Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::RegistrySubsystem::RemoteRegistryKey

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb

Overview

Class wrapper around a remote registry key on the remote side

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client, target_host, root_key, hkey) ⇒ RemoteRegistryKey

Initializes an instance of a registry key using the supplied properties and HKEY handle from the server.



26
27
28
29
30
31
32
33
34
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 26

def initialize(client, target_host, root_key, hkey)
  self.client   = client
  self.root_key = root_key
  self.target_host = target_host
  self.hkey     = hkey

  # Ensure the remote object is closed when all references are removed
  ObjectSpace.define_finalizer(self, self.class.finalize(client, hkey))
end

Instance Attribute Details

#clientObject (protected)

:nodoc:



200
201
202
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 200

def client
  @client
end

#hkeyObject

The open handle to the key on the server.



188
189
190
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 188

def hkey
  @hkey
end

#root_keyObject

The root key name, such as HKEY_LOCAL_MACHINE.



192
193
194
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 192

def root_key
  @root_key
end

#target_hostObject

The remote machine name, such as PDC01



196
197
198
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 196

def target_host
  @target_host
end

Class Method Details

.close(client, hkey) ⇒ Object

Closes the open key. This must be called if the registry key was opened.



120
121
122
123
124
125
126
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 120

def self.close(client, hkey)
  if hkey != nil
    return client.sys.registry.close_key(hkey)
  end

  return false
end

.finalize(client, hkey) ⇒ Object



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 36

def self.finalize(client, hkey)
  proc do
    # Schedule the finalizing logic out-of-band; as this logic might be called in the context of a Signal.trap, which can't synchronize mutexes
    client.framework.sessions.schedule do
      begin
        self.close(client, hkey)
      rescue => e
        elog("finalize method for RemoteRegistryKey failed", error: e)
      end
    end

    # Schedule the finalizing logic out-of-band; as this logic might be called in the context of a Signal.trap, which can't synchronize mutexes
    client.framework.sessions.schedule(deferred_close_proc)
  end
end

Instance Method Details

#closeObject

Instance method for the same



129
130
131
132
133
134
135
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 129

def close
  unless self.hkey.nil?
    ObjectSpace.undefine_finalizer(self)
    self.class.close(self.client, self.hkey)
    self.hkey = nil
  end
end

#create_key(base_key, perm = KEY_READ) ⇒ Object

Creates a registry key that is relative to this registry key.



105
106
107
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 105

def create_key(base_key, perm = KEY_READ)
  return self.client.sys.registry.create_key(self.hkey, base_key, perm)
end

#delete_key(base_key, recursive = true) ⇒ Object

Deletes a registry key that is relative to this registry key.



112
113
114
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 112

def delete_key(base_key, recursive = true)
  return self.client.sys.registry.delete_key(self.hkey, base_key, recursive)
end

#delete_value(name) ⇒ Object

Delete the supplied registry value.



168
169
170
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 168

def delete_value(name)
  return self.client.sys.registry.delete_value(self.hkey, name)
end

#each_key(&block) ⇒ Object

Enumerates all of the child keys within this registry key.



61
62
63
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 61

def each_key(&block)
  return enum_key.each(&block)
end

#each_value(&block) ⇒ Object

Enumerates all of the child values within this registry key.



68
69
70
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 68

def each_value(&block)
  return enum_value.each(&block)
end

#enum_keyObject

Retrieves all of the registry keys that are direct descendents of the class’ registry key.



76
77
78
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 76

def enum_key()
  return self.client.sys.registry.enum_key(self.hkey)
end

#enum_valueObject

Retrieves all of the registry values that exist within the opened registry key.



84
85
86
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 84

def enum_value()
  return self.client.sys.registry.enum_value(self.hkey)
end

#open_key(base_key, perm = KEY_READ) ⇒ Object

Opens a registry key that is relative to this registry key.



98
99
100
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 98

def open_key(base_key, perm = KEY_READ)
  return self.client.sys.registry.open_key(self.hkey, base_key, perm)
end

#query_classObject

Queries the class of the specified key



161
162
163
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 161

def query_class
  return self.client.sys.registry.query_class(self.hkey)
end

#query_value(name) ⇒ Object

Queries the attributes of the supplied registry value relative to the opened registry key.



154
155
156
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 154

def query_value(name)
  return self.client.sys.registry.query_value(self.hkey, name)
end

#set_value(name, type, data) ⇒ Object

Sets a value relative to the opened registry key.



146
147
148
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 146

def set_value(name, type, data)
  return self.client.sys.registry.set_value(self.hkey, name, type, data)
end

#to_sObject

Returns the path to the key.



181
182
183
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb', line 181

def to_s
  return "\\\\" + self.target_host + "\\" + self.root_key.to_s + "\\"
end