librex 0.0.1

data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb

@@ -0,0 +1,139 @@
+#!/usr/bin/env ruby
+
+require 'rex/post/meterpreter/object_aliases'
+require 'rex/post/meterpreter/extension'
+require 'rex/post/meterpreter/extensions/stdapi/constants'
+require 'rex/post/meterpreter/extensions/stdapi/tlv'
+require 'rex/post/meterpreter/extensions/stdapi/fs/dir'
+require 'rex/post/meterpreter/extensions/stdapi/fs/file'
+require 'rex/post/meterpreter/extensions/stdapi/fs/file_stat'
+require 'rex/post/meterpreter/extensions/stdapi/net/config'
+require 'rex/post/meterpreter/extensions/stdapi/net/socket'
+require 'rex/post/meterpreter/extensions/stdapi/sys/config'
+require 'rex/post/meterpreter/extensions/stdapi/sys/process'
+require 'rex/post/meterpreter/extensions/stdapi/sys/registry'
+require 'rex/post/meterpreter/extensions/stdapi/sys/event_log'
+require 'rex/post/meterpreter/extensions/stdapi/sys/power'
+require 'rex/post/meterpreter/extensions/stdapi/ui'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+
+###
+#
+# Standard ruby interface to remote entities for meterpreter.  It provides
+# basic access to files, network, system, and other properties of the remote
+# machine that are fairly universal.
+#
+###
+class Stdapi < Extension
+
+	#
+	# Initializes an instance of the standard API extension.
+	#
+	def initialize(client)
+		super(client, 'stdapi')
+
+		# Alias the following things on the client object so that they
+		# can be directly referenced
+		client.register_extension_aliases(
+			[
+				{ 
+					'name' => 'fs',
+					'ext'  => ObjectAliases.new(
+						{
+							'dir'      => self.dir,
+							'file'     => self.file,
+							'filestat' => self.filestat
+						})
+				},
+				{
+					'name' => 'sys',
+					'ext'  => ObjectAliases.new(
+						{
+							'config'   => Sys::Config.new(client),
+							'process'  => self.process,
+							'registry' => self.registry,
+							'eventlog' => self.eventlog,
+							'power'    => self.power
+						})
+				},
+				{
+					'name' => 'net',
+					'ext'  => ObjectAliases.new(
+						{
+							'config'   => Rex::Post::Meterpreter::Extensions::Stdapi::Net::Config.new(client),
+							'socket'   => Rex::Post::Meterpreter::Extensions::Stdapi::Net::Socket.new(client)
+						})
+				},	
+				{
+					'name' => 'ui',
+					'ext'  => UI.new(client)
+				}
+
+			])
+	end
+
+	#
+	# Sets the client instance on a duplicated copy of the supplied class.
+	#
+	def brand(klass)
+		klass = klass.dup
+		klass.client = self.client
+		return klass
+	end
+
+	#
+	# Returns a copy of the Dir class.
+	#
+	def dir
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Fs::Dir)
+	end
+
+	#
+	# Returns a copy of the File class.
+	#
+	def file
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Fs::File)
+	end
+
+	#
+	# Returns a copy of the FileStat class.
+	#
+	def filestat
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Fs::FileStat)
+	end
+
+	#
+	# Returns a copy of the Process class.
+	#
+	def process
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process)
+	end
+
+	#
+	# Returns a copy of the Registry class.
+	#
+	def registry
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Registry)
+	end
+
+	#
+	# Returns a copy of the EventLog class.
+	#
+	def eventlog
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Sys::EventLog)
+	end
+
+	#
+	# Returns a copy of the Power class.
+	#
+	def power
+		brand(Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Power)
+	end
+end
+
+end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb

@@ -0,0 +1,97 @@
+#!/usr/bin/env ruby
+
+require 'rex/post/process'
+require 'rex/post/meterpreter/packet'
+require 'rex/post/meterpreter/client'
+require 'rex/post/meterpreter/extensions/stdapi/constants'
+require 'rex/post/meterpreter/extensions/stdapi/stdapi'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Sys
+
+###
+#
+# This class provides access to remote system configuration and information.
+#
+###
+class Config
+
+	def initialize(client)
+		self.client = client
+	end
+
+	#
+	# Returns the username that the remote side is running as.
+	#
+	def getuid
+		request  = Packet.create_request('stdapi_sys_config_getuid')
+		response = client.send_request(request)
+		return response.get_tlv_value(TLV_TYPE_USER_NAME)
+	end
+
+	#
+	# Returns a hash of information about the remote computer.
+	#
+	def sysinfo
+		request  = Packet.create_request('stdapi_sys_config_sysinfo')
+		response = client.send_request(request)
+
+		{
+			'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
+			'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
+			'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
+			'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
+		}
+	end
+
+	#
+	# Calls RevertToSelf on the remote machine.
+	#
+	def revert_to_self
+		client.send_request(Packet.create_request('stdapi_sys_config_rev2self'))
+	end
+
+	#
+	# Steals the primary token from a target process
+	#
+	def steal_token(pid)
+		req = Packet.create_request('stdapi_sys_config_steal_token')
+		req.add_tlv(TLV_TYPE_PID, pid.to_i)
+		res = client.send_request(req)
+		return res.get_tlv_value(TLV_TYPE_USER_NAME)
+	end
+
+	#
+	# Drops any assumed token
+	#
+	def drop_token
+		req = Packet.create_request('stdapi_sys_config_drop_token')
+		res = client.send_request(req)
+		return res.get_tlv_value(TLV_TYPE_USER_NAME)
+	end
+
+	#
+	# Enables all possible privileges
+	#
+	def getprivs
+		req = Packet.create_request('stdapi_sys_config_getprivs')
+		ret = []
+		res = client.send_request(req)
+		res.each(TLV_TYPE_PRIVILEGE) do |p|
+			ret << p.value
+		end
+		return ret
+	end
+
+protected
+
+	attr_accessor :client
+
+end
+
+end; end; end; end; end; end
+

data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb

@@ -0,0 +1,184 @@
+#!/usr/bin/env ruby
+
+require 'rex/post/process'
+require 'rex/post/meterpreter/packet'
+require 'rex/post/meterpreter/client'
+require 'rex/post/meterpreter/extensions/stdapi/constants'
+require 'rex/post/meterpreter/extensions/stdapi/stdapi'
+require 'rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Sys
+
+###
+#
+# This class provides access to the Windows event log on the remote 
+# machine.
+#
+###
+class EventLog
+
+	class <<self
+		attr_accessor :client
+	end
+
+	#
+	# Opens the supplied event log.
+	#
+	#--
+	# NOTE: should support UNCServerName sometime
+	#++
+	#
+	def EventLog.open(name)
+		request = Packet.create_request('stdapi_sys_eventlog_open')
+
+		request.add_tlv(TLV_TYPE_EVENT_SOURCENAME, name);
+
+		response = client.send_request(request)
+
+		return self.new(response.get_tlv_value(TLV_TYPE_EVENT_HANDLE))
+	end
+
+	##
+	#
+	# Event Log Instance Stuffs!
+	#
+	##
+
+	attr_accessor :handle # :nodoc:
+	attr_accessor :client # :nodoc:
+
+	public 
+
+	#
+	# Initializes an instance of the eventlog manipulator.
+	#
+	def initialize(hand)
+		self.client = self.class.client
+		self.handle = hand
+	end
+
+	#
+	# Return the number of records in the event log.
+	#
+	def length
+		request = Packet.create_request('stdapi_sys_eventlog_numrecords')
+
+		request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
+
+		response = client.send_request(request)
+
+		return response.get_tlv_value(TLV_TYPE_EVENT_NUMRECORDS)
+	end
+
+	#
+	# the low level read function (takes flags, not hash, etc).
+	#
+	def _read(flags, offset = 0)
+		request = Packet.create_request('stdapi_sys_eventlog_read')
+
+		request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle)
+		request.add_tlv(TLV_TYPE_EVENT_READFLAGS, flags)
+		request.add_tlv(TLV_TYPE_EVENT_RECORDOFFSET, offset)
+
+		response = client.send_request(request)
+
+		EventLogSubsystem::EventRecord.new(
+		  response.get_tlv_value(TLV_TYPE_EVENT_RECORDNUMBER),
+		  response.get_tlv_value(TLV_TYPE_EVENT_TIMEGENERATED),
+		  response.get_tlv_value(TLV_TYPE_EVENT_TIMEWRITTEN),
+		  response.get_tlv_value(TLV_TYPE_EVENT_ID),
+		  response.get_tlv_value(TLV_TYPE_EVENT_TYPE),
+		  response.get_tlv_value(TLV_TYPE_EVENT_CATEGORY),
+		  response.get_tlv_values(TLV_TYPE_EVENT_STRING),
+		  response.get_tlv_value(TLV_TYPE_EVENT_DATA)
+		)
+	end
+
+	#
+	# Read the eventlog forwards, meaning from oldest to newest.
+	# Returns a EventRecord, and throws an exception after no more records.
+	#
+	def read_forwards
+		_read(EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ)
+	end
+
+	#
+	# Iterator for read_forwards.
+	#
+	def each_forwards
+		begin
+			loop do
+				yield(read_forwards)
+			end
+		rescue ::Exception
+		end
+	end
+
+	#
+	# Read the eventlog backwards, meaning from newest to oldest.
+	# Returns a EventRecord, and throws an exception after no more records.
+	#
+	def read_backwards
+		_read(EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ)
+	end
+
+	#
+	# Iterator for read_backwards.
+	#
+	def each_backwards
+		begin
+			loop do
+				yield(read_backwards)
+			end
+		rescue ::Exception
+		end
+	end
+
+	#
+	# Return the record number of the oldest event (not necessarily 1).
+	#
+	def oldest
+		request = Packet.create_request('stdapi_sys_eventlog_oldest')
+
+		request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
+
+		response = client.send_request(request)
+
+		return response.get_tlv_value(TLV_TYPE_EVENT_RECORDNUMBER)
+	end
+
+	#
+	# Clear the specified event log (and return nil).
+	#
+	#--
+	# I should eventually support BackupFile
+	#++
+	#
+	def clear
+		request = Packet.create_request('stdapi_sys_eventlog_clear')
+
+		request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
+
+		response = client.send_request(request)
+		return self
+	end
+
+	#
+	# Return the record number of the oldest event (not necessarily 1).
+	#
+	def close
+		request = Packet.create_request('stdapi_sys_eventlog_close')
+
+		request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle);
+
+		response = client.send_request(request)
+		return nil
+	end
+end
+
+end end end end end end

data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Sys
+module EventLogSubsystem
+
+###
+#
+# This class encapsulates the data from an event log record.
+#
+###
+class EventRecord
+
+	attr_reader :num, :generated, :written, :eventid,
+	            :type, :category, :strings, :data
+
+	protected
+
+	attr_writer :num, :generated, :written, :eventid,
+	            :type, :category, :strings, :data
+
+	public 
+
+	def initialize(recnum, timegen, timewri, id, type, cat, strs, data)
+		self.num       = recnum
+		self.generated = Time.at(timegen)
+		self.written   = Time.at(timewri)
+		self.eventid   = id
+		self.type      = type
+		self.category  = cat
+		self.strings   = strs
+		self.data      = data
+	end
+
+end
+
+end end end end end end end