Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Timestomp
- Inherits:
-
Object
- Object
- Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Timestomp
- Defined in:
- lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb
Overview
This class provides commands that interact with the timestomp feature set of the privilege escalation extension.
Constant Summary collapse
- Klass =
Console::CommandDispatcher::Priv::Timestomp
- @@timestomp_opts =
Rex::Parser::Arguments.new( "-m" => [ true, "Set the \"last written\" time of the file" ], "-a" => [ true, "Set the \"last accessed\" time of the file" ], "-c" => [ true, "Set the \"creation\" time of the file" ], "-e" => [ true, "Set the \"mft entry modified\" time of the file" ], "-z" => [ true, "Set all four attributes (MACE) of the file" ], "-f" => [ true, "Set the MACE of attributes equal to the supplied file" ], "-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ], "-r" => [ false, "Set the MACE timestamps recursively on a directory" ], "-v" => [ false, "Display the UTC MACE values of the file" ], "-h" => [ false, "Help banner" ])
Instance Attribute Summary
Attributes included from Ui::Text::DispatcherShell::CommandDispatcher
Instance Method Summary collapse
-
#cmd_timestomp(*args) ⇒ Object
This command provides the same level of features that vinnie’s command line timestomp interface provides with a similar argument set.
-
#commands ⇒ Object
List of supported commands.
-
#name ⇒ Object
Name for this dispatcher.
Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher
check_hash, #client, #initialize, #log_error, #msf_loaded?, set_hash
Methods included from Ui::Text::DispatcherShell::CommandDispatcher
#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_filenames, #update_prompt
Instance Method Details
#cmd_timestomp(*args) ⇒ Object
This command provides the same level of features that vinnie’s command line timestomp interface provides with a similar argument set.
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb', line 53 def cmd_timestomp(*args) if (args.length < 2) print_line("\nUsage: timestomp OPTIONS file_path\n" + @@timestomp_opts.usage) return end file_path = nil args.each { |a| file_path = a unless a[0] == "-" } if file_path.nil? print_line("\nNo file_path specified.") return end args.delete(file_path) modified = nil accessed = nil creation = nil emodified = nil @@timestomp_opts.parse(args) { |opt, idx, val| case opt when "-m" modified = str_to_time(val) when "-a" accessed = str_to_time(val) when "-c" creation = str_to_time(val) when "-e" emodified = str_to_time(val) when "-z" print_line("#{val}") modified = str_to_time(val) accessed = str_to_time(val) creation = str_to_time(val) emodified = str_to_time(val) when "-f" print_status("Setting MACE attributes on #{file_path} from #{val}") client.priv.fs.set_file_mace_from_file(file_path, val) when "-b" print_status("Blanking file MACE attributes on #{file_path}") client.priv.fs.blank_file_mace(file_path) when "-r" print_status("Blanking directory MACE attributes on #{file_path}") client.priv.fs.blank_directory_mace(file_path) when "-v" hash = client.priv.fs.get_file_mace(file_path) print_line("Modified : #{hash['Modified']}") print_line("Accessed : #{hash['Accessed']}") print_line("Created : #{hash['Created']}") print_line("Entry Modified: #{hash['Entry Modified']}") when "-h" print_line("\nUsage: timestomp file_path OPTIONS\n" + @@timestomp_opts.usage) return end } # If any one of the four times were specified, change them. if (modified or accessed or creation or emodified) print_status("Setting specific MACE attributes on #{file_path}") client.priv.fs.set_file_mace(file_path, modified, accessed, creation, emodified) end end |
#commands ⇒ Object
List of supported commands.
36 37 38 39 40 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb', line 36 def commands { "timestomp" => "Manipulate file MACE attributes" } end |
#name ⇒ Object
Name for this dispatcher.
45 46 47 |
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb', line 45 def name "Priv: Timestomp" end |