Rather than throwing a backtrace with an unresolvable SID, try to get as
much profile data as possible if resolve_sid fails.
```
[*] Determining session platform and type...
[-] Unexpected windows error 1332
[*] Checking for Firefox directory in:
C:\Users\Administrator\AppData\Roaming\Mozilla\
[-] Firefox not found
[*] Post module execution completed
```
Rather than operating on a passed-in HKEY, these open and close the registry
key directly for each operation.
This pattern better reflects the actual API usage within msf, and removes extra
round-trips to open and close the registry key, reducing traffic and increasing
performance. I did not add direct versions of every registry operation.
There was no benefit for more rarely-used operations, other than requiring more
churn in the meterpreters.
The primary beneficiary of this is post exploitation modules that do registry
or service enumeration. See #3693 for test cases.
Modify rename_file to fit the pattern of the other file methods.
Otherwise, calling this yields a backtrace in the logs and it fails.
Steps to verify:
rc script:
```
loadpath test/modules
use exploit/multi/handler
set lhost 172.28.128.1
set lport 8081
set payload windows/meterpreter/reverse_http
run -j
sleep 5
resource test/scripts/test-sessions.rc
Before:
```
[-] FAILED: should move files
[-] Exception: TypeError : true is not a symbol
log file:
[01/27/2015 13:17:23] [d(0)] core: Call stack:
/home/bcook/projects/metasploit-framework/lib/msf/core/post/file.rb:357:in
`rename_file'
/home/bcook/projects/metasploit-framework/test/modules/post/test/file.rb:115:in
`block in test_file'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`call'
/home/bcook/projects/metasploit-framework/test/lib/module_test.rb:26:in
`it'
...
```
After, passing sessions instead:
```
post/test/file
SESSION => 1
Setup: changing working directory to %TEMP%
[*] Running against session 1
[*] Session type is meterpreter and platform is x86/win32
[+] should test for file existence
[+] should test for directory existence
[+] should create text files
[+] should read the text we just wrote
[+] should append text files
[+] should delete text files
[+] should move files
[+] should write binary data
[+] should read the binary data we just wrote
[+] should delete binary files
[+] should append binary data
[*] Passed: 11; Failed: 0
```
This adds an extra parameter to most of the post/windows/registry
methods called 'view' that specifies if a registry key should be
accessed as a native process, 32-bit or 64-bit.
Support is added to both the Meterpreter and command-line backends. For
the command backend, a lot of boilerplate is removed from each method in
favor of a few shared commands. There is an error hash that never gets
used, so I removed it as well.
This passes the post/test/registry module with meterpreter, but fails
the command line backend. However, it fails in the same way without
these changes (tested on Windows 8), so I suspect that the command line
session was already not working well, at least with newer versions of
Windows. I might look into figuring out how to fix that, but it looks
pretty fragile to me, parsing for english phrases in the output.
- Many code duplications are eliminated from modules in favor of shared
implementations in the framework.
- Paths are properly quoted in shell operations and duplicate operations are
squashed.
- Various subtle bugs in error handling are fixed.
- Error handling is simpler.
- Windows services API is revised and modules are updated to use it.
- various API docs added
- railgun API constants are organized and readable now.
This commit contains a bunch of work that comes from Meatballs1 and
Lesage, and updates the bypassuac_inject module so that it works on
Windows 8.x and Windows 2012. Almost zero of the code in this module
can be attributed to me. Most of it comes from Ben's work.
I did do some code tidying, adjustment of style, etc. but other than
that it's all down to other people.
Since Ruby 2.1, the respond_to? method is more strict because it does
not check protected methods. So when you use send(), clearly you're
ignoring this type of access control. The patch is meant to preserve
this behavior to avoid potential breakage.
Resolve#4507
If the user supplies an invalid session (as in not on the session
list), it will cause a backtrace, because the setup method from
Msf::PostMixin isn't actually called.
We have thought about implementing this in a new OptSession instead.
But you can't use or even pass framework to option_container.rb, so
this is NOT possible.
The original PR was #3956.
This fixes a huge number of hard-to-detect runtime bugs
that occur when a default utf-8 string from one of these
libraries is passed into a method expecting ascii-8bit
jvazquez-r7
Brent Cook
Meatballs
Brent Cook
OJ
sinn3r
Spencer McIntyre
Jon Hart
Joe Vennix
HD Moore
b00stfr3ak
Tod Beardsley
scriptjunkie
William Vu