Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::EventLog
- Inherits:
-
Object
- Object
- Rex::Post::Meterpreter::Extensions::Stdapi::Sys::EventLog
- Defined in:
- lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb
Overview
This class provides access to the Windows event log on the remote machine.
Class Attribute Summary collapse
-
.client ⇒ Object
Returns the value of attribute client.
Instance Attribute Summary collapse
-
#client ⇒ Object
:nodoc:.
-
#handle ⇒ Object
Event Log Instance Stuffs!.
Class Method Summary collapse
-
.close(client, handle) ⇒ Object
Close the event log.
- .finalize(client, handle) ⇒ Object
-
.open(name) ⇒ Object
Opens the supplied event log.
Instance Method Summary collapse
-
#_read(flags, offset = 0) ⇒ Object
the low level read function (takes flags, not hash, etc).
-
#clear ⇒ Object
Clear the specified event log (and return nil).
-
#close ⇒ Object
Instance method.
-
#each_backwards ⇒ Object
Iterator for read_backwards.
-
#each_forwards ⇒ Object
Iterator for read_forwards.
-
#initialize(hand) ⇒ EventLog
constructor
Initializes an instance of the eventlog manipulator.
-
#length ⇒ Object
Return the number of records in the event log.
-
#oldest ⇒ Object
Return the record number of the oldest event (not necessarily 1).
-
#read_backwards ⇒ Object
Read the eventlog backwards, meaning from newest to oldest.
-
#read_forwards ⇒ Object
Read the eventlog forwards, meaning from oldest to newest.
Constructor Details
#initialize(hand) ⇒ EventLog
Initializes an instance of the eventlog manipulator.
60 61 62 63 64 65 66 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 60 def initialize(hand) self.client = self.class.client self.handle = hand # Ensure the remote object is closed when all references are removed ObjectSpace.define_finalizer(self, self.class.finalize(client, hand)) end |
Class Attribute Details
.client ⇒ Object
Returns the value of attribute client.
26 27 28 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 26 def client @client end |
Instance Attribute Details
#client ⇒ Object
:nodoc:
53 54 55 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 53 def client @client end |
#handle ⇒ Object
Event Log Instance Stuffs!
52 53 54 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 52 def handle @handle end |
Class Method Details
.close(client, handle) ⇒ Object
Close the event log
181 182 183 184 185 186 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 181 def self.close(client, handle) request = Packet.create_request('stdapi_sys_eventlog_close') request.add_tlv(TLV_TYPE_EVENT_HANDLE, handle); response = client.send_request(request, nil) return nil end |
.finalize(client, handle) ⇒ Object
68 69 70 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 68 def self.finalize(client,handle) proc { self.close(client,handle) } end |
.open(name) ⇒ Object
Opens the supplied event log.
– NOTE: should support UNCServerName sometime ++
36 37 38 39 40 41 42 43 44 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 36 def EventLog.open(name) request = Packet.create_request('stdapi_sys_eventlog_open') request.add_tlv(TLV_TYPE_EVENT_SOURCENAME, name); response = client.send_request(request) return self.new(response.get_tlv_value(TLV_TYPE_EVENT_HANDLE)) end |
Instance Method Details
#_read(flags, offset = 0) ⇒ Object
the low level read function (takes flags, not hash, etc).
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 88 def _read(flags, offset = 0) request = Packet.create_request('stdapi_sys_eventlog_read') request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle) request.add_tlv(TLV_TYPE_EVENT_READFLAGS, flags) request.add_tlv(TLV_TYPE_EVENT_RECORDOFFSET, offset) response = client.send_request(request) EventLogSubsystem::EventRecord.new( response.get_tlv_value(TLV_TYPE_EVENT_RECORDNUMBER), response.get_tlv_value(TLV_TYPE_EVENT_TIMEGENERATED), response.get_tlv_value(TLV_TYPE_EVENT_TIMEWRITTEN), response.get_tlv_value(TLV_TYPE_EVENT_ID), response.get_tlv_value(TLV_TYPE_EVENT_TYPE), response.get_tlv_value(TLV_TYPE_EVENT_CATEGORY), response.get_tlv_values(TLV_TYPE_EVENT_STRING), response.get_tlv_value(TLV_TYPE_EVENT_DATA) ) end |
#clear ⇒ Object
Clear the specified event log (and return nil).
– I should eventually support BackupFile ++
169 170 171 172 173 174 175 176 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 169 def clear request = Packet.create_request('stdapi_sys_eventlog_clear') request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle); response = client.send_request(request) return self end |
#close ⇒ Object
Instance method
189 190 191 192 193 194 195 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 189 def close unless self.handle.nil? ObjectSpace.undefine_finalizer(self) self.class.close(self.client, self.handle) self.handle = nil end end |
#each_backwards ⇒ Object
Iterator for read_backwards.
140 141 142 143 144 145 146 147 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 140 def each_backwards begin loop do yield(read_backwards) end rescue ::Exception end end |
#each_forwards ⇒ Object
Iterator for read_forwards.
120 121 122 123 124 125 126 127 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 120 def each_forwards begin loop do yield(read_forwards) end rescue ::Exception end end |
#length ⇒ Object
Return the number of records in the event log.
75 76 77 78 79 80 81 82 83 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 75 def length request = Packet.create_request('stdapi_sys_eventlog_numrecords') request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle); response = client.send_request(request) return response.get_tlv_value(TLV_TYPE_EVENT_NUMRECORDS) end |
#oldest ⇒ Object
Return the record number of the oldest event (not necessarily 1).
152 153 154 155 156 157 158 159 160 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 152 def oldest request = Packet.create_request('stdapi_sys_eventlog_oldest') request.add_tlv(TLV_TYPE_EVENT_HANDLE, self.handle); response = client.send_request(request) return response.get_tlv_value(TLV_TYPE_EVENT_RECORDNUMBER) end |
#read_backwards ⇒ Object
Read the eventlog backwards, meaning from newest to oldest. Returns a EventRecord, and throws an exception after no more records.
133 134 135 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 133 def read_backwards _read(EVENTLOG_SEQUENTIAL_READ | EVENTLOG_BACKWARDS_READ) end |
#read_forwards ⇒ Object
Read the eventlog forwards, meaning from oldest to newest. Returns a EventRecord, and throws an exception after no more records.
113 114 115 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb', line 113 def read_forwards _read(EVENTLOG_SEQUENTIAL_READ | EVENTLOG_FORWARDS_READ) end |