Module: Msf::Post::Windows::Dotnet

Includes:: Common, Registry

Defined in:: lib/msf/core/post/windows/dotnet.rb

Constant Summary

Constants included from Registry

Registry::HKEY_CLASSES_ROOT, Registry::HKEY_CURRENT_CONFIG, Registry::HKEY_CURRENT_USER, Registry::HKEY_DYN_DATA, Registry::HKEY_LOCAL_MACHINE, Registry::HKEY_PERFORMANCE_DATA, Registry::HKEY_USERS, Registry::REGISTRY_VIEW_32_BIT, Registry::REGISTRY_VIEW_64_BIT, Registry::REGISTRY_VIEW_NATIVE, Registry::REG_BIG_ENDIAN, Registry::REG_BINARY, Registry::REG_DWORD, Registry::REG_EXPAND_SZ, Registry::REG_LINK, Registry::REG_LITTLE_ENDIAN, Registry::REG_MULTI_SZ, Registry::REG_NONE, Registry::REG_QWORD, Registry::REG_SZ

Instance Method Summary collapse

#get_dotnet_versions ⇒ Object

‘Public’ function that returns a list of all .NET versions on a windows host.
#get_versionception(dotnet_vkey) ⇒ Object

Bruteforce search all subkeys in an over-arching release to locate the actual release version.
#initialize(info = {}) ⇒ Object
#search_for_version(dotnet_subkey) ⇒ Object

Searches the subkey for the value ‘Version’ which contains the actual version, rather than the over-arching release An alternative would be to query for it, and catch the exception.

Methods included from Registry

Methods included from CliParse

#win_parse_error, #win_parse_results

Methods included from Common

#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #create_process, #get_env, #get_envs, #peer, #report_virtualization, #rhost, #rport

Instance Method Details

#get_dotnet_versions ⇒ `Object`

‘Public’ function that returns a list of all .NET versions on a windows host

# File 'lib/msf/core/post/windows/dotnet.rb', line 62

def get_dotnet_versions
  ret_val = []
  key = 'HKLM\\SOFTWARE\\Microsoft\NET Framework Setup\\NDP'
  begin
    dotnet_keys = registry_enumkeys(key)
  rescue Rex::Post::Meterpreter::RequestError => e
    print_status("Encountered exception in get_dotnet_version: #{e.class} #{e}")
    elog(e)
  end
  unless dotnet_keys.nil?
    dotnet_keys.each do |temp_key|
      if temp_key[0] == 'v'
        key = 'HKLM\\SOFTWARE\\Microsoft\NET Framework Setup\\NDP\\' + temp_key
        dotnet_version = get_versionception(key)
        unless dotnet_version.nil?
          ret_val << dotnet_version
        end
      end
    end
  end
  return ret_val
end

#get_versionception(dotnet_vkey) ⇒ `Object`

Bruteforce search all subkeys in an over-arching release to locate the actual release version.

# File 'lib/msf/core/post/windows/dotnet.rb', line 38

def get_versionception(dotnet_vkey)
  exact_version = nil
  begin
    subkeys = registry_enumkeys(dotnet_vkey)
  rescue Rex::Post::Meterpreter::RequestError => e
    print_status("Encountered exception in get_versionception: #{e.class} #{e}")
    elog(e)
  end
  unless subkeys.nil?
    subkeys.each do |subkey|
      exact_version = search_for_version(dotnet_vkey + '\\' + subkey)
      unless exact_version.nil?
        # if we find a version, stop looking
        break
      end
    end
  end
  return exact_version
end

#initialize(info = {}) ⇒ `Object`



6
7
8

# File 'lib/msf/core/post/windows/dotnet.rb', line 6

def initialize(info = {})
  super
end

#search_for_version(dotnet_subkey) ⇒ `Object`

Searches the subkey for the value ‘Version’ which contains the actual version, rather than the over-arching release An alternative would be to query for it, and catch the exception.

# File 'lib/msf/core/post/windows/dotnet.rb', line 15

def search_for_version(dotnet_subkey)
  dotnet_version = nil
  begin
    subkeys = registry_enumvals(dotnet_subkey)
  rescue Rex::Post::Meterpreter::RequestError => e
    print_status("Encountered exception in search_for_version: #{e.class} #{e}")
    elog(e)
  end
  unless subkeys.nil?
    subkeys.each do |subkey|
      if subkey == 'Version'
        dotnet_version = registry_getvaldata(dotnet_subkey, subkey)
        break
      end
    end
  end
  return dotnet_version
end