Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb

Overview

This class provides access to remote system configuration and information.

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Config

Returns a new instance of Config.



23
24
25
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 23

def initialize(client)
  self.client = client
end

Instance Method Details

#drop_tokenObject

Drops any assumed token



102
103
104
105
106
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 102

def drop_token
  req = Packet.create_request('stdapi_sys_config_drop_token')
  res = client.send_request(req)
  client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end

#getenv(var_name) ⇒ Object

Returns the value of a single requested environment variable name



62
63
64
65
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 62

def getenv(var_name)
  _, value = getenvs(var_name).first
  value
end

#getenvs(*var_names) ⇒ Object

Returns a hash of requested environment variables, along with their values. If a requested value doesn’t exist in the response, then the value wasn’t found.



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 40

def getenvs(*var_names)
  request = Packet.create_request('stdapi_sys_config_getenv')

  var_names.each do |v|
    request.add_tlv(TLV_TYPE_ENV_VARIABLE, v)
  end

  response = client.send_request(request)
  result = {}

  response.each(TLV_TYPE_ENV_GROUP) do |env|
    var_name = env.get_tlv_value(TLV_TYPE_ENV_VARIABLE)
    var_value = env.get_tlv_value(TLV_TYPE_ENV_VALUE)
    result[var_name] = var_value
  end

  result
end

#getprivsObject

Enables all possible privileges



111
112
113
114
115
116
117
118
119
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 111

def getprivs
  req = Packet.create_request('stdapi_sys_config_getprivs')
  ret = []
  res = client.send_request(req)
  res.each(TLV_TYPE_PRIVILEGE) do |p|
    ret << p.value
  end
  ret
end

#getuidObject

Returns the username that the remote side is running as.



30
31
32
33
34
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 30

def getuid
  request  = Packet.create_request('stdapi_sys_config_getuid')
  response = client.send_request(request)
  client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
end

#revert_to_selfObject

Calls RevertToSelf on the remote machine.



85
86
87
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 85

def revert_to_self
  client.send_request(Packet.create_request('stdapi_sys_config_rev2self'))
end

#steal_token(pid) ⇒ Object

Steals the primary token from a target process



92
93
94
95
96
97
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 92

def steal_token(pid)
  req = Packet.create_request('stdapi_sys_config_steal_token')
  req.add_tlv(TLV_TYPE_PID, pid.to_i)
  res = client.send_request(req)
  client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end

#sysinfoObject

Returns a hash of information about the remote computer.



70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 70

def sysinfo
  request  = Packet.create_request('stdapi_sys_config_sysinfo')
  response = client.send_request(request)

  {
    'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
    'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
    'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
    'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
  }
end