librex 0.0.13 → 0.0.15

data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb

@@ -1,102 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/post/meterpreter/extensions/stdapi/constants'
-require 'rex/post/meterpreter/extensions/stdapi/sys/registry'
-
-module Rex
-module Post
-module Meterpreter
-module Extensions
-module Stdapi
-module Sys
-module RegistrySubsystem
-
-###
-#
-# Class wrapper around a logical registry value on the remote side.
-#
-###
-class RegistryValue
-
-	#
-	# Initializes a registry value instance that's associated with the supplied
-	# server key handle.
-	#
-	def initialize(client, hkey, name, type = nil, data = nil)
-		self.client = client
-		self.hkey   = hkey
-		self.name   = name
-		self.type   = type
-		self.data   = data
-	end	
-
-	#
-	# Sets the value's data.
-	#
-	def set(data, type = nil)
-		if (type == nil)
-			type = self.type
-		end
-		if (self.client.sys.registry.set_value(self.hkey, self.name,
-				type, data))
-			self.data = data
-			self.type = type
-
-			return true
-		end
-
-		return false
-	end
-
-	#
-	# Queries the value's data.
-	#
-	def query()
-		val =  self.client.sys.registry.query_value(self.hkey, self.name)
-
-		if (val != nil)
-			self.data = val.data
-			self.type = val.type
-		end
-
-		return self.data
-	end
-
-	#
-	# Deletes the value.
-	#
-	def delete()
-		return self.client.sys.registry.delete_value(self.hkey, self.name)
-	end
-
-	def type_to_s
-		return "REG_SZ" if (type == REG_SZ)
-		return "REG_DWORD" if (type == REG_DWORD)
-		return "REG_BINARY" if (type == REG_BINARY)
-		return "REG_EXPAND_SZ" if (type == REG_EXPAND_SZ)
-		return "REG_NONE" if (type == REG_NONE)
-		return nil
-	end
-
-	#
-	# The remote server key handle.
-	#
-	attr_reader   :hkey
-	#
-	# The name of the registry value.
-	#
-	attr_reader   :name
-	#
-	# The type of data represented by the registry value.
-	#
-	attr_reader   :type
-	#
-	# The arbitrary data stored within the value, if any.
-	#
-	attr_reader   :data
-protected
-	attr_accessor :client # :nodoc:
-	attr_writer   :hkey, :name, :type, :data # :nodoc:
-end
-
-end; end; end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb

@@ -1,180 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/post/thread'
-require 'rex/post/meterpreter/client'
-require 'rex/post/meterpreter/extensions/stdapi/constants'
-
-module Rex
-module Post
-module Meterpreter
-module Extensions
-module Stdapi
-module Sys
-
-##
-#
-# This class implements the Rex::Post::Thread interface which 
-# wrappers a logical thread for a given process.
-#
-##
-class Thread < Rex::Post::Thread
-
-	include Rex::Post::Meterpreter::ObjectAliasesContainer
-
-	##
-	#
-	# Constructor
-	#
-	##
-
-	#
-	# Initialize the thread instance.
-	#
-	def initialize(process, handle, tid)
-		self.process = process
-		self.handle  = handle
-		self.tid     = tid
-		ObjectSpace.define_finalizer( self, self.class.finalize(self.process.client, self.handle) )
-	end
-
-	def self.finalize(client,handle)
-		proc { self.close(client,handle) }
-	end
-
-	##
-	#
-	# Execution
-	#
-	##
-
-	#
-	# Suspends the thread's execution.
-	#
-	def suspend
-		request = Packet.create_request('stdapi_sys_process_thread_suspend')
-
-		request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
-
-		process.client.send_request(request)
-
-		return true
-	end
-
-	#
-	# Resumes the thread's execution.
-	#
-	def resume
-		request = Packet.create_request('stdapi_sys_process_thread_resume')
-
-		request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
-
-		process.client.send_request(request)
-
-		return true
-	end
-
-	#
-	# Terminates the thread's execution.
-	#
-	def terminate(code)
-		request = Packet.create_request('stdapi_sys_process_thread_terminate')
-
-		request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
-		request.add_tlv(TLV_TYPE_EXIT_CODE, code)
-
-		process.client.send_request(request)
-
-		return true
-	end
-
-	##
-	#
-	# Register manipulation
-	#
-	##
-
-	#
-	# Queries the register state of the thread.
-	#
-	def query_regs
-		request = Packet.create_request('stdapi_sys_process_thread_query_regs')
-		regs    = {}
-
-		request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
-
-		response = process.client.send_request(request)
-
-		response.each(TLV_TYPE_REGISTER) { |reg|
-			regs[reg.get_tlv_value(TLV_TYPE_REGISTER_NAME)] = reg.get_tlv_value(TLV_TYPE_REGISTER_VALUE_32)
-		}
-
-		return regs
-	end
-
-	#
-	# Sets the register state of the thread.  The registers are supplied
-	# in the form of a hash.
-	#
-	def set_regs(regs_hash)
-		request = Packet.create_request('stdapi_sys_process_thread_set_regs')
-
-		request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
-
-		# Add all of the register that we're setting
-		regs_hash.each_key { |name|
-			t = request.add_tlv(TLV_TYPE_REGISTER)
-		
-			t.add_tlv(TLV_TYPE_REGISTER_NAME, name)
-			t.add_tlv(TLV_TYPE_REGISTER_VALUE_32, regs_hash[name])
-		}
-
-		process.client.send_request(request)
-
-		return true
-	end
-
-	#
-	# Formats the registers in a pretty way.
-	#
-	def pretty_regs
-		regs = query_regs
-
-		buf  = sprintf("eax=%.8x ebx=%.8x ecx=%.8x edx=%.8x esi=%.8x edi=%.8x\n", 
-		               regs['eax'], regs['ebx'], regs['ecx'], regs['edx'], regs['esi'], regs['edi'])
-		buf += sprintf("eip=%.8x esp=%.8x ebp=%.8x\n",
-		               regs['eip'], regs['esp'], regs['ebp'])
-		buf += sprintf("cs=%.4x ss=%.4x ds=%.4x es=%.4x fs=%.4x gs=%.4x\n",
-		               regs['cs'], regs['ss'], regs['ds'], regs['es'], regs['fs'], regs['gs'])
-	
-		return buf
-	end
-
-	##
-	#
-	# Closure
-	#
-	##
-
-	#
-	# Closes the thread handle.
-	#
-	def self.close(client, handle)
-		request = Packet.create_request('stdapi_sys_process_thread_close')
-		request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
-		client.send_request(request, nil)
-		handle = nil
-		return true
-	end
-	
-	# Instance method
-	def close
-		self.class.close(self.process.client, self.handle)
-	end
-
-	attr_reader :process, :handle, :tid # :nodoc:
-protected	
-	attr_writer :process, :handle, :tid # :nodoc:
-
-end
-
-end; end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb

@@ -1,211 +0,0 @@
-#!/usr/bin/env ruby
-
-module Rex
-module Post
-module Meterpreter
-module Extensions
-module Stdapi
-
-##
-#
-# General
-#
-##
-
-TLV_TYPE_HANDLE             = TLV_META_TYPE_UINT    |  600
-TLV_TYPE_INHERIT            = TLV_META_TYPE_BOOL    |  601
-TLV_TYPE_PROCESS_HANDLE     = TLV_META_TYPE_UINT    |  630
-TLV_TYPE_THREAD_HANDLE      = TLV_META_TYPE_UINT    |  631
-TLV_TYPE_PRIVILEGE          = TLV_META_TYPE_STRING  |  632
-
-##
-#
-# Fs
-#
-##
-
-TLV_TYPE_DIRECTORY_PATH     = TLV_META_TYPE_STRING  | 1200
-TLV_TYPE_FILE_NAME          = TLV_META_TYPE_STRING  | 1201
-TLV_TYPE_FILE_PATH          = TLV_META_TYPE_STRING  | 1202
-TLV_TYPE_FILE_MODE          = TLV_META_TYPE_STRING  | 1203
-TLV_TYPE_FILE_SIZE          = TLV_META_TYPE_UINT    | 1204
-
-TLV_TYPE_STAT_BUF           = TLV_META_TYPE_COMPLEX | 1220
-
-TLV_TYPE_SEARCH_RECURSE     = TLV_META_TYPE_BOOL    | 1230
-TLV_TYPE_SEARCH_GLOB        = TLV_META_TYPE_STRING  | 1231
-TLV_TYPE_SEARCH_ROOT        = TLV_META_TYPE_STRING  | 1232
-TLV_TYPE_SEARCH_RESULTS     = TLV_META_TYPE_GROUP   | 1233
-##
-#
-# Net
-#
-##
-TLV_TYPE_HOST_NAME          = TLV_META_TYPE_STRING  | 1400
-TLV_TYPE_PORT               = TLV_META_TYPE_UINT    | 1401
-
-TLV_TYPE_SUBNET             = TLV_META_TYPE_RAW     | 1420
-TLV_TYPE_NETMASK            = TLV_META_TYPE_RAW     | 1421
-TLV_TYPE_GATEWAY            = TLV_META_TYPE_RAW     | 1422
-TLV_TYPE_NETWORK_ROUTE      = TLV_META_TYPE_GROUP   | 1423
-
-TLV_TYPE_IP                 = TLV_META_TYPE_RAW     | 1430
-TLV_TYPE_MAC_ADDRESS        = TLV_META_TYPE_RAW     | 1431
-TLV_TYPE_MAC_NAME           = TLV_META_TYPE_STRING  | 1432
-TLV_TYPE_NETWORK_INTERFACE  = TLV_META_TYPE_GROUP   | 1433
-
-TLV_TYPE_SUBNET_STRING      = TLV_META_TYPE_STRING  | 1440
-TLV_TYPE_NETMASK_STRING     = TLV_META_TYPE_STRING  | 1441
-TLV_TYPE_GATEWAY_STRING     = TLV_META_TYPE_STRING  | 1442
-
-# Socket
-TLV_TYPE_PEER_HOST          = TLV_META_TYPE_STRING  | 1500
-TLV_TYPE_PEER_PORT          = TLV_META_TYPE_UINT    | 1501
-TLV_TYPE_LOCAL_HOST         = TLV_META_TYPE_STRING  | 1502
-TLV_TYPE_LOCAL_PORT         = TLV_META_TYPE_UINT    | 1503
-TLV_TYPE_CONNECT_RETRIES    = TLV_META_TYPE_UINT    | 1504
-
-TLV_TYPE_SHUTDOWN_HOW       = TLV_META_TYPE_UINT    | 1530
-
-##
-#
-# Sys
-#
-##
-
-PROCESS_EXECUTE_FLAG_HIDDEN           = (1 << 0)
-PROCESS_EXECUTE_FLAG_CHANNELIZED      = (1 << 1)
-PROCESS_EXECUTE_FLAG_SUSPENDED        = (1 << 2)
-PROCESS_EXECUTE_FLAG_USE_THREAD_TOKEN = (1 << 3)
-PROCESS_EXECUTE_FLAG_DESKTOP          = (1 << 4)
-PROCESS_EXECUTE_FLAG_SESSION          = (1 << 5)
-
-# Registry
-TLV_TYPE_HKEY               = TLV_META_TYPE_UINT    | 1000
-TLV_TYPE_ROOT_KEY           = TLV_TYPE_HKEY
-TLV_TYPE_BASE_KEY           = TLV_META_TYPE_STRING  | 1001
-TLV_TYPE_PERMISSION         = TLV_META_TYPE_UINT    | 1002
-TLV_TYPE_KEY_NAME           = TLV_META_TYPE_STRING  | 1003
-TLV_TYPE_VALUE_NAME         = TLV_META_TYPE_STRING  | 1010
-TLV_TYPE_VALUE_TYPE         = TLV_META_TYPE_UINT    | 1011
-TLV_TYPE_VALUE_DATA         = TLV_META_TYPE_RAW     | 1012
-
-# Config
-TLV_TYPE_COMPUTER_NAME      = TLV_META_TYPE_STRING  | 1040
-TLV_TYPE_OS_NAME            = TLV_META_TYPE_STRING  | 1041
-TLV_TYPE_USER_NAME          = TLV_META_TYPE_STRING  | 1042
-TLV_TYPE_ARCHITECTURE       = TLV_META_TYPE_STRING  | 1043
-TLV_TYPE_LANG_SYSTEM        = TLV_META_TYPE_STRING  | 1044
-
-DELETE_KEY_FLAG_RECURSIVE   = (1 << 0)
-
-# Process
-TLV_TYPE_BASE_ADDRESS       = TLV_META_TYPE_UINT    | 2000
-TLV_TYPE_ALLOCATION_TYPE    = TLV_META_TYPE_UINT    | 2001
-TLV_TYPE_PROTECTION         = TLV_META_TYPE_UINT    | 2002
-TLV_TYPE_PROCESS_PERMS      = TLV_META_TYPE_UINT    | 2003
-TLV_TYPE_PROCESS_MEMORY     = TLV_META_TYPE_RAW     | 2004
-TLV_TYPE_ALLOC_BASE_ADDRESS = TLV_META_TYPE_UINT    | 2005
-TLV_TYPE_MEMORY_STATE       = TLV_META_TYPE_UINT    | 2006
-TLV_TYPE_MEMORY_TYPE        = TLV_META_TYPE_UINT    | 2007
-TLV_TYPE_ALLOC_PROTECTION   = TLV_META_TYPE_UINT    | 2008
-TLV_TYPE_PID                = TLV_META_TYPE_UINT    | 2300
-TLV_TYPE_PROCESS_NAME       = TLV_META_TYPE_STRING  | 2301
-TLV_TYPE_PROCESS_PATH       = TLV_META_TYPE_STRING  | 2302
-TLV_TYPE_PROCESS_GROUP      = TLV_META_TYPE_GROUP   | 2303
-TLV_TYPE_PROCESS_FLAGS      = TLV_META_TYPE_UINT    | 2304
-TLV_TYPE_PROCESS_ARGUMENTS  = TLV_META_TYPE_STRING  | 2305
-TLV_TYPE_PROCESS_ARCH       = TLV_META_TYPE_UINT    | 2306
-TLV_TYPE_PARENT_PID         = TLV_META_TYPE_UINT    | 2307
-TLV_TYPE_PROCESS_SESSION    = TLV_META_TYPE_UINT    | 2308
-
-TLV_TYPE_IMAGE_FILE         = TLV_META_TYPE_STRING  | 2400
-TLV_TYPE_IMAGE_FILE_PATH    = TLV_META_TYPE_STRING  | 2401
-TLV_TYPE_PROCEDURE_NAME     = TLV_META_TYPE_STRING  | 2402
-TLV_TYPE_PROCEDURE_ADDRESS  = TLV_META_TYPE_UINT    | 2403
-TLV_TYPE_IMAGE_BASE         = TLV_META_TYPE_UINT    | 2404
-TLV_TYPE_IMAGE_GROUP        = TLV_META_TYPE_GROUP   | 2405
-TLV_TYPE_IMAGE_NAME         = TLV_META_TYPE_STRING  | 2406
-
-TLV_TYPE_THREAD_ID          = TLV_META_TYPE_UINT    | 2500
-TLV_TYPE_THREAD_PERMS       = TLV_META_TYPE_UINT    | 2502
-TLV_TYPE_EXIT_CODE          = TLV_META_TYPE_UINT    | 2510
-TLV_TYPE_ENTRY_POINT        = TLV_META_TYPE_UINT    | 2511
-TLV_TYPE_ENTRY_PARAMETER    = TLV_META_TYPE_UINT    | 2512
-TLV_TYPE_CREATION_FLAGS     = TLV_META_TYPE_UINT    | 2513
-
-TLV_TYPE_REGISTER_NAME      = TLV_META_TYPE_STRING  | 2540
-TLV_TYPE_REGISTER_SIZE      = TLV_META_TYPE_UINT    | 2541
-TLV_TYPE_REGISTER_VALUE_32  = TLV_META_TYPE_UINT    | 2542
-TLV_TYPE_REGISTER           = TLV_META_TYPE_GROUP   | 2550
-
-##
-#
-# Ui
-#
-##
-TLV_TYPE_IDLE_TIME                         = TLV_META_TYPE_UINT   | 3000
-TLV_TYPE_KEYS_DUMP                         = TLV_META_TYPE_STRING | 3001
-TLV_TYPE_DESKTOP_SCREENSHOT                = TLV_META_TYPE_RAW    | 3002
-TLV_TYPE_DESKTOP_SWITCH                    = TLV_META_TYPE_BOOL   | 3003
-TLV_TYPE_DESKTOP                           = TLV_META_TYPE_GROUP  | 3004
-TLV_TYPE_DESKTOP_SESSION                   = TLV_META_TYPE_UINT   | 3005
-TLV_TYPE_DESKTOP_STATION                   = TLV_META_TYPE_STRING | 3006
-TLV_TYPE_DESKTOP_NAME                      = TLV_META_TYPE_STRING | 3007
-TLV_TYPE_DESKTOP_SCREENSHOT_QUALITY        = TLV_META_TYPE_UINT   | 3008
-TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_LENGTH = TLV_META_TYPE_UINT   | 3009
-TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER = TLV_META_TYPE_STRING | 3010
-TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH = TLV_META_TYPE_UINT   | 3011
-TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER = TLV_META_TYPE_STRING | 3012
-
-##
-#
-# Event Log
-#
-##
-TLV_TYPE_EVENT_SOURCENAME   = TLV_META_TYPE_STRING  | 4000
-TLV_TYPE_EVENT_HANDLE       = TLV_META_TYPE_UINT    | 4001
-TLV_TYPE_EVENT_NUMRECORDS   = TLV_META_TYPE_UINT    | 4002
-
-TLV_TYPE_EVENT_READFLAGS    = TLV_META_TYPE_UINT    | 4003
-TLV_TYPE_EVENT_RECORDOFFSET = TLV_META_TYPE_UINT    | 4004
-
-TLV_TYPE_EVENT_RECORDNUMBER = TLV_META_TYPE_UINT    | 4006
-TLV_TYPE_EVENT_TIMEGENERATED= TLV_META_TYPE_UINT    | 4007
-TLV_TYPE_EVENT_TIMEWRITTEN  = TLV_META_TYPE_UINT    | 4008
-TLV_TYPE_EVENT_ID           = TLV_META_TYPE_UINT    | 4009
-TLV_TYPE_EVENT_TYPE         = TLV_META_TYPE_UINT    | 4010
-TLV_TYPE_EVENT_CATEGORY     = TLV_META_TYPE_UINT    | 4011
-TLV_TYPE_EVENT_STRING       = TLV_META_TYPE_STRING  | 4012
-TLV_TYPE_EVENT_DATA         = TLV_META_TYPE_RAW     | 4013
-
-##
-#
-# Power
-#
-##
-TLV_TYPE_POWER_FLAGS        = TLV_META_TYPE_UINT    | 4100
-TLV_TYPE_POWER_REASON       = TLV_META_TYPE_UINT    | 4101
-
-##
-#
-# Webcam
-#
-##
-
-TLV_TYPE_WEBCAM_IMAGE       = TLV_META_TYPE_RAW     | (TLV_EXTENSIONS + 1)
-TLV_TYPE_WEBCAM_INTERFACE_ID= TLV_META_TYPE_UINT    | (TLV_EXTENSIONS + 2)
-TLV_TYPE_WEBCAM_QUALITY     = TLV_META_TYPE_UINT    | (TLV_EXTENSIONS + 3)
-TLV_TYPE_WEBCAM_NAME        = TLV_META_TYPE_STRING  | (TLV_EXTENSIONS + 4)
-
-##
-#
-# Audio
-#
-##
-
-TLV_TYPE_AUDIO_DURATION     = TLV_META_TYPE_UINT    | (TLV_EXTENSIONS + 1)
-TLV_TYPE_AUDIO_DATA         = TLV_META_TYPE_RAW     | (TLV_EXTENSIONS + 2)
-
-end; end; end; end; end
-