Class: Rex::Post::Meterpreter::Extensions::Winpmem::Winpmem

Inherits:
Rex::Post::Meterpreter::Extension show all
Defined in:
lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb

Overview

This meterpreter extension can be used to capture remote RAM

Constant Summary collapse

WINPMEM_ERROR_SUCCESS =
0
WINPMEM_ERROR_FAILED_LOAD_DRIVER =
1
WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY =
2
WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY =
3
WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL =
4
WINPMEM_ERROR_UNKNOWN =
255

Instance Attribute Summary

Attributes inherited from Rex::Post::Meterpreter::Extension

#client, #name

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Winpmem

Returns a new instance of Winpmem.


28
29
30
31
32
33
34
35
36
37
38
# File 'lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb', line 28

def initialize(client)
  super(client, 'winpmem')

  client.register_extension_aliases(
    [
      {
        'name' => 'winpmem',
        'ext'  => self
      },
    ])
end

Class Method Details

.extension_idObject


24
25
26
# File 'lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb', line 24

def self.extension_id
  EXTENSION_ID_WINPMEM
end

Instance Method Details

#dump_ramObject

Raises:


40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# File 'lib/rex/post/meterpreter/extensions/winpmem/winpmem.rb', line 40

def dump_ram
  request = Packet.create_request(COMMAND_ID_WINPMEM_DUMP_RAM)
  response = client.send_request(request)
  response_code = response.get_tlv_value(TLV_TYPE_WINPMEM_ERROR_CODE)

  return 0, response_code, nil if response_code != WINPMEM_ERROR_SUCCESS

  memory_size = response.get_tlv_value(TLV_TYPE_WINPMEM_MEMORY_SIZE)
  channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)

  raise Exception, 'We did not get a channel back!' if channel_id.nil?

  # Open the compressed Channel
  channel = Rex::Post::Meterpreter::Channels::Pool.new(client, channel_id, 'winpmem',
    CHANNEL_FLAG_SYNCHRONOUS | CHANNEL_FLAG_COMPRESS, response)
  return memory_size, response_code, channel
end