Add service_query to ext_server_extapi
Once the user has queried the list of services they can now use the `service_query` function to get more detail about a specific service.bug/bundler_fix
parent
23340e9df0
commit
cbaeebeff7
|
@ -71,6 +71,26 @@ class Extapi < Extension
|
||||||
return services.sort_by { |s| s[:name].upcase }
|
return services.sort_by { |s| s[:name].upcase }
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Query some detailed parameters about a particular service.
|
||||||
|
def service_query(service_name)
|
||||||
|
request = Packet.create_request('extapi_service_query')
|
||||||
|
request.add_tlv(TLV_TYPE_EXT_SERVICE_ENUM_NAME, service_name)
|
||||||
|
|
||||||
|
response = client.send_request(request)
|
||||||
|
|
||||||
|
detail = {
|
||||||
|
:starttype => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE),
|
||||||
|
:display => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME),
|
||||||
|
:startname => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME),
|
||||||
|
:path => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_PATH),
|
||||||
|
:logroup => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP),
|
||||||
|
:interactive => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE),
|
||||||
|
:dacl => response.get_tlv_value(TLV_TYPE_EXT_SERVICE_QUERY_DACL)
|
||||||
|
}
|
||||||
|
|
||||||
|
return detail
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
end; end; end; end; end
|
end; end; end; end; end
|
||||||
|
|
|
@ -7,17 +7,25 @@ module Extapi
|
||||||
|
|
||||||
TLV_TYPE_EXTENSION_EXTAPI = 0
|
TLV_TYPE_EXTENSION_EXTAPI = 0
|
||||||
|
|
||||||
TLV_TYPE_EXT_WINDOW_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 1)
|
TLV_TYPE_EXT_WINDOW_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 1)
|
||||||
TLV_TYPE_EXT_WINDOW_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 2)
|
TLV_TYPE_EXT_WINDOW_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 2)
|
||||||
TLV_TYPE_EXT_WINDOW_ENUM_HANDLE = TLV_META_TYPE_QWORD | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 3)
|
TLV_TYPE_EXT_WINDOW_ENUM_HANDLE = TLV_META_TYPE_QWORD | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 3)
|
||||||
TLV_TYPE_EXT_WINDOW_ENUM_TITLE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 4)
|
TLV_TYPE_EXT_WINDOW_ENUM_TITLE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 4)
|
||||||
|
|
||||||
TLV_TYPE_EXT_SERVICE_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 10)
|
TLV_TYPE_EXT_SERVICE_ENUM_GROUP = TLV_META_TYPE_GROUP | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 10)
|
||||||
TLV_TYPE_EXT_SERVICE_ENUM_NAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 11)
|
TLV_TYPE_EXT_SERVICE_ENUM_NAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 11)
|
||||||
TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 12)
|
TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 12)
|
||||||
TLV_TYPE_EXT_SERVICE_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 13)
|
TLV_TYPE_EXT_SERVICE_ENUM_PID = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 13)
|
||||||
TLV_TYPE_EXT_SERVICE_ENUM_STATUS = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 14)
|
TLV_TYPE_EXT_SERVICE_ENUM_STATUS = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 14)
|
||||||
TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE = TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 15)
|
TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE = TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 15)
|
||||||
|
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE = TLV_META_TYPE_UINT | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 20)
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 21)
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 22)
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_PATH = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 23)
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 24)
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE = TLV_META_TYPE_BOOL | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 25)
|
||||||
|
TLV_TYPE_EXT_SERVICE_QUERY_DACL = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_EXTAPI + TLV_EXTENSIONS + 26)
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,6 +1,5 @@
|
||||||
# -*- coding: binary -*-
|
# -*- coding: binary -*-
|
||||||
require 'rex/post/meterpreter'
|
require 'rex/post/meterpreter'
|
||||||
|
|
||||||
module Rex
|
module Rex
|
||||||
module Post
|
module Post
|
||||||
module Meterpreter
|
module Meterpreter
|
||||||
|
@ -38,13 +37,21 @@ class Console::CommandDispatcher::Extapi
|
||||||
"-h" => [ false, "Help banner" ]
|
"-h" => [ false, "Help banner" ]
|
||||||
)
|
)
|
||||||
|
|
||||||
|
#
|
||||||
|
# Options for the service_query command.
|
||||||
|
#
|
||||||
|
@@service_query_opts = Rex::Parser::Arguments.new(
|
||||||
|
"-h" => [ false, "Help banner" ]
|
||||||
|
)
|
||||||
|
|
||||||
#
|
#
|
||||||
# List of supported commands.
|
# List of supported commands.
|
||||||
#
|
#
|
||||||
def commands
|
def commands
|
||||||
{
|
{
|
||||||
"window_enum" => "Enumerate all current open windows",
|
"window_enum" => "Enumerate all current open windows",
|
||||||
"service_enum" => "Enumerate all registered Windows services"
|
"service_enum" => "Enumerate all registered Windows services",
|
||||||
|
"service_query" => "Query more detail about a specific Windows service"
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -125,6 +132,46 @@ class Console::CommandDispatcher::Extapi
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def cmd_service_query(*args)
|
||||||
|
args << "-h" if args.length == 0
|
||||||
|
|
||||||
|
@@service_query_opts.parse(args) { |opt, idx, val|
|
||||||
|
case opt
|
||||||
|
when "-h"
|
||||||
|
print(
|
||||||
|
"\nUsage: service_query [-h] <servicename>\n" +
|
||||||
|
" <servicename>: The name of the service to query.\n\n" +
|
||||||
|
"Gets details information about a particular Windows service, including\n" +
|
||||||
|
"binary path, DACL, load order group, start type and more.\n\n")
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
|
service_name = args.shift
|
||||||
|
|
||||||
|
start_type_map = {
|
||||||
|
0 => "Boot",
|
||||||
|
1 => "System",
|
||||||
|
2 => "Automatic",
|
||||||
|
3 => "Manual",
|
||||||
|
4 => "Disabled"
|
||||||
|
}
|
||||||
|
|
||||||
|
detail = client.extapi.service_query(service_name)
|
||||||
|
|
||||||
|
print_line()
|
||||||
|
print_line("Name : #{service_name}")
|
||||||
|
print_line("Display : #{detail[:display]}")
|
||||||
|
print_line("Account : #{detail[:startname]}")
|
||||||
|
print_line("Start Type : #{start_type_map[detail[:starttype]]}")
|
||||||
|
print_line("Path : #{detail[:path]}")
|
||||||
|
print_line("L.O. Group : #{detail[:logroup]}")
|
||||||
|
print_line("Interactive : #{detail[:interactive] ? "Yes" : "No"}")
|
||||||
|
print_line("DACL : #{detail[:dacl]}")
|
||||||
|
print_line()
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Name for this dispatcher
|
# Name for this dispatcher
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue