Class: Rex::Post::Meterpreter::Extensions::Priv::Fs

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/priv/fs.rb

Overview

This class provides an interface to modifying the file system to avoid detection, such as by modifying extended file system attributes.

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Fs

Initializes the file system subsystem of the privilege escalation extension.



21
22
23
 
# File 'lib/rex/post/meterpreter/extensions/priv/fs.rb', line 21

def initialize(client)
  self.client = client
end

Instance Method Details

#blank_directory_mace(dir_path) ⇒ Object

Recursively set the MACE values to the minimum threshold for the supplied directory.



102
103
104
105
106
107
108
109
110
 
# File 'lib/rex/post/meterpreter/extensions/priv/fs.rb', line 102

def blank_directory_mace(dir_path)
  request = Packet.create_request('priv_fs_blank_directory_mace')

  request.add_tlv(TLV_TYPE_FS_FILE_PATH, dir_path)

  client.send_request(request)

  true
end

#blank_file_mace(file_path) ⇒ Object

Sets the MACE values to the minimum threshold that will cause them to not be displayed by most all products for a file.



88
89
90
91
92
93
94
95
96
 
# File 'lib/rex/post/meterpreter/extensions/priv/fs.rb', line 88

def blank_file_mace(file_path)
  request = Packet.create_request('priv_fs_blank_file_mace')

  request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)

  client.send_request(request)

  true
end

#get_file_mace(file_path) ⇒ Object

Returns a hash of the Modified, Accessed, Created, and Entry Modified values for the specified file path.



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/rex/post/meterpreter/extensions/priv/fs.rb', line 29

def get_file_mace(file_path)
  request = Packet.create_request('priv_fs_get_file_mace')

  request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)

  response = client.send_request(request)

  # Return the hash of times associated with the MACE values
  begin
    return {
      'Modified'       => Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_MODIFIED)),
      'Accessed'       => Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_ACCESSED)),
      'Created'        => Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_CREATED)),
      'Entry Modified' => Time.at(response.get_tlv_value(TLV_TYPE_FS_FILE_EMODIFIED))
    }
  rescue RangeError
    raise RangeError, "Invalid MACE values"
  end
end

#set_file_mace(file_path, modified = nil, accessed = nil, created = nil, entry_modified = nil) ⇒ Object

Sets the Modified, Accessed, Created, and Entry Modified attributes of the specified file path. If a nil is supplied for a value, it will not be modified. Otherwise, the times should be instances of the Time class.



54
55
56
57
58
59
60
61
62
63
64
65
66
67
 
# File 'lib/rex/post/meterpreter/extensions/priv/fs.rb', line 54

def set_file_mace(file_path, modified = nil, accessed = nil, created = nil,
  entry_modified = nil)
  request = Packet.create_request('priv_fs_set_file_mace')

  request.add_tlv(TLV_TYPE_FS_FILE_PATH, file_path)
  request.add_tlv(TLV_TYPE_FS_FILE_MODIFIED, modified.to_i) if (modified)
  request.add_tlv(TLV_TYPE_FS_FILE_ACCESSED, accessed.to_i) if (accessed)
  request.add_tlv(TLV_TYPE_FS_FILE_CREATED, created.to_i) if (created)
  request.add_tlv(TLV_TYPE_FS_FILE_EMODIFIED, entry_modified.to_i) if (entry_modified)

  client.send_request(request)

  true
end

#set_file_mace_from_file(target_file_path, source_file_path) ⇒ Object

Sets the MACE attributes of the specified target_file_path to the MACE attributes of the source_file_path.



73
74
75
76
77
78
79
80
81
82
 
# File 'lib/rex/post/meterpreter/extensions/priv/fs.rb', line 73

def set_file_mace_from_file(target_file_path, source_file_path)
  request = Packet.create_request('priv_fs_set_file_mace_from_file')

  request.add_tlv(TLV_TYPE_FS_FILE_PATH, target_file_path)
  request.add_tlv(TLV_TYPE_FS_SRC_FILE_PATH, source_file_path)

  client.send_request(request)

  true
end