Class: Rex::Post::Meterpreter::Extensions::Extapi::Wmi::Wmi

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb

Overview

This meterpreter extension contains extended API functions for performing WMI queries.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Wmi


18
19
20
# File 'lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb', line 18

def initialize(client)
  @client = client
end

Instance Attribute Details

#clientObject

Returns the value of attribute client


70
71
72
# File 'lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb', line 70

def client
  @client
end

Instance Method Details

#query(query, root = nil) ⇒ Object

Perform a generic wmi query against the target machine.


31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# File 'lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb', line 31

def query(query, root = nil)
  request = Packet.create_request('extapi_wmi_query')

  request.add_tlv(TLV_TYPE_EXT_WMI_DOMAIN, root) unless root.blank?
  request.add_tlv(TLV_TYPE_EXT_WMI_QUERY, query)

  response = client.send_request(request)

  # Bomb out with the right error messa
  error_msg = response.get_tlv_value(TLV_TYPE_EXT_WMI_ERROR)
  raise error_msg if error_msg

  fields = []
  fields_tlv = response.get_tlv(TLV_TYPE_EXT_WMI_FIELDS)

  # If we didn't get any fields back, then we didn't get any results.
  # The reason is because without results, we don't know which fields
  # were requested in the first place
  return nil unless fields_tlv

  fields_tlv.each(TLV_TYPE_EXT_WMI_FIELD) { |f|
    fields << f.value
  }

  values = []
  response.each(TLV_TYPE_EXT_WMI_VALUES) { |r|
    value = []
    r.each(TLV_TYPE_EXT_WMI_VALUE) { |v|
      value << v.value
    }
    values << value
  }

  return {
    :fields  => fields,
    :values => values
  }
end