RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb CHANGED

@@ -13,587 +13,889 @@ module Ui
 ###
 class Console::CommandDispatcher::Stdapi::Sys
-	Klass = Console::CommandDispatcher::Stdapi::Sys
-	include Console::CommandDispatcher
-	#
-	# Options used by the 'execute' command.
-	#
-	@@execute_opts = Rex::Parser::Arguments.new(
-		"-a" => [ true,  "The arguments to pass to the command."                   ],
-		"-c" => [ false, "Channelized I/O (required for interaction)."             ],
-		"-f" => [ true,  "The executable command to run."                          ],
-		"-h" => [ false, "Help menu."                                              ],
-		"-H" => [ false, "Create the process hidden from view."                    ],
-		"-i" => [ false, "Interact with the process after creating it."            ],
-		"-m" => [ false, "Execute from memory."                                    ],
-		"-d" => [ true,  "The 'dummy' executable to launch when using -m."         ],
-		"-t" => [ false, "Execute process with currently impersonated thread token"],
-		"-k" => [ false, "Execute process on the meterpreters current desktop"     ],
-		"-s" => [ true,  "Execute process in a given session as the session user"  ])
-	#
-	# Options used by the 'reg' command.
-	#
-	@@reg_opts = Rex::Parser::Arguments.new(
-		"-d" => [ true,  "The data to store in the registry value."                ],
-		"-h" => [ false, "Help menu."                                              ],
-		"-k" => [ true,  "The registry key path (E.g. HKLM\\Software\\Foo)."       ],
-		"-t" => [ true,  "The registry value type (E.g. REG_SZ)."                  ],
-		"-v" => [ true,  "The registry value name (E.g. Stuff)."                   ],
-		"-r" => [ true,  "The remote machine name to connect to (with current process credentials" ],
-		"-w" => [ false,  "Set KEY_WOW64 flag, valid values [32|64]."               ])
-	#
-	# List of supported commands.
-	#
-	def commands
-		all = {
-			"clearev"     => "Clear the event log",
-			"drop_token"  => "Relinquishes any active impersonation token.",
-			"execute"     => "Execute a command",
-			"getpid"      => "Get the current process identifier",
-			"getprivs"    => "Attempt to enable all privileges available to the current process",
-			"getuid"      => "Get the user that the server is running as",
-			"kill"        => "Terminate a process",
-			"ps"          => "List running processes",
-			"reboot"      => "Reboots the remote computer",
-			"reg"         => "Modify and interact with the remote registry",
-			"rev2self"    => "Calls RevertToSelf() on the remote machine",
-			"shell"       => "Drop into a system command shell",
-			"shutdown"    => "Shuts down the remote computer",
-			"steal_token" => "Attempts to steal an impersonation token from the target process",
-			"sysinfo"     => "Gets information about the remote system, such as OS",
-		}
-		reqs = {
-			"clearev"     => [ "stdapi_sys_eventlog_open", "stdapi_sys_eventlog_clear" ],
-			"drop_token"  => [ "stdapi_sys_config_drop_token" ],
-			"execute"     => [ "stdapi_sys_process_execute" ],
-			"getpid"      => [ "stdapi_sys_process_getpid"  ],
-			"getprivs"    => [ "stdapi_sys_config_getprivs" ],
-			"getuid"      => [ "stdapi_sys_config_getuid" ],
-			"kill"        => [ "stdapi_sys_process_kill" ],
-			"ps"          => [ "stdapi_sys_process_get_processes" ],
-			"reboot"      => [ "stdapi_sys_power_exitwindows" ],
-			"reg"         => [
-				"stdapi_registry_load_key",
-				"stdapi_registry_unload_key",
-				"stdapi_registry_open_key",
-				"stdapi_registry_open_remote_key",
-				"stdapi_registry_create_key",
-				"stdapi_registry_delete_key",
-				"stdapi_registry_close_key",
-				"stdapi_registry_enum_key",
-				"stdapi_registry_set_value",
-				"stdapi_registry_query_value",
-				"stdapi_registry_delete_value",
-				"stdapi_registry_query_class",
-				"stdapi_registry_enum_value",
-			],
-			"rev2self"    => [ "stdapi_sys_config_rev2self" ],
-			"shell"       => [ "stdapi_sys_process_execute" ],
-			"shutdown"    => [ "stdapi_sys_power_exitwindows" ],
-			"steal_token" => [ "stdapi_sys_config_steal_token" ],
-			"sysinfo"     => [ "stdapi_sys_config_sysinfo" ],
-		}
-		all.delete_if do |cmd, desc|
-			del = false
-			reqs[cmd].each do |req|
-				next if client.commands.include? req
-				del = true
-				break
-			end
-			del
-		end
-		all
-	end
-	#
-	# Name for this dispatcher.
-	#
-	def name
-		"Stdapi: System"
-	end
-	#
-	# Executes a command with some options.
-	#
-	def cmd_execute(*args)
-		if (args.length == 0)
-			args.unshift("-h")
-		end
-		session     = nil
-		interact    = false
-		desktop     = false
-		channelized = nil
-		hidden      = nil
-		from_mem    = false
-		dummy_exec  = "cmd"
-		cmd_args    = nil
-		cmd_exec    = nil
-		use_thread_token = false
-		@@execute_opts.parse(args) { |opt, idx, val|
-			case opt
-				when "-a"
-					cmd_args = val
-				when "-c"
-					channelized = true
-				when "-f"
-					cmd_exec = val
-				when "-H"
-					hidden = true
-				when "-m"
-					from_mem = true
-				when "-d"
-					dummy_exec = val
-				when "-k"
-					desktop = true
-				when "-h"
-					print(
-						"Usage: execute -f file [options]\n\n" +
-						"Executes a command on the remote machine.\n" +
-						@@execute_opts.usage)
-					return true
-				when "-i"
-					channelized = true
-					interact = true
-				when "-t"
-					use_thread_token = true
-				when "-s"
-					session = val.to_i
-			end
-		}
-		# Did we at least get an executable?
-		if (cmd_exec == nil)
-			print_error("You must specify an executable file with -f")
-			return true
-		end
-		# Execute it
-		p = client.sys.process.execute(cmd_exec, cmd_args,
-			'Channelized' => channelized,
-			'Desktop'     => desktop,
-			'Session'     => session,
-			'Hidden'      => hidden,
-			'InMemory'    => (from_mem) ? dummy_exec : nil,
-			'UseThreadToken' => use_thread_token)
-		print_line("Process #{p.pid} created.")
-		print_line("Channel #{p.channel.cid} created.") if (p.channel)
-		if (interact and p.channel)
-			shell.interact_with_channel(p.channel)
-		end
-	end
-	#
-	# Drop into a system shell as specified by %COMSPEC% or
-	# as appropriate for the host.
-	def cmd_shell(*args)
-		case client.platform
-		when /win/
-			path = client.fs.file.expand_path("%COMSPEC%")
-			path = (path and not path.empty?) ? path : "cmd.exe"
-			cmd_execute("-f", path, "-c", "-H", "-i", "-t")
-		when /linux/
-			# Don't expand_path() this because it's literal anyway
-			path = "/bin/sh"
-			cmd_execute("-f", path, "-c", "-i")
-		else
-			# Then this is a multi-platform meterpreter (php or java), which
-			# must special-case COMSPEC to return the system-specific shell.
-			path = client.fs.file.expand_path("%COMSPEC%")
-			# If that failed for whatever reason, guess it's unix
-			path = (path and not path.empty?) ? path : "/bin/sh"
-			cmd_execute("-f", path, "-c", "-i")
-		end
-	end
-	#
-	# Gets the process identifier that meterpreter is running in on the remote
-	# machine.
-	#
-	def cmd_getpid(*args)
-		print_line("Current pid: #{client.sys.process.getpid}")
-		return true
-	end
-	#
-	# Displays the user that the server is running as.
-	#
-	def cmd_getuid(*args)
-		print_line("Server username: #{client.sys.config.getuid}")
-	end
-	#
-	# Clears the event log
-	#
-	def cmd_clearev(*args)
-		logs = ['Application', 'System', 'Security']
-		logs << args
-		logs.flatten!
-		logs.each do |name|
-			log = client.sys.eventlog.open(name)
-			print_status("Wiping #{log.length} records from #{name}...")
-			log.clear
-		end
-	end
-	#
-	# Kills one or more processes.
-	#
-	def cmd_kill(*args)
-		if (args.length == 0)
-			print_line(
-				"Usage: kill pid1 pid2 pid3 ...\n\n" +
-				"Terminate one or more processes.")
-			return true
-		end
-		print_line("Killing: #{args.join(", ")}")
-		client.sys.process.kill(*(args.map { |x| x.to_i }))
-		return true
-	end
-	#
-	# Lists running processes.
-	#
-	def cmd_ps(*args)
-		processes = client.sys.process.get_processes
-		if (processes.length == 0)
-			print_line("No running processes were found.")
-		else
-			print_line
-			print_line(processes.to_table("Indent" => 1).to_s)
-			print_line
-		end
-		return true
-	end
-	#
-	# Reboots the remote computer.
-	#
-	def cmd_reboot(*args)
-		print_line("Rebooting...")
-		client.sys.power.reboot
-	end
-	#
-	# Modifies and otherwise interacts with the registry on the remote computer
-	# by allowing the client to enumerate, open, modify, and delete registry
-	# keys and values.
-	#
-	def cmd_reg(*args)
-		# Extract the command, if any
-		cmd = args.shift
-		if (args.length == 0)
-			args.unshift("-h")
-		end
-		# Initiailze vars
-		key     = nil
-		value   = nil
-		data    = nil
-		type    = nil
-		wowflag = 0x0000
-		rem     = nil
-		@@reg_opts.parse(args) { |opt, idx, val|
-			case opt
-				when "-h"
-					print_line(
-						"Usage: reg [command] [options]\n\n" +
-						"Interact with the target machine's registry.\n" +
-						@@reg_opts.usage +
-						"COMMANDS:\n\n" +
-						"    enumkey    Enumerate the supplied registry key [-k <key>]\n" +
-						"    createkey  Create the supplied registry key  [-k <key>]\n" +
-						"    deletekey  Delete the supplied registry key  [-k <key>]\n" +
-						"    queryclass Queries the class of the supplied key [-k <key>]\n" +
-						"    setval     Set a registry value [-k <key> -v <val> -d <data>]\n" +
-						"    deleteval  Delete the supplied registry value [-k <key> -v <val>]\n" +
-						"    queryval   Queries the data contents of a value [-k <key> -v <val>]\n\n")
-					return false
-				when "-k"
-					key   = val
-				when "-v"
-					value = val
-				when "-t"
-					type  = val
-				when "-d"
-					data  = val
-				when "-r"
-					rem  = val
-				when "-w"
-					if val == '64'
-						wowflag = KEY_WOW64_64KEY
-					elsif val == '32'
-						wowflag = KEY_WOW64_32KEY
-					end
-			end
-		}
-		# All commands require a key.
-		if (key == nil)
-			print_error("You must specify a key path (-k)")
-			return false
-		end
-		# Split the key into its parts
-		root_key, base_key = client.sys.registry.splitkey(key)
-		begin
-			# Rock it
-			case cmd
-				when "enumkey"
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.open_key(base_key, KEY_READ + wowflag)
-						end
-					end
-					print_line(
-						"Enumerating: #{key}\n")
-					keys = open_key.enum_key
-					vals = open_key.enum_value
-					if (keys.length > 0)
-						print_line("  Keys (#{keys.length}):\n")
-						keys.each { |subkey|
-							print_line("\t#{subkey}")
-						}
-						print_line
-					end
-					if (vals.length > 0)
-						print_line("  Values (#{vals.length}):\n")
-						vals.each { |val|
-							print_line("\t#{val.name}")
-						}
-						print_line
-					end
-					if (vals.length == 0 and keys.length == 0)
-						print_line("No children.")
-					end
-				when "createkey"
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.create_key(root_key, base_key, KEY_WRITE + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.create_key(base_key, KEY_WRITE + wowflag)
-						end
-					end
-					print_line("Successfully created key: #{key}")
-				when "deletekey"
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.open_key(base_key, KEY_WRITE + wowflag)
-						end
-					end
-					open_key.delete_key(base_key)
-					print_line("Successfully deleted key: #{key}")
-				when "setval"
-					if (value == nil or data == nil)
-						print_error("You must specify both a value name and data (-v, -d).")
-						return false
-					end
-					type = "REG_SZ" if (type == nil)
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.open_key(base_key, KEY_WRITE + wowflag)
-						end
-					end
-					open_key.set_value(value, client.sys.registry.type2str(type), data)
-					print_line("Successful set #{value}.")
-				when "deleteval"
-					if (value == nil)
-						print_error("You must specify a value name (-v).")
-						return false
-					end
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.open_key(base_key, KEY_WRITE + wowflag)
-						end
-					end
-					open_key.delete_value(value)
-					print_line("Successfully deleted #{value}.")
-				when "queryval"
-					if (value == nil)
-						print_error("You must specify a value name (-v).")
-						return false
-					end
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.open_key(base_key, KEY_READ + wowflag)
-						end
-					end
-					v = open_key.query_value(value)
-					print(
-						"Key: #{key}\n" +
-						"Name: #{v.name}\n" +
-						"Type: #{v.type_to_s}\n" +
-						"Data: #{v.data}\n")
-				when "queryclass"
-					open_key = nil
-					if not rem
-						open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
-					else
-						remote_key = client.sys.registry.open_remote_key(rem, root_key)
-						if remote_key
-							open_key = remote_key.open_key(base_key, KEY_READ + wowflag)
-						end
-					end
-					data = open_key.query_class
-					print("Data: #{data}\n")
-				else
-					print_error("Invalid command supplied: #{cmd}")
-			end
-		ensure
-			open_key.close if (open_key)
-		end
-	end
-	#
-	# Calls RevertToSelf() on the remote machine.
-	#
-	def cmd_rev2self(*args)
-		client.sys.config.revert_to_self
-	end
-	def cmd_getprivs_help
-		print_line "Usage: getprivs"
-		print_line
-		print_line "Attempt to enable all privileges, such as SeDebugPrivilege, available to the"
-		print_line "current process.  Note that this only enables existing privs and does not change"
-		print_line "users or tokens."
-		print_line
-		print_line "See also: steal_token, getsystem"
-		print_line
-	end
-	#
-	# Obtains as many privileges as possible on the target machine.
-	#
-	def cmd_getprivs(*args)
-		if args.include? "-h"
-			cmd_getprivs_help
-		end
-		print_line("=" * 60)
-		print_line("Enabled Process Privileges")
-		print_line("=" * 60)
-		client.sys.config.getprivs.each do |priv|
-			print_line("  #{priv}")
-		end
-		print_line("")
-	end
-	#
-	# Tries to steal the primary token from the target process.
-	#
-	def cmd_steal_token(*args)
-		if(args.length != 1 or args[0] == "-h")
-			print_error("Usage: steal_token [pid]")
-			return
-		end
-		print_line("Stolen token with username: " + client.sys.config.steal_token(args[0]))
-	end
-	#
-	# Drops any assumed token.
-	#
-	def cmd_drop_token(*args)
-		print_line("Relinquished token, now running as: " + client.sys.config.drop_token())
-	end
-	#
-	# Displays information about the remote system.
-	#
-	def cmd_sysinfo(*args)
-		info = client.sys.config.sysinfo
-		width = "Meterpreter".length
-		info.keys.each { |k| width = k.length if k.length > width and info[k] }
-		info.each_pair do |key, value|
-			print_line("#{key.ljust(width+1)}: #{value}") if value
-		end
-		print_line("#{"Meterpreter".ljust(width+1)}: #{client.platform}")
-		return true
-	end
-	#
-	# Shuts down the remote computer.
-	#
-	def cmd_shutdown(*args)
-		print_line("Shutting down...")
-		client.sys.power.shutdown
-	end
+  Klass = Console::CommandDispatcher::Stdapi::Sys
+  include Console::CommandDispatcher
+  #
+  # Options used by the 'execute' command.
+  #
+  @@execute_opts = Rex::Parser::Arguments.new(
+    "-a" => [ true,  "The arguments to pass to the command."                   ],
+    "-c" => [ false, "Channelized I/O (required for interaction)."             ],
+    "-f" => [ true,  "The executable command to run."                          ],
+    "-h" => [ false, "Help menu."                                              ],
+    "-H" => [ false, "Create the process hidden from view."                    ],
+    "-i" => [ false, "Interact with the process after creating it."            ],
+    "-m" => [ false, "Execute from memory."                                    ],
+    "-d" => [ true,  "The 'dummy' executable to launch when using -m."         ],
+    "-t" => [ false, "Execute process with currently impersonated thread token"],
+    "-k" => [ false, "Execute process on the meterpreters current desktop"     ],
+    "-s" => [ true,  "Execute process in a given session as the session user"  ])
+  #
+  # Options used by the 'reboot' command.
+  #
+  @@reboot_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help menu."                                              ],
+    "-f" => [ true,  "Force a reboot, valid values [1|2]"                      ])
+  #
+  # Options used by the 'shutdown' command.
+  #
+  @@shutdown_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help menu."                                              ],
+    "-f" => [ true,  "Force a shutdown, valid values [1|2]"                    ])
+  #
+  # Options used by the 'reg' command.
+  #
+  @@reg_opts = Rex::Parser::Arguments.new(
+    "-d" => [ true,  "The data to store in the registry value."                ],
+    "-h" => [ false, "Help menu."                                              ],
+    "-k" => [ true,  "The registry key path (E.g. HKLM\\Software\\Foo)."       ],
+    "-t" => [ true,  "The registry value type (E.g. REG_SZ)."                  ],
+    "-v" => [ true,  "The registry value name (E.g. Stuff)."                   ],
+    "-r" => [ true,  "The remote machine name to connect to (with current process credentials" ],
+    "-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]."               ])
+  #
+  # Options for the 'ps' command.
+  #
+  @@ps_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help menu."                                              ],
+    "-S" => [ true,  "Filters processes on the process name using the supplied RegEx"],
+    "-A" => [ true,  "Filters processes on architecture (x86 or x86_64)"       ],
+    "-s" => [ false, "Show only SYSTEM processes"                              ],
+    "-U" => [ true,  "Filters processes on the user using the supplied RegEx"  ])
+  #
+  # Options for the 'suspend' command.
+  #
+  @@suspend_opts = Rex::Parser::Arguments.new(
+    "-h" => [ false, "Help menu."                                              ],
+    "-c" => [ false, "Continues suspending or resuming even if an error is encountered"],
+    "-r" => [ false, "Resumes the target processes instead of suspending"      ])
+  #
+  # List of supported commands.
+  #
+  def commands
+    all = {
+      "clearev"     => "Clear the event log",
+      "drop_token"  => "Relinquishes any active impersonation token.",
+      "execute"     => "Execute a command",
+      "getpid"      => "Get the current process identifier",
+      "getprivs"    => "Attempt to enable all privileges available to the current process",
+      "getuid"      => "Get the user that the server is running as",
+      "getenv"      => "Get one or more environment variable values",
+      "kill"        => "Terminate a process",
+      "ps"          => "List running processes",
+      "reboot"      => "Reboots the remote computer",
+      "reg"         => "Modify and interact with the remote registry",
+      "rev2self"    => "Calls RevertToSelf() on the remote machine",
+      "shell"       => "Drop into a system command shell",
+      "shutdown"    => "Shuts down the remote computer",
+      "steal_token" => "Attempts to steal an impersonation token from the target process",
+      "suspend"     => "Suspends or resumes a list of processes",
+      "sysinfo"     => "Gets information about the remote system, such as OS",
+    }
+    reqs = {
+      "clearev"     => [ "stdapi_sys_eventlog_open", "stdapi_sys_eventlog_clear" ],
+      "drop_token"  => [ "stdapi_sys_config_drop_token" ],
+      "execute"     => [ "stdapi_sys_process_execute" ],
+      "getpid"      => [ "stdapi_sys_process_getpid"  ],
+      "getprivs"    => [ "stdapi_sys_config_getprivs" ],
+      "getuid"      => [ "stdapi_sys_config_getuid" ],
+      "getenv"      => [ "stdapi_sys_config_getenv" ],
+      "kill"        => [ "stdapi_sys_process_kill" ],
+      "ps"          => [ "stdapi_sys_process_get_processes" ],
+      "reboot"      => [ "stdapi_sys_power_exitwindows" ],
+      "reg"         => [
+        "stdapi_registry_load_key",
+        "stdapi_registry_unload_key",
+        "stdapi_registry_open_key",
+        "stdapi_registry_open_remote_key",
+        "stdapi_registry_create_key",
+        "stdapi_registry_delete_key",
+        "stdapi_registry_close_key",
+        "stdapi_registry_enum_key",
+        "stdapi_registry_set_value",
+        "stdapi_registry_query_value",
+        "stdapi_registry_delete_value",
+        "stdapi_registry_query_class",
+        "stdapi_registry_enum_value",
+      ],
+      "rev2self"    => [ "stdapi_sys_config_rev2self" ],
+      "shell"       => [ "stdapi_sys_process_execute" ],
+      "shutdown"    => [ "stdapi_sys_power_exitwindows" ],
+      "steal_token" => [ "stdapi_sys_config_steal_token" ],
+      "suspend"     => [ "stdapi_sys_process_attach"],
+      "sysinfo"     => [ "stdapi_sys_config_sysinfo" ],
+    }
+    all.delete_if do |cmd, desc|
+      del = false
+      reqs[cmd].each do |req|
+        next if client.commands.include? req
+        del = true
+        break
+      end
+      del
+    end
+    all
+  end
+  #
+  # Name for this dispatcher.
+  #
+  def name
+    "Stdapi: System"
+  end
+  #
+  # Executes a command with some options.
+  #
+  def cmd_execute(*args)
+    if (args.length == 0)
+      args.unshift("-h")
+    end
+    session     = nil
+    interact    = false
+    desktop     = false
+    channelized = nil
+    hidden      = nil
+    from_mem    = false
+    dummy_exec  = "cmd"
+    cmd_args    = nil
+    cmd_exec    = nil
+    use_thread_token = false
+    @@execute_opts.parse(args) { |opt, idx, val|
+      case opt
+        when "-a"
+          cmd_args = val
+        when "-c"
+          channelized = true
+        when "-f"
+          cmd_exec = val
+        when "-H"
+          hidden = true
+        when "-m"
+          from_mem = true
+        when "-d"
+          dummy_exec = val
+        when "-k"
+          desktop = true
+        when "-h"
+          print(
+            "Usage: execute -f file [options]\n\n" +
+            "Executes a command on the remote machine.\n" +
+            @@execute_opts.usage)
+          return true
+        when "-i"
+          channelized = true
+          interact = true
+        when "-t"
+          use_thread_token = true
+        when "-s"
+          session = val.to_i
+      end
+    }
+    # Did we at least get an executable?
+    if (cmd_exec == nil)
+      print_error("You must specify an executable file with -f")
+      return true
+    end
+    # Execute it
+    p = client.sys.process.execute(cmd_exec, cmd_args,
+      'Channelized' => channelized,
+      'Desktop'     => desktop,
+      'Session'     => session,
+      'Hidden'      => hidden,
+      'InMemory'    => (from_mem) ? dummy_exec : nil,
+      'UseThreadToken' => use_thread_token)
+    print_line("Process #{p.pid} created.")
+    print_line("Channel #{p.channel.cid} created.") if (p.channel)
+    if (interact and p.channel)
+      shell.interact_with_channel(p.channel)
+    end
+  end
+  #
+  # Drop into a system shell as specified by %COMSPEC% or
+  # as appropriate for the host.
+  def cmd_shell(*args)
+    case client.platform
+    when /win/
+      path = client.fs.file.expand_path("%COMSPEC%")
+      path = (path and not path.empty?) ? path : "cmd.exe"
+      # attempt the shell with thread impersonation
+      begin
+        cmd_execute("-f", path, "-c", "-H", "-i", "-t")
+      rescue
+        # if this fails, then we attempt without impersonation
+        print_error( "Failed to spawn shell with thread impersonation. Retrying without it." )
+        cmd_execute("-f", path, "-c", "-H", "-i")
+      end
+    when /linux/
+      # Don't expand_path() this because it's literal anyway
+      path = "/bin/sh"
+      cmd_execute("-f", path, "-c", "-i")
+    else
+      # Then this is a multi-platform meterpreter (php or java), which
+      # must special-case COMSPEC to return the system-specific shell.
+      path = client.fs.file.expand_path("%COMSPEC%")
+      # If that failed for whatever reason, guess it's unix
+      path = (path and not path.empty?) ? path : "/bin/sh"
+      cmd_execute("-f", path, "-c", "-i")
+    end
+  end
+  #
+  # Gets the process identifier that meterpreter is running in on the remote
+  # machine.
+  #
+  def cmd_getpid(*args)
+    print_line("Current pid: #{client.sys.process.getpid}")
+    return true
+  end
+  #
+  # Displays the user that the server is running as.
+  #
+  def cmd_getuid(*args)
+    print_line("Server username: #{client.sys.config.getuid}")
+  end
+  #
+  # Get the value of one or more environment variables from the target.
+  #
+  def cmd_getenv(*args)
+    vars = client.sys.config.getenvs(*args)
+    if vars.length == 0
+      print_error("None of the specified environment variables were found/set.")
+    else
+      table = Rex::Ui::Text::Table.new(
+        'Header'    => 'Environment Variables',
+        'Indent'    => 0,
+        'SortIndex' => 1,
+        'Columns'   => [
+          'Variable', 'Value'
+        ]
+      )
+      vars.each do |var, val|
+        table << [ var, val ]
+      end
+      print_line
+      print_line(table.to_s)
+    end
+  end
+  #
+  # Clears the event log
+  #
+  def cmd_clearev(*args)
+    logs = ['Application', 'System', 'Security']
+    logs << args
+    logs.flatten!
+    logs.each do |name|
+      log = client.sys.eventlog.open(name)
+      print_status("Wiping #{log.length} records from #{name}...")
+      log.clear
+    end
+  end
+  #
+  # Kills one or more processes.
+  #
+  def cmd_kill(*args)
+    # give'em help if they want it, or seem confused
+    if ( args.length == 0 or (args.length == 1 and args[0].strip == "-h") )
+      cmd_kill_help
+      return true
+    end
+    self_destruct = args.include?("-s")
+    if self_destruct
+      valid_pids = [client.sys.process.getpid.to_i]
+    else
+      valid_pids = validate_pids(args)
+      # validate all the proposed pids first so we can bail if one is bogus
+      args.uniq!
+      diff = args - valid_pids.map {|e| e.to_s}
+      if not diff.empty? # then we had an invalid pid
+        print_error("The following pids are not valid:  #{diff.join(", ").to_s}.  Quitting")
+        return false
+      end
+    end
+    # kill kill kill
+    print_line("Killing: #{valid_pids.join(", ").to_s}")
+    client.sys.process.kill(*(valid_pids.map { |x| x }))
+    return true
+  end
+  #
+  # help for the kill command
+  #
+  def cmd_kill_help
+    print_line("Usage: kill [pid1 [pid2 [pid3 ...]]] [-s]")
+    print_line("Terminate one or more processes.")
+    print_line(" -s : Kills the pid associated with the current session.")
+  end
+  #
+  # validates an array of pids against the running processes on target host
+  # behavior can be controlled to allow/deny proces 0 and the session's process
+  # the pids:
+  # - are converted to integers
+  # - have had pid 0 removed unless allow_pid_0
+  # - have had current session pid removed unless allow_session_pid (to protect the session)
+  # - have redundant entries removed
+  #
+  # @param pids [Array<String>] The pids to validate
+  # @param allow_pid_0 [Boolean] whether to consider a pid of 0 as valid
+  # @param allow_session_pid [Boolean] whether to consider a pid = the current session pid as valid
+  # @return [Array] Returns an array of valid pids
+  def validate_pids(pids, allow_pid_0 = false, allow_session_pid = false)
+    return [] if (pids.class != Array or pids.empty?)
+    valid_pids = []
+    # to minimize network traffic, we only get host processes once
+    host_processes = client.sys.process.get_processes
+    if host_processes.length < 1
+      print_error "No running processes found on the target host."
+      return []
+    end
+    # get the current session pid so we don't suspend it later
+    mypid = client.sys.process.getpid.to_i
+    # remove nils & redundant pids, conver to int
+    clean_pids = pids.compact.uniq.map{|x| x.to_i}
+    # now we look up the pids & remove bad stuff if nec
+    clean_pids.delete_if do |p|
+      ( (p == 0 and not allow_pid_0) or (p == mypid and not allow_session_pid) )
+    end
+    clean_pids.each do |pid|
+      # find the process with this pid
+      theprocess = host_processes.find {|x| x["pid"] == pid}
+      if ( theprocess.nil? )
+        next
+      else
+        valid_pids << pid
+      end
+    end
+    return valid_pids
+  end
+  #
+  # Lists running processes.
+  #
+  def cmd_ps(*args)
+    processes = client.sys.process.get_processes
+    @@ps_opts.parse(args) do |opt, idx, val|
+      case opt
+      when "-h"
+        cmd_ps_help
+        return true
+      when "-S"
+        print_line "Filtering on process name..."
+        searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+        processes.each do |proc|
+          if val.nil? or val.empty?
+            print_line "You must supply a search term!"
+            return false
+          end
+          searched_procs << proc  if proc["name"].match(/#{val}/)
+        end
+        processes = searched_procs
+      when "-A"
+        print_line "Filtering on arch..."
+        searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+        processes.each do |proc|
+          next if proc['arch'].nil? or proc['arch'].empty?
+          if val.nil? or val.empty? or !(val == "x86" or val == "x86_64")
+            print_line "You must select either x86 or x86_64"
+            return false
+          end
+          searched_procs << proc  if proc["arch"] == val
+        end
+        processes = searched_procs
+      when "-s"
+        print_line "Filtering on SYSTEM processes..."
+        searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+        processes.each do |proc|
+          searched_procs << proc  if proc["user"] == "NT AUTHORITY\\SYSTEM"
+        end
+        processes = searched_procs
+      when "-U"
+        print_line "Filtering on user name..."
+        searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+        processes.each do |proc|
+          if val.nil? or val.empty?
+            print_line "You must supply a search term!"
+            return false
+          end
+          searched_procs << proc  if proc["user"].match(/#{val}/)
+        end
+        processes = searched_procs
+      end
+    end
+    if (processes.length == 0)
+      print_line("No running processes were found.")
+    else
+      print_line
+      print_line(processes.to_table("Indent" => 1).to_s)
+      print_line
+    end
+    return true
+  end
+  def cmd_ps_help
+    print_line "Use the command with no arguments to see all running processes."
+    print_line "The following options can be used to filter those results:"
+    print_line @@ps_opts.usage
+  end
+  #
+  # Reboots the remote computer.
+  #
+  def cmd_reboot(*args)
+    force = 0
+    if args.length == 1 and args[0].strip == "-h"
+      print(
+        "Usage: reboot [options]\n\n" +
+        "Reboot the remote machine.\n" +
+        @@reboot_opts.usage)
+        return true
+    end
+    @@reboot_opts.parse(args) { |opt, idx, val|
+      case opt
+        when "-f"
+          force = val.to_i
+      end
+    }
+    print_line("Rebooting...")
+    client.sys.power.reboot(force, SHTDN_REASON_DEFAULT)
+  end
+  #
+  # Modifies and otherwise interacts with the registry on the remote computer
+  # by allowing the client to enumerate, open, modify, and delete registry
+  # keys and values.
+  #
+  def cmd_reg(*args)
+    # Extract the command, if any
+    cmd = args.shift
+    if (args.length == 0)
+      args.unshift("-h")
+    end
+    # Initiailze vars
+    key     = nil
+    value   = nil
+    data    = nil
+    type    = nil
+    wowflag = 0x0000
+    rem     = nil
+    @@reg_opts.parse(args) { |opt, idx, val|
+      case opt
+        when "-h"
+          print_line(
+            "Usage: reg [command] [options]\n\n" +
+            "Interact with the target machine's registry.\n" +
+            @@reg_opts.usage +
+            "COMMANDS:\n\n" +
+            "    enumkey    Enumerate the supplied registry key [-k <key>]\n" +
+            "    createkey  Create the supplied registry key  [-k <key>]\n" +
+            "    deletekey  Delete the supplied registry key  [-k <key>]\n" +
+            "    queryclass Queries the class of the supplied key [-k <key>]\n" +
+            "    setval     Set a registry value [-k <key> -v <val> -d <data>]\n" +
+            "    deleteval  Delete the supplied registry value [-k <key> -v <val>]\n" +
+            "    queryval   Queries the data contents of a value [-k <key> -v <val>]\n\n")
+          return false
+        when "-k"
+          key   = val
+        when "-v"
+          value = val
+        when "-t"
+          type  = val
+        when "-d"
+          data  = val
+        when "-r"
+          rem  = val
+        when "-w"
+          if val == '64'
+            wowflag = KEY_WOW64_64KEY
+          elsif val == '32'
+            wowflag = KEY_WOW64_32KEY
+          end
+      end
+    }
+    # All commands require a key.
+    if (key == nil)
+      print_error("You must specify a key path (-k)")
+      return false
+    end
+    # Split the key into its parts
+    root_key, base_key = client.sys.registry.splitkey(key)
+    begin
+      # Rock it
+      case cmd
+        when "enumkey"
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.open_key(base_key, KEY_READ + wowflag)
+            end
+          end
+          print_line(
+            "Enumerating: #{key}\n")
+          keys = open_key.enum_key
+          vals = open_key.enum_value
+          if (keys.length > 0)
+            print_line("  Keys (#{keys.length}):\n")
+            keys.each { |subkey|
+              print_line("\t#{subkey}")
+            }
+            print_line
+          end
+          if (vals.length > 0)
+            print_line("  Values (#{vals.length}):\n")
+            vals.each { |val|
+              print_line("\t#{val.name}")
+            }
+            print_line
+          end
+          if (vals.length == 0 and keys.length == 0)
+            print_line("No children.")
+          end
+        when "createkey"
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.create_key(root_key, base_key, KEY_WRITE + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.create_key(base_key, KEY_WRITE + wowflag)
+            end
+          end
+          print_line("Successfully created key: #{key}")
+        when "deletekey"
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.open_key(base_key, KEY_WRITE + wowflag)
+            end
+          end
+          open_key.delete_key(base_key)
+          print_line("Successfully deleted key: #{key}")
+        when "setval"
+          if (value == nil or data == nil)
+            print_error("You must specify both a value name and data (-v, -d).")
+            return false
+          end
+          type = "REG_SZ" if (type == nil)
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.open_key(base_key, KEY_WRITE + wowflag)
+            end
+          end
+          open_key.set_value(value, client.sys.registry.type2str(type), data)
+          print_line("Successful set #{value}.")
+        when "deleteval"
+          if (value == nil)
+            print_error("You must specify a value name (-v).")
+            return false
+          end
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.open_key(root_key, base_key, KEY_WRITE + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.open_key(base_key, KEY_WRITE + wowflag)
+            end
+          end
+          open_key.delete_value(value)
+          print_line("Successfully deleted #{value}.")
+        when "queryval"
+          if (value == nil)
+            print_error("You must specify a value name (-v).")
+            return false
+          end
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.open_key(base_key, KEY_READ + wowflag)
+            end
+          end
+          v = open_key.query_value(value)
+          print(
+            "Key: #{key}\n" +
+            "Name: #{v.name}\n" +
+            "Type: #{v.type_to_s}\n" +
+            "Data: #{v.data}\n")
+        when "queryclass"
+          open_key = nil
+          if not rem
+            open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
+          else
+            remote_key = client.sys.registry.open_remote_key(rem, root_key)
+            if remote_key
+              open_key = remote_key.open_key(base_key, KEY_READ + wowflag)
+            end
+          end
+          data = open_key.query_class
+          print("Data: #{data}\n")
+        else
+          print_error("Invalid command supplied: #{cmd}")
+      end
+    ensure
+      open_key.close if (open_key)
+    end
+  end
+  #
+  # Calls RevertToSelf() on the remote machine.
+  #
+  def cmd_rev2self(*args)
+    client.sys.config.revert_to_self
+  end
+  def cmd_getprivs_help
+    print_line "Usage: getprivs"
+    print_line
+    print_line "Attempt to enable all privileges, such as SeDebugPrivilege, available to the"
+    print_line "current process.  Note that this only enables existing privs and does not change"
+    print_line "users or tokens."
+    print_line
+    print_line "See also: steal_token, getsystem"
+    print_line
+  end
+  #
+  # Obtains as many privileges as possible on the target machine.
+  #
+  def cmd_getprivs(*args)
+    if args.include? "-h"
+      cmd_getprivs_help
+    end
+    print_line("=" * 60)
+    print_line("Enabled Process Privileges")
+    print_line("=" * 60)
+    client.sys.config.getprivs.each do |priv|
+      print_line("  #{priv}")
+    end
+    print_line("")
+  end
+  #
+  # Tries to steal the primary token from the target process.
+  #
+  def cmd_steal_token(*args)
+    if(args.length != 1 or args[0] == "-h")
+      print_error("Usage: steal_token [pid]")
+      return
+    end
+    print_line("Stolen token with username: " + client.sys.config.steal_token(args[0]))
+  end
+  #
+  # Drops any assumed token.
+  #
+  def cmd_drop_token(*args)
+    print_line("Relinquished token, now running as: " + client.sys.config.drop_token())
+  end
+  #
+  # Displays information about the remote system.
+  #
+  def cmd_sysinfo(*args)
+    info = client.sys.config.sysinfo
+    width = "Meterpreter".length
+    info.keys.each { |k| width = k.length if k.length > width and info[k] }
+    info.each_pair do |key, value|
+      print_line("#{key.ljust(width+1)}: #{value}") if value
+    end
+    print_line("#{"Meterpreter".ljust(width+1)}: #{client.platform}")
+    return true
+  end
+  #
+  # Shuts down the remote computer.
+  #
+  def cmd_shutdown(*args)
+    force = 0
+    if args.length == 1 and args[0].strip == "-h"
+      print(
+        "Usage: shutdown [options]\n\n" +
+        "Shutdown the remote machine.\n" +
+        @@shutdown_opts.usage)
+        return true
+    end
+    @@shutdown_opts.parse(args) { |opt, idx, val|
+      case opt
+        when "-f"
+          force = val.to_i
+      end
+    }
+    print_line("Shutting down...")
+    client.sys.power.shutdown(force, SHTDN_REASON_DEFAULT)
+  end
+  #
+  # Suspends or resumes a list of one or more pids
+  #
+  # +args+ can optionally be -c to continue on error or -r to resume
+  # instead of suspend, followed by a list of one or more valid pids
+  #
+  # @todo  Accept process names, much of that code is done (kernelsmith)
+  #
+  # @param args [Array<String>] List of one of more pids
+  # @return [Boolean] Returns true if command was successful, else false
+  def cmd_suspend(*args)
+    # give'em help if they want it, or seem confused
+    if args.length == 0 or (args.include? "-h")
+      cmd_suspend_help
+      return true
+    end
+    continue = args.delete("-c") || false
+    resume = args.delete("-r") || false
+    # validate all the proposed pids first so we can bail if one is bogus
+    valid_pids = validate_pids(args)
+    args.uniq!
+    diff = args - valid_pids.map {|e| e.to_s}
+    if not diff.empty? # then we had an invalid pid
+      print_error("The following pids are not valid:  #{diff.join(", ").to_s}.")
+      if continue
+        print_status("Continuing.  Invalid args have been removed from the list.")
+      else
+        print_error("Quitting.  Use -c to continue using only the valid pids.")
+        return false
+      end
+    end
+    targetprocess = nil
+    if resume
+      print_status("Resuming: #{valid_pids.join(", ").to_s}")
+    else
+      print_status("Suspending: #{valid_pids.join(", ").to_s}")
+    end
+    begin
+      valid_pids.each do |pid|
+        print_status("Targeting process with PID #{pid}...")
+        targetprocess = client.sys.process.open(pid, PROCESS_ALL_ACCESS)
+        targetprocess.thread.each_thread do |x|
+          if resume
+            targetprocess.thread.open(x).resume
+          else
+            targetprocess.thread.open(x).suspend
+          end
+        end
+      end
+    rescue ::Rex::Post::Meterpreter::RequestError => e
+      print_error "Error acting on the process:  #{e.to_s}."
+      print_error "Try migrating to a process with the same owner as the target process."
+      print_error "Also consider running the win_privs post module and confirm SeDebug priv."
+      return false unless continue
+    ensure
+      targetprocess.close if targetprocess
+    end
+    return true
+  end
+  #
+  # help for the suspend command
+  #
+  def cmd_suspend_help
+    print_line("Usage: suspend [options] pid1 pid2 pid3 ...")
+    print_line("Suspend one or more processes.")
+    print @@suspend_opts.usage
+  end
 end