Class: Rex::Post::Meterpreter::Packet

Inherits:
GroupTlv show all
Defined in:
lib/rex/post/meterpreter/packet.rb

Overview

The logical meterpreter packet class

Instance Attribute Summary collapse

Attributes inherited from GroupTlv

#tlvs

Attributes inherited from Tlv

#compress, #type, #value

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from GroupTlv

#add_tlv, #add_tlvs, #each, #each_tlv, #each_tlv_with_index, #each_with_index, #get_tlv, #get_tlv_value, #get_tlv_values, #get_tlvs, #has_tlv?, #reset

Methods inherited from Tlv

#inspect, #meta_type?, #type?, #value?

Constructor Details

#initialize(type = nil, method = nil) ⇒ Packet

Initializes the packet to the supplied packet type and method, if any. If the packet is a request, a request identifier is created.



648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
 
# File 'lib/rex/post/meterpreter/packet.rb', line 648

def initialize(type = nil, method = nil)
  super(type)

  if (method)
    self.method = method
  end

  self.created_at = ::Time.now

  # If it's a request, generate a random request identifier
  if ((type == PACKET_TYPE_REQUEST) ||
      (type == PACKET_TYPE_PLAIN_REQUEST))
    rid = ''

    32.times { |val| rid << rand(10).to_s }

    add_tlv(TLV_TYPE_REQUEST_ID, rid)
  end
end

Instance Attribute Details

#created_atObject

Returns the value of attribute created_at.



604
605
606
 
# File 'lib/rex/post/meterpreter/packet.rb', line 604

def created_at
  @created_at
end

Class Method Details

.create_request(method = nil) ⇒ Object

Creates a request with the supplied method.



615
616
617
 
# File 'lib/rex/post/meterpreter/packet.rb', line 615

def Packet.create_request(method = nil)
  return Packet.new(PACKET_TYPE_REQUEST, method)
end

.create_response(request = nil) ⇒ Object

Creates a response to a request if one is provided.



622
623
624
625
626
627
628
629
630
631
632
633
634
635
 
# File 'lib/rex/post/meterpreter/packet.rb', line 622

def Packet.create_response(request = nil)
  response_type = PACKET_TYPE_RESPONSE
  method = nil

  if (request)
    if (request.type?(PACKET_TYPE_PLAIN_REQUEST))
      response_type = PACKET_TYPE_PLAIN_RESPONSE
    end

    method = request.method
  end

  return Packet.new(response_type, method)
end

Instance Method Details

#from_r(bytes) ⇒ Object

Override the function that reads from a raw byte stream so that the XORing of data is included in the process prior to passing it on to the default functionality that can parse the TLV values.



690
691
692
693
 
# File 'lib/rex/post/meterpreter/packet.rb', line 690

def from_r(bytes)
  xor_key = bytes[0,4].unpack('N')[0]
  super(xor_bytes(xor_key, bytes[4, bytes.length]))
end

#methodObject

Returns the value of the packet’s method TLV.



743
744
745
 
# File 'lib/rex/post/meterpreter/packet.rb', line 743

def method
  return get_tlv_value(TLV_TYPE_METHOD)
end

#method=(method) ⇒ Object

Sets the packet’s method TLV to the method supplied.



736
737
738
 
# File 'lib/rex/post/meterpreter/packet.rb', line 736

def method=(method)
  add_tlv(TLV_TYPE_METHOD, method, true)
end

#method?(method) ⇒ Boolean

Checks to see if the packet’s method is equal to the supplied method.

Returns:

  • (Boolean) 


729
730
731
 
# File 'lib/rex/post/meterpreter/packet.rb', line 729

def method?(method)
  return (get_tlv_value(TLV_TYPE_METHOD) == method)
end

#response?Boolean

Checks to see if the packet is a response.

Returns:

  • (Boolean) 


715
716
717
718
 
# File 'lib/rex/post/meterpreter/packet.rb', line 715

def response?
  return ((self.type == PACKET_TYPE_RESPONSE) ||
          (self.type == PACKET_TYPE_PLAIN_RESPONSE))
end

#resultObject

Gets the value of the packet’s result TLV.



765
766
767
 
# File 'lib/rex/post/meterpreter/packet.rb', line 765

def result
  return get_tlv_value(TLV_TYPE_RESULT)
end

#result=(result) ⇒ Object

Sets the packet’s result TLV.



758
759
760
 
# File 'lib/rex/post/meterpreter/packet.rb', line 758

def result=(result)
  add_tlv(TLV_TYPE_RESULT, result, true)
end

#result?(result) ⇒ Boolean

Checks to see if the packet’s result value is equal to the supplied result.

Returns:

  • (Boolean) 


751
752
753
 
# File 'lib/rex/post/meterpreter/packet.rb', line 751

def result?(result)
  return (get_tlv_value(TLV_TYPE_RESULT) == result)
end

#ridObject

Gets the value of the packet’s request identifier TLV.



772
773
774
 
# File 'lib/rex/post/meterpreter/packet.rb', line 772

def rid
  return get_tlv_value(TLV_TYPE_REQUEST_ID)
end

#to_rObject

Override the function that creates the raw byte stream for sending so that it generates an XOR key, uses it to scramble the serialized TLV content, and then returns the key plus the scrambled data as the payload.



674
675
676
677
678
679
680
681
682
 
# File 'lib/rex/post/meterpreter/packet.rb', line 674

def to_r
  raw = super
  xor_key = rand(254) + 1
  xor_key |= (rand(254) + 1) << 8
  xor_key |= (rand(254) + 1) << 16
  xor_key |= (rand(254) + 1) << 24
  result = [xor_key].pack('N') + xor_bytes(xor_key, raw)
  result
end

#xor_bytes(xor_key, bytes) ⇒ Object

Xor a set of bytes with a given DWORD xor key.



698
699
700
701
702
703
704
 
# File 'lib/rex/post/meterpreter/packet.rb', line 698

def xor_bytes(xor_key, bytes)
  result = ''
  bytes.bytes.zip([xor_key].pack('V').bytes.cycle).each do |b|
    result << (b[0].ord ^ b[1].ord).chr
  end
  result
end