Class: Rex::Post::Meterpreter::Extensions::Extapi::Wmi::Wmi

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb

Overview

This meterpreter extension contains extended API functions for performing WMI queries.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Wmi

Returns a new instance of Wmi.



18
19
20
# File 'lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb', line 18

def initialize(client)
  @client = client
end

Instance Attribute Details

#clientObject

Returns the value of attribute client.



70
71
72
# File 'lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb', line 70

def client
  @client
end

Instance Method Details

#query(query, root = nil) ⇒ Hash

Perform a generic wmi query against the target machine.

Parameters:

  • query (String)

    The WMI query string.

  • root (String) (defaults to: nil)

    Specify root to target, otherwise defaults to 'rootcimv2'

Returns:

  • (Hash)

    Array of field names with associated values.



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb', line 31

def query(query, root = nil)
  request = Packet.create_request(COMMAND_ID_EXTAPI_WMI_QUERY)

  request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.to_s.strip.empty?
  request.add_tlv(TLV_TYPE_EXT_WMI_QUERY, query)

  response = client.send_request(request)

  # Bomb out with the right error messa
  error_msg = response.get_tlv_value(TLV_TYPE_EXT_WMI_ERROR)
  raise error_msg if error_msg

  fields = []
  fields_tlv = response.get_tlv(TLV_TYPE_EXT_WMI_FIELDS)

  # If we didn't get any fields back, then we didn't get any results.
  # The reason is because without results, we don't know which fields
  # were requested in the first place
  return nil unless fields_tlv

  fields_tlv.each(TLV_TYPE_EXT_WMI_FIELD) { |f|
    fields << f.value
  }

  values = []
  response.each(TLV_TYPE_EXT_WMI_VALUES) { |r|
    value = []
    r.each(TLV_TYPE_EXT_WMI_VALUE) { |v|
      value << v.value
    }
    values << value
  }

  return {
    :fields  => fields,
    :values => values
  }
end