rex 2.0.5 → 2.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/rex/exploitation/egghunter.rb +4 -6
- data/lib/rex/exploitation/powershell/psh_methods.rb +9 -0
- data/lib/rex/java/serialization.rb +2 -1
- data/lib/rex/java/serialization/builder.rb +94 -0
- data/lib/rex/java/serialization/model.rb +29 -18
- data/lib/rex/java/serialization/model/annotation.rb +2 -2
- data/lib/rex/java/serialization/model/field.rb +2 -2
- data/lib/rex/java/serialization/model/new_array.rb +8 -3
- data/lib/rex/java/serialization/model/new_class_desc.rb +3 -3
- data/lib/rex/java/serialization/model/new_enum.rb +4 -4
- data/lib/rex/java/serialization/model/new_object.rb +17 -10
- data/lib/rex/ole/direntry.rb +1 -1
- data/lib/rex/ole/samples/create_ole.rb +0 -0
- data/lib/rex/ole/samples/dir.rb +0 -0
- data/lib/rex/ole/samples/dump_stream.rb +0 -0
- data/lib/rex/ole/samples/ole_info.rb +0 -0
- data/lib/rex/parser/foundstone_nokogiri.rb +1 -1
- data/lib/rex/parser/fs/ntfs.rb +252 -0
- data/lib/rex/parser/openvas_nokogiri.rb +2 -0
- data/lib/rex/payloads/win32/kernel.rb +3 -3
- data/lib/rex/post/meterpreter/client_core.rb +172 -64
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +3 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +12 -10
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +64 -37
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +8 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +15 -3
- data/lib/rex/post/meterpreter/packet.rb +41 -38
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +7 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +17 -4
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +11 -4
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +1 -1
- data/lib/rex/proto.rb +2 -0
- data/lib/rex/proto/acpp.rb +17 -0
- data/lib/rex/proto/acpp/client.rb +29 -0
- data/lib/rex/proto/acpp/message.rb +183 -0
- data/lib/rex/proto/http/client.rb +1 -2
- data/lib/rex/proto/iax2/call.rb +22 -3
- data/lib/rex/proto/iax2/client.rb +1 -0
- data/lib/rex/proto/kerberos.rb +13 -0
- data/lib/rex/proto/kerberos/client.rb +213 -0
- data/lib/rex/proto/kerberos/credential_cache.rb +19 -0
- data/lib/rex/proto/kerberos/credential_cache/cache.rb +81 -0
- data/lib/rex/proto/kerberos/credential_cache/credential.rb +151 -0
- data/lib/rex/proto/kerberos/credential_cache/element.rb +49 -0
- data/lib/rex/proto/kerberos/credential_cache/key_block.rb +62 -0
- data/lib/rex/proto/kerberos/credential_cache/principal.rb +70 -0
- data/lib/rex/proto/kerberos/credential_cache/time.rb +69 -0
- data/lib/rex/proto/kerberos/crypto.rb +21 -0
- data/lib/rex/proto/kerberos/crypto/rc4_hmac.rb +65 -0
- data/lib/rex/proto/kerberos/crypto/rsa_md5.rb +15 -0
- data/lib/rex/proto/kerberos/model.rb +133 -0
- data/lib/rex/proto/kerberos/model/ap_req.rb +98 -0
- data/lib/rex/proto/kerberos/model/authenticator.rb +143 -0
- data/lib/rex/proto/kerberos/model/authorization_data.rb +85 -0
- data/lib/rex/proto/kerberos/model/checksum.rb +59 -0
- data/lib/rex/proto/kerberos/model/element.rb +67 -0
- data/lib/rex/proto/kerberos/model/enc_kdc_response.rb +215 -0
- data/lib/rex/proto/kerberos/model/encrypted_data.rb +171 -0
- data/lib/rex/proto/kerberos/model/encryption_key.rb +106 -0
- data/lib/rex/proto/kerberos/model/kdc_request.rb +166 -0
- data/lib/rex/proto/kerberos/model/kdc_request_body.rb +315 -0
- data/lib/rex/proto/kerberos/model/kdc_response.rb +141 -0
- data/lib/rex/proto/kerberos/model/krb_error.rb +219 -0
- data/lib/rex/proto/kerberos/model/last_request.rb +82 -0
- data/lib/rex/proto/kerberos/model/pre_auth_data.rb +104 -0
- data/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb +126 -0
- data/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb +81 -0
- data/lib/rex/proto/kerberos/model/principal_name.rb +116 -0
- data/lib/rex/proto/kerberos/model/ticket.rb +151 -0
- data/lib/rex/proto/kerberos/pac.rb +36 -0
- data/lib/rex/proto/kerberos/pac/client_info.rb +53 -0
- data/lib/rex/proto/kerberos/pac/element.rb +52 -0
- data/lib/rex/proto/kerberos/pac/logon_info.rb +566 -0
- data/lib/rex/proto/kerberos/pac/priv_svr_checksum.rb +29 -0
- data/lib/rex/proto/kerberos/pac/server_checksum.rb +30 -0
- data/lib/rex/proto/kerberos/pac/type.rb +121 -0
- data/lib/rex/proto/rmi.rb +7 -0
- data/lib/rex/proto/rmi/model.rb +31 -0
- data/lib/rex/proto/rmi/model/call.rb +60 -0
- data/lib/rex/proto/rmi/model/continuation.rb +76 -0
- data/lib/rex/proto/rmi/model/dgc_ack.rb +62 -0
- data/lib/rex/proto/rmi/model/element.rb +143 -0
- data/lib/rex/proto/rmi/model/output_header.rb +86 -0
- data/lib/rex/proto/rmi/model/ping.rb +41 -0
- data/lib/rex/proto/rmi/model/ping_ack.rb +41 -0
- data/lib/rex/proto/rmi/model/protocol_ack.rb +100 -0
- data/lib/rex/proto/rmi/model/return_data.rb +60 -0
- data/lib/rex/socket.rb +9 -1
- data/lib/rex/socket/tcp_server.rb +3 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +4 -4
- data/lib/rex/ui/text/output/tee.rb +2 -0
- data/lib/rex/zip/samples/comment.rb +0 -0
- data/lib/rex/zip/samples/mkwar.rb +0 -0
- data/lib/rex/zip/samples/mkzip.rb +0 -0
- data/lib/rex/zip/samples/recursive.rb +0 -0
- data/rex.gemspec +1 -1
- metadata +56 -2
|
@@ -370,7 +370,6 @@ class ApiConstants
|
|
|
370
370
|
win_const_mgr.add_const('SQL_CVT_LONGVARBINARY',0x00040000)
|
|
371
371
|
win_const_mgr.add_const('WM_RESTORE_INDIVIDUALIZE',0x00000002)
|
|
372
372
|
win_const_mgr.add_const('ARRAY_SEP_CHAR',0x00000009)
|
|
373
|
-
win_const_mgr.add_const('SC_MANAGER_CREATE_SERVICE',0x00000002)
|
|
374
373
|
win_const_mgr.add_const('ERROR_NO_SAVEPOINT_WITH_OPEN_FILES',0x00001ABA)
|
|
375
374
|
win_const_mgr.add_const('OID_FDDI_SMT_STATION_ACTION',0x03030277)
|
|
376
375
|
win_const_mgr.add_const('OID_PNP_ADD_WAKE_UP_PATTERN',0xFD010103)
|
|
@@ -2357,7 +2356,70 @@ class ApiConstants
|
|
|
2357
2356
|
win_const_mgr.add_const('RTM_VIEW_MASK_UCAST',0x00000001)
|
|
2358
2357
|
win_const_mgr.add_const('CERT_ALT_NAME_VALUE_ERR_INDEX_MASK',0x0000FFFF)
|
|
2359
2358
|
win_const_mgr.add_const('ERROR_NO_SUCH_GROUP',0x00000527)
|
|
2359
|
+
|
|
2360
|
+
# Generic Access Rights
|
|
2360
2361
|
win_const_mgr.add_const('GENERIC_ALL',0x10000000)
|
|
2362
|
+
win_const_mgr.add_const('GENERIC_EXECUTE',0x20000000)
|
|
2363
|
+
win_const_mgr.add_const('GENERIC_WRITE',0x40000000)
|
|
2364
|
+
win_const_mgr.add_const('GENERIC_READ',0x80000000)
|
|
2365
|
+
|
|
2366
|
+
|
|
2367
|
+
# Standard Access Rights
|
|
2368
|
+
win_const_mgr.add_const('DELETE',0x00010000)
|
|
2369
|
+
win_const_mgr.add_const('READ_CONTROL',0x00020000)
|
|
2370
|
+
win_const_mgr.add_const('WRITE_DAC',0x00040000)
|
|
2371
|
+
win_const_mgr.add_const('WRITE_OWNER',0x00080000)
|
|
2372
|
+
win_const_mgr.add_const('ACCESS_SYSTEM_SECURITY',0x01000000)
|
|
2373
|
+
|
|
2374
|
+
# Services
|
|
2375
|
+
win_const_mgr.add_const('SERVICE_NO_CHANGE',0xFFFFFFFF)
|
|
2376
|
+
|
|
2377
|
+
# Service Start Types
|
|
2378
|
+
win_const_mgr.add_const('START_TYPE_BOOT',0x00000000)
|
|
2379
|
+
win_const_mgr.add_const('START_TYPE_SYSTEM',0x00000001)
|
|
2380
|
+
win_const_mgr.add_const('START_TYPE_AUTO',0x00000002)
|
|
2381
|
+
win_const_mgr.add_const('START_TYPE_MANUAL',0x00000003)
|
|
2382
|
+
win_const_mgr.add_const('START_TYPE_DISABLED',0x00000004)
|
|
2383
|
+
|
|
2384
|
+
# Service States
|
|
2385
|
+
win_const_mgr.add_const('SERVICE_STOPPED',0x00000001)
|
|
2386
|
+
win_const_mgr.add_const('SERVICE_START_PENDING',0x00000002)
|
|
2387
|
+
win_const_mgr.add_const('SERVICE_STOP_PENDING',0x00000003)
|
|
2388
|
+
win_const_mgr.add_const('SERVICE_RUNNING',0x00000004)
|
|
2389
|
+
win_const_mgr.add_const('SERVICE_CONTINUE_PENDING',0x00000005)
|
|
2390
|
+
win_const_mgr.add_const('SERVICE_PAUSE_PENDING',0x00000006)
|
|
2391
|
+
win_const_mgr.add_const('SERVICE_PAUSED',0x00000007)
|
|
2392
|
+
|
|
2393
|
+
# Service Types
|
|
2394
|
+
win_const_mgr.add_const('SERVICE_KERNEL_DRIVER',0x00000001)
|
|
2395
|
+
win_const_mgr.add_const('SERVICE_FILE_SYSTEM_DRIVER',0x00000002)
|
|
2396
|
+
win_const_mgr.add_const('SERVICE_ADAPTER',0x00000004)
|
|
2397
|
+
win_const_mgr.add_const('SERVICE_RECOGNIZER_DRIVER',0x00000008)
|
|
2398
|
+
win_const_mgr.add_const('SERVICE_WIN32_OWN_PROCESS',0x00000010)
|
|
2399
|
+
win_const_mgr.add_const('SERVICE_WIN32_SHARE_PROCESS',0x00000020)
|
|
2400
|
+
|
|
2401
|
+
# Service Manager Permissions
|
|
2402
|
+
win_const_mgr.add_const('SC_MANAGER_CONNECT',0x00000001)
|
|
2403
|
+
win_const_mgr.add_const('SC_MANAGER_CREATE_SERVICE',0x00000002)
|
|
2404
|
+
win_const_mgr.add_const('SC_MANAGER_ENUMERATE_SERVICE',0x00000004)
|
|
2405
|
+
win_const_mgr.add_const('SC_MANAGER_LOCK',0x00000008)
|
|
2406
|
+
win_const_mgr.add_const('SC_MANAGER_QUERY_LOCK_STATUS',0x00000010)
|
|
2407
|
+
win_const_mgr.add_const('SC_MANAGER_MODIFY_BOOT_CONFIG',0x00000020)
|
|
2408
|
+
win_const_mgr.add_const('SC_MANAGER_USER_DEFINED_CONTROL',0x00000100)
|
|
2409
|
+
win_const_mgr.add_const('SC_MANAGER_ALL_ACCESS',0x000F003F)
|
|
2410
|
+
|
|
2411
|
+
# Service Permissions
|
|
2412
|
+
win_const_mgr.add_const('SERVICE_QUERY_CONFIG',0x00000001)
|
|
2413
|
+
win_const_mgr.add_const('SERVICE_CHANGE_CONFIG',0x00000002)
|
|
2414
|
+
win_const_mgr.add_const('SERVICE_QUERY_STATUS',0x00000004)
|
|
2415
|
+
win_const_mgr.add_const('SERVICE_ENUMERATE_DEPENDENTS',0x00000008)
|
|
2416
|
+
win_const_mgr.add_const('SERVICE_START',0x00000010)
|
|
2417
|
+
win_const_mgr.add_const('SERVICE_STOP',0x00000020)
|
|
2418
|
+
win_const_mgr.add_const('SERVICE_PAUSE_CONTINUE',0x00000040)
|
|
2419
|
+
win_const_mgr.add_const('SERVICE_INTERROGATE',0x00000080)
|
|
2420
|
+
win_const_mgr.add_const('SERVICE_USER_DEFINED_CONTROL',0x00000100)
|
|
2421
|
+
win_const_mgr.add_const('SERVICE_ALL_ACCESS',0x000F01FF)
|
|
2422
|
+
|
|
2361
2423
|
win_const_mgr.add_const('LINEINITIALIZEEXOPTION_USECOMPLETIONPORT',0x00000003)
|
|
2362
2424
|
win_const_mgr.add_const('AVIIF_TWOCC',0x00000002)
|
|
2363
2425
|
win_const_mgr.add_const('TBTS_LEFT',0x00000001)
|
|
@@ -3408,7 +3470,6 @@ class ApiConstants
|
|
|
3408
3470
|
win_const_mgr.add_const('SQL_DS_RESTRICT',0x00000002)
|
|
3409
3471
|
win_const_mgr.add_const('SQL_FD_FETCH_NEXT',0x00000001)
|
|
3410
3472
|
win_const_mgr.add_const('HTTP_QUERY_ACCEPT_LANGUAGE',0x0000001B)
|
|
3411
|
-
win_const_mgr.add_const('SC_MANAGER_LOCK',0x00000008)
|
|
3412
3473
|
win_const_mgr.add_const('CM_CDMASK_VALID',0x0000000F)
|
|
3413
3474
|
win_const_mgr.add_const('DI_NEEDRESTART',0x00000080)
|
|
3414
3475
|
win_const_mgr.add_const('DSOP_DOWNLEVEL_FILTER_NETWORK',0x80001000)
|
|
@@ -4450,7 +4511,6 @@ class ApiConstants
|
|
|
4450
4511
|
win_const_mgr.add_const('WGL_SWAP_UNDERLAY1',0x00010000)
|
|
4451
4512
|
win_const_mgr.add_const('CRYPTDLG_ACTION_MASK',0xFFFF0000)
|
|
4452
4513
|
win_const_mgr.add_const('MCI_ANIM_WINDOW_HWND',0x00010000)
|
|
4453
|
-
win_const_mgr.add_const('SERVICE_QUERY_CONFIG',0x00000001)
|
|
4454
4514
|
win_const_mgr.add_const('MF_MEDIATYPE_EQUAL_FORMAT_DATA',0x00000004)
|
|
4455
4515
|
win_const_mgr.add_const('USE_REMOTE_PARMNUM',0x00000002)
|
|
4456
4516
|
win_const_mgr.add_const('CF_PALETTE',0x00000009)
|
|
@@ -5623,7 +5683,6 @@ class ApiConstants
|
|
|
5623
5683
|
win_const_mgr.add_const('SQL_DROP_VIEW',0x0000008F)
|
|
5624
5684
|
win_const_mgr.add_const('FEI_MODEM_POWERED_ON',0x00000011)
|
|
5625
5685
|
win_const_mgr.add_const('WNODE_FLAG_INTERNAL',0x00000100)
|
|
5626
|
-
win_const_mgr.add_const('SERVICE_START_PENDING',0x00000002)
|
|
5627
5686
|
win_const_mgr.add_const('ERROR_SXS_INVALID_ACTCTXDATA_FORMAT',0x000036B2)
|
|
5628
5687
|
win_const_mgr.add_const('ACMFILTERTAGDETAILS_FILTERTAG_CHARS',0x00000030)
|
|
5629
5688
|
win_const_mgr.add_const('MAPI_E_ATTACHMENT_WRITE_FAILURE',0x0000000D)
|
|
@@ -9255,7 +9314,6 @@ class ApiConstants
|
|
|
9255
9314
|
win_const_mgr.add_const('TAPE_SPACE_RELATIVE_BLOCKS',0x00000005)
|
|
9256
9315
|
win_const_mgr.add_const('DBT_DEVICEARRIVAL',0x00008000)
|
|
9257
9316
|
win_const_mgr.add_const('IMAGE_REL_ALPHA_REFHI',0x0000000A)
|
|
9258
|
-
win_const_mgr.add_const('SERVICE_WIN32_SHARE_PROCESS',0x00000020)
|
|
9259
9317
|
win_const_mgr.add_const('R2_NOTCOPYPEN',0x00000004)
|
|
9260
9318
|
win_const_mgr.add_const('POLICY_ERRV_GLOBAL_GRP_PEAK_RATE',0x0000001A)
|
|
9261
9319
|
win_const_mgr.add_const('VTBIT_CY',0x00000001)
|
|
@@ -9859,7 +9917,6 @@ class ApiConstants
|
|
|
9859
9917
|
win_const_mgr.add_const('DISPID_FILELISTENUMDONE',0x000000C9)
|
|
9860
9918
|
win_const_mgr.add_const('DBPROPVAL_IN_DISALLOWNULL',0x00000001)
|
|
9861
9919
|
win_const_mgr.add_const('PP_PROVTYPE',0x00000010)
|
|
9862
|
-
win_const_mgr.add_const('SERVICE_PAUSE_PENDING',0x00000006)
|
|
9863
9920
|
win_const_mgr.add_const('MWMO_WAITALL',0x00000001)
|
|
9864
9921
|
win_const_mgr.add_const('PIR_STATUS_ERROR',0x00000000)
|
|
9865
9922
|
win_const_mgr.add_const('ERROR_DS_NO_DELETED_NAME',0x000020A3)
|
|
@@ -10819,7 +10876,6 @@ class ApiConstants
|
|
|
10819
10876
|
win_const_mgr.add_const('LINEADDRCAPFLAGS_QUEUE',0x01000000)
|
|
10820
10877
|
win_const_mgr.add_const('PRINTER_ACCESS_ADMINISTER',0x00000004)
|
|
10821
10878
|
win_const_mgr.add_const('SECPKG_CALL_THREAD_TERM',0x00000080)
|
|
10822
|
-
win_const_mgr.add_const('SERVICE_RECOGNIZER_DRIVER',0x00000008)
|
|
10823
10879
|
win_const_mgr.add_const('MD_DIRBROW_SHOW_EXTENSION',0x00000010)
|
|
10824
10880
|
win_const_mgr.add_const('HHWIN_BUTTON_BROWSE_BCK',0x00000001)
|
|
10825
10881
|
win_const_mgr.add_const('COLOR_WINDOWFRAME',0x00000006)
|
|
@@ -11675,7 +11731,6 @@ class ApiConstants
|
|
|
11675
11731
|
win_const_mgr.add_const('PORT_UAAC',0x00000091)
|
|
11676
11732
|
win_const_mgr.add_const('D3DPBLENDCAPS_SRCALPHA',0x00000010)
|
|
11677
11733
|
win_const_mgr.add_const('CALLBACK_STREAM_SWITCH',0x00000001)
|
|
11678
|
-
win_const_mgr.add_const('GENERIC_EXECUTE',0x20000000)
|
|
11679
11734
|
win_const_mgr.add_const('NUMPRS_PARENS',0x00000080)
|
|
11680
11735
|
win_const_mgr.add_const('SHI1005_FLAGS_FORCE_SHARED_DELETE',0x00000200)
|
|
11681
11736
|
win_const_mgr.add_const('SQL_HC_OFF',0x00000000)
|
|
@@ -11965,7 +12020,6 @@ class ApiConstants
|
|
|
11965
12020
|
win_const_mgr.add_const('MCI_WAIT',0x00000002)
|
|
11966
12021
|
win_const_mgr.add_const('SPI_SETDROPSHADOW',0x00001025)
|
|
11967
12022
|
win_const_mgr.add_const('VK_OEM_PERIOD',0x000000BE)
|
|
11968
|
-
win_const_mgr.add_const('SERVICE_CHANGE_CONFIG',0x00000002)
|
|
11969
12023
|
win_const_mgr.add_const('CERT_STORE_PROV_WRITE_CTL_FUNC',0x0000000A)
|
|
11970
12024
|
win_const_mgr.add_const('SUBLANG_TAMAZIGHT_ALGERIA_LATIN',0x00000002)
|
|
11971
12025
|
win_const_mgr.add_const('XECR_PKCS7',0x00000002)
|
|
@@ -12173,7 +12227,6 @@ class ApiConstants
|
|
|
12173
12227
|
win_const_mgr.add_const('MCI_VCR_FREEZE_OUTPUT',0x00020000)
|
|
12174
12228
|
win_const_mgr.add_const('DEX_IDS_NO_SOURCE_NAMES',0x0000057D)
|
|
12175
12229
|
win_const_mgr.add_const('SQL_OUTER_JOINS',0x00000026)
|
|
12176
|
-
win_const_mgr.add_const('SERVICE_ENUMERATE_DEPENDENTS',0x00000008)
|
|
12177
12230
|
win_const_mgr.add_const('CR_NO_SUCH_LOGICAL_DEV',0x00000014)
|
|
12178
12231
|
win_const_mgr.add_const('IDC_PS_DISPLAYASICON',0x000001FA)
|
|
12179
12232
|
win_const_mgr.add_const('GESTURE_UP_LEFT_LONG',0x00000000)
|
|
@@ -12243,7 +12296,6 @@ class ApiConstants
|
|
|
12243
12296
|
win_const_mgr.add_const('ERROR_VOLSNAP_PREPARE_HIBERNATE',0x0000028F)
|
|
12244
12297
|
win_const_mgr.add_const('TMT_CAPTIONBARHEIGHT',0x000004B5)
|
|
12245
12298
|
win_const_mgr.add_const('IDM_ENABLE_INTERACTION',0x000008FE)
|
|
12246
|
-
win_const_mgr.add_const('DELETE',0x00010000)
|
|
12247
12299
|
win_const_mgr.add_const('CRYPTUI_WIZ_DIGITAL_SIGN_PVK',0x00000003)
|
|
12248
12300
|
win_const_mgr.add_const('ERROR_CTX_MODEM_RESPONSE_NO_CARRIER',0x00001B65)
|
|
12249
12301
|
win_const_mgr.add_const('OE_SETTING',0x00000004)
|
|
@@ -12431,7 +12483,7 @@ class ApiConstants
|
|
|
12431
12483
|
win_const_mgr.add_const('ET_DITHERMODE',0x00000004)
|
|
12432
12484
|
win_const_mgr.add_const('AA_A_ACL',0x00008000)
|
|
12433
12485
|
win_const_mgr.add_const('MCI_UPDATE',0x00000854)
|
|
12434
|
-
|
|
12486
|
+
|
|
12435
12487
|
win_const_mgr.add_const('ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST',0x00002157)
|
|
12436
12488
|
win_const_mgr.add_const('IDM_IE50_PASTE',0x00000961)
|
|
12437
12489
|
win_const_mgr.add_const('DB_NULL_HCHAPTER',0x00000000)
|
|
@@ -12739,7 +12791,6 @@ class ApiConstants
|
|
|
12739
12791
|
win_const_mgr.add_const('OPF_DISABLECONVERT',0x00000008)
|
|
12740
12792
|
win_const_mgr.add_const('D3DPCMPCAPS_LESS',0x00000002)
|
|
12741
12793
|
win_const_mgr.add_const('D3DPRESENT_INTERVAL_TWO',0x00000002)
|
|
12742
|
-
win_const_mgr.add_const('SERVICE_STOP',0x00000020)
|
|
12743
12794
|
win_const_mgr.add_const('WLX_OPTION_SMART_CARD_INFO',0x00010002)
|
|
12744
12795
|
win_const_mgr.add_const('MAX_LANA',0x000000FE)
|
|
12745
12796
|
win_const_mgr.add_const('PLATFORM_ID_VMS',0x000002BC)
|
|
@@ -14732,7 +14783,6 @@ class ApiConstants
|
|
|
14732
14783
|
win_const_mgr.add_const('CDIS_GRAYED',0x00000002)
|
|
14733
14784
|
win_const_mgr.add_const('DISPID_QUIT',0x00000067)
|
|
14734
14785
|
win_const_mgr.add_const('LINETOLLLISTOPTION_REMOVE',0x00000002)
|
|
14735
|
-
win_const_mgr.add_const('SERVICE_WIN32_OWN_PROCESS',0x00000010)
|
|
14736
14786
|
win_const_mgr.add_const('SM_FOCUS_TYPE_NT_DOMAIN',0x00000001)
|
|
14737
14787
|
win_const_mgr.add_const('WINHTTP_CALLBACK_STATUS_REQUEST_ERROR',0x00200000)
|
|
14738
14788
|
win_const_mgr.add_const('PORT_WPGS',0x0000030C)
|
|
@@ -15353,7 +15403,6 @@ class ApiConstants
|
|
|
15353
15403
|
win_const_mgr.add_const('DEBUG_VSOURCE_MAPPED_IMAGE',0x00000002)
|
|
15354
15404
|
win_const_mgr.add_const('ERROR_DS_OBJ_STRING_NAME_EXISTS',0x00002071)
|
|
15355
15405
|
win_const_mgr.add_const('DPD_DELETE_ALL_FILES',0x00000004)
|
|
15356
|
-
win_const_mgr.add_const('SERVICE_STOPPED',0x00000001)
|
|
15357
15406
|
win_const_mgr.add_const('DMPAPER_ENV_PERSONAL',0x00000026)
|
|
15358
15407
|
win_const_mgr.add_const('WM_RBUTTONDBLCLK',0x00000206)
|
|
15359
15408
|
win_const_mgr.add_const('SQL_CURRENT_QUALIFIER',0x0000006D)
|
|
@@ -15754,7 +15803,6 @@ class ApiConstants
|
|
|
15754
15803
|
win_const_mgr.add_const('ERROR_ABANDONED_WAIT_0',0x000002DF)
|
|
15755
15804
|
win_const_mgr.add_const('SQL_API_SQLGETCURSORNAME',0x00000011)
|
|
15756
15805
|
win_const_mgr.add_const('UINT8_MAX',0x00000000)
|
|
15757
|
-
win_const_mgr.add_const('SERVICE_NO_CHANGE',0x00000000)
|
|
15758
15806
|
win_const_mgr.add_const('AE_SRVCONT',0x00000002)
|
|
15759
15807
|
win_const_mgr.add_const('RPC_S_GRP_ELT_NOT_REMOVED',0x00000789)
|
|
15760
15808
|
win_const_mgr.add_const('ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT',0x0000083D)
|
|
@@ -16075,7 +16123,6 @@ class ApiConstants
|
|
|
16075
16123
|
win_const_mgr.add_const('ERRCLASS_UNK',0x0000000D)
|
|
16076
16124
|
win_const_mgr.add_const('STREAM_MODIFIED_WHEN_READ',0x00000001)
|
|
16077
16125
|
win_const_mgr.add_const('SENSITIVITY_PROP_NORMAL',0x00000000)
|
|
16078
|
-
win_const_mgr.add_const('SERVICE_INTERROGATE',0x00000080)
|
|
16079
16126
|
win_const_mgr.add_const('VK_BROWSER_FORWARD',0x000000A7)
|
|
16080
16127
|
win_const_mgr.add_const('IDM_BLOCKDIRLTR',0x00000930)
|
|
16081
16128
|
win_const_mgr.add_const('RF_LATTICE',0x00000800)
|
|
@@ -17110,7 +17157,6 @@ class ApiConstants
|
|
|
17110
17157
|
win_const_mgr.add_const('TRUSTERROR_STEP_MESSAGE',0x00000008)
|
|
17111
17158
|
win_const_mgr.add_const('LB_SETTABSTOPS',0x00000192)
|
|
17112
17159
|
win_const_mgr.add_const('SQL_TL_ON',0x00000001)
|
|
17113
|
-
win_const_mgr.add_const('SERVICE_FILE_SYSTEM_DRIVER',0x00000002)
|
|
17114
17160
|
win_const_mgr.add_const('SCRIPTPROP_GCCONTROLSOFTCLOSE',0x00002000)
|
|
17115
17161
|
win_const_mgr.add_const('OPATH_TOK_OPEN_PAREN',0x0000006A)
|
|
17116
17162
|
win_const_mgr.add_const('IMAGE_SYM_CLASS_REGISTER_PARAM',0x00000011)
|
|
@@ -18538,7 +18584,6 @@ class ApiConstants
|
|
|
18538
18584
|
win_const_mgr.add_const('DEBUG_OUTCTL_ALL_OTHER_CLIENTS',0x00000002)
|
|
18539
18585
|
win_const_mgr.add_const('MAX_DDDEVICEID_STRING',0x00000200)
|
|
18540
18586
|
win_const_mgr.add_const('USN_REASON_RENAME_NEW_NAME',0x00002000)
|
|
18541
|
-
win_const_mgr.add_const('WRITE_DAC',0x00040000)
|
|
18542
18587
|
win_const_mgr.add_const('BTH_ERROR_SUCCESS',0x00000000)
|
|
18543
18588
|
win_const_mgr.add_const('SERVER_SEARCH_FLAG_PHANTOM_ROOT',0x00000002)
|
|
18544
18589
|
win_const_mgr.add_const('SUBLANG_SINDHI_INDIA',0x00000001)
|
|
@@ -20372,7 +20417,6 @@ class ApiConstants
|
|
|
20372
20417
|
win_const_mgr.add_const('KERB_CHECKSUM_CRC32',0x00000001)
|
|
20373
20418
|
win_const_mgr.add_const('IMC_SETCOMPOSITIONFONT',0x0000000A)
|
|
20374
20419
|
win_const_mgr.add_const('TVC_UNKNOWN',0x00000000)
|
|
20375
|
-
win_const_mgr.add_const('SERVICE_RUNNING',0x00000004)
|
|
20376
20420
|
win_const_mgr.add_const('PORT_HMMP_INDICATION',0x00000264)
|
|
20377
20421
|
win_const_mgr.add_const('PARTID_MASK',0x00000000)
|
|
20378
20422
|
win_const_mgr.add_const('SSRVOPT_PARAMTYPE',0x00000100)
|
|
@@ -20721,7 +20765,6 @@ class ApiConstants
|
|
|
20721
20765
|
win_const_mgr.add_const('CB_MAX_FILENAME',0x00000100)
|
|
20722
20766
|
win_const_mgr.add_const('MCI_VCR_SET_TRACKING',0x00400000)
|
|
20723
20767
|
win_const_mgr.add_const('LANG_SINDHI',0x00000059)
|
|
20724
|
-
win_const_mgr.add_const('SERVICE_ADAPTER',0x00000004)
|
|
20725
20768
|
win_const_mgr.add_const('PCMCIA_DEF_MEMEND',0x00FFFFFF)
|
|
20726
20769
|
win_const_mgr.add_const('D3DPTEXTURECAPS_MIPCUBEMAP',0x00010000)
|
|
20727
20770
|
win_const_mgr.add_const('C2_NOTAPPLICABLE',0x00000000)
|
|
@@ -20938,7 +20981,6 @@ class ApiConstants
|
|
|
20938
20981
|
win_const_mgr.add_const('CTF_REF_COUNTED',0x00000020)
|
|
20939
20982
|
win_const_mgr.add_const('MCI_DEVTYPE_CD_AUDIO',0x00000204)
|
|
20940
20983
|
win_const_mgr.add_const('D3DDEVCAPS_TLVERTEXSYSTEMMEMORY',0x00000040)
|
|
20941
|
-
win_const_mgr.add_const('GENERIC_WRITE',0x40000000)
|
|
20942
20984
|
win_const_mgr.add_const('SE_GROUP_ENABLED',0x00000004)
|
|
20943
20985
|
win_const_mgr.add_const('PDH_REFRESHCOUNTERS',0x00000004)
|
|
20944
20986
|
win_const_mgr.add_const('ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED',0x000013D4)
|
|
@@ -21904,7 +21946,6 @@ class ApiConstants
|
|
|
21904
21946
|
win_const_mgr.add_const('SHERB_NOCONFIRMATION',0x00000001)
|
|
21905
21947
|
win_const_mgr.add_const('DEBUG_REQUEST_TARGET_EXCEPTION_RECORD',0x00000003)
|
|
21906
21948
|
win_const_mgr.add_const('CERT_TRUST_INVALID_BASIC_CONSTRAINTS',0x00000400)
|
|
21907
|
-
win_const_mgr.add_const('SERVICE_CONTINUE_PENDING',0x00000005)
|
|
21908
21949
|
win_const_mgr.add_const('URLACTION_ACTIVEX_RUN',0x00001200)
|
|
21909
21950
|
win_const_mgr.add_const('EMR_BITBLT',0x0000004C)
|
|
21910
21951
|
win_const_mgr.add_const('DEBUG_ASMOPT_DEFAULT',0x00000000)
|
|
@@ -23291,7 +23332,6 @@ class ApiConstants
|
|
|
23291
23332
|
win_const_mgr.add_const('HLNF_DISABLEWINDOWRESTRICTIONS',0x00800000)
|
|
23292
23333
|
win_const_mgr.add_const('WINHTTP_OPTION_CONNECT_TIMEOUT',0x00000003)
|
|
23293
23334
|
win_const_mgr.add_const('DS_NOIDLEMSG',0x00000100)
|
|
23294
|
-
win_const_mgr.add_const('SC_MANAGER_CONNECT',0x00000001)
|
|
23295
23335
|
win_const_mgr.add_const('CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG',0x00020000)
|
|
23296
23336
|
win_const_mgr.add_const('ERROR_LOG_CLIENT_NOT_REGISTERED',0x000019ED)
|
|
23297
23337
|
win_const_mgr.add_const('CERT_NAME_STR_REVERSE_FLAG',0x02000000)
|
|
@@ -23830,7 +23870,6 @@ class ApiConstants
|
|
|
23830
23870
|
win_const_mgr.add_const('DISPID_IHTMLPLUGINSCOLLECTION_REFRESH',0x00000002)
|
|
23831
23871
|
win_const_mgr.add_const('CM_OPEN_CLASS_KEY_BITS',0x00000001)
|
|
23832
23872
|
win_const_mgr.add_const('HH_SAFE_DISPLAY_TOPIC',0x00000020)
|
|
23833
|
-
win_const_mgr.add_const('SC_MANAGER_ENUMERATE_SERVICE',0x00000004)
|
|
23834
23873
|
win_const_mgr.add_const('FPSR_MBZ0_V',0x00000003)
|
|
23835
23874
|
win_const_mgr.add_const('ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT',0x000013E0)
|
|
23836
23875
|
win_const_mgr.add_const('WIA_DPF_FIRST',0x00000D02)
|
|
@@ -24022,7 +24061,6 @@ class ApiConstants
|
|
|
24022
24061
|
win_const_mgr.add_const('DNS_RTYPE_HINFO',0x00000000)
|
|
24023
24062
|
win_const_mgr.add_const('WM_COMPACTING',0x00000041)
|
|
24024
24063
|
win_const_mgr.add_const('EXITPUB_FILE',0x00000001)
|
|
24025
|
-
win_const_mgr.add_const('ACCESS_SYSTEM_SECURITY',0x01000000)
|
|
24026
24064
|
win_const_mgr.add_const('IP_ADAPTER_IPV4_ENABLED',0x00000080)
|
|
24027
24065
|
win_const_mgr.add_const('DXGI_USAGE_BACK_BUFFER',0x00000001)
|
|
24028
24066
|
win_const_mgr.add_const('DVD_AUDIO_CAPS_MPEG2',0x00000002)
|
|
@@ -24229,7 +24267,6 @@ class ApiConstants
|
|
|
24229
24267
|
win_const_mgr.add_const('PSH_USEHBMWATERMARK',0x00010000)
|
|
24230
24268
|
win_const_mgr.add_const('APPCTR_MD_ID_BEGIN_RESERVED',0x00000000)
|
|
24231
24269
|
win_const_mgr.add_const('ADMIN_STATE_ENABLED',0x00000002)
|
|
24232
|
-
win_const_mgr.add_const('SERVICE_START',0x00000010)
|
|
24233
24270
|
win_const_mgr.add_const('SQL_CONVERT_WVARCHAR',0x0000007E)
|
|
24234
24271
|
win_const_mgr.add_const('SECPKG_CONTEXT_EXPORT_RESET_NEW',0x00000001)
|
|
24235
24272
|
win_const_mgr.add_const('GESTURE_INFINITY',0x00000000)
|
|
@@ -24327,7 +24364,6 @@ class ApiConstants
|
|
|
24327
24364
|
win_const_mgr.add_const('ICDRAW_NULLFRAME',0x10000000)
|
|
24328
24365
|
win_const_mgr.add_const('JET_BASE_NAME_LENGTH',0x00000003)
|
|
24329
24366
|
win_const_mgr.add_const('HHWIN_PROP_ONTOP',0x00000001)
|
|
24330
|
-
win_const_mgr.add_const('SERVICE_PAUSED',0x00000007)
|
|
24331
24367
|
win_const_mgr.add_const('ICEE_CREATE_FILE_PE32',0x00000001)
|
|
24332
24368
|
win_const_mgr.add_const('CSIDL_PRINTERS',0x00000004)
|
|
24333
24369
|
win_const_mgr.add_const('LINEBEARERMODE_MULTIUSE',0x00000004)
|
|
@@ -24628,7 +24664,6 @@ class ApiConstants
|
|
|
24628
24664
|
win_const_mgr.add_const('POSTSCRIPT_DATA',0x00000025)
|
|
24629
24665
|
win_const_mgr.add_const('MCIWNDF_NOMENU',0x00000008)
|
|
24630
24666
|
win_const_mgr.add_const('OID_CO_TAPI_TRANSLATE_NDIS_CALLPARAMS',0xFE001005)
|
|
24631
|
-
win_const_mgr.add_const('SERVICE_USER_DEFINED_CONTROL',0x00000100)
|
|
24632
24667
|
win_const_mgr.add_const('JIFMK_FF',0x0000FFFF)
|
|
24633
24668
|
win_const_mgr.add_const('DFCS_HOT',0x00001000)
|
|
24634
24669
|
win_const_mgr.add_const('SI_CONTAINER',0x00000004)
|
|
@@ -25917,7 +25952,6 @@ class ApiConstants
|
|
|
25917
25952
|
win_const_mgr.add_const('TOKEN_ADJUST_PRIVILEGES',0x00000020)
|
|
25918
25953
|
win_const_mgr.add_const('CRL_REASON_UNSPECIFIED',0x00000000)
|
|
25919
25954
|
win_const_mgr.add_const('SERVICE_STOP_REASON_MINOR_MIN',0x00000000)
|
|
25920
|
-
win_const_mgr.add_const('SERVICE_PAUSE_CONTINUE',0x00000040)
|
|
25921
25955
|
win_const_mgr.add_const('RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY',0x00000020)
|
|
25922
25956
|
win_const_mgr.add_const('FEI_SENDING',0x00000002)
|
|
25923
25957
|
win_const_mgr.add_const('DOF_PROGMAN',0x00000001)
|
|
@@ -29144,7 +29178,6 @@ class ApiConstants
|
|
|
29144
29178
|
win_const_mgr.add_const('DS_FORCE_REDISCOVERY',0x00000001)
|
|
29145
29179
|
win_const_mgr.add_const('PDH_INVALID_INSTANCE',0xC0000BC5)
|
|
29146
29180
|
win_const_mgr.add_const('LOCALSTATE_POLICYREMOVE_UNINSTALL',0x00000010)
|
|
29147
|
-
win_const_mgr.add_const('SERVICE_STOP_PENDING',0x00000003)
|
|
29148
29181
|
win_const_mgr.add_const('PS_JOIN_BEVEL',0x00001000)
|
|
29149
29182
|
win_const_mgr.add_const('MFE_PRUNED_UPSTREAM',0x00000004)
|
|
29150
29183
|
win_const_mgr.add_const('TMT_BTNTEXT',0x00000653)
|
|
@@ -30370,7 +30403,6 @@ class ApiConstants
|
|
|
30370
30403
|
win_const_mgr.add_const('VK_DBE_NOROMAN',0x00000000)
|
|
30371
30404
|
win_const_mgr.add_const('DNS_TYPE_CNAME',0x00000005)
|
|
30372
30405
|
win_const_mgr.add_const('PID_IS_WORKINGDIR',0x00000005)
|
|
30373
|
-
win_const_mgr.add_const('SC_MANAGER_QUERY_LOCK_STATUS',0x00000010)
|
|
30374
30406
|
win_const_mgr.add_const('APPCOMMAND_MEDIA_PLAY_PAUSE',0x0000000E)
|
|
30375
30407
|
win_const_mgr.add_const('MCI_ANIM_PLAY_SCAN',0x00100000)
|
|
30376
30408
|
win_const_mgr.add_const('NOTIFY_CLASS_REGISTRY_CHANGE',0x00000004)
|
|
@@ -32077,7 +32109,6 @@ class ApiConstants
|
|
|
32077
32109
|
win_const_mgr.add_const('RPC_S_SEC_PKG_ERROR',0x00000721)
|
|
32078
32110
|
win_const_mgr.add_const('IPPORT_ECHO',0x00000007)
|
|
32079
32111
|
win_const_mgr.add_const('APPSTATUS_STOPPED',0x00000000)
|
|
32080
|
-
win_const_mgr.add_const('SERVICE_QUERY_STATUS',0x00000004)
|
|
32081
32112
|
win_const_mgr.add_const('WMDM_DEVICECAP_CANPAUSE',0x00000010)
|
|
32082
32113
|
win_const_mgr.add_const('PSP_USEFUSIONCONTEXT',0x00004000)
|
|
32083
32114
|
win_const_mgr.add_const('SUBSCRIPTION_CAP_IS_CONTENTPARTNER',0x00000040)
|
|
@@ -33167,7 +33198,6 @@ class ApiConstants
|
|
|
33167
33198
|
win_const_mgr.add_const('DISPID_CUSTOMIZESETTINGS',0x00000011)
|
|
33168
33199
|
win_const_mgr.add_const('IMAGE_REL_I386_SECREL',0x0000000B)
|
|
33169
33200
|
win_const_mgr.add_const('IF_TYPE_VOICE_FXS',0x00000066)
|
|
33170
|
-
win_const_mgr.add_const('WRITE_OWNER',0x00080000)
|
|
33171
33201
|
win_const_mgr.add_const('CALLBACK_FUNCTION',0x00030000)
|
|
33172
33202
|
win_const_mgr.add_const('CRYPT_MODE_CTS',0x00000005)
|
|
33173
33203
|
win_const_mgr.add_const('PAN_STROKEVARIATION_INDEX',0x00000005)
|
|
@@ -34303,7 +34333,6 @@ class ApiConstants
|
|
|
34303
34333
|
win_const_mgr.add_const('DDPCAPS_1BIT',0x00000100)
|
|
34304
34334
|
win_const_mgr.add_const('INADDR_LOOPBACK',0x00000007)
|
|
34305
34335
|
win_const_mgr.add_const('HTTP_QUERY_SERVER',0x00000025)
|
|
34306
|
-
win_const_mgr.add_const('GENERIC_READ',0x80000000)
|
|
34307
34336
|
win_const_mgr.add_const('DSBI_EXPANDONOPEN',0x00040000)
|
|
34308
34337
|
win_const_mgr.add_const('D3DUSAGE_DYNAMIC',0x00000200)
|
|
34309
34338
|
win_const_mgr.add_const('MIN_PST_ERROR',0x800C0001)
|
|
@@ -36254,7 +36283,6 @@ class ApiConstants
|
|
|
36254
36283
|
win_const_mgr.add_const('DBFLAGS_MULTITHREADTRANSACTIONS',0x00000200)
|
|
36255
36284
|
win_const_mgr.add_const('ERROR_DBG_RIPEXCEPTION',0x000002B7)
|
|
36256
36285
|
win_const_mgr.add_const('KSALLOCATOR_FLAG_NO_FRAME_INTEGRITY',0x00000100)
|
|
36257
|
-
win_const_mgr.add_const('SC_MANAGER_MODIFY_BOOT_CONFIG',0x00000020)
|
|
36258
36286
|
win_const_mgr.add_const('PBT_APMPOWERSTATUSCHANGE',0x0000000A)
|
|
36259
36287
|
win_const_mgr.add_const('IDM_TRIED_INSERTTABLE',0x00000016)
|
|
36260
36288
|
win_const_mgr.add_const('IMC_OPENSTATUSWINDOW',0x00000022)
|
|
@@ -38107,7 +38135,6 @@ class ApiConstants
|
|
|
38107
38135
|
win_const_mgr.add_const('TIME_STAMP_CAPABLE',0x00000020)
|
|
38108
38136
|
win_const_mgr.add_const('WIA_IPA_ITEM_CATEGORY',0x0000101D)
|
|
38109
38137
|
win_const_mgr.add_const('DNS_UPDATE_SECURITY_OFF',0x00000010)
|
|
38110
|
-
win_const_mgr.add_const('SERVICE_KERNEL_DRIVER',0x00000001)
|
|
38111
38138
|
win_const_mgr.add_const('HANDLE_PARAM_IS_IN',0x00000040)
|
|
38112
38139
|
win_const_mgr.add_const('IF_CHECK_SEND',0x00000002)
|
|
38113
38140
|
win_const_mgr.add_const('MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT',0x00000800)
|
|
@@ -318,7 +318,10 @@ class DLL
|
|
|
318
318
|
buffer = rec_out_only_buffers[buffer_item.addr, buffer_item.length_in_bytes]
|
|
319
319
|
case buffer_item.datatype
|
|
320
320
|
when "PDWORD"
|
|
321
|
-
|
|
321
|
+
# PDWORD is treated as a POINTER
|
|
322
|
+
return_hash[param_name] = buffer.unpack(native).first
|
|
323
|
+
# If PDWORD is treated correctly as a DWORD
|
|
324
|
+
return_hash[param_name] = buffer.unpack('V').first if return_hash[param_name].nil?
|
|
322
325
|
when "PCHAR"
|
|
323
326
|
return_hash[param_name] = asciiz_to_str(buffer)
|
|
324
327
|
when "PWCHAR"
|
|
@@ -338,7 +341,10 @@ class DLL
|
|
|
338
341
|
buffer = rec_inout_buffers[buffer_item.addr, buffer_item.length_in_bytes]
|
|
339
342
|
case buffer_item.datatype
|
|
340
343
|
when "PDWORD"
|
|
341
|
-
|
|
344
|
+
# PDWORD is treated as a POINTER
|
|
345
|
+
return_hash[param_name] = buffer.unpack(native).first
|
|
346
|
+
# If PDWORD is treated correctly as a DWORD
|
|
347
|
+
return_hash[param_name] = buffer.unpack('V').first if return_hash[param_name].nil?
|
|
342
348
|
when "PCHAR"
|
|
343
349
|
return_hash[param_name] = asciiz_to_str(buffer)
|
|
344
350
|
when "PWCHAR"
|
|
@@ -154,31 +154,43 @@ class UI < Rex::Post::UI
|
|
|
154
154
|
def screenshot( quality=50 )
|
|
155
155
|
request = Packet.create_request( 'stdapi_ui_desktop_screenshot' )
|
|
156
156
|
request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_QUALITY, quality )
|
|
157
|
+
|
|
157
158
|
# include the x64 screenshot dll if the host OS is x64
|
|
158
159
|
if( client.sys.config.sysinfo['Architecture'] =~ /^\S*x64\S*/ )
|
|
159
160
|
screenshot_path = MeterpreterBinaries.path('screenshot','x64.dll')
|
|
160
|
-
screenshot_path
|
|
161
|
+
if screenshot_path.nil?
|
|
162
|
+
raise RuntimeError, "screenshot.x64.dll not found", caller
|
|
163
|
+
end
|
|
164
|
+
|
|
161
165
|
screenshot_dll = ''
|
|
162
166
|
::File.open( screenshot_path, 'rb' ) do |f|
|
|
163
167
|
screenshot_dll += f.read( f.stat.size )
|
|
164
168
|
end
|
|
169
|
+
|
|
165
170
|
request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER, screenshot_dll, false, true )
|
|
166
171
|
request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH, screenshot_dll.length )
|
|
167
172
|
end
|
|
168
|
-
|
|
173
|
+
|
|
174
|
+
# but always include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
|
|
169
175
|
screenshot_path = MeterpreterBinaries.path('screenshot','x86.dll')
|
|
170
|
-
screenshot_path
|
|
176
|
+
if screenshot_path.nil?
|
|
177
|
+
raise RuntimeError, "screenshot.x86.dll not found", caller
|
|
178
|
+
end
|
|
179
|
+
|
|
171
180
|
screenshot_dll = ''
|
|
172
181
|
::File.open( screenshot_path, 'rb' ) do |f|
|
|
173
182
|
screenshot_dll += f.read( f.stat.size )
|
|
174
183
|
end
|
|
184
|
+
|
|
175
185
|
request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER, screenshot_dll, false, true )
|
|
176
186
|
request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_LENGTH, screenshot_dll.length )
|
|
187
|
+
|
|
177
188
|
# send the request and return the jpeg image if successfull.
|
|
178
189
|
response = client.send_request( request )
|
|
179
190
|
if( response.result == 0 )
|
|
180
191
|
return response.get_tlv_value( TLV_TYPE_DESKTOP_SCREENSHOT )
|
|
181
192
|
end
|
|
193
|
+
|
|
182
194
|
return nil
|
|
183
195
|
end
|
|
184
196
|
|
|
@@ -48,44 +48,47 @@ TLV_TEMP = 60000
|
|
|
48
48
|
#
|
|
49
49
|
# TLV Specific Types
|
|
50
50
|
#
|
|
51
|
-
TLV_TYPE_ANY
|
|
52
|
-
TLV_TYPE_METHOD
|
|
53
|
-
TLV_TYPE_REQUEST_ID
|
|
54
|
-
TLV_TYPE_EXCEPTION
|
|
55
|
-
TLV_TYPE_RESULT
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
TLV_TYPE_STRING
|
|
59
|
-
TLV_TYPE_UINT
|
|
60
|
-
TLV_TYPE_BOOL
|
|
61
|
-
|
|
62
|
-
TLV_TYPE_LENGTH
|
|
63
|
-
TLV_TYPE_DATA
|
|
64
|
-
TLV_TYPE_FLAGS
|
|
65
|
-
|
|
66
|
-
TLV_TYPE_CHANNEL_ID
|
|
67
|
-
TLV_TYPE_CHANNEL_TYPE
|
|
68
|
-
TLV_TYPE_CHANNEL_DATA
|
|
69
|
-
TLV_TYPE_CHANNEL_DATA_GROUP
|
|
70
|
-
TLV_TYPE_CHANNEL_CLASS
|
|
71
|
-
TLV_TYPE_CHANNEL_PARENTID
|
|
72
|
-
|
|
73
|
-
TLV_TYPE_SEEK_WHENCE
|
|
74
|
-
TLV_TYPE_SEEK_OFFSET
|
|
75
|
-
TLV_TYPE_SEEK_POS
|
|
76
|
-
|
|
77
|
-
TLV_TYPE_EXCEPTION_CODE
|
|
78
|
-
TLV_TYPE_EXCEPTION_STRING
|
|
79
|
-
|
|
80
|
-
TLV_TYPE_LIBRARY_PATH
|
|
81
|
-
TLV_TYPE_TARGET_PATH
|
|
82
|
-
TLV_TYPE_MIGRATE_PID
|
|
83
|
-
TLV_TYPE_MIGRATE_LEN
|
|
84
|
-
TLV_TYPE_MIGRATE_PAYLOAD
|
|
85
|
-
TLV_TYPE_MIGRATE_ARCH
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
51
|
+
TLV_TYPE_ANY = TLV_META_TYPE_NONE | 0
|
|
52
|
+
TLV_TYPE_METHOD = TLV_META_TYPE_STRING | 1
|
|
53
|
+
TLV_TYPE_REQUEST_ID = TLV_META_TYPE_STRING | 2
|
|
54
|
+
TLV_TYPE_EXCEPTION = TLV_META_TYPE_GROUP | 3
|
|
55
|
+
TLV_TYPE_RESULT = TLV_META_TYPE_UINT | 4
|
|
56
|
+
|
|
57
|
+
|
|
58
|
+
TLV_TYPE_STRING = TLV_META_TYPE_STRING | 10
|
|
59
|
+
TLV_TYPE_UINT = TLV_META_TYPE_UINT | 11
|
|
60
|
+
TLV_TYPE_BOOL = TLV_META_TYPE_BOOL | 12
|
|
61
|
+
|
|
62
|
+
TLV_TYPE_LENGTH = TLV_META_TYPE_UINT | 25
|
|
63
|
+
TLV_TYPE_DATA = TLV_META_TYPE_RAW | 26
|
|
64
|
+
TLV_TYPE_FLAGS = TLV_META_TYPE_UINT | 27
|
|
65
|
+
|
|
66
|
+
TLV_TYPE_CHANNEL_ID = TLV_META_TYPE_UINT | 50
|
|
67
|
+
TLV_TYPE_CHANNEL_TYPE = TLV_META_TYPE_STRING | 51
|
|
68
|
+
TLV_TYPE_CHANNEL_DATA = TLV_META_TYPE_RAW | 52
|
|
69
|
+
TLV_TYPE_CHANNEL_DATA_GROUP = TLV_META_TYPE_GROUP | 53
|
|
70
|
+
TLV_TYPE_CHANNEL_CLASS = TLV_META_TYPE_UINT | 54
|
|
71
|
+
TLV_TYPE_CHANNEL_PARENTID = TLV_META_TYPE_UINT | 55
|
|
72
|
+
|
|
73
|
+
TLV_TYPE_SEEK_WHENCE = TLV_META_TYPE_UINT | 70
|
|
74
|
+
TLV_TYPE_SEEK_OFFSET = TLV_META_TYPE_UINT | 71
|
|
75
|
+
TLV_TYPE_SEEK_POS = TLV_META_TYPE_UINT | 72
|
|
76
|
+
|
|
77
|
+
TLV_TYPE_EXCEPTION_CODE = TLV_META_TYPE_UINT | 300
|
|
78
|
+
TLV_TYPE_EXCEPTION_STRING = TLV_META_TYPE_STRING | 301
|
|
79
|
+
|
|
80
|
+
TLV_TYPE_LIBRARY_PATH = TLV_META_TYPE_STRING | 400
|
|
81
|
+
TLV_TYPE_TARGET_PATH = TLV_META_TYPE_STRING | 401
|
|
82
|
+
TLV_TYPE_MIGRATE_PID = TLV_META_TYPE_UINT | 402
|
|
83
|
+
TLV_TYPE_MIGRATE_LEN = TLV_META_TYPE_UINT | 403
|
|
84
|
+
TLV_TYPE_MIGRATE_PAYLOAD = TLV_META_TYPE_STRING | 404
|
|
85
|
+
TLV_TYPE_MIGRATE_ARCH = TLV_META_TYPE_UINT | 405
|
|
86
|
+
TLV_TYPE_MIGRATE_BASE_ADDR = TLV_META_TYPE_UINT | 407
|
|
87
|
+
TLV_TYPE_MIGRATE_ENTRY_POINT = TLV_META_TYPE_UINT | 408
|
|
88
|
+
TLV_TYPE_MIGRATE_SOCKET_PATH = TLV_META_TYPE_STRING | 409
|
|
89
|
+
|
|
90
|
+
TLV_TYPE_CIPHER_NAME = TLV_META_TYPE_STRING | 500
|
|
91
|
+
TLV_TYPE_CIPHER_PARAMETERS = TLV_META_TYPE_GROUP | 501
|
|
89
92
|
|
|
90
93
|
#
|
|
91
94
|
# Core flags
|