1
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-08 14:36:22 +01:00
git-svn-id: file:///home/svn/incoming/trunk@2803 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
Matt Miller 2005-07-22 02:55:55 +00:00
parent e5b40e4e55
commit bf8df89e7e
9 changed files with 173 additions and 0 deletions

View File

@ -98,6 +98,7 @@ DWORD request_net_config_remove_route(Remote *remote, Packet *packet)
DWORD add_remove_route(Packet *packet, BOOLEAN add)
{
MIB_IPFORWARDROW route;
DWORD (WINAPI *LocalGetBestInterface)(IPAddr, LPDWORD) = NULL;
LPCSTR subnet;
LPCSTR netmask;
LPCSTR gateway;
@ -111,6 +112,23 @@ DWORD add_remove_route(Packet *packet, BOOLEAN add)
route.dwForwardDest = inet_addr(subnet);
route.dwForwardMask = inet_addr(netmask);
route.dwForwardNextHop = inet_addr(gateway);
route.dwForwardType = 4; // Assume next hop.
route.dwForwardProto = 3;
route.dwForwardAge = -1;
if ((LocalGetBestInterface = (DWORD (WINAPI *)(IPAddr, LPDWORD))GetProcAddress(
GetModuleHandle("iphlpapi"),
"GetBestInterface")))
{
DWORD result = LocalGetBestInterface(route.dwForwardDest,
&route.dwForwardIfIndex);
if (result != ERROR_SUCCESS)
return result;
}
// I'm lazy. Need manual lookup of ifindex based on gateway for NT.
else
return ERROR_NOT_SUPPORTED;
if (add)
return CreateIpForwardEntry(&route);

View File

@ -206,6 +206,16 @@ Command customCommands[] =
{ EMPTY_DISPATCH_HANDLER },
},
// Sys/config
{ "stdapi_sys_config_getuid",
{ request_sys_config_getuid, { 0 }, 0 },
{ EMPTY_DISPATCH_HANDLER },
},
{ "stdapi_sys_config_sysinfo",
{ request_sys_config_sysinfo, { 0 }, 0 },
{ EMPTY_DISPATCH_HANDLER },
},
// Net
{ "stdapi_net_config_get_routes",
{ request_net_config_get_routes, { 0 }, 0 },

View File

@ -0,0 +1,112 @@
#include "precomp.h"
/*
* sys_getuid
* ----------
*
* Gets the user information of the user the server is executing as
*/
DWORD request_sys_config_getuid(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
DWORD res = ERROR_SUCCESS;
CHAR username[512];
DWORD size = sizeof(username);
memset(username, 0, sizeof(username));
do
{
// Get the username
if (!GetUserName(username, &size))
{
res = GetLastError();
break;
}
packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username);
} while (0);
// Transmit the response
packet_transmit_response(res, remote, response);
return res;
}
/*
* sys_sysinfo
* ----------
*
* Get system information such as computer name and OS version
*/
DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
CHAR computer[512], buf[512], *osName = NULL;
DWORD res = ERROR_SUCCESS;
DWORD size = sizeof(computer);
OSVERSIONINFO v;
memset(&v, 0, sizeof(v));
memset(computer, 0, sizeof(computer));
memset(buf, 0, sizeof(buf));
v.dwOSVersionInfoSize = sizeof(v);
do
{
// Get the computer name
if (!GetComputerName(computer, &size))
{
res = GetLastError();
break;
}
packet_add_tlv_string(response, TLV_TYPE_COMPUTER_NAME, computer);
// Get the operating system version information
if (!GetVersionEx(&v))
{
res = GetLastError();
break;
}
if (v.dwMajorVersion == 3)
osName = "Windows NT 3.51";
else if (v.dwMajorVersion == 4)
{
if (v.dwMinorVersion == 0 && v.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
osName = "Windows 95";
else if (v.dwMinorVersion == 10)
osName = "Windows 98";
else if (v.dwMinorVersion == 90)
osName = "Windows ME";
else if (v.dwMinorVersion == 0 && v.dwPlatformId == VER_PLATFORM_WIN32_NT)
osName = "Windows NT 4.0";
}
else
{
if (v.dwMinorVersion == 0)
osName = "Windows 2000";
else if (v.dwMinorVersion == 1)
osName = "Windows XP";
else if (v.dwMinorVersion == 2)
osName = "Windows .NET Server";
}
if (!osName)
osName = "Unknown";
_snprintf(buf, sizeof(buf) - 1, "%s (Build %lu, %s).", osName,
v.dwBuildNumber, v.szCSDVersion);
packet_add_tlv_string(response, TLV_TYPE_OS_NAME, buf);
} while (0);
// Transmit the response
packet_transmit_response(res, remote, response);
return res;
}

View File

@ -0,0 +1,7 @@
#ifndef _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_CONFIG_CONFIG_H
#define _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_CONFIG_CONFIG_H
DWORD request_sys_config_getuid(Remote *remote, Packet *packet);
DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet);
#endif

View File

@ -1,6 +1,7 @@
#ifndef _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_SYS_H
#define _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_SYS_H
#include "config/config.h"
#include "process/process.h"
#include "registry/registry.h"
#include "eventlog/eventlog.h"

View File

@ -270,6 +270,23 @@
TLV_TYPE_EXTENSION_STDAPI, \
1012)
// Sys/Config
#define TLV_TYPE_COMPUTER_NAME \
MAKE_CUSTOM_TLV( \
TLV_META_TYPE_STRING, \
TLV_TYPE_EXTENSION_STDAPI, \
1040)
#define TLV_TYPE_OS_NAME \
MAKE_CUSTOM_TLV( \
TLV_META_TYPE_STRING, \
TLV_TYPE_EXTENSION_STDAPI, \
1041)
#define TLV_TYPE_USER_NAME \
MAKE_CUSTOM_TLV( \
TLV_META_TYPE_STRING, \
TLV_TYPE_EXTENSION_STDAPI, \
1042)
// Net
#define TLV_TYPE_HOST_NAME \
MAKE_CUSTOM_TLV( \

View File

@ -218,6 +218,14 @@ SOURCE=..\..\source\extensions\stdapi\server\sys\eventlog\eventlog.c
SOURCE=..\..\source\extensions\stdapi\server\sys\eventlog\eventlog.h
# End Source File
# End Group
# Begin Group "sys config"
# PROP Default_Filter ""
# Begin Source File
SOURCE=..\..\source\extensions\stdapi\server\sys\config\config.c
# End Source File
# End Group
# Begin Source File
SOURCE=..\..\source\extensions\stdapi\server\sys\sys.h