infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more updates

bug/bundler_fix
Brent Cook 2017-08-28 14:10:51 -05:00
parent a0e04760b5
commit f7071818b1
1 changed files with 144 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

286
lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb
View File

@ -2,160 +2,162 @@
require 'rex/post/meterpreter' require 'rex/post/meterpreter'
module Rex module Rex
module Post module Post
module Meterpreter module Meterpreter
module Ui module Ui
###
#
# This class provides commands that interact with the timestomp feature set of
# the privilege escalation extension.
#
###
class Console::CommandDispatcher::Priv::Timestomp
Klass = Console::CommandDispatcher::Priv::Timestomp
### include Console::CommandDispatcher
#
# This class provides commands that interact with the timestomp feature set of
# the privilege escalation extension.
#
###
class Console::CommandDispatcher::Priv::Timestomp
Klass = Console::CommandDispatcher::Priv::Timestomp
include Console::CommandDispatcher @@timestomp_opts = Rex::Parser::Arguments.new(
"-m" => [ true, "Set the \"last written\" time of the file" ],
"-a" => [ true, "Set the \"last accessed\" time of the file" ],
"-c" => [ true, "Set the \"creation\" time of the file" ],
"-e" => [ true, "Set the \"mft entry modified\" time of the file" ],
"-z" => [ true, "Set all four attributes (MACE) of the file" ],
"-f" => [ true, "Set the MACE of attributes equal to the supplied file" ],
"-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ],
"-r" => [ false, "Set the MACE timestamps recursively on a directory" ],
"-v" => [ false, "Display the UTC MACE values of the file" ],
"-h" => [ false, "Help banner" ]
)
@@timestomp_opts = Rex::Parser::Arguments.new( #
"-m" => [ true, "Set the \"last written\" time of the file" ], # List of supported commands.
"-a" => [ true, "Set the \"last accessed\" time of the file" ], #
"-c" => [ true, "Set the \"creation\" time of the file" ], def commands
"-e" => [ true, "Set the \"mft entry modified\" time of the file" ], {
"-z" => [ true, "Set all four attributes (MACE) of the file" ], "timestomp" => "Manipulate file MACE attributes"
"-f" => [ true, "Set the MACE of attributes equal to the supplied file" ], }
"-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ], end
"-r" => [ false, "Set the MACE timestamps recursively on a directory" ],
"-v" => [ false, "Display the UTC MACE values of the file" ],
"-h" => [ false, "Help banner" ]
)
# #
# List of supported commands. # Name for this dispatcher.
# #
def commands def name
{ "Priv: Timestomp"
"timestomp" => "Manipulate file MACE attributes" end
}
end
# #
# Name for this dispatcher. # This command provides the same level of features that vinnie's command
# # line timestomp interface provides with a similar argument set.
def name #
"Priv: Timestomp" def cmd_timestomp(*args)
end paths = []
# modified = nil
# This command provides the same level of features that vinnie's command accessed = nil
# line timestomp interface provides with a similar argument set. creation = nil
# emodified = nil
def cmd_timestomp(*args)
if args.length < 2
print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
@@timestomp_opts.usage)
return
end
paths = [] blank_file_mace = false
blank_directory_mace = false
get_file_mace = false
help = false
modified = nil @@timestomp_opts.parse(args) do |opt, _idx, val|
accessed = nil case opt
creation = nil when "-m"
emodified = nil modified = str_to_time(val)
when "-a"
accessed = str_to_time(val)
when "-c"
creation = str_to_time(val)
when "-e"
emodified = str_to_time(val)
when "-z"
modified = str_to_time(val)
accessed = str_to_time(val)
creation = str_to_time(val)
emodified = str_to_time(val)
when "-f"
print_status("Setting MACE attributes on #{path} from #{val}")
hash = client.priv.fs.get_file_mace(path)
if hash
modified = str_to_time(hash['Modified'])
accessed = str_to_time(hash['Accessed'])
creation = str_to_time(hash['Created'])
emodified = str_to_time(hash['Entry Modified'])
end
when "-b"
blank_file_mace = true
when "-r"
blank_directory_mace = true
when "-v"
get_file_mace = true
when "-h"
help = true
when nil
paths << val
end
end
blank_file_mace = false if paths.empty?
blank_directory_mace = false print_line("\nNo paths specified.")
get_file_mace = false return nil
end
@@timestomp_opts.parse(args) do |opt, _idx, val| if !(modified || accessed || creation || emodified ||
case opt blank_file_mace || blank_directory_mace || get_file_mace) || help
when "-m" print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
modified = str_to_time(val) @@timestomp_opts.usage)
when "-a" return nil
accessed = str_to_time(val) end
when "-c"
creation = str_to_time(val) paths.uniq.each do |path|
when "-e" # If any one of the four times were specified, change them.
emodified = str_to_time(val) if modified || accessed || creation || emodified
when "-z" print_status("Setting specific MACE attributes on #{path}")
modified = str_to_time(val) client.priv.fs.set_file_mace(path, modified, accessed, creation, emodified)
accessed = str_to_time(val) end
creation = str_to_time(val)
emodified = str_to_time(val) if blank_file_mace
when "-f" print_status("Blanking file MACE attributes on #{path}")
print_status("Setting MACE attributes on #{path} from #{val}") client.priv.fs.blank_file_mace(path)
hash = client.priv.fs.get_file_mace(path) end
if hash
modified = str_to_time(hash['Modified']) if blank_directory_mace
accessed = str_to_time(hash['Accessed']) print_status("Blanking directory MACE attributes on #{path}")
creation = str_to_time(hash['Created']) client.priv.fs.blank_directory_mace(path)
emodified = str_to_time(hash['Entry Modified']) end
if get_file_mace
hash = client.priv.fs.get_file_mace(path)
print_status("Showing MACE attributes for #{path}")
print_line("Modified : #{hash['Modified']}")
print_line("Accessed : #{hash['Accessed']}")
print_line("Created : #{hash['Created']}")
print_line("Entry Modified: #{hash['Entry Modified']}")
end
end
end
protected
#
# Converts a date/time in the form of MM/DD/YYYY HH24:MI:SS
#
def str_to_time(str) # :nodoc:
unless str.nil?
_r, mon, day, year, hour, min, sec =
str.match("^(\\d+?)/(\\d+?)/(\\d+?) (\\d+?):(\\d+?):(\\d+?)$").to_a
end
if str.nil? || mon.nil?
raise ArgumentError, "Invalid date format, expected MM/DD/YYYY HH24:MI:SS (got #{str})"
end
Time.mktime(year, mon, day, hour, min, sec, 0)
end
end end
when "-b"
blank_file_mace = true
when "-r"
blank_directory_mace = true
when "-v"
get_file_mace = true
when "-h"
print_line("\nUsage: timestomp <file(s)> OPTIONS\n" +
@@timestomp_opts.usage)
return nil
when nil
paths << val
end
end
if paths.empty?
print_line("\nNo paths specified.")
return
end
paths.uniq.each do |path|
# If any one of the four times were specified, change them.
if modified || accessed || creation || emodified
print_status("Setting specific MACE attributes on #{path}")
client.priv.fs.set_file_mace(path, modified, accessed, creation, emodified)
end
if blank_file_mace
print_status("Blanking file MACE attributes on #{path}")
client.priv.fs.blank_file_mace(path)
end
if blank_directory_mace
print_status("Blanking directory MACE attributes on #{path}")
client.priv.fs.blank_directory_mace(path)
end
if get_file_mace
hash = client.priv.fs.get_file_mace(path)
print_status("Showing MACE attributes for #{path}")
print_line("Modified : #{hash['Modified']}")
print_line("Accessed : #{hash['Accessed']}")
print_line("Created : #{hash['Created']}")
print_line("Entry Modified: #{hash['Entry Modified']}")
end end
end end
end end
protected
#
# Converts a date/time in the form of MM/DD/YYYY HH24:MI:SS
#
def str_to_time(str) # :nodoc:
_r, mon, day, year, hour, min, sec = str.match("^(\\d+?)/(\\d+?)/(\\d+?) (\\d+?):(\\d+?):(\\d+?)$").to_a
if mon.nil?
raise ArgumentError, "Invalid date format, expected MM/DD/YYYY HH24:MI:SS (got #{str})"
end
Time.mktime(year, mon, day, hour, min, sec, 0)
end
end
end
end
end
end end