Add machine ID support to the Win32 side

2025-01-02 11:36:22 +01:00 · 2015-04-01 14:29:44 +10:00 · 2015-04-01 14:29:44 +10:00 · 94897b7331
commit 94897b7331
parent e2338709aa
3 changed files with 40 additions and 1 deletions
--- a/c/meterpreter/source/common/common.h
+++ b/c/meterpreter/source/common/common.h
@ -216,7 +216,7 @@ static _inline void real_dprintf(char *format, ...)
 {
 	va_list args;
 	char buffer[1024];
-	int len;
+	size_t len;
 	_snprintf_s(buffer, sizeof(buffer), sizeof(buffer)-1, "[%x] ", GetCurrentThreadId());
 	len = strlen(buffer);
 	va_start(args, format);
--- a/c/meterpreter/source/common/core.h
+++ b/c/meterpreter/source/common/core.h
@ -148,6 +148,9 @@ typedef enum
 	TLV_TYPE_TRANSPORT_TYPE      = TLV_VALUE(TLV_META_TYPE_UINT,      430),   ///! Represents the type of transport to switch to.
 	TLV_TYPE_TRANSPORT_URL       = TLV_VALUE(TLV_META_TYPE_STRING,    431),   ///! Represents the new URL of the transport to use.

+	// session/machine identification
+	TLV_TYPE_MACHINE_ID          = TLV_VALUE(TLV_META_TYPE_STRING,    460),   ///! Represents a machine identifier.
+
 	// Cryptography
 	TLV_TYPE_CIPHER_NAME         = TLV_VALUE(TLV_META_TYPE_STRING,    500),   ///! Represents the name of a cipher.
 	TLV_TYPE_CIPHER_PARAMETERS   = TLV_VALUE(TLV_META_TYPE_GROUP,     501),   ///! Represents parameters for a cipher.
--- a/c/meterpreter/source/server/remote_dispatch_common.c
+++ b/c/meterpreter/source/server/remote_dispatch_common.c
@ -8,12 +8,14 @@ extern HINSTANCE hAppInstance;
 PLIST gExtensionList = NULL;

 DWORD request_core_enumextcmd(Remote* pRemote, Packet* pPacket);
+DWORD request_core_machine_id(Remote* pRemote, Packet* pPacket);

 // Dispatch table
 Command customCommands[] = 
 {
 	COMMAND_REQ("core_loadlib", request_core_loadlib),
 	COMMAND_REQ("core_enumextcmd", request_core_enumextcmd),
+	COMMAND_REQ("core_machine_id", request_core_machine_id),
 	COMMAND_TERMINATOR
 };

@ -45,6 +47,40 @@ BOOL ext_cmd_callback(LPVOID pState, LPVOID pData)
 	return FALSE;
 }

+DWORD request_core_machine_id(Remote* pRemote, Packet* pPacket)
+{
+	DWORD res = ERROR_SUCCESS;
+	Packet* pResponse = packet_create_response(pPacket);
+
+	if (pResponse)
+	{
+#ifdef _WIN32
+		wchar_t buffer[MAX_PATH];
+		if (GetSystemDirectory(buffer, MAX_PATH) != 0)
+		{
+			wchar_t computerName[MAX_PATH];
+			DWORD computerNameSize = MAX_PATH;
+			DWORD serialNumber;
+			wchar_t* backslash = wcschr(buffer, L'\\');
+			*(backslash + 1) = L'\0';
+
+			GetVolumeInformation(buffer, NULL, 0, &serialNumber, NULL, 0, NULL, 0);
+
+			GetComputerName(computerName, &computerNameSize);
+
+			_snwprintf_s(buffer, MAX_PATH, MAX_PATH - 1, L"%04x-%04x:%s", HIWORD(serialNumber), LOWORD(serialNumber), computerName);
+			packet_add_tlv_wstring(pResponse, TLV_TYPE_MACHINE_ID, buffer);
+		}
+#else
+		packet_add_tlv_wstring(pResponse, TLV_TYPE_MACHINE_ID, L"Y U NO IMPLEMETATIONZ?");
+#endif
+
+		packet_transmit_response(res, pRemote, pResponse);
+	}
+
+	return ERROR_SUCCESS;
+}
+
 DWORD request_core_enumextcmd(Remote* pRemote, Packet* pPacket)
 {
 	BOOL bResult = FALSE;