Patch meterpreter's sysinfo command to resolve the system language and architecture.

git-svn-id: file:///home/svn/framework3/trunk@7028 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-05 14:57:30 +01:00 · 2009-09-10 13:09:48 +00:00 · 2009-09-10 13:09:48 +00:00 · 1937839e79
commit 1937839e79
parent 782f830abf
9 changed files with 64 additions and 6 deletions
--- a/data/meterpreter/ext_server_stdapi.dll
+++ b/data/meterpreter/ext_server_stdapi.dll
--- a/data/meterpreter/ext_server_stdapi.x64.dll
+++ b/data/meterpreter/ext_server_stdapi.x64.dll
--- a/data/meterpreter/metsrv.dll
+++ b/data/meterpreter/metsrv.dll
--- a/data/meterpreter/metsrv.x64.dll
+++ b/data/meterpreter/metsrv.x64.dll
--- a/external/source/meterpreter/source/extensions/stdapi/server/sys/config/config.c
+++ b/external/source/meterpreter/source/extensions/stdapi/server/sys/config/config.c
@ -130,6 +130,11 @@ DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet)
 		
 		if (!osName)
 			osName = "Unknown";
+		
+		_snprintf(buf, sizeof(buf) - 1, "%s (Build %lu, %s).", osName, 
+				v.dwBuildNumber, v.szCSDVersion, osArch, osWow );
+
+		packet_add_tlv_string(response, TLV_TYPE_OS_NAME, buf);

 		// sf: we dynamically retrieve GetNativeSystemInfo & IsWow64Process as NT and 2000 dont support it.
 		hKernel32 = LoadLibraryA( "kernel32.dll" );
@ -173,11 +178,48 @@ DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet)
 		if( !osWow )
 			osWow = "";

-		_snprintf(buf, sizeof(buf) - 1, "%s (Build %lu, %s) %s%s.", osName, 
-				v.dwBuildNumber, v.szCSDVersion, osArch, osWow );
+		_snprintf( buf, sizeof(buf) - 1, "%s%s", osArch, osWow );
+		packet_add_tlv_string(response, TLV_TYPE_ARCHITECTURE, buf);

-		packet_add_tlv_string(response, TLV_TYPE_OS_NAME, buf);
+		if( hKernel32 )
+		{
+			char * ctryname = NULL, * langname = NULL;
+			typedef LANGID (WINAPI * GETSYSTEMDEFAULTLANGID)( VOID );
+			GETSYSTEMDEFAULTLANGID pGetSystemDefaultLangID = (GETSYSTEMDEFAULTLANGID)GetProcAddress( hKernel32, "GetSystemDefaultLangID" );
+			if( pGetSystemDefaultLangID )
+			{
+				LANGID langId = pGetSystemDefaultLangID();

+				int len = GetLocaleInfo( langId, LOCALE_SISO3166CTRYNAME, 0, 0 );
+				if( len > 0 )
+				{
+					ctryname = (char *)malloc( len );
+					GetLocaleInfo( langId, LOCALE_SISO3166CTRYNAME, ctryname, len ); 
+				}
+				
+				len = GetLocaleInfo( langId, LOCALE_SISO639LANGNAME, 0, 0 );
+				if( len > 0 )
+				{
+					langname = (char *)malloc( len );
+					GetLocaleInfo( langId, LOCALE_SISO639LANGNAME, langname, len ); 
+				}
+			}
+
+			if( !ctryname || !langname )
+				_snprintf( buf, sizeof(buf) - 1, "Unknown");
+			else
+				_snprintf( buf, sizeof(buf) - 1, "%s_%s", langname, ctryname );
+				
+			packet_add_tlv_string( response, TLV_TYPE_LANG_SYSTEM, buf );
+
+			if( ctryname )
+				free( ctryname );
+
+			if( langname )
+				free( langname );
+		}
+
+			
 	} while (0);

 	// Transmit the response
@ -186,6 +228,7 @@ DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet)
 	return res;
 }

+
 /*
 * sys_config_rev2self
 *
--- a/external/source/meterpreter/source/extensions/stdapi/stdapi.h
+++ b/external/source/meterpreter/source/extensions/stdapi/stdapi.h
@ -287,7 +287,16 @@
 				TLV_META_TYPE_STRING,      \
 				TLV_TYPE_EXTENSION_STDAPI, \
 				1042)
-
+#define TLV_TYPE_ARCHITECTURE             \
+		MAKE_CUSTOM_TLV(                 \
+				TLV_META_TYPE_STRING,      \
+				TLV_TYPE_EXTENSION_STDAPI, \
+				1043)
+#define TLV_TYPE_LANG_SYSTEM             \
+		MAKE_CUSTOM_TLV(                 \
+				TLV_META_TYPE_STRING,      \
+				TLV_TYPE_EXTENSION_STDAPI, \
+				1044)
 // Net
 #define TLV_TYPE_HOST_NAME             \
 		MAKE_CUSTOM_TLV(                 \
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb
@ -41,8 +41,10 @@ class Config
 		response = client.send_request(request)

 		{
-			'Computer' => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
-			'OS'       => response.get_tlv_value(TLV_TYPE_OS_NAME),
+			'Computer'        => response.get_tlv_value(TLV_TYPE_COMPUTER_NAME),
+			'OS'              => response.get_tlv_value(TLV_TYPE_OS_NAME),
+			'Architecture'    => response.get_tlv_value(TLV_TYPE_ARCHITECTURE),
+			'System Language' => response.get_tlv_value(TLV_TYPE_LANG_SYSTEM),
 		}
 	end

--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@ -85,6 +85,8 @@ TLV_TYPE_VALUE_DATA         = TLV_META_TYPE_RAW     | 1012
 TLV_TYPE_COMPUTER_NAME      = TLV_META_TYPE_STRING  | 1040
 TLV_TYPE_OS_NAME            = TLV_META_TYPE_STRING  | 1041
 TLV_TYPE_USER_NAME          = TLV_META_TYPE_STRING  | 1042
+TLV_TYPE_ARCHITECTURE       = TLV_META_TYPE_STRING  | 1043
+TLV_TYPE_LANG_SYSTEM        = TLV_META_TYPE_STRING  | 1044

 DELETE_KEY_FLAG_RECURSIVE   = (1 << 0)

--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@ -368,6 +368,8 @@ class Console::CommandDispatcher::Stdapi::Sys

 		print_line("Computer: " + info['Computer'])
 		print_line("OS      : " + info['OS'])
+		print_line("Arch    : " + info['Architecture'])
+		print_line("Language: " + info['System Language'])

 		return true
 	end