DWORD request_registry_delete_value(Remote *remote, Packet *packet);
|
||||
|
||||
|
|
|
@ -17,13 +17,13 @@ module Sys
|
|||
|
||||
###
|
||||
#
|
||||
# This class provides access to the Windows registry on the remote
|
||||
# This class provides access to the Windows registry on the remote
|
||||
# machine.
|
||||
#
|
||||
###
|
||||
class Registry
|
||||
|
||||
class <<self
|
||||
class << self
|
||||
attr_accessor :client
|
||||
end
|
||||
|
||||
|
@ -35,7 +35,7 @@ class Registry
|
|||
|
||||
#
|
||||
# Opens the supplied registry key relative to the root key with
|
||||
# the supplied permissions. Right now this is merely a wrapper around
|
||||
# the supplied permissions. Right now this is merely a wrapper around
|
||||
# create_key.
|
||||
#
|
||||
def Registry.open_key(root_key, base_key, perm = KEY_READ)
|
||||
|
@ -52,7 +52,7 @@ class Registry
|
|||
#
|
||||
def Registry.create_key(root_key, base_key, perm = KEY_READ)
|
||||
request = Packet.create_request('stdapi_registry_create_key')
|
||||
|
||||
|
||||
request.add_tlv(TLV_TYPE_ROOT_KEY, root_key)
|
||||
request.add_tlv(TLV_TYPE_BASE_KEY, base_key)
|
||||
request.add_tlv(TLV_TYPE_PERMISSION, perm)
|
||||
|
@ -84,7 +84,7 @@ class Registry
|
|||
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Closes the supplied registry key.
|
||||
#
|
||||
|
@ -188,6 +188,21 @@ class Registry
|
|||
return false
|
||||
end
|
||||
|
||||
#
|
||||
# Queries the registry class name and returns a string
|
||||
#
|
||||
def Registry.query_class(hkey)
|
||||
request = Packet.create_request('stdapi_registry_query_class')
|
||||
|
||||
request.add_tlv(TLV_TYPE_HKEY, hkey)
|
||||
|
||||
response = client.send_request(request)
|
||||
cls = response.get_tlv(TLV_TYPE_VALUE_DATA)
|
||||
return nil if not cls
|
||||
data = cls.value.gsub(/\x00.*/, '')
|
||||
return data
|
||||
end
|
||||
|
||||
#
|
||||
# Enumerates all of the values at the supplied hkey including their
|
||||
# names. An array of RegistryValue's is returned.
|
||||
|
@ -237,11 +252,11 @@ class Registry
|
|||
# type (like REG_SZ).
|
||||
#
|
||||
def self.type2str(type)
|
||||
return REG_SZ if (type == 'REG_SZ')
|
||||
return REG_DWORD if (type == 'REG_DWORD')
|
||||
return REG_BINARY if (type == 'REG_BINARY')
|
||||
return REG_EXPAND_SZ if (type == 'REG_EXPAND_SZ')
|
||||
return REG_NONE if (type == 'REG_NONE')
|
||||
return REG_SZ if (type == 'REG_SZ')
|
||||
return REG_DWORD if (type == 'REG_DWORD')
|
||||
return REG_BINARY if (type == 'REG_BINARY')
|
||||
return REG_EXPAND_SZ if (type == 'REG_EXPAND_SZ')
|
||||
return REG_NONE if (type == 'REG_NONE')
|
||||
return nil
|
||||
end
|
||||
|
||||
|
@ -260,4 +275,5 @@ class Registry
|
|||
|
||||
end
|
||||
|
||||
end; end; end; end; end; end
|
||||
end; end; end; end; end; end
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ class RegistryKey
|
|||
end
|
||||
|
||||
#
|
||||
# Retrieves all of the registry values that exist within the opened
|
||||
# Retrieves all of the registry values that exist within the opened
|
||||
# registry key.
|
||||
#
|
||||
def enum_value()
|
||||
|
@ -74,7 +74,7 @@ class RegistryKey
|
|||
#
|
||||
##
|
||||
|
||||
#
|
||||
#
|
||||
# Opens a registry key that is relative to this registry key.
|
||||
#
|
||||
def open_key(base_key, perm = KEY_READ)
|
||||
|
@ -101,7 +101,7 @@ class RegistryKey
|
|||
#
|
||||
def close()
|
||||
if (self.hkey != nil)
|
||||
return self.client.sys.registry.close_key(hkey)
|
||||
return self.client.sys.registry.close_key(hkey)
|
||||
end
|
||||
|
||||
return false
|
||||
|
@ -128,6 +128,13 @@ class RegistryKey
|
|||
return self.client.sys.registry.query_value(self.hkey, name)
|
||||
end
|
||||
|
||||
#
|
||||
# Queries the class of the specified key
|
||||
#
|
||||
def query_class
|
||||
return self.client.sys.registry.query_class(self.hkey)
|
||||
end
|
||||
|
||||
#
|
||||
# Delete the supplied registry value.
|
||||
#
|
||||
|
@ -171,4 +178,5 @@ protected
|
|||
attr_writer :hkey, :root_key, :base_key, :perm # :nodoc:
|
||||
end
|
||||
|
||||
end; end; end; end; end; end; end
|
||||
end; end; end; end; end; end; end
|
||||
|
||||
|
|
|
@ -119,7 +119,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
end
|
||||
|
||||
# Execute it
|
||||
p = client.sys.process.execute(cmd_exec, cmd_args,
|
||||
p = client.sys.process.execute(cmd_exec, cmd_args,
|
||||
'Channelized' => channelized,
|
||||
'Hidden' => hidden,
|
||||
'InMemory' => (from_mem) ? dummy_exec : nil,
|
||||
|
@ -142,15 +142,15 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
path = (path and not path.empty?) ? path : "cmd.exe"
|
||||
cmd_execute("-f", path, "-c", "-H", "-i")
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
#
|
||||
# Gets the process identifier that meterpreter is running in on the remote
|
||||
# machine.
|
||||
#
|
||||
def cmd_getpid(*args)
|
||||
print_line("Current pid: #{client.sys.process.getpid}")
|
||||
|
||||
|
||||
return true
|
||||
end
|
||||
|
||||
|
@ -160,7 +160,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
def cmd_getuid(*args)
|
||||
print_line("Server username: #{client.sys.config.getuid}")
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# Clears the event log
|
||||
#
|
||||
|
@ -169,7 +169,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
logs = ['Application', 'System', 'Security']
|
||||
logs << args
|
||||
logs.flatten!
|
||||
|
||||
|
||||
logs.each do |name|
|
||||
log = client.sys.eventlog.open(name)
|
||||
print_status("Wiping #{log.length} records from #{name}...")
|
||||
|
@ -191,7 +191,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
print_line("Killing: #{args.join(", ")}")
|
||||
|
||||
client.sys.process.kill(*(args.map { |x| x.to_i }))
|
||||
|
||||
|
||||
return true
|
||||
end
|
||||
|
||||
|
@ -257,11 +257,12 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
print_line(
|
||||
"Usage: reg [command] [options]\n\n" +
|
||||
"Interact with the target machine's registry.\n" +
|
||||
@@reg_opts.usage +
|
||||
@@reg_opts.usage +
|
||||
"COMMANDS:\n\n" +
|
||||
" enumkey Enumerate the supplied registry key [-k <key>]\n" +
|
||||
" createkey Create the supplied registry key [-k <key>]\n" +
|
||||
" deletekey Delete the supplied registry key [-k <key>]\n" +
|
||||
" queryclass Queries the class of the supplied key [-k <key>]\n" +
|
||||
" setval Set a registry value [-k <key> -v <val> -d <data>]\n" +
|
||||
" deleteval Delete the supplied registry value [-k <key> -v <val>]\n" +
|
||||
" queryval Queries the data contents of a value [-k <key> -v <val>]\n\n")
|
||||
|
@ -302,7 +303,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
print_line(" Keys (#{keys.length}):\n")
|
||||
|
||||
keys.each { |subkey|
|
||||
print_line("\t#{subkey}")
|
||||
print_line("\t#{subkey}")
|
||||
}
|
||||
|
||||
print_line
|
||||
|
@ -310,11 +311,11 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
|
||||
if (vals.length > 0)
|
||||
print_line(" Values (#{vals.length}):\n")
|
||||
|
||||
|
||||
vals.each { |val|
|
||||
print_line("\t#{val.name}")
|
||||
}
|
||||
|
||||
|
||||
print_line
|
||||
end
|
||||
|
||||
|
@ -373,7 +374,13 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
"Name: #{v.name}\n" +
|
||||
"Type: #{v.type_to_s}\n" +
|
||||
"Data: #{v.data}\n")
|
||||
|
||||
|
||||
when "queryclass"
|
||||
open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ)
|
||||
|
||||
data = open_key.query_class
|
||||
|
||||
print("Data: #{data}\n")
|
||||
else
|
||||
print_error("Invalid command supplied: #{cmd}")
|
||||
end
|
||||
|
@ -418,3 +425,4 @@ end
|
|||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue