Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Timestomp

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Priv::Timestomp

Includes:

Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

Defined in:

lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb

Overview

This class provides commands that interact with the timestomp feature set of the privilege escalation extension.

Constant Summary

Klass =

Console::CommandDispatcher::Priv::Timestomp

@@timestomp_opts =

Rex::Parser::Arguments.new(
"-m" => [ true,  "Set the \"last written\" time of the file" ],
"-a" => [ true,  "Set the \"last accessed\" time of the file" ],
"-c" => [ true,  "Set the \"creation\" time of the file" ],
"-e" => [ true,  "Set the \"mft entry modified\" time of the file" ],
"-z" => [ true,  "Set all four attributes (MACE) of the file" ],
"-f" => [ true,  "Set the MACE of attributes equal to the supplied file" ],
"-b" => [ false, "Set the MACE timestamps so that EnCase shows blanks" ],
"-r" => [ false, "Set the MACE timestamps recursively on a directory" ],
"-v" => [ false, "Display the UTC MACE values of the file" ],
"-h" => [ false, "Help banner" ])

Instance Attribute Summary

Attributes included from Ui::Text::DispatcherShell::CommandDispatcher

#shell, #tab_complete_items

Instance Method Summary

• #cmd_timestomp(*args) ⇒ Object

  This command provides the same level of features that vinnie’s command line timestomp interface provides with a similar argument set.

• #commands ⇒ Object

  List of supported commands.

• #name ⇒ Object

  Name for this dispatcher.

Methods included from Rex::Post::Meterpreter::Ui::Console::CommandDispatcher

check_hash, #client, #initialize, #log_error, #msf_loaded?, set_hash

Methods included from Ui::Text::DispatcherShell::CommandDispatcher

#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #initialize, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_filenames, #update_prompt

Instance Method Details

#cmd_timestomp(*args) ⇒ Object

This command provides the same level of features that vinnie’s command line timestomp interface provides with a similar argument set.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb', line 53

def cmd_timestomp(*args)
  if (args.length < 2)
    print_line("\nUsage: timestomp OPTIONS file_path\n" +
      @@timestomp_opts.usage)
    return
  end

  file_path = nil
  args.each { |a| file_path = a unless a[0] == "-" }

  if file_path.nil?
    print_line("\nNo file_path specified.")
    return
  end

  args.delete(file_path)

  modified  = nil
  accessed  = nil
  creation  = nil
  emodified = nil

  @@timestomp_opts.parse(args) { |opt, idx, val|
    case opt
      when "-m"
        modified  = str_to_time(val)
      when "-a"
        accessed  = str_to_time(val)
      when "-c"
        creation  = str_to_time(val)
      when "-e"
        emodified = str_to_time(val)
      when "-z"
        print_line("#{val}")
        modified  = str_to_time(val)
        accessed  = str_to_time(val)
        creation  = str_to_time(val)
        emodified = str_to_time(val)
      when "-f"
        print_status("Setting MACE attributes on #{file_path} from #{val}")
        client.priv.fs.set_file_mace_from_file(file_path, val)
      when "-b"
        print_status("Blanking file MACE attributes on #{file_path}")
        client.priv.fs.blank_file_mace(file_path)
      when "-r"
        print_status("Blanking directory MACE attributes on #{file_path}")
        client.priv.fs.blank_directory_mace(file_path)
      when "-v"
        hash = client.priv.fs.get_file_mace(file_path)

        print_line("Modified      : #{hash['Modified']}")
        print_line("Accessed      : #{hash['Accessed']}")
        print_line("Created       : #{hash['Created']}")
        print_line("Entry Modified: #{hash['Entry Modified']}")
      when "-h"
        print_line("\nUsage: timestomp file_path OPTIONS\n" +
          @@timestomp_opts.usage)
        return
    end
  }

  # If any one of the four times were specified, change them.
  if (modified or accessed or creation or emodified)
    print_status("Setting specific MACE attributes on #{file_path}")
    client.priv.fs.set_file_mace(file_path, modified, accessed,
      creation, emodified)
  end
end

#commands ⇒ Object

List of supported commands.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb', line 36

def commands
  {
    "timestomp" => "Manipulate file MACE attributes"
  }
end

#name ⇒ Object

Name for this dispatcher.

# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb', line 45

def name
  "Priv: Timestomp"
end