Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Registry
- Inherits:
-
Object
- Object
- Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Registry
- Defined in:
- lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb
Overview
This class provides access to the Windows registry on the remote machine.
Class Attribute Summary collapse
-
.client ⇒ Object
Returns the value of attribute client.
Class Method Summary collapse
-
.close_key(hkey) ⇒ Object
Closes the supplied registry key.
-
.create_key(root_key, base_key, perm = KEY_READ) ⇒ Object
Creates the supplied registry key or opens it if it already exists.
-
.delete_key(root_key, base_key, recursive = true) ⇒ Object
Deletes the supplied registry key.
-
.delete_value(hkey, name) ⇒ Object
Deletes the registry value supplied in name from the supplied registry key.
-
.enum_key(hkey) ⇒ Object
Enumerates the supplied registry key returning an array of key names.
-
.enum_value(hkey) ⇒ Object
Enumerates all of the values at the supplied hkey including their names.
-
.key2str(key) ⇒ Object
Return the key value associated with the supplied string.
-
.open_key(root_key, base_key, perm = KEY_READ) ⇒ Object
Opens the supplied registry key relative to the root key with the supplied permissions.
-
.query_class(hkey) ⇒ Object
Queries the registry class name and returns a string.
-
.query_value(hkey, name) ⇒ Object
Queries the registry value supplied in name and returns an initialized RegistryValue instance if a match is found.
-
.set_value(hkey, name, type, data) ⇒ Object
Sets the registry value relative to the supplied hkey.
-
.splitkey(str) ⇒ Object
Split the supplied full registry key into its root key and base key.
-
.type2str(type) ⇒ Object
Returns the integer value associated with the supplied registry value type (like REG_SZ).
Class Attribute Details
.client ⇒ Object
Returns the value of attribute client.
27 28 29 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 27 def client @client end |
Class Method Details
.close_key(hkey) ⇒ Object
Closes the supplied registry key.
91 92 93 94 95 96 97 98 99 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 91 def Registry.close_key(hkey) request = Packet.create_request('stdapi_registry_close_key') request.add_tlv(TLV_TYPE_HKEY, hkey) client.send_packet(request) return true end |
.create_key(root_key, base_key, perm = KEY_READ) ⇒ Object
Creates the supplied registry key or opens it if it already exists.
53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 53 def Registry.create_key(root_key, base_key, perm = KEY_READ) request = Packet.create_request('stdapi_registry_create_key') request.add_tlv(TLV_TYPE_ROOT_KEY, root_key) request.add_tlv(TLV_TYPE_BASE_KEY, base_key) request.add_tlv(TLV_TYPE_PERMISSION, perm) response = client.send_request(request) return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RegistryKey.new( client, root_key, base_key, perm, response.get_tlv(TLV_TYPE_HKEY).value) end |
.delete_key(root_key, base_key, recursive = true) ⇒ Object
Deletes the supplied registry key.
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 69 def Registry.delete_key(root_key, base_key, recursive = true) request = Packet.create_request('stdapi_registry_delete_key') flags = 0 if (recursive) flags |= DELETE_KEY_FLAG_RECURSIVE end request.add_tlv(TLV_TYPE_ROOT_KEY, root_key) request.add_tlv(TLV_TYPE_BASE_KEY, base_key) request.add_tlv(TLV_TYPE_FLAGS, flags) if (client.send_request(request) != nil) return true end return false end |
.delete_value(hkey, name) ⇒ Object
Deletes the registry value supplied in name from the supplied registry key.
178 179 180 181 182 183 184 185 186 187 188 189 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 178 def Registry.delete_value(hkey, name) request = Packet.create_request('stdapi_registry_delete_value') request.add_tlv(TLV_TYPE_HKEY, hkey) request.add_tlv(TLV_TYPE_VALUE_NAME, name) if (client.send_request(request) != nil) return true end return false end |
.enum_key(hkey) ⇒ Object
Enumerates the supplied registry key returning an array of key names.
104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 104 def Registry.enum_key(hkey) keys = [] request = Packet.create_request('stdapi_registry_enum_key') request.add_tlv(TLV_TYPE_HKEY, hkey) response = client.send_request(request) # Enumerate through all of the registry keys response.each(TLV_TYPE_KEY_NAME) { |key_name| keys << key_name.value } return keys end |
.enum_value(hkey) ⇒ Object
Enumerates all of the values at the supplied hkey including their names. An array of RegistryValue’s is returned.
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 210 def Registry.enum_value(hkey) request = Packet.create_request('stdapi_registry_enum_value') values = [] request.add_tlv(TLV_TYPE_HKEY, hkey) response = client.send_request(request) response.each(TLV_TYPE_VALUE_NAME) { |value_name| values << Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RegistryValue.new( client, hkey, value_name.value) } return values end |
.key2str(key) ⇒ Object
Return the key value associated with the supplied string. This is useful for converting HKLM as a string into its actual integer representation.
230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 230 def self.key2str(key) if (key == 'HKLM' or key == 'HKEY_LOCAL_MACHINE') return HKEY_LOCAL_MACHINE elsif (key == 'HKCU' or key == 'HKEY_CURRENT_USER') return HKEY_CURRENT_USER elsif (key == 'HKU' or key == 'HKEY_USERS') return HKEY_USERS elsif (key == 'HKCR' or key == 'HKEY_CLASSES_ROOT') return HKEY_CLASSES_ROOT elsif (key == 'HKEY_CURRENT_CONFIG') return HKEY_CURRENT_CONFIG elsif (key == 'HKEY_PERFORMANCE_DATA') return HKEY_PERFORMANCE_DATA elsif (key == 'HKEY_DYN_DATA') return HKEY_DYN_DATA else raise ArgumentError, "Unknown key: #{key}" end end |
.open_key(root_key, base_key, perm = KEY_READ) ⇒ Object
Opens the supplied registry key relative to the root key with the supplied permissions. Right now this is merely a wrapper around create_key.
41 42 43 44 45 46 47 48 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 41 def Registry.open_key(root_key, base_key, perm = KEY_READ) # If no base key was provided, just return the root_key. if (base_key == nil or base_key.length == 0) return RegistrySubsystem::RegistryKey.new(client, root_key, base_key, perm, root_key) end return self.create_key(root_key, base_key, perm) end |
.query_class(hkey) ⇒ Object
Queries the registry class name and returns a string
194 195 196 197 198 199 200 201 202 203 204 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 194 def Registry.query_class(hkey) request = Packet.create_request('stdapi_registry_query_class') request.add_tlv(TLV_TYPE_HKEY, hkey) response = client.send_request(request) cls = response.get_tlv(TLV_TYPE_VALUE_DATA) return nil if not cls data = cls.value.gsub(/\x00.*/, '') return data end |
.query_value(hkey, name) ⇒ Object
Queries the registry value supplied in name and returns an initialized RegistryValue instance if a match is found.
153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 153 def Registry.query_value(hkey, name) request = Packet.create_request('stdapi_registry_query_value') request.add_tlv(TLV_TYPE_HKEY, hkey) request.add_tlv(TLV_TYPE_VALUE_NAME, name) response = client.send_request(request) data = response.get_tlv(TLV_TYPE_VALUE_DATA).value; type = response.get_tlv(TLV_TYPE_VALUE_TYPE).value; if (type == REG_SZ) data = data[0..-2] elsif (type == REG_DWORD) data = data.unpack("N")[0] end return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RegistryValue.new( client, hkey, name, type, data) end |
.set_value(hkey, name, type, data) ⇒ Object
Sets the registry value relative to the supplied hkey.
129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 129 def Registry.set_value(hkey, name, type, data) request = Packet.create_request('stdapi_registry_set_value') request.add_tlv(TLV_TYPE_HKEY, hkey) request.add_tlv(TLV_TYPE_VALUE_NAME, name) request.add_tlv(TLV_TYPE_VALUE_TYPE, type) if (type == REG_SZ) data += "\x00" elsif (type == REG_DWORD) data = [ data.to_i ].pack("V") end request.add_tlv(TLV_TYPE_VALUE_DATA, data) response = client.send_request(request) return true end |
.splitkey(str) ⇒ Object
Split the supplied full registry key into its root key and base key. For instance, passing HKLMSoftwareDog will return [ HKEY_LOCAL_MACHINE, ‘SoftwareDog’ ]
268 269 270 271 272 273 274 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 268 def self.splitkey(str) if (str =~ /^(.+?)\\(.*)$/) [ key2str($1), $2 ] else [ key2str(str), nil ] end end |
.type2str(type) ⇒ Object
Returns the integer value associated with the supplied registry value type (like REG_SZ).
254 255 256 257 258 259 260 261 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb', line 254 def self.type2str(type) return REG_SZ if (type == 'REG_SZ') return REG_DWORD if (type == 'REG_DWORD') return REG_BINARY if (type == 'REG_BINARY') return REG_EXPAND_SZ if (type == 'REG_EXPAND_SZ') return REG_NONE if (type == 'REG_NONE') return nil end |