github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-30 22:19:17 +02:00
Code Releases Activity

Merge in changes from thelightcosine that add RegLoadKey/RegUnloadKey support

Browse Source 
git-svn-id: file:///home/svn/framework3/trunk@13089 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore 2011-07-02 04:03:23 +00:00
parent 18f78f96a2
commit bef89e3aa5
3 changed files with 56 additions and 0 deletions
c/meterpreter/source/extensions/stdapi/server
stdapi.c
sys/registry
registry.cregistry.h

8
c/meterpreter/source/extensions/stdapi/server/stdapi.c

@ -221,6 +221,14 @@ Command customCommands[] =
// Registry // Registry
{ "stdapi_registry_load_key",
{ request_registry_load_key, { 0 }, 0 },
{ EMPTY_DISPATCH_HANDLER },
},
{ "stdapi_registry_unload_key",
{ request_registry_unload_key, { 0 }, 0 },
{ EMPTY_DISPATCH_HANDLER },
},
{ "stdapi_registry_open_key", { "stdapi_registry_open_key",
{ request_registry_open_key, { 0 }, 0 }, { request_registry_open_key, { 0 }, 0 },
{ EMPTY_DISPATCH_HANDLER }, { EMPTY_DISPATCH_HANDLER },

46
c/meterpreter/source/extensions/stdapi/server/sys/registry/registry.c

@ -13,6 +13,52 @@ DWORD request_registry_create_key(Remote *remote, Packet *packet);
* req: TLV_TYPE_BASE_KEY - The base key * req: TLV_TYPE_BASE_KEY - The base key
* opt: TLV_TYPE_PERMISSION - Permissions with which to open the key * opt: TLV_TYPE_PERMISSION - Permissions with which to open the key
*/ */
DWORD request_registry_load_key(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
LPCTSTR baseKey = NULL;
HKEY rootKey = NULL, resKey;
LPCSTR hiveFile = NULL;
DWORD result;
rootKey = (HKEY)packet_get_tlv_value_uint(packet, TLV_TYPE_ROOT_KEY);
baseKey = packet_get_tlv_value_string(packet, TLV_TYPE_BASE_KEY);
hiveFile = packet_get_tlv_value_string(packet, TLV_TYPE_FILE_PATH);
if ((!rootKey) || (!baseKey) || (!hiveFile))
result = ERROR_INVALID_PARAMETER;
else
{
result = RegLoadKey(rootKey,baseKey,hiveFile);
}
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
packet_transmit(remote, response, NULL);
return ERROR_SUCCESS;
}
DWORD request_registry_unload_key(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
LPCTSTR baseKey = NULL;
HKEY rootKey = NULL, resKey;
DWORD result;
rootKey = (HKEY)packet_get_tlv_value_uint(packet, TLV_TYPE_ROOT_KEY);
baseKey = packet_get_tlv_value_string(packet, TLV_TYPE_BASE_KEY);
if ((!rootKey) || (!baseKey))
result = ERROR_INVALID_PARAMETER;
else
{
result=RegUnLoadKey(rootKey,baseKey);
}
packet_add_tlv_uint(response, TLV_TYPE_RESULT, result);
packet_transmit(remote, response, NULL);
return ERROR_SUCCESS;
}
DWORD request_registry_open_key(Remote *remote, Packet *packet) DWORD request_registry_open_key(Remote *remote, Packet *packet)
{ {
Packet *response = packet_create_response(packet); Packet *response = packet_create_response(packet);

2
c/meterpreter/source/extensions/stdapi/server/sys/registry/registry.h

@ -15,5 +15,7 @@ DWORD request_registry_query_value(Remote *remote, Packet *packet);
DWORD request_registry_query_class(Remote *remote, Packet *packet); DWORD request_registry_query_class(Remote *remote, Packet *packet);
DWORD request_registry_enum_value(Remote *remote, Packet *packet); DWORD request_registry_enum_value(Remote *remote, Packet *packet);
DWORD request_registry_delete_value(Remote *remote, Packet *packet); DWORD request_registry_delete_value(Remote *remote, Packet *packet);
DWORD request_registry_load_key(Remote *remote, Packet *packet);
DWORD request_registry_unload_key(Remote *remote, Packet *packet);
#endif #endif