Add service_query to ext_server_extapi
Once the user has queried the list of services they can now use the `service_query` function to get more detail about a specific service.bug/bundler_fix
OJ
parent
23340e9df0
commit
cbaeebeff7
|
|
@ -71,6 +71,26 @@ class Extapi < Extension
|
|||
return services.sort_by { |s| s[:name].upcase }
|
||||
end
|
||||
|
||||
# Query some detailed parameters about a particular service.
|
||||
def service_query(service_name)
|
||||
request = Packet.create_request('extapi_service_query')
|
||||
request.add_tlv(TLV_TYPE_EXT_SERVICE_ENUM_NAME, service_name)
|
||||
|
||||
response = client.send_request(request)
|
||||
|
||||
detail = {
|
||||
:starttype => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE),
|
||||
:display => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME),
|
||||
:startname => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME),
|
||||
:path => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_PATH),
|
||||
:logroup => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP),
|
||||
:interactive => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE),
|
||||
:dacl => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_DACL)
|
||||
}
|
||||
|
||||
return detail
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
end; end; end; end; end
|
||||
|
|
|
|||
|
|
@ -7,17 +7,25 @@ module Extapi
|
|||
|
||||
TLV_TYPE_EXTENSION_EXTAPI = 0
|
||||
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 1)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 2)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_HANDLE = TLV_META_TYPE_QWORD | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 3)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_TITLE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 4)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 1)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 2)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_HANDLE = TLV_META_TYPE_QWORD | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 3)
|
||||
TLV_TYPE_EXT_WINDOW_ENUM_TITLE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 4)
|
||||
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 10)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_NAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 11)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 12)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 13)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_STATUS = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 14)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE = TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 15)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 10)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_NAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 11)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 12)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 13)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_STATUS = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 14)
|
||||
TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE = TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 15)
|
||||
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 20)
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 21)
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 22)
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_PATH = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 23)
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 24)
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE = TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 25)
|
||||
TLV_TYPE_EXT_SERVICE_QUERY_DACL = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 26)
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -1,6 +1,5 @@
|
|||
# -*- coding: binary -*-
|
||||
require 'rex/post/meterpreter'
|
||||
|
||||
module Rex
|
||||
module Post
|
||||
module Meterpreter
|
||||
|
|
@ -38,13 +37,21 @@ class Console::CommandDispatcher::Extapi
|
|||
"-h" => [ false, "Help banner" ]
|
||||
)
|
||||
|
||||
#
|
||||
# Options for the service_query command.
|
||||
#
|
||||
@@service_query_opts = Rex::Parser::Arguments.new(
|
||||
"-h" => [ false, "Help banner" ]
|
||||
)
|
||||
|
||||
#
|
||||
# List of supported commands.
|
||||
#
|
||||
def commands
|
||||
{
|
||||
"window_enum" => "Enumerate all current open windows",
|
||||
"service_enum" => "Enumerate all registered Windows services"
|
||||
"service_enum" => "Enumerate all registered Windows services",
|
||||
"service_query" => "Query more detail about a specific Windows service"
|
||||
}
|
||||
end
|
||||
|
||||
|
|
@ -125,6 +132,46 @@ class Console::CommandDispatcher::Extapi
|
|||
return true
|
||||
end
|
||||
|
||||
def cmd_service_query(*args)
|
||||
args << "-h" if args.length == 0
|
||||
|
||||
@@service_query_opts.parse(args) { |opt, idx, val|
|
||||
case opt
|
||||
when "-h"
|
||||
print(
|
||||
"\nUsage: service_query [-h] <servicename>\n" +
|
||||
" <servicename>: The name of the service to query.\n\n" +
|
||||
"Gets details information about a particular Windows service, including\n" +
|
||||
"binary path, DACL, load order group, start type and more.\n\n")
|
||||
return true
|
||||
end
|
||||
}
|
||||
|
||||
service_name = args.shift
|
||||
|
||||
start_type_map = {
|
||||
0 => "Boot",
|
||||
1 => "System",
|
||||
2 => "Automatic",
|
||||
3 => "Manual",
|
||||
4 => "Disabled"
|
||||
}
|
||||
|
||||
detail = client.extapi.service_query(service_name)
|
||||
|
||||
print_line()
|
||||
print_line("Name : #{service_name}")
|
||||
print_line("Display : #{detail[:display]}")
|
||||
print_line("Account : #{detail[:startname]}")
|
||||
print_line("Start Type : #{start_type_map[detail[:starttype]]}")
|
||||
print_line("Path : #{detail[:path]}")
|
||||
print_line("L.O. Group : #{detail[:logroup]}")
|
||||
print_line("Interactive : #{detail[:interactive] ? "Yes" : "No"}")
|
||||
print_line("DACL : #{detail[:dacl]}")
|
||||
print_line()
|
||||
|
||||
end
|
||||
|
||||
#
|
||||
# Name for this dispatcher
|
||||
#
|
||||
|
|
|
|||
Loading…
Reference in New Issue