mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-03-24 18:16:24 +01:00
Refactor pymet wreg functions and reg decorator
This commit is contained in:
Spencer McIntyre
parent
974fcda43e
commit
71132cc00c
python/meterpreter
@ -886,7 +886,7 @@ def stdapi_sys_config_getenv(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_ENV_GROUP, pgroup)
|
response += tlv_pack(TLV_TYPE_ENV_GROUP, pgroup)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_config_getsid(request, response):
|
def stdapi_sys_config_getsid(request, response):
|
||||||
token = get_token_user(ctypes.windll.kernel32.GetCurrentProcess())
|
token = get_token_user(ctypes.windll.kernel32.GetCurrentProcess())
|
||||||
if not token:
|
if not token:
|
||||||
@ -1129,7 +1129,7 @@ def stdapi_sys_process_get_processes(request, response):
|
|||||||
return stdapi_sys_process_get_processes_via_ps(request, response)
|
return stdapi_sys_process_get_processes_via_ps(request, response)
|
||||||
return ERROR_FAILURE, response
|
return ERROR_FAILURE, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_eventlog_open(request, response):
|
def stdapi_sys_eventlog_open(request, response):
|
||||||
source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
|
source_name = packet_get_tlv(request, TLV_TYPE_EVENT_SOURCENAME)['value']
|
||||||
handle = ctypes.windll.advapi32.OpenEventLogW(None, source_name)
|
handle = ctypes.windll.advapi32.OpenEventLogW(None, source_name)
|
||||||
@ -1138,7 +1138,7 @@ def stdapi_sys_eventlog_open(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_EVENT_HANDLE, handle)
|
response += tlv_pack(TLV_TYPE_EVENT_HANDLE, handle)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_eventlog_read(request, response):
|
def stdapi_sys_eventlog_read(request, response):
|
||||||
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
||||||
flags = packet_get_tlv(request, TLV_TYPE_EVENT_READFLAGS)['value']
|
flags = packet_get_tlv(request, TLV_TYPE_EVENT_READFLAGS)['value']
|
||||||
@ -1164,14 +1164,14 @@ def stdapi_sys_eventlog_read(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_EVENT_STRING, event_string)
|
response += tlv_pack(TLV_TYPE_EVENT_STRING, event_string)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_eventlog_clear(request, response):
|
def stdapi_sys_eventlog_clear(request, response):
|
||||||
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
||||||
if not ctypes.windll.advapi32.ClearEventLogW(handle, None):
|
if not ctypes.windll.advapi32.ClearEventLogW(handle, None):
|
||||||
return error_result_windows(), response
|
return error_result_windows(), response
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_eventlog_numrecords(request, response):
|
def stdapi_sys_eventlog_numrecords(request, response):
|
||||||
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
||||||
total = ctypes.c_ulong(0)
|
total = ctypes.c_ulong(0)
|
||||||
@ -1180,7 +1180,7 @@ def stdapi_sys_eventlog_numrecords(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_EVENT_NUMRECORDS, total.value)
|
response += tlv_pack(TLV_TYPE_EVENT_NUMRECORDS, total.value)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_eventlog_oldest(request, response):
|
def stdapi_sys_eventlog_oldest(request, response):
|
||||||
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
||||||
oldest = ctypes.c_ulong(0)
|
oldest = ctypes.c_ulong(0)
|
||||||
@ -1189,7 +1189,7 @@ def stdapi_sys_eventlog_oldest(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, oldest)
|
response += tlv_pack(TLV_TYPE_EVENT_RECORDNUMBER, oldest)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_sys_eventlog_close(request, response):
|
def stdapi_sys_eventlog_close(request, response):
|
||||||
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
handle = packet_get_tlv(request, TLV_TYPE_EVENT_HANDLE)['value']
|
||||||
if not ctypes.windll.advapi32.CloseEventLogW(handle):
|
if not ctypes.windll.advapi32.CloseEventLogW(handle):
|
||||||
@ -1353,7 +1353,7 @@ def stdapi_fs_stat(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_STAT_BUF, st_buf)
|
response += tlv_pack(TLV_TYPE_STAT_BUF, st_buf)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_fs_mount_show(request, response):
|
def stdapi_fs_mount_show(request, response):
|
||||||
try:
|
try:
|
||||||
from string import uppercase as letters
|
from string import uppercase as letters
|
||||||
@ -1613,7 +1613,7 @@ def stdapi_net_config_get_interfaces_via_windll_mib():
|
|||||||
interfaces.append(iface_info)
|
interfaces.append(iface_info)
|
||||||
return interfaces
|
return interfaces
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_net_config_get_proxy(request, response):
|
def stdapi_net_config_get_proxy(request, response):
|
||||||
winhttp = ctypes.windll.winhttp
|
winhttp = ctypes.windll.winhttp
|
||||||
proxyConfig = WINHTTP_CURRENT_USER_IE_PROXY_CONFIG()
|
proxyConfig = WINHTTP_CURRENT_USER_IE_PROXY_CONFIG()
|
||||||
@ -1802,7 +1802,7 @@ def _win_memwrite(address, data, handle=-1):
|
|||||||
return None
|
return None
|
||||||
return written.value
|
return written.value
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_railgun_api(request, response):
|
def stdapi_railgun_api(request, response):
|
||||||
size_out = packet_get_tlv(request, TLV_TYPE_RAILGUN_SIZE_OUT)['value']
|
size_out = packet_get_tlv(request, TLV_TYPE_RAILGUN_SIZE_OUT)['value']
|
||||||
stack_blob = packet_get_tlv(request, TLV_TYPE_RAILGUN_STACKBLOB)['value']
|
stack_blob = packet_get_tlv(request, TLV_TYPE_RAILGUN_STACKBLOB)['value']
|
||||||
@ -1876,14 +1876,14 @@ def stdapi_railgun_api(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT, ctarray_to_bytes(buff_blob_inout))
|
response += tlv_pack(TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT, ctarray_to_bytes(buff_blob_inout))
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_railgun_api_multi(request, response):
|
def stdapi_railgun_api_multi(request, response):
|
||||||
for group_tlv in packet_enum_tlvs(request, tlv_type=TLV_TYPE_RAILGUN_MULTI_GROUP):
|
for group_tlv in packet_enum_tlvs(request, tlv_type=TLV_TYPE_RAILGUN_MULTI_GROUP):
|
||||||
group_result = stdapi_railgun_api(group_tlv['value'], bytes())[1]
|
group_result = stdapi_railgun_api(group_tlv['value'], bytes())[1]
|
||||||
response += tlv_pack(TLV_TYPE_RAILGUN_MULTI_GROUP, group_result)
|
response += tlv_pack(TLV_TYPE_RAILGUN_MULTI_GROUP, group_result)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function
|
@meterpreter.register_function_if(sys.platform.startswith('linux') or has_windll)
|
||||||
def stdapi_railgun_memread(request, response):
|
def stdapi_railgun_memread(request, response):
|
||||||
address = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_ADDRESS)['value']
|
address = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_ADDRESS)['value']
|
||||||
length = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_LENGTH)['value']
|
length = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_LENGTH)['value']
|
||||||
@ -1898,7 +1898,7 @@ def stdapi_railgun_memread(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_RAILGUN_MEM_DATA, result)
|
response += tlv_pack(TLV_TYPE_RAILGUN_MEM_DATA, result)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function
|
@meterpreter.register_function_if(sys.platform.startswith('linux') or has_windll)
|
||||||
def stdapi_railgun_memwrite(request, response):
|
def stdapi_railgun_memwrite(request, response):
|
||||||
address = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_ADDRESS)['value']
|
address = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_ADDRESS)['value']
|
||||||
data = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_DATA)['value']
|
data = packet_get_tlv(request, TLV_TYPE_RAILGUN_MEM_DATA)['value']
|
||||||
@ -1916,12 +1916,12 @@ def stdapi_railgun_memwrite(request, response):
|
|||||||
def _wreg_close_key(hkey):
|
def _wreg_close_key(hkey):
|
||||||
ctypes.windll.advapi32.RegCloseKey(hkey)
|
ctypes.windll.advapi32.RegCloseKey(hkey)
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_close_key(request, response):
|
def stdapi_registry_close_key(request, response):
|
||||||
_wreg_close_key(packet_get_tlv(request, TLV_TYPE_HKEY)['value'])
|
_wreg_close_key(packet_get_tlv(request, TLV_TYPE_HKEY)['value'])
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_create_key(request, response):
|
def stdapi_registry_create_key(request, response):
|
||||||
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
||||||
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
||||||
@ -1933,7 +1933,7 @@ def stdapi_registry_create_key(request, response):
|
|||||||
response += tlv_pack(TLV_TYPE_HKEY, res_key.value)
|
response += tlv_pack(TLV_TYPE_HKEY, res_key.value)
|
||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_delete_key(request, response):
|
def stdapi_registry_delete_key(request, response):
|
||||||
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
||||||
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
||||||
@ -1945,7 +1945,7 @@ def stdapi_registry_delete_key(request, response):
|
|||||||
result = ctypes.windll.advapi32.RegDeleteKeyA(root_key, ctypes.byref(base_key))
|
result = ctypes.windll.advapi32.RegDeleteKeyA(root_key, ctypes.byref(base_key))
|
||||||
return result, response
|
return result, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_delete_value(request, response):
|
def stdapi_registry_delete_value(request, response):
|
||||||
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
||||||
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
||||||
@ -1977,12 +1977,12 @@ def _wreg_enum_key(request, response, hkey):
|
|||||||
index += 1
|
index += 1
|
||||||
return result, response
|
return result, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_enum_key(request, response):
|
def stdapi_registry_enum_key(request, response):
|
||||||
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
||||||
return _wreg_enum_key(request, response, hkey)
|
return _wreg_enum_key(request, response, hkey)
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_enum_key_direct(request, response):
|
def stdapi_registry_enum_key_direct(request, response):
|
||||||
err, hkey = _wreg_open_key(request)
|
err, hkey = _wreg_open_key(request)
|
||||||
if err != ERROR_SUCCESS:
|
if err != ERROR_SUCCESS:
|
||||||
@ -2017,12 +2017,12 @@ def _wreg_enum_value(request, response, hkey):
|
|||||||
index += 1
|
index += 1
|
||||||
return result, response
|
return result, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_enum_value(request, response):
|
def stdapi_registry_enum_value(request, response):
|
||||||
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
||||||
return _wreg_enum_value(request, response, hkey)
|
return _wreg_enum_value(request, response, hkey)
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_enum_value_direct(request, response):
|
def stdapi_registry_enum_value_direct(request, response):
|
||||||
err, hkey = _wreg_open_key(request)
|
err, hkey = _wreg_open_key(request)
|
||||||
if err != ERROR_SUCCESS:
|
if err != ERROR_SUCCESS:
|
||||||
@ -2031,7 +2031,7 @@ def stdapi_registry_enum_value_direct(request, response):
|
|||||||
_wreg_close_key(hkey)
|
_wreg_close_key(hkey)
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_load_key(request, response):
|
def stdapi_registry_load_key(request, response):
|
||||||
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)
|
||||||
sub_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)
|
sub_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)
|
||||||
@ -2049,36 +2049,7 @@ def _wreg_open_key(request):
|
|||||||
return error_result_windows(), 0
|
return error_result_windows(), 0
|
||||||
return ERROR_SUCCESS, handle_id.value
|
return ERROR_SUCCESS, handle_id.value
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
def _wreg_query_value(request, response, hkey):
|
||||||
def stdapi_registry_open_key(request, response):
|
|
||||||
err, hkey = _wreg_open_key(request)
|
|
||||||
if err != ERROR_SUCCESS:
|
|
||||||
return err, response
|
|
||||||
response += tlv_pack(TLV_TYPE_HKEY, hkey)
|
|
||||||
return ERROR_SUCCESS, response
|
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
|
||||||
def stdapi_registry_open_remote_key(request, response):
|
|
||||||
target_host = packet_get_tlv(request, TLV_TYPE_TARGET_HOST)['value']
|
|
||||||
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
|
||||||
result_key = ctypes.c_void_p()
|
|
||||||
if ctypes.windll.advapi32.RegConnectRegistry(target_host, root_key, ctypes.byref(result_key)) != ERROR_SUCCESS:
|
|
||||||
return error_result_windows(), response
|
|
||||||
response += tlv_pack(TLV_TYPE_HKEY, result_key.value)
|
|
||||||
return ERROR_SUCCESS, response
|
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
|
||||||
def stdapi_registry_query_class(request, response):
|
|
||||||
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
|
||||||
value_data = (ctypes.c_char * 4096)()
|
|
||||||
value_data_sz = ctypes.c_uint32()
|
|
||||||
value_data_sz.value = ctypes.sizeof(value_data)
|
|
||||||
if ctypes.windll.advapi32.RegQueryInfoKeyA(hkey, value_data, ctypes.byref(value_data_sz), None, None, None, None, None, None, None, None, None) != ERROR_SUCCESS:
|
|
||||||
return error_result_windows(), response
|
|
||||||
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data))
|
|
||||||
return ERROR_SUCCESS, response
|
|
||||||
|
|
||||||
def _query_value(request, response, hkey):
|
|
||||||
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
||||||
value_name = ctypes.create_string_buffer(bytes(value_name, 'UTF-8'))
|
value_name = ctypes.create_string_buffer(bytes(value_name, 'UTF-8'))
|
||||||
value_type = ctypes.c_uint32()
|
value_type = ctypes.c_uint32()
|
||||||
@ -2104,21 +2075,7 @@ def _query_value(request, response, hkey):
|
|||||||
return ERROR_SUCCESS, response
|
return ERROR_SUCCESS, response
|
||||||
return error_result_windows(), response
|
return error_result_windows(), response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
def _wreg_set_value(request, response, hkey):
|
||||||
def stdapi_registry_query_value(request, response):
|
|
||||||
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
|
||||||
return _query_value(request, response, hkey)
|
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
|
||||||
def stdapi_registry_query_value_direct(request, response):
|
|
||||||
err, hkey = _wreg_open_key(request)
|
|
||||||
if err != ERROR_SUCCESS:
|
|
||||||
return err, response
|
|
||||||
ret = _query_value(request, response, hkey)
|
|
||||||
_wreg_close_key(hkey)
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def _set_value(request, response, hkey):
|
|
||||||
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
value_name = packet_get_tlv(request, TLV_TYPE_VALUE_NAME)['value']
|
||||||
value_name = ctypes.create_string_buffer(bytes(value_name, 'UTF-8'))
|
value_name = ctypes.create_string_buffer(bytes(value_name, 'UTF-8'))
|
||||||
value_type = packet_get_tlv(request, TLV_TYPE_VALUE_TYPE)['value']
|
value_type = packet_get_tlv(request, TLV_TYPE_VALUE_TYPE)['value']
|
||||||
@ -2126,28 +2083,71 @@ def _set_value(request, response, hkey):
|
|||||||
result = ctypes.windll.advapi32.RegSetValueExA(hkey, ctypes.byref(value_name), 0, value_type, value_data, len(value_data))
|
result = ctypes.windll.advapi32.RegSetValueExA(hkey, ctypes.byref(value_name), 0, value_type, value_data, len(value_data))
|
||||||
return result, response
|
return result, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
|
def stdapi_registry_open_key(request, response):
|
||||||
|
err, hkey = _wreg_open_key(request)
|
||||||
|
if err != ERROR_SUCCESS:
|
||||||
|
return err, response
|
||||||
|
response += tlv_pack(TLV_TYPE_HKEY, hkey)
|
||||||
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
|
@meterpreter.register_function_if(has_windll)
|
||||||
|
def stdapi_registry_open_remote_key(request, response):
|
||||||
|
target_host = packet_get_tlv(request, TLV_TYPE_TARGET_HOST)['value']
|
||||||
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
||||||
|
result_key = ctypes.c_void_p()
|
||||||
|
if ctypes.windll.advapi32.RegConnectRegistry(target_host, root_key, ctypes.byref(result_key)) != ERROR_SUCCESS:
|
||||||
|
return error_result_windows(), response
|
||||||
|
response += tlv_pack(TLV_TYPE_HKEY, result_key.value)
|
||||||
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
|
@meterpreter.register_function_if(has_windll)
|
||||||
|
def stdapi_registry_query_class(request, response):
|
||||||
|
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
||||||
|
value_data = (ctypes.c_char * 4096)()
|
||||||
|
value_data_sz = ctypes.c_uint32()
|
||||||
|
value_data_sz.value = ctypes.sizeof(value_data)
|
||||||
|
if ctypes.windll.advapi32.RegQueryInfoKeyA(hkey, value_data, ctypes.byref(value_data_sz), None, None, None, None, None, None, None, None, None) != ERROR_SUCCESS:
|
||||||
|
return error_result_windows(), response
|
||||||
|
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data))
|
||||||
|
return ERROR_SUCCESS, response
|
||||||
|
|
||||||
|
@meterpreter.register_function_if(has_windll)
|
||||||
|
def stdapi_registry_query_value(request, response):
|
||||||
|
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
||||||
|
return _wreg_query_value(request, response, hkey)
|
||||||
|
|
||||||
|
@meterpreter.register_function_if(has_windll)
|
||||||
|
def stdapi_registry_query_value_direct(request, response):
|
||||||
|
err, hkey = _wreg_open_key(request)
|
||||||
|
if err != ERROR_SUCCESS:
|
||||||
|
return err, response
|
||||||
|
ret = _wreg_query_value(request, response, hkey)
|
||||||
|
_wreg_close_key(hkey)
|
||||||
|
return ret
|
||||||
|
|
||||||
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_set_value(request, response):
|
def stdapi_registry_set_value(request, response):
|
||||||
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
hkey = packet_get_tlv(request, TLV_TYPE_HKEY)['value']
|
||||||
return _set_value(request, response, hkey)
|
return _wreg_set_value(request, response, hkey)
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_set_value_direct(request, response):
|
def stdapi_registry_set_value_direct(request, response):
|
||||||
err, hkey = _wreg_open_key(request)
|
err, hkey = _wreg_open_key(request)
|
||||||
if err != ERROR_SUCCESS:
|
if err != ERROR_SUCCESS:
|
||||||
return err, response
|
return err, response
|
||||||
ret = _set_value(request, response, hkey)
|
ret = _wreg_set_value(request, response, hkey)
|
||||||
_wreg_close_key(hkey)
|
_wreg_close_key(hkey)
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_registry_unload_key(request, response):
|
def stdapi_registry_unload_key(request, response):
|
||||||
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
|
||||||
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
base_key = packet_get_tlv(request, TLV_TYPE_BASE_KEY)['value']
|
||||||
result = ctypes.windll.advapi32.RegUnLoadKeyA(root_key, base_key)
|
result = ctypes.windll.advapi32.RegUnLoadKeyA(root_key, base_key)
|
||||||
return result, response
|
return result, response
|
||||||
|
|
||||||
@meterpreter.register_function_windll
|
@meterpreter.register_function_if(has_windll)
|
||||||
def stdapi_ui_get_idle_time(request, response):
|
def stdapi_ui_get_idle_time(request, response):
|
||||||
GetLastInputInfo = ctypes.windll.user32.GetLastInputInfo
|
GetLastInputInfo = ctypes.windll.user32.GetLastInputInfo
|
||||||
GetLastInputInfo.argtypes = [ctypes.c_void_p]
|
GetLastInputInfo.argtypes = [ctypes.c_void_p]
|
||||||
|
|||||||
@ -746,6 +746,12 @@ class PythonMeterpreter(object):
|
|||||||
self.extension_functions[func.__name__] = func
|
self.extension_functions[func.__name__] = func
|
||||||
return func
|
return func
|
||||||
|
|
||||||
|
def register_function_if(self, condition):
|
||||||
|
if condition:
|
||||||
|
return self.register_function
|
||||||
|
else:
|
||||||
|
return lambda function: function
|
||||||
|
|
||||||
def register_function_windll(self, func):
|
def register_function_windll(self, func):
|
||||||
if has_windll:
|
if has_windll:
|
||||||
self.register_function(func)
|
self.register_function(func)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user