mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-01-08 14:36:22 +01:00
foo
git-svn-id: file:///home/svn/incoming/trunk@2803 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
e5b40e4e55
commit
bf8df89e7e
Binary file not shown.
@ -98,6 +98,7 @@ DWORD request_net_config_remove_route(Remote *remote, Packet *packet)
|
||||
DWORD add_remove_route(Packet *packet, BOOLEAN add)
|
||||
{
|
||||
MIB_IPFORWARDROW route;
|
||||
DWORD (WINAPI *LocalGetBestInterface)(IPAddr, LPDWORD) = NULL;
|
||||
LPCSTR subnet;
|
||||
LPCSTR netmask;
|
||||
LPCSTR gateway;
|
||||
@ -111,6 +112,23 @@ DWORD add_remove_route(Packet *packet, BOOLEAN add)
|
||||
route.dwForwardDest = inet_addr(subnet);
|
||||
route.dwForwardMask = inet_addr(netmask);
|
||||
route.dwForwardNextHop = inet_addr(gateway);
|
||||
route.dwForwardType = 4; // Assume next hop.
|
||||
route.dwForwardProto = 3;
|
||||
route.dwForwardAge = -1;
|
||||
|
||||
if ((LocalGetBestInterface = (DWORD (WINAPI *)(IPAddr, LPDWORD))GetProcAddress(
|
||||
GetModuleHandle("iphlpapi"),
|
||||
"GetBestInterface")))
|
||||
{
|
||||
DWORD result = LocalGetBestInterface(route.dwForwardDest,
|
||||
&route.dwForwardIfIndex);
|
||||
|
||||
if (result != ERROR_SUCCESS)
|
||||
return result;
|
||||
}
|
||||
// I'm lazy. Need manual lookup of ifindex based on gateway for NT.
|
||||
else
|
||||
return ERROR_NOT_SUPPORTED;
|
||||
|
||||
if (add)
|
||||
return CreateIpForwardEntry(&route);
|
||||
|
@ -206,6 +206,16 @@ Command customCommands[] =
|
||||
{ EMPTY_DISPATCH_HANDLER },
|
||||
},
|
||||
|
||||
// Sys/config
|
||||
{ "stdapi_sys_config_getuid",
|
||||
{ request_sys_config_getuid, { 0 }, 0 },
|
||||
{ EMPTY_DISPATCH_HANDLER },
|
||||
},
|
||||
{ "stdapi_sys_config_sysinfo",
|
||||
{ request_sys_config_sysinfo, { 0 }, 0 },
|
||||
{ EMPTY_DISPATCH_HANDLER },
|
||||
},
|
||||
|
||||
// Net
|
||||
{ "stdapi_net_config_get_routes",
|
||||
{ request_net_config_get_routes, { 0 }, 0 },
|
||||
|
112
c/meterpreter/source/extensions/stdapi/server/sys/config/config.c
Executable file
112
c/meterpreter/source/extensions/stdapi/server/sys/config/config.c
Executable file
@ -0,0 +1,112 @@
|
||||
#include "precomp.h"
|
||||
|
||||
/*
|
||||
* sys_getuid
|
||||
* ----------
|
||||
*
|
||||
* Gets the user information of the user the server is executing as
|
||||
*/
|
||||
DWORD request_sys_config_getuid(Remote *remote, Packet *packet)
|
||||
{
|
||||
Packet *response = packet_create_response(packet);
|
||||
DWORD res = ERROR_SUCCESS;
|
||||
CHAR username[512];
|
||||
DWORD size = sizeof(username);
|
||||
|
||||
memset(username, 0, sizeof(username));
|
||||
|
||||
do
|
||||
{
|
||||
// Get the username
|
||||
if (!GetUserName(username, &size))
|
||||
{
|
||||
res = GetLastError();
|
||||
break;
|
||||
}
|
||||
|
||||
packet_add_tlv_string(response, TLV_TYPE_USER_NAME, username);
|
||||
|
||||
} while (0);
|
||||
|
||||
// Transmit the response
|
||||
packet_transmit_response(res, remote, response);
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
/*
|
||||
* sys_sysinfo
|
||||
* ----------
|
||||
*
|
||||
* Get system information such as computer name and OS version
|
||||
*/
|
||||
DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet)
|
||||
{
|
||||
Packet *response = packet_create_response(packet);
|
||||
CHAR computer[512], buf[512], *osName = NULL;
|
||||
DWORD res = ERROR_SUCCESS;
|
||||
DWORD size = sizeof(computer);
|
||||
OSVERSIONINFO v;
|
||||
|
||||
memset(&v, 0, sizeof(v));
|
||||
memset(computer, 0, sizeof(computer));
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
v.dwOSVersionInfoSize = sizeof(v);
|
||||
|
||||
do
|
||||
{
|
||||
// Get the computer name
|
||||
if (!GetComputerName(computer, &size))
|
||||
{
|
||||
res = GetLastError();
|
||||
break;
|
||||
}
|
||||
|
||||
packet_add_tlv_string(response, TLV_TYPE_COMPUTER_NAME, computer);
|
||||
|
||||
// Get the operating system version information
|
||||
if (!GetVersionEx(&v))
|
||||
{
|
||||
res = GetLastError();
|
||||
break;
|
||||
}
|
||||
|
||||
if (v.dwMajorVersion == 3)
|
||||
osName = "Windows NT 3.51";
|
||||
else if (v.dwMajorVersion == 4)
|
||||
{
|
||||
if (v.dwMinorVersion == 0 && v.dwPlatformId == VER_PLATFORM_WIN32_WINDOWS)
|
||||
osName = "Windows 95";
|
||||
else if (v.dwMinorVersion == 10)
|
||||
osName = "Windows 98";
|
||||
else if (v.dwMinorVersion == 90)
|
||||
osName = "Windows ME";
|
||||
else if (v.dwMinorVersion == 0 && v.dwPlatformId == VER_PLATFORM_WIN32_NT)
|
||||
osName = "Windows NT 4.0";
|
||||
}
|
||||
else
|
||||
{
|
||||
if (v.dwMinorVersion == 0)
|
||||
osName = "Windows 2000";
|
||||
else if (v.dwMinorVersion == 1)
|
||||
osName = "Windows XP";
|
||||
else if (v.dwMinorVersion == 2)
|
||||
osName = "Windows .NET Server";
|
||||
}
|
||||
|
||||
if (!osName)
|
||||
osName = "Unknown";
|
||||
|
||||
_snprintf(buf, sizeof(buf) - 1, "%s (Build %lu, %s).", osName,
|
||||
v.dwBuildNumber, v.szCSDVersion);
|
||||
|
||||
packet_add_tlv_string(response, TLV_TYPE_OS_NAME, buf);
|
||||
|
||||
} while (0);
|
||||
|
||||
// Transmit the response
|
||||
packet_transmit_response(res, remote, response);
|
||||
|
||||
return res;
|
||||
}
|
7
c/meterpreter/source/extensions/stdapi/server/sys/config/config.h
Executable file
7
c/meterpreter/source/extensions/stdapi/server/sys/config/config.h
Executable file
@ -0,0 +1,7 @@
|
||||
#ifndef _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_CONFIG_CONFIG_H
|
||||
#define _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_CONFIG_CONFIG_H
|
||||
|
||||
DWORD request_sys_config_getuid(Remote *remote, Packet *packet);
|
||||
DWORD request_sys_config_sysinfo(Remote *remote, Packet *packet);
|
||||
|
||||
#endif
|
@ -1,6 +1,7 @@
|
||||
#ifndef _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_SYS_H
|
||||
#define _METERPRETER_SOURCE_EXTENSION_STDAPI_STDAPI_SERVER_SYS_SYS_H
|
||||
|
||||
#include "config/config.h"
|
||||
#include "process/process.h"
|
||||
#include "registry/registry.h"
|
||||
#include "eventlog/eventlog.h"
|
||||
|
@ -270,6 +270,23 @@
|
||||
TLV_TYPE_EXTENSION_STDAPI, \
|
||||
1012)
|
||||
|
||||
// Sys/Config
|
||||
#define TLV_TYPE_COMPUTER_NAME \
|
||||
MAKE_CUSTOM_TLV( \
|
||||
TLV_META_TYPE_STRING, \
|
||||
TLV_TYPE_EXTENSION_STDAPI, \
|
||||
1040)
|
||||
#define TLV_TYPE_OS_NAME \
|
||||
MAKE_CUSTOM_TLV( \
|
||||
TLV_META_TYPE_STRING, \
|
||||
TLV_TYPE_EXTENSION_STDAPI, \
|
||||
1041)
|
||||
#define TLV_TYPE_USER_NAME \
|
||||
MAKE_CUSTOM_TLV( \
|
||||
TLV_META_TYPE_STRING, \
|
||||
TLV_TYPE_EXTENSION_STDAPI, \
|
||||
1042)
|
||||
|
||||
// Net
|
||||
#define TLV_TYPE_HOST_NAME \
|
||||
MAKE_CUSTOM_TLV( \
|
||||
|
@ -218,6 +218,14 @@ SOURCE=..\..\source\extensions\stdapi\server\sys\eventlog\eventlog.c
|
||||
SOURCE=..\..\source\extensions\stdapi\server\sys\eventlog\eventlog.h
|
||||
# End Source File
|
||||
# End Group
|
||||
# Begin Group "sys config"
|
||||
|
||||
# PROP Default_Filter ""
|
||||
# Begin Source File
|
||||
|
||||
SOURCE=..\..\source\extensions\stdapi\server\sys\config\config.c
|
||||
# End Source File
|
||||
# End Group
|
||||
# Begin Source File
|
||||
|
||||
SOURCE=..\..\source\extensions\stdapi\server\sys\sys.h
|
||||
|
Binary file not shown.
Loading…
Reference in New Issue
Block a user