Class: Rex::Post::Meterpreter::Extensions::Stdapi::Net::Config

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/net/config.rb

Overview

This class provides an interface to the network configuration that exists on the remote machine, such as interfaces, and routes.

Instance Method Summary collapse

Constructor Details

#initialize(client) ⇒ Config

Initializes a Config instance that is used to get information about the network configuration of the remote machine.


35
36
37
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 35

def initialize(client)
  self.client = client
end

Instance Method Details

#add_route(subnet, netmask, gateway) ⇒ Object

Adds a route to the target machine.


205
206
207
208
209
210
211
212
213
214
215
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 205

def add_route(subnet, netmask, gateway)
  request = Packet.create_request('stdapi_net_config_add_route')

  request.add_tlv(TLV_TYPE_SUBNET_STRING, subnet)
  request.add_tlv(TLV_TYPE_NETMASK_STRING, netmask)
  request.add_tlv(TLV_TYPE_GATEWAY_STRING, gateway)

  response = client.send_request(request)

  return true
end

#each_interface(&block) ⇒ Object

Enumerates each interface.


48
49
50
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 48

def each_interface(&block)
  get_interfaces().each(&block)
end

#each_route(&block) ⇒ Object

Enumerates each route.


173
174
175
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 173

def each_route(&block)
  get_routes().each(&block)
end

#get_arp_tableObject Also known as: arp_table

Returns an array of arp entries with each element being an Arp.


150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 150

def get_arp_table
  request = Packet.create_request('stdapi_net_config_get_arp_table')
              arps  = []

  response = client.send_request(request)

  # Build out the array of arp
  response.each(TLV_TYPE_ARP_ENTRY) { |arp|
    arps << Arp.new(
        :ip_addr   => arp.get_tlv_value(TLV_TYPE_IP),
        :mac_addr  => arp.get_tlv_value(TLV_TYPE_MAC_ADDRESS),
        :interface => arp.get_tlv_value(TLV_TYPE_MAC_NAME)
        )
  }

  return arps
end

#get_interfacesArray<Interface> Also known as: interfaces

Returns an array of network interfaces with each element.

Returns:


55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 55

def get_interfaces
  request = Packet.create_request('stdapi_net_config_get_interfaces')
  ifaces  = []

  response = client.send_request(request)

  response.each(TLV_TYPE_NETWORK_INTERFACE) { |iface|
    addrs = []
    netmasks = []
    scopes = []
    while (a = iface.get_tlv_value(TLV_TYPE_IP, addrs.length))
      # Netmasks aren't tightly associated with addresses, they're
      # just thrown all together in the interface TLV ordered to
      # match up. This could be done better by creating another
      # GroupTlv type for addresses containing an address, a netmask,
      # and possibly a scope.
      n = iface.get_tlv_value(TLV_TYPE_NETMASK, addrs.length)
      if (n.nil?)
        # Some systems can't report a netmask, only a network
        # prefix, so figure out the netmask from that.
        n = iface.get_tlv_value(TLV_TYPE_IP_PREFIX, addrs.length)
        if n
          n = Rex::Socket.bit2netmask(n, !!(a.length == 16))
        end
      else
        n = Rex::Socket.addr_ntoa(n)
      end
      s = iface.get_tlv_value(TLV_TYPE_IP6_SCOPE, addrs.length)
      scopes[addrs.length] = s if s
      netmasks[addrs.length] = n if n
      addrs << Rex::Socket.addr_ntoa(a)
    end
    ifaces << Interface.new(
        :index    => iface.get_tlv_value(TLV_TYPE_INTERFACE_INDEX),
        :mac_addr => iface.get_tlv_value(TLV_TYPE_MAC_ADDRESS),
        :mac_name => iface.get_tlv_value(TLV_TYPE_MAC_NAME),
        :mtu      => iface.get_tlv_value(TLV_TYPE_INTERFACE_MTU),
        :flags    => iface.get_tlv_value(TLV_TYPE_INTERFACE_FLAGS),
        :addrs    => addrs,
        :netmasks => netmasks,
        :scopes   => scopes
      )
  }

  return ifaces
end

#get_netstatObject Also known as: netstat

Returns an array of network connection entries with each element being a Netstat.


114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 114

def get_netstat
  request = Packet.create_request('stdapi_net_config_get_netstat')
              netstat  = []

  response = client.send_request(request)

  # Build out the array of netstat
  response.each(TLV_TYPE_NETSTAT_ENTRY) { |connection|
    netstat << Netstat.new(
                    :local_addr   => connection.get_tlv_value(TLV_TYPE_LOCAL_HOST_RAW),
        :remote_addr  => connection.get_tlv_value(TLV_TYPE_PEER_HOST_RAW),
        :local_port   => connection.get_tlv_value(TLV_TYPE_LOCAL_PORT),
        :remote_port  => connection.get_tlv_value(TLV_TYPE_PEER_PORT),
        :protocol     => connection.get_tlv_value(TLV_TYPE_MAC_NAME), # tcp/tcp6/udp/udp6
        :state        => connection.get_tlv_value(TLV_TYPE_SUBNET_STRING),
        :uid          => connection.get_tlv_value(TLV_TYPE_PID),
        :inode        => connection.get_tlv_value(TLV_TYPE_ROUTE_METRIC),
        :pid_name     => connection.get_tlv_value(TLV_TYPE_PROCESS_NAME)
        )
  }

  return netstat
end

#get_proxy_configObject

Get's the current proxy configuration


235
236
237
238
239
240
241
242
243
244
245
246
247
248
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 235

def get_proxy_config()
  request = Packet.create_request('stdapi_net_config_get_proxy')

  response = client.send_request(request)

  proxy_config = {
    :autodetect    => response.get_tlv_value(TLV_TYPE_PROXY_CFG_AUTODETECT),
    :autoconfigurl => response.get_tlv_value(TLV_TYPE_PROXY_CFG_AUTOCONFIGURL),
    :proxy         => response.get_tlv_value(TLV_TYPE_PROXY_CFG_PROXY),
    :proxybypass   => response.get_tlv_value(TLV_TYPE_PROXY_CFG_PROXYBYPASS)
  }

  return proxy_config
end

#get_routesObject Also known as: routes

Returns an array of routes with each element being a Route.


180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 180

def get_routes
  request = Packet.create_request('stdapi_net_config_get_routes')
  routes  = []

  response = client.send_request(request)

  # Build out the array of routes
  # Note: This will include both IPv4 and IPv6 routes
  response.each(TLV_TYPE_NETWORK_ROUTE) { |route|
    routes << Route.new(
        route.get_tlv_value(TLV_TYPE_SUBNET),
        route.get_tlv_value(TLV_TYPE_NETMASK),
        route.get_tlv_value(TLV_TYPE_GATEWAY),
        route.get_tlv_value(TLV_TYPE_STRING),
        route.get_tlv_value(TLV_TYPE_ROUTE_METRIC))
  }

  return routes
end

#remove_route(subnet, netmask, gateway) ⇒ Object

Removes a route from the target machine.


220
221
222
223
224
225
226
227
228
229
230
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/config.rb', line 220

def remove_route(subnet, netmask, gateway)
  request = Packet.create_request('stdapi_net_config_remove_route')

  request.add_tlv(TLV_TYPE_SUBNET_STRING, subnet)
  request.add_tlv(TLV_TYPE_NETMASK_STRING, netmask)
  request.add_tlv(TLV_TYPE_GATEWAY_STRING, gateway)

  response = client.send_request(request)

  return true
end