Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config

Defined in:

lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb

Overview

This class provides access to remote system configuration and information.

Instance Method Summary

• #drop_token ⇒ Object

  Drops any assumed token.

• #getprivs ⇒ Object

  Enables all possible privileges.

• #getuid ⇒ Object

  Returns the username that the remote side is running as.

• #initialize(client) ⇒ Config constructor

  A new instance of Config.

• #revert_to_self ⇒ Object

  Calls RevertToSelf on the remote machine.

• #steal_token(pid) ⇒ Object

  Steals the primary token from a target process.

• #sysinfo ⇒ Object

  Returns a hash of information about the remote computer.

Constructor Details

#initialize(client) ⇒ Config

Returns a new instance of Config.

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 24

def initialize(client)
	self.client = client
end

Instance Method Details

#drop_token ⇒ Object

Drops any assumed token

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 72

def drop_token
	req = Packet.create_request('stdapi_sys_config_drop_token')
	res = client.send_request(req)
	return client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end

#getprivs ⇒ Object

Enables all possible privileges

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 81

def getprivs
	req = Packet.create_request('stdapi_sys_config_getprivs')
	ret = []
	res = client.send_request(req)
	res.each(TLV_TYPE_PRIVILEGE) do |p|
		ret << p.value
	end
	return ret
end

#getuid ⇒ Object

Returns the username that the remote side is running as.

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 31

def getuid
	request  = Packet.create_request('stdapi_sys_config_getuid')
	response = client.send_request(request)
	return client.unicode_filter_encode( response.get_tlv_value(TLV_TYPE_USER_NAME) )
end

#revert_to_self ⇒ Object

Calls RevertToSelf on the remote machine.

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 55

def revert_to_self
	client.send_request(Packet.create_request('stdapi_sys_config_rev2self'))
end

#steal_token(pid) ⇒ Object

Steals the primary token from a target process

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 62

def steal_token(pid)
	req = Packet.create_request('stdapi_sys_config_steal_token')
	req.add_tlv(TLV_TYPE_PID, pid.to_i)
	res = client.send_request(req)
	return client.unicode_filter_encode( res.get_tlv_value(TLV_TYPE_USER_NAME) )
end

#sysinfo ⇒ Object

Returns a hash of information about the remote computer.

# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb', line 40

def sysinfo
	request  = Packet.create_request('stdapi_sys_config_sysinfo')
	response = client.send_request(request)

	{
		'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
		'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
		'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
		'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
	}
end